With the Amazon® S3® connector, you can use commands in a chain to interact with Amazon Simple Storage Service® (S3). For example, with this connector, you can:
- Create and manage S3 buckets
- List and delete S3 objects
- Upload, download, and copy files in S3
To enable the connection to Amazon S3, the connector uses the Amazon Web Services® (AWS) command line interface (CLI) for S3. To set up the connector, you'll need:
- A designated integration user created in Amazon S3 for the connector
- The integration user's access key ID and secret
- The code for the AWS region to connect to
- For an S3 instance hosted at an address other than the default endpoint, the URL to connect to
Create an AWS integration user for the connector
- In the AWS console, click IAM under Security, Identity, & Compliance.
- On the Users tab, click Add User.
- Under Set user details, enter a unique name to help identify the integration user, such as Workiva.
- Under Select AWS access type, select Programmatic access, and click Next: Permissions.
- Click Attach existing policies directly, select a policy that supports S3 access, such as AmazonS3FullAccess, and click Next: Tags.
- Add any optional tags to further identify or clarify the intent of the user, and click Next: Review.
- Review the user's details and permissions, and click Create user.
- Record the user's access key ID and secret for the connector's configuration.
Set up the Amazon S3 connector
Note: To make the connector available for use in your organization's chains, an org security administrator first enables it from Configuration.
- From Chain Builder, click Connections , and then Create at the top right.
- Under BizApp Connection, select Amazon S3 and the default CloudRunner.
- Under Basic Info, enter a unique name and description to help identify the connector.
- Under Properties, enter the connection's details:
Property Details Access key ID Enter the ID of the integration user's access key. Access key Secret Enter the secret of the integration user's access key. Default region Enter the code for the AWS region to connect to. Alternate endpoint To connect to an Amazon S3 instance hosted at a different address than the default endpoint, enter the URL of the endpoint to connect to.
Note: All sensitive credentials are automatically encrypted and stored at Advanced Encryption Standard (AES)-256 encryption.
- Select the environments to use the connection, and click Save.
- To test the connection, create and run a chain with the connector's List Buckets command, and verify it returns a valid output.
If the connection to Amazon S3 fails:
- Verify the access key ID and secret for the integration user.
- Check the AWS region code entered for the connector.
- If your instance of Amazon S3 is hosted at a different address than the default endpoint, check the URL for the alternate endpoint.