How to use IBM® App Connect with Amazon S3

Amazon Simple Storage Service is a simple storage service that provides object storage through a web service interface. It uses the scalable storage infrastructure of Amazon.com and enables you to store objects, download and use data with other AWS services, and build applications that call for internet storage.

Availability:

App Connect Enterprise as a Service connector
Local connector in containers (Continuous Delivery release)
Local connector in containers (Extended Update Support release)
Local connector in containers (Long Term Support release)

Connecting to Amazon S3
General considerations
Events and actions
Examples

Supported product and API versions

To find out which product and API versions this connector supports, see Detailed System Requirements on the IBM Support page.

Connecting to Amazon S3

Complete the connection fields that you see in the App Connect Designer Catalog page or flow editor. If necessary, work with your Amazon S3 administrator to obtain these values.

Amazon S3 connection fields:

Connection field	Description
Secret access key	The secret access key for your Amazon S3 account, as generated in the Security Credentials page in the AWS Management Console.
Access key ID	The access key ID for your Amazon S3 account, as generated in the Security Credentials page in the AWS Management Console.
Region	The region of your Amazon S3 instance, for example, `us-east-1`. You can find the value for the Region parameter at the end of the URL when you are logged in to the AWS Management Console (for example, https://us-east-2.console.aws.amazon.com/console/home?region=us-east-2#). Tip: For more information, see AWS service endpoints on the AWS documentation page.
Bucket name	Specify the bucket name in your Amazon S3 account, if you only have access to specific buckets in your Amazon S3 account

To obtain the connection values (Secret access key and Access key ID) for Amazon S3 and to connect to App Connect, do the following steps:

Log in to your AWS account.
Note: You can choose between Root user or IAM user based on your role.
- Root user: Account owner that performs tasks requiring unrestricted access.
- IAM user: User within an account that performs daily tasks.
Note: AWS recommends using identity-based managed policies to attach permission sets and roles to an identity, and grant only the permissions the user needs. These policies control what actions that identity can perform, on which resources, and under what conditions. While setting the permissions for an identity in IAM, you can decide whether to use an AWS-managed policy, a customer-managed policy, or an inline policy.
An AWS-managed policy is a standalone policy that is created and administered by AWS. The following are some examples of AWS-managed policies that are specific to Amazon S3:
- AmazonS3FullAccess policy provides full access to Amazon S3 service and all connector operations are accessible.
- AmazonS3ReadOnlyAccess policy gives limited read-only access and few connector operations are accessible.
For information about AWS-managed policies that are specific to Amazon S3, see AWS managed policies for Amazon S3 on the AWS documentation page.
On the navigation menu, click Users.
Select your applicable user name or account name.
Click the Security credentials tab, and then click Create access key.
To view the new access key, click Show.
Note: You can retrieve the secret access key only when you create the key pair for the first time.
For more information, see AWS Account and Access Keys on the AWS documentation page.

To connect to an Amazon S3 endpoint from the App Connect Designer Catalog page for the first time, expand Amazon S3, then click Connect.

General considerations

Before you use App Connect Designer with Amazon S3, take note of the following considerations:

(General consideration) You can see lists of the trigger events and actions that are available on the Catalog page of the App Connect Designer.
For some applications, the events and actions in the catalog depend on the environment and whether the connector supports configurable events and dynamic discovery of actions. If the application supports configurable events, you see a Show more configurable events link under the events list. If the application supports dynamic discovery of actions, you see a Show more link under the actions list.
(General consideration) If you are using multiple accounts for an application, the set of fields that is displayed when you select an action for that application can vary for different accounts. In the flow editor, some applications always provide a curated set of static fields for an action. Other applications use dynamic discovery to retrieve the set of fields that are configured on the instance that you are connected to. For example, if you have two accounts for two instances of an application, the first account might use settings that are ready for immediate use. However, the second account might be configured with extra custom fields.

Events and actions

Amazon S3 events

These events are for changes in this application that trigger a flow to start completing the actions in the flow.

Note: Events are not available for changes in this application. You can trigger a flow in other ways, such as at a scheduled interval or at specific dates and times.

Amazon S3 actions

Your flow completes these actions on this application.

Buckets

Create bucket
Retrieve buckets

Object ACLs

Update object ACL

Object tags

Delete object tags
Update object tags

Objects

Create object
Retrieve object metadata
Update or create object
Delete object

More items are available when you have connected App Connect to Amazon S3.

Examples

Dashboard tile for a template that uses Amazon S3

Use templates to quickly create flows for Amazon S3

Learn how to use App Connect templates to quickly create flows that complete actions on Amazon S3. For example, open the Templates gallery, and then search for Amazon S3.

Learn more