Hi All, I am trying to establish a connection from Appian to AWS S3 bucket. I have created a connected system with and without DNS endpoint, please refer to the attached screenshots. It throws an error with endpoint URL. With the endpoint URL error is: " Failed to parse XML document with handler class com.amazonaws.services.s3.model.transform.XmlResponsesSaxParser$ListAllMyBucketsHandler ". When I am using these connected systems in an integration object then it behaves as following: Integration object outcome without Endpoint URL in connected system: SUCCESS Integration object outcome w ith Endpoint URL in connected system: FAILED (Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXXXXXXXXXXXXX; S3 Extended Request ID: XXXXXXXXXXXXXXXX/yyyyyyyyyyyyyyyyyyy/ZZZZZZZZZZZZZZZ=; Proxy: null) Please review logs for stack trace.) The AWS user used for connected system has the following policies: AmazonS3FullAccess AmazonVPCFullAccess Inline policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::bucketARN", "arn:aws:s3:::bucketARN/*" ], "Condition": { "StringEquals": { "aws:sourceVpce": "vpce-01cxxxxxxx" } } } ] } Bucket permissions are as follows: Block all public access: ON Object Ownership: Bucket owner preferred Bucket policy { "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::xxxxxx:user/arn" }, "Action": [ "s3:ListBucket", "s3:PutObject", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::bucketARN", "arn:aws:s3:::bucketARN/*" ], "Condition": { "StringEquals": { "aws:SourceVpce": "vpce-01cxxxxxxx" } } } ] } Can anyone help me with the points I am missing here or if anyone has ever faced similar kind of issues?

AWS S3 Connection with Private Link

Harsh Kumar Agarwal

Certified Lead Developer

over 2 years ago

Hi All,

I am trying to establish a connection from Appian to AWS S3 bucket. I have created a connected system with and without DNS endpoint, please refer to the attached screenshots. It throws an error with endpoint URL.

With the endpoint URL error is: "Failed to parse XML document with handler class com.amazonaws.services.s3.model.transform.XmlResponsesSaxParser$ListAllMyBucketsHandler".

When I am using these connected systems in an integration object then it behaves as following:

Integration object outcome without Endpoint URL in connected system: SUCCESS
Integration object outcome with Endpoint URL in connected system: FAILED (Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXXXXXXXXXXXXX; S3 Extended Request ID: XXXXXXXXXXXXXXXX/yyyyyyyyyyyyyyyyyyy/ZZZZZZZZZZZZZZZ=; Proxy: null) Please review logs for stack trace.)

The AWS user used for connected system has the following policies:

AmazonS3FullAccess
AmazonVPCFullAccess

Inline policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucketARN",
        "arn:aws:s3:::bucketARN/*"
      ],
      "Condition": {
        "StringEquals": {
          "aws:sourceVpce": "vpce-01cxxxxxxx"
        }
      }
    }
  ]
}

Bucket permissions are as follows:

Block all public access: ON
Object Ownership: Bucket owner preferred

Bucket policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Statement1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxx:user/arn"
      },
      "Action": [
        "s3:ListBucket",
        "s3:PutObject",
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucketARN",
        "arn:aws:s3:::bucketARN/*"
      ],
      "Condition": {
        "StringEquals": {
          "aws:SourceVpce": "vpce-01cxxxxxxx"
        }
      }
    }
  ]
}

Can anyone help me with the points I am missing here or if anyone has ever faced similar kind of issues?

Discussion posts and replies are publicly visible

Top Replies

Harsha Sharma 1 month ago in reply to Meme02 +1
Certified Lead Developer

You should connect with Appian Support with details mentioned in the below links depending on https://docs.appian.com/suite/help/25.2/Access_Appian_Cloud_instance_using_AWS_PrivateLink.html#prerequisites…
Harsh Kumar Agarwal 1 month ago in reply to Meme02 +1
Certified Lead Developer

Hi Meme02 , I am using 'AWS S3 Bucket Management' plugin.
Harsha Sharma 29 days ago in reply to Meme02 +1
Certified Lead Developer

Are you getting any errors? What size files are you facing the problem in? Generally for objects larger than 5 GB (the limit for a single PUT operation), you must use multipart upload. This process divides…

Parents

0 Meme02 1 month ago

Hi Harsh Kumar Agarwal
I am also connecting to S3 via Privatelink to upload and download files.
Can you share which Connected System Object you are using and the connection process?
I can't find the same Connected System Object in the Designer tab.
Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harsha Sharma
Certified Lead Developer
1 month ago in reply to Meme02

You should connect with Appian Support with details mentioned in the below links depending on

https://docs.appian.com/suite/help/25.2/Access_Appian_Cloud_instance_using_AWS_PrivateLink.html#prerequisites (Inbound Access)

https://docs.appian.com/suite/help/25.2/Access_Customer_VPC_using_AWS_PrivateLink.html#prerequisites (Outbound Access)
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Meme02 29 days ago in reply to Harsha Sharma

Harsha Sharma

Thanks.

I have successfully connected via PrivateLink but my problem now is uploading a file to S3 through it. I am not able to find a solution for the case of large files.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harsha Sharma
Certified Lead Developer
29 days ago in reply to Meme02

Are you getting any errors? What size files are you facing the problem in?

Generally for objects larger than 5 GB (the limit for a single PUT operation), you must use multipart upload. This process divides the large object into smaller parts, which are then uploaded concurrently. S3 then reassembles these parts into the complete object.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Harsha Sharma
Certified Lead Developer
29 days ago in reply to Meme02

Are you getting any errors? What size files are you facing the problem in?

Generally for objects larger than 5 GB (the limit for a single PUT operation), you must use multipart upload. This process divides the large object into smaller parts, which are then uploaded concurrently. S3 then reassembles these parts into the complete object.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Meme02 29 days ago in reply to Harsha Sharma

Harsha Sharma

sorry i misunderstood your reply. i am trying to connect and got the problem as shown in answer for Harsh Kumar Agarwal below. Please check for me what problem i am having. Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel