Hi All, I am trying to establish a connection from Appian to AWS S3 bucket. I have created a connected system with and without DNS endpoint, please refer to the attached screenshots. It throws an error with endpoint URL. With the endpoint URL error is: " Failed to parse XML document with handler class com.amazonaws.services.s3.model.transform.XmlResponsesSaxParser$ListAllMyBucketsHandler ". When I am using these connected systems in an integration object then it behaves as following: Integration object outcome without Endpoint URL in connected system: SUCCESS Integration object outcome w ith Endpoint URL in connected system: FAILED (Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXXXXXXXXXXXXX; S3 Extended Request ID: XXXXXXXXXXXXXXXX/yyyyyyyyyyyyyyyyyyy/ZZZZZZZZZZZZZZZ=; Proxy: null) Please review logs for stack trace.) The AWS user used for connected system has the following policies: AmazonS3FullAccess AmazonVPCFullAccess Inline policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::bucketARN", "arn:aws:s3:::bucketARN/*" ], "Condition": { "StringEquals": { "aws:sourceVpce": "vpce-01cxxxxxxx" } } } ] } Bucket permissions are as follows: Block all public access: ON Object Ownership: Bucket owner preferred Bucket policy { "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::xxxxxx:user/arn" }, "Action": [ "s3:ListBucket", "s3:PutObject", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::bucketARN", "arn:aws:s3:::bucketARN/*" ], "Condition": { "StringEquals": { "aws:SourceVpce": "vpce-01cxxxxxxx" } } } ] } Can anyone help me with the points I am missing here or if anyone has ever faced similar kind of issues?

AWS S3 Connection with Private Link

Harsh Kumar Agarwal

Certified Lead Developer

over 1 year ago

Hi All,

I am trying to establish a connection from Appian to AWS S3 bucket. I have created a connected system with and without DNS endpoint, please refer to the attached screenshots. It throws an error with endpoint URL.

With the endpoint URL error is: "Failed to parse XML document with handler class com.amazonaws.services.s3.model.transform.XmlResponsesSaxParser$ListAllMyBucketsHandler".

When I am using these connected systems in an integration object then it behaves as following:

Integration object outcome without Endpoint URL in connected system: SUCCESS
Integration object outcome with Endpoint URL in connected system: FAILED (Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXXXXXXXXXXXXX; S3 Extended Request ID: XXXXXXXXXXXXXXXX/yyyyyyyyyyyyyyyyyyy/ZZZZZZZZZZZZZZZ=; Proxy: null) Please review logs for stack trace.)

The AWS user used for connected system has the following policies:

AmazonS3FullAccess
AmazonVPCFullAccess

Inline policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucketARN",
        "arn:aws:s3:::bucketARN/*"
      ],
      "Condition": {
        "StringEquals": {
          "aws:sourceVpce": "vpce-01cxxxxxxx"
        }
      }
    }
  ]
}

Bucket permissions are as follows:

Block all public access: ON
Object Ownership: Bucket owner preferred

Bucket policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Statement1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxx:user/arn"
      },
      "Action": [
        "s3:ListBucket",
        "s3:PutObject",
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucketARN",
        "arn:aws:s3:::bucketARN/*"
      ],
      "Condition": {
        "StringEquals": {
          "aws:SourceVpce": "vpce-01cxxxxxxx"
        }
      }
    }
  ]
}

Can anyone help me with the points I am missing here or if anyone has ever faced similar kind of issues?

Discussion posts and replies are publicly visible

Parents

0 Meme02 16 hours ago

Hi Harsh Kumar Agarwal
I am also connecting to S3 via Privatelink to upload and download files.
Can you share which Connected System Object you are using and the connection process?
I can't find the same Connected System Object in the Designer tab.
Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Meme02 16 hours ago

Hi Harsh Kumar Agarwal
I am also connecting to S3 via Privatelink to upload and download files.
Can you share which Connected System Object you are using and the connection process?
I can't find the same Connected System Object in the Designer tab.
Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Harsha Sharma
Certified Lead Developer
10 hours ago in reply to Meme02

You should connect with Appian Support with details mentioned in the below links depending on

https://docs.appian.com/suite/help/25.2/Access_Appian_Cloud_instance_using_AWS_PrivateLink.html#prerequisites (Inbound Access)

https://docs.appian.com/suite/help/25.2/Access_Customer_VPC_using_AWS_PrivateLink.html#prerequisites (Outbound Access)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harsh Kumar Agarwal
Certified Lead Developer
5 hours ago in reply to Meme02

Hi Meme02 ,

I am using 'AWS S3 Bucket Management' plugin.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel