Amazon Web Service Simple Storage Service

A new business process service that allows you to integrate with the Amazon Web Service Simple Storage Service (AWS S3) is introduced.

AWS S3 is an easy to use object storage, with a simple web service interface to store and retrieve any amount of data from anywhere on the web. With this, you pay only for the storage you actually use. There is no minimum fee and no setup cost.

Besides, AWS S3 offers a host of advantages:
  • Secure, durable, highly-scalable cloud based storage solution
  • Large amounts of data storage and retrieval
  • Event notification in case of upload or download
  • Interactive web-based UI console

After integrating AWS S3 with Sterling B2B Integrator, it creates a seamless connectivity to the cloud storage environment hosted by Amazon. This is a scalable, reliable, and portable storage solution. You can easily perform operations such as get, put, delete files and many more.

You can perform these operations using the AWS S3 client services:
  • create a directory on AWS S3
  • delete a file or a directory on AWS S3
  • retrieve a specific file (using specific filename) from AWS S3
  • put a specific file from mailbox or file system to AWS S3
  • retrieve or put files based on wildcard
  • Obscure access key and secret key
  • list the files
  • retrieve the list of files
  • connect to a specific AWS S3 endpoint
Note:
  • From v6.0.2 or later, the AWS S3 client service supports multipart object upload and download to AWS S3 from Sterling B2B Integrator.
  • From v6.0.1 onward, proxy support for AWS S3 is introduced. For more information, see Proxy support for AWS S3.
Note: AWS S3 uses the JVM's truststore to verify the S3 server's root certificate. If the truststore does not contain the S3 root certificate, the SSL communication fails. To ensure, SSL communication is successful, import the certificate manually in the runtime JVM truststore.

Installing AWS SDK for Java

You must download and install the AWS SDK for Java before performing any of the above operations.
  1. Download AWS SDK for Java from this location - https://sdk-for-java.amazonwebservices.com/latest/aws-java-sdk.zip.
  2. Go to aws-java-sdk[version]/lib and copy aws-java-sdk-[version].jar file to the server where Sterling B2B Integrator is installed.
  3. Go to aws-java-sdk[version]/third-party/lib and copy these jar files to the server where Sterling B2B Integrator is installed.
    
    httpclient-[version].jar
    httpcore-[version].jar
    jackson-annotations-[version].jar
    jackson-core-[version].jar
    jackson-databind-[version].jar
    joda-time-[version].jar
    netty-*.jar
    
  4. Install the above jar files using install3rdParty.sh.
    1. Stop Sterling B2B Integrator.
    2. Go to ./install/bin and run install3rdParty.sh.
      ./install3rdParty.sh awssdk [aws version] -j <path>/[jar name].jar

      For example:

      ./install3rdParty.sh awssdk 1.11.401 -j <path>/aws-java-sdk-1.11.401.jar
      ./install3rdParty.sh awssdk 1.11.401 -j <path>/httpclient-4.5.2.jar
  5. Edit install/properties/dynamicclasspath.cfg.in and move these entries to top of the file.
    VENDOR_JAR=&INSTALL_DIR;/jar/awssdk/1.11.401/aws-java-sdk-1.11.401.jar
    VENDOR_JAR=&INSTALL_DIR;/jar/awssdk/1.11.401/httpclient-4.5.2.jar
  6. Restart Sterling B2B Integrator.

You can perform the following operations:

AWS S3 Client Service - Create Directory Operation

Description

This service is used to create a directory inside a given AWS S3 bucket.

Business usage

This service is used to create a specific directory on a given bucket dynamically using Sterling B2B Integrator and then you can use put/ get services to put/get files into that directory.

Parameters description


action - mkdir
awss3.foldername – Name of the directory to create
awss3.bucketname – Name of S3 bucket
awss3.accesskey –  Access key of the IAM user
awss3.secretkey –  Secret key of the IAM user
awss3.region    –  Region of S3 bucket. This is optional.
awss3.endpoint  –  Endpoint for S3. This is optional.

Implementing the AWS S3 Client - Create Directory Service

To implement the AWS S3 Client - Create Directory Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientCreate">
  <sequence>
        <operation name="Extract File">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>mkdir</assign>
            <assign to="awss3.foldername">dummyfoldername</assign>
            <assign to="awss3.bucketname">dummybucketname</assign>
                <assign to="awss3.accesskey">dummyaccesskey</assign>
                <assign to="awss3.secretkey">dummysecretkey</assign>
                <assign to="awss3.endpoint">dummyendpoint</assign>
                <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>

AWS S3 Client Service - Delete File Operation

Description

This service is used to delete a specific file inside a specific folder from a given AWS S3 bucket.

Business usage

This service is used to delete any unwanted file from a specific directory on a given bucket dynamically using Sterling B2B Integrator.

Parameters description


action - delete
awss3.filename –   Name of the file to delete
awss3.foldername – Name of the directory containing the file
awss3.bucketname – Name of the AWS S3 bucket
awss3.accesskey –  Access key of the IAM user
awss3.secretkey –  Secret key of the IAM user
awss3.region    –  Region of S3 bucket. This is optional.
awss3.endpoint  –  Endpoint for S3. This is optional.

Implementing the AWS S3 Client - Delete File Service

To implement the AWS S3 Client - Delete File Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientDeleteFile">
  <sequence>
        <operation name="Extract File">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>delete</assign>
            <assign to="awss3.foldername">dummyfoldername</assign>
            <assign to="awss3.filename">dummyfilename</assign>
            <assign to="awss3.bucketname">dummybucketname</assign>
                <assign to="awss3.accesskey">dummyaccesskey</assign>
                <assign to="awss3.secretkey">dummysecretkey</assign>
                <assign to="awss3.endpoint">dummyendpoint</assign>
                <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>
Note:

To delete a file present in a specific directory, make sure to mention the awss3 foldername parameter with correct value. To delete a file under the bucket, mention the awss3 foldername parameter as /.

AWS S3 Client Service - Delete Directory Operation

Description

This service is used to delete a directory inside a given AWS S3 bucket.

Business usage

This service is used to delete a specific directory on a given bucket dynamically using Sterling B2B Integrator.

Parameters description


action - delete
awss3.foldername – Name of the directory to delete
awss3.bucketname – Name of the AWS S3 bucket
awss3.accesskey –  Access key of the IAM user
awss3.secretkey –  Secret key of the IAM user
awss3.region –     Region of S3 bucket. This is optional.
awss3.endpoint –   Endpoint for S3. This is optional.

Implementing the AWS S3 Client - Delete Directory Service

To implement the AWS S3 Client - Delete Directory Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientDeleteFolder">
  <sequence>
        <operation name="Extract File">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>delete</assign>
            <assign to="awss3.foldername">dummyfoldername</assign>
            <assign to="awss3.bucketname">dummybucketname</assign>
                <assign to="awss3.accesskey">dummysccesskey</assign>
                <assign to="awss3.secretkey">dummysecretkey</assign>
                <assign to="awss3.endpoint">dummyendpoint</assign>
                <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>

AWS S3 Client Service - Get A File Operation

Description

This service is used to retrieve a specific file from a given AWS S3 bucket.

Business usage

This service is used to retrieve a specific file from a given bucket dynamically using Sterling B2B Integrator.

Parameters description


action - get
awss3.filename –   Name of the file to retrieve
awss3.bucketname – Name of the AWS S3 bucket
awss3.accesskey –  Access key of the IAM user
awss3.secretkey –  Secret key of the IAM user
awss3.region – Region of S3 bucket. This is optional.
awss3.endpoint – Endpoint for S3. This is optional.

Implementing the AWS S3 Client - Get A File Service

To implement the AWS S3 Client Get A File Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientGet">
  <sequence>
        <operation name="Extract File">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>get</assign>
            <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.filename">dummyfilename</assign>
                <assign to="awss3.accesskey">dummyaccesskey</assign>
                <assign to="awss3.secretkey">dummysecretkey</assign>
                <assign to="awss3.endpoint">dummyendpoint</assign>
                <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>

AWS S3 Client Service - Put a File from Mailbox to AWS S3

Description

This service is used to retrieve message from mailbox and put it on AWS S3 to a given AWS S3 bucket.

Business usage

This service is used to retrieve a message from mailbox and send it to AWS S3 on a given bucket dynamically using Sterling B2B Integrator. You can then process this file using other AWS capabilities.

Parameters description


action - put
mbx.messageid –    Message ID from mailbox
awss3.filename –   Name of the file on AWS S3
awss3.bucketname – Name of the AWS S3 bucket
awss3.accesskey –  Access key of the IAM user
awss3.secretkey –  Secret key of the IAM user
awss3.region – Region of S3 bucket. This is optional.
awss3.endpoint – Endpoint for S3. This is optional.

Implementing the AWS S3 Client Put Service (Put a File from Mailbox to AWS S3)

To implement the AWS S3 Client Put Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientPUTFromMBXtoAWSS3">
  <sequence>
        <operation name="Extract File">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>put</assign>
            <assign to='mbx.messageid'>dummymessageid</assign>
            <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.filename">dummyfilename</assign>
                <assign to="awss3.accesskey">dummyaccesskey</assign>
                <assign to="awss3.secretkey">dummysecretkey</assign>
                <assign to="awss3.endpoint">dummyendpoint</assign>
                <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>

AWS S3 Client Service - Put a File from File System to AWS S3

Description

This service is used to retrieve the file from file system and put it on AWS S3 to a given AWS S3 bucket.

Business usage

This service is used to retrieve a file from file system and send it to AWS S3 on a given bucket dynamically using Sterling B2B Integrator. You can then process this file using other AWS capabilities.

Parameters description


action - put
source.path      –  File system path of the file
awss3.filename   –  Name of the file on AWS S3
awss3.bucketname –  Name of the AWS S3 bucket
awss3.accesskey  –  Access key of the IAM user
awss3.secretkey  –  Secret key of the IAM user
awss3.region     –  Region of S3 bucket. This is optional.
awss3.endpoint   –  Endpoint for S3. This is optional.

Implementing the AWS S3 Client Put Service (Put a File from File System to AWS S3)

To implement the AWS S3 Client Put Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientPut">
  <sequence>
        <operation name="Extract File">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>put</assign>
            <assign to='source.path'>dummysourcepath</assign>
            <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.filename">dummyfilename</assign>
                <assign to="awss3.accesskey">dummyaccesskey</assign>
                <assign to="awss3.secretkey">dummysecretkey</assign>
                <assign to="awss3.endpoint">dummyendpoint</assign>
                <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>
Note: To put a file in a specific folder in AWS S3, make sure to mention the full path containing the folder name in <assign to="awss3.filename">.
For example:
<assign to="awss3.filename">TestFolder/testfile.txt</assign>

AWS S3 Client Service - Put a Folder from File System to AWS S3

Description

This service is used to retrieve a folder from file system and put all the contents of directory on AWS S3 to a given AWS S3 bucket.

Business usage

This service is used to retrieve a folder from file system and send it to AWS S3 on a given bucket dynamically using Sterling B2B Integrator. You can then process this file using other AWS capabilities.

Parameters description


action           -  put
source.path      –  File system path of the folder
awss3.bucketname –  Name of the AWS S3 bucket
awss3.accesskey  –  Access key of the IAM user
awss3.secretkey  –  Secret key of the IAM user
awss3.region     –  Region of S3 bucket. This is optional.
awss3.endpoint   –  Endpoint for S3. This is optional.

Implementing the AWS S3 Client Put Service (Put a Folder from File System to AWS S3)

To implement the AWS S3 Client Put Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientPutDirectory">
  <sequence>
        <operation name=" Upload directory">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>put</assign>
            <assign to='source.path'>dummysourcepath</assign>
            <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.accesskey">dummyaccesskey</assign>
            <assign to="awss3.secretkey">dummysecretkey</assign>
	    <assign to="awss3.endpoint">dummyendpoint</assign>
            <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>
Note: To put the directory contents in a specific folder in AWS S3, make sure to mention the value for folder name parameter in <assign to="awss3.foldername">dummyfoldername</assign>.

If you do not mention the folder name, all the files present in directory in the local file system are copied directly to the bucket in AWS S3.

AWS S3 Client Service - Get a Folder from AWS S3 to File System

Description

This service is used to retrieve folder from AWS S3 and put it on the file system.

Business usage

This service is used to retrieve a folder from AWS S3 and send it to the file system dynamically using Sterling B2B Integrator. You can then process this file using other AWS capabilities.

Parameters description


action           -  get
awss3.foldername –  Folder path on AWS S3
awss3.bucketname –  Name of the AWS S3 bucket
awss3.accesskey  –  Access key of the IAM user
awss3.secretkey  –  Secret key of the IAM user
awss3.region     –  Region of S3 bucket. This is optional.
awss3.endpoint   –  Endpoint for S3. This is optional.

Implementing the AWS S3 Client Get Service (Get a Folder from AWS S3 to File System)

To implement the AWS S3 Client Get Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientGetDirectory">
  <sequence>
        <operation name="Extract directory">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>get</assign>
            <assign to="awss3.foldername">dummyfoldername</assign>            
            <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.accesskey">dummyaccesskey</assign>
            <assign to="awss3.secretkey">dummysecretkey</assign>
	     <assign to="awss3.endpoint">dummyendpoint</assign>
            <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>

AWS S3 Client Service - Get a List of files from AWS S3 to File System

Description

This service is used to retrieve list of files from AWS S3 and put it on file system.

Business usage

This service is used to retrieve a list of files from AWS S3 and send it to file system dynamically using Sterling B2B Integrator. You can then process this file using other AWS capabilities.

Parameters description


action -            get
awss3.fileList   –  List of files on AWS S3
awss3.bucketname –  Name of the AWS S3 bucket
awss3.accesskey  –  Access key of the IAM user
awss3.secretkey  –  Secret key of the IAM user
awss3.region     –  Region of S3 bucket. This is optional.
awss3.endpoint   –  Endpoint for S3. This is optional.

Implementing the AWS S3 Client Get Service (Get a List of Files from AWS S3 to File System)

To implement the AWS S3 Client Get Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientGetFileList">
  <sequence>
        <operation name="Extract File List">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>get</assign>
            <assign to="awss3. fileList">dummyfilename1,dummyfilename2,dummyfilename3</assign>            
            <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.accesskey">dummyaccesskey</assign>
            <assign to="awss3.secretkey">dummysecretkey</assign>
	     <assign to="awss3.endpoint">dummyendpoint</assign>
            <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>

AWS S3 Client Service - Put a List of files from File System to AWS S3

Description

This service is used to put list of files from the file system on AWS S3.

Business usage

This service is used to retrieve a list of files from AWS S3 and send it to file system dynamically using Sterling B2B Integrator. You can then process this file using other AWS capabilities.

Parameters description


action           -  get
source.fileList  –  List of files on AWS S3
awss3.bucketname –  Name of the AWS S3 bucket
awss3.accesskey  –  Access key of the IAM user
awss3.secretkey  –  Secret key of the IAM user
awss3.region –      Region of S3 bucket. This is optional.
awss3.endpoint –    Endpoint for S3. This is optional.

Implementing the AWS S3 Client Put Service (Put a List of Files from File System to AWS S3)

To implement the AWS S3 Client Put Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientPutFileList">
  <sequence>
        <operation name="Extract File List">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>put</assign>
	     <assign to='source.path'>dummysourcepath</assign>
	     <assign to="awss3.fileList">dummyfilename1,dummyfilename2,dummyfilename3</assign>            
            <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.accesskey">dummyaccesskey</assign>
            <assign to="awss3.secretkey">dummysecretkey</assign>
	     <assign to="awss3.endpoint">dummyendpoint</assign>
            <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>
Note: To put the list of files under a specific folder in AWS S3, mention the value for folder name parameter in
<assign to="awss3.foldername">dummyfoldername</assign>
.

AWS S3 Client Service - Get files based on pattern from AWS S3 to file system

Description

This service is used to get files based on pattern from AWS S3 to file system.

Business usage

This service is used to get files based on pattern from AWS S3 to file system dynamically using Sterling B2B Integrator.

Parameters description


action            – get
awss3.filepattern – Pattern of files on AWS S3
awss3.bucketname  – Name of the AWS S3 bucket
awss3.accesskey   – Access key of the IAM user
awss3.secretkey   – Secret key of the IAM user
awss3.region      – Region of S3 bucket. This is optional.
awss3.endpoint    – Endpoint for S3. This is optional.

Implementing the AWS S3 Client Get Service (Get Files based on pattern from AWS S3 to file system)

To implement the AWS S3 Client Get Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientGetFilePatternList">
  <sequence>
        <operation name=" Extract File Pattern List">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>get</assign>
	     <assign to="awss3. filepattern">dummyfilepattern</assign>
            <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.accesskey">dummyaccesskey</assign>
            <assign to="awss3.secretkey">dummysecretkey</assign>
	     <assign to="awss3.endpoint">dummyendpoint</assign>
            <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>
  • AWS S3 prefixes (similar to folders) are included when matching the awss3.filepattern.
  • The awss3.filepattern must contain a valid regular expression supported by Java 8.
  • Example values of awss3.filepattern:
    Assignment Result
    <assign to="awss3.filepattern">.*\/*test.*[.]txt$</assign> All test*.txt objects
    <assign to="awss3.filepattern">test/support/activemq_.+</assign> All objects with prefixes test/support and starting with active_mq_
    <assign to="awss3.filepattern">test/support/.+</assign> All objects with prefixes test/support

AWS S3 Client Service - Put files based on pattern from File System to AWS S3

Description

This service is used to put files based on pattern from file system on AWS S3.

Business usage

This service is used to put files based on pattern from file system on file AWS S3 dynamically using Sterling B2B Integrator.

Parameters description


action –           put
source.path -      File system path of the file
source.filepattern – Pattern of files from file system
awss3.bucketname – Name of the AWS S3 bucket
awss3.accesskey –  Access key of the IAM user
awss3.secretkey –  Secret key of the IAM user
awss3.region –     Region of S3 bucket. This is optional.
awss3.endpoint –   Endpoint for S3. This is optional.

Implementing the AWS S3 Client Put Service (Put files based on pattern from File System to AWS S3 )

To implement the AWS S3 Client Put Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientPutFilePatternList">
  <sequence>
        <operation name=" Extract File Pattern List">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>put</assign>
	     <assign to='source.path'>dummysourcepath</assign>
	     <assign to="source.filepattern">dummyfilepattern</assign>
       <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.accesskey">dummyaccesskey</assign>
            <assign to="awss3.secretkey">dummysecretkey</assign>
	    <assign to="awss3.endpoint">dummyendpoint</assign>
            <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>
Note: To put the list of files under a specific folder in AWS S3, mention the value for folder name parameter in
<assign to="awss3.foldername">dummyfoldername</assign>
.

AWS S3 Client Service - List files on AWS S3

Description

This service is used to list files on AWS S3.

Business usage

This service is used to list files on AWS S3 dynamically using Sterling B2B Integrator.

Parameters description


action – list
awss3.bucketname – Name of the AWS S3 bucket
awss3.accesskey –  Access key of the IAM user
awss3.secretkey –  Secret key of the IAM user
awss3.region –     Region of S3 bucket. This is optional.
awss3.endpoint –   Endpoint for S3. This is optional.

Implementing the AWS S3 Client List Service (List Files on AWS S3)

To implement the AWS S3 Client List Service, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientList">
  <sequence>
        <operation name="List File">
          <participant name='AWSS3Client'/>
          <output message='xout'>
            <assign to='action'>list</assign>
            <assign to="awss3.bucketname">dummybucketname</assign>
            <assign to="awss3.accesskey">dummyaccesskey</assign>
            <assign to="awss3.secretkey">dummysecretkey</assign>
	     <assign to="awss3.endpoint">dummyendpoint</assign>
            <assign to="awss3.region">dummyregion</assign>
            <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>

AWS S3 Client Service - Obscuring Keys for AWS S3

Description

This service works with obscured access key and secret key on all AWS S3 operations.

Business usage

This service works with obscured access key and secret key on all AWS S3 operations dynamically using Sterling B2B Integrator.

Parameters description


action – get/put/list/delete
awss3.bucketname – Name of the AWS S3 bucket
awss3.filename – File Name on AWS S3 bucket
awss3.obscuredaccesskey –  Obscured Access key of the IAM user
awss3.obscuredsecretkey –  Obscured Secret key of the IAM user
awss3.region – Region of S3 bucket. This is optional.
awss3.endpoint – Endpoint for S3. This is optional.

Implementing the AWS S3 Client Service with Obscuring keys (Obscuring Files on AWS S3)

To obscure key, run the below script and use the output in the BP. Go to ./install/bin and run obscure_passphrase.sh/obscure_passphrase.sh accesskey/secretkey.

To implement the AWS S3 Client Service with obscured keys, replace the dummy values with the actual values in the following BP:

<process name="AWSS3ClientGetWithObscuredKey ">
  <sequence>
        <operation name=" Extract File with obscured keys ">
          <participant name='AWSS3Client'/>
          <output message='xout'>
           <assign to='action'>get</assign>
           <assign to="awss3.bucketname">dummybucketname</assign>		    
           <assign to="awss3.filename">testplain.txt</assign>
           <assign to="awss3.obscuredaccesskey ">dummyobscuredaccesskey</assign>
           <assign to="awss3.obscuredsecretkey ">dummyobscuredsecretkey</assign>
	    <assign to="awss3.endpoint">dummyendpoint</assign>
           <assign to="awss3.region">dummyregion</assign>
           <assign to='.' from='PrimaryDocument' />
          </output>
         <input message="xin">
           <assign to="." from="*"/>
         </input>
        </operation>
  </sequence>
</process>
Note:
  • You can specify source.downloadloc in AWS Get BP services to download the files from AWS S3 server to a specific location. By default, if this parameter is not specified, the system downloads the files to the <SI_INSTALL>/noapp/bin location. The files are downloaded with name filename_<currenttimestampinHHmmssS>.<extension>. Only the Get directory service downloads the entire folder without timestamp.
  • You can upload the files to S3 bucket with Public Read access by specifying awss3.publicaccess in AWS Put BPs such as Put file, Put directory, Put File list, Put File Pattern list, and Put from Mailbox. The valid values for awss3.publicaccess are true and false.
  • While uploading the files to AWS S3 server with Public Read access, make sure that the AWS account also has Public_access permission granted, for the PUT file operation to be successful. If the AWS account does not have this (public_read access) permission and you try to PUT a file with parameter, the system displays an error message.
  • The Primary Document or document info link for the get file is available for files lesser than 2MB and unavailable for files greater than 2MB.

AWS S3 Client Service is unable to connect to AWS S3 due to Certificate chaining error

The issue occurs when Sterling B2B Integrator uses authentication_policy.LDAP_SECURITY_TRUSTSTORE. To resolve the issue, perform the following:

  1. List certificates in JDK Trust store.
    cd <si_install_dir>/jdk/bin
    ./keytool -list -v -keystore ../jre/lib/security/cacerts -alias baltimorecybertrustca -storepass changeit -storetype jks
  2. Export the AWS root certificate.
    ./keytool -export -v -alias baltimorecybertrustca -keystore ../jre/lib/security/cacerts -storepass changeit -storetype jks -file aws_root.cer
  3. Import the AWS root certificate into LDAP_SECURITY_TRUSTSTORE configured in Sterling B2B Integrator.
    ./keytool -importcert -keystore <ldap-trust-store.jks> -alias baltimorecybertrustca -storepass <lap-store-password> -file <location-of-aws-root-cert> -storetype jks
  4. Ensure the certificate is added to the LDAP_SECURITY_TRUSTSTORE.
    ./keytool -list -v -keystore <ldap-trust-store.jks> -alias baltimorecybertrustca -storepass <lap-store-password> -storetype jks
  5. Restart Sterling B2B Integrator.