When we have to upload multiple files or attach many files to any record, Salesforce provides storage limit per user license purchased. It varies from edition to edition. So, sometimes organisations decide to use external storage service like Amazon S3 cloud.
User can be given option to upload files to Amazon S3 via Salesforce and access them using the uploaded URLs. REST protocol is used in this scenario.
Files will be uploaded securely from Salesforce to Amazon server. After create your AWS (Amazon Web Service) user account, login secret and key ID will be shared with you by Amazon. This will be used to login to S3 Cloud from Salesforce.
After logging in to AWS, you can go to console screen and click on S3 under Storage & Content Delivery section.
You can create a bucket where the files will be uploaded.
You can not create folders inside bucket, but a logical folder using ‘/’ slash can be created.
We will see here everything in action:
[sourcecode language=”java”]
public void uploadToAmazonS3 (Attachment attach, String folderName) {
String filename = folderName+’/’ + attach.Name;
String attachmentBody = EncodingUtil.base64Encode(attach.Body);
String formattedDateString = DateTime.now().formatGMT(‘EEE, dd MMM yyyy HH:mm:ss z’);
String bucketname = //you can write the bucket name where files should be uploaded
String host = //aws server base url
HttpRequest req = new HttpRequest();
req.setMethod(‘PUT’);
req.setEndpoint(‘https://’ + bucketname + ‘.’ + host + ‘/’ + filename);
req.setHeader(‘Host’, bucketname + ‘.’ + host);
req.setHeader(‘Content-Length’, String.valueOf(attachmentBody.length()));
req.setHeader(‘Content-Type’, attach.ContentType);
req.setHeader(‘Connection’, ‘keep-alive’);
req.setHeader(‘Date’, formattedDateString);
req.setHeader(‘ACL’, ‘public-read-write’);
Blob blobBody = EncodingUtil.base64Decode(attachmentBody);
req.setBodyAsBlob(blobBody);
}
[/sourcecode]
Create a REST request and set the headers as mentioned.
host can be region specific server ‘s3-ap-southeast-1.amazonaws.com’ or the generic ‘s3.amazonaws.com’.
The request needs to be equipped with proper authentication so that it reaches securely at correct endpoint. To achieve this, Amazon provided login secret and key ID will be used and an authorization string will be created. Authorization string will contain an encrypted signature.
[sourcecode language=”java”]
String key = XXXXXXXXXXXXXXXXXXXX
String secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
String stringToSign = ‘PUTnn’ + attach.ContentType + ‘n’ + ‘/’ + bucketname + ‘/’ + filename;
Blob mac = Crypto.generateMac(‘HMACSHA1’, blob.valueOf(stringToSign), blob.valueof(secret));
String signed = EncodingUtil.base64Encode(mac);
String authHeader = ‘AWS’ + ‘ ‘ + key + ‘:’ + signed;
[/sourcecode]
The above authorization string needs to be passed as a header to the http request. And then make the REST send the request.
[sourcecode language=”java”]
req.setHeader(‘Authorization’, authHeader);
Http http = new Http();
HTTPResponse resp;
resp = http.send(req);
[/sourcecode]
The response status code of 200 means a successful upload.
Now, the bucket needs to be configured as a website. The objects (files uploaded) should be made publicly readable, so that the same URL using which the file is uploaded can be used to access the files publicly. To do so you need to write a bucket policy that grants everyone “s3:GetObject” permission.
You can go to http://awspolicygen.s3.amazonaws.com/policygen.html
and create a policy. Follow the below steps to create the policy.
Principal: *
Set the Amazon Resource Name (ARN) to arn:aws:s3:::<bucket_name>/<key_name>
Add your bucket above and <key_name> is set to *.
Click on Add Statement and then Generate Policy. Copy the JSON script generated.
To provide you an example how does the policy looks, I have created a bucket policy script.
[sourcecode language=”java”]
{
“Version”: “2012-10-17”,
“Id”: “Policy1463490894535”,
“Statement”: [
{
“Sid”: “Stmt1463490882740”,
“Effect”: “Allow”,
“Principal”: “*”,
“Action”: “s3:GetObject”,
“Resource”: “arn:aws:s3:::bucket_name/*”
}
]
}
[/sourcecode]
Then open the bucket you created, go to properties. Click on Add Bucket Policy, when the popup opens, paste the script generated and save. This will make the files uploaded in the bucket publicly accessible.
7 thoughts on “Upload files in Amazon S3 from Salesforce”
Hi,
I tried exactly the same way but i am getting “400 Error – Bad Request”. What could be the issue ?
Regards,
Aditya.
Hi Aditya,
First thing I would say to check the error code in the response. It can be something like ‘CredentialsNotSupported’, ‘ExpiredToken’, ‘IncompleteBody’ etc. Then based on that, modify your request body or parameter as needed.
For example, if you don’t provide the number of bytes specified by the Content-Length HTTP header, you will 400 bad request with IncompleteBody code.
Thanks
Hi,
i got this type of error:
RESPONSE STRING: System.HttpResponse[Status=Forbidden, StatusCode=403]
AccessDeniedAccess DeniedA6F24AA2A978CDF8K7F4xK71TB6xo0/tTcdDEXRMpEMbaM0od0BbfVO7bPAsPRKeZOWVbm/2QQLfOHH5Y5bi0KoRUJk=what i do?
Hi,
I am trying to upload a JSON file to amazon s3 bucket. But I am getting an exception as :
Callout Exception: Unexpected end of file from server
My Code:
public class ProductAmazon_RestClass {
public void ProductAmazon_RestMethod(string folderName){
string binaryString = ProductAmazonIntegration.ProductAmazonIntegration();
String key=’***********************’;
String secret=’*********************************************************************’;
String formattedDateString= Datetime.now().formatGMT(‘EEE, dd MMM yyyy HH:mm:ss z’);
String bucketname = ”;
String host = ‘s3-website-us-east-1.amazonaws.com’;
String method = ‘PUT’;
String filename = ‘Product/Product.json’;
//Request starts
HttpRequest req = new HttpRequest();
req.setMethod(method);
req.setEndpoint(‘https://’ + bucketname + ‘.’ + host + ‘/’ + bucketname + ‘/’ + filename);
req.setHeader(‘Host’, bucketname + ‘.’ + host);
req.setTimeout(120000);
req.setHeader(‘Content-Length’, string.valueOf(binaryString.length()));
req.setHeader(‘Content-Encoding’, ‘UTF-8’);
req.setHeader(‘Content-type’, ‘application/json’);
req.setHeader(‘Connection’,’keep-alive’);
req.setHeader(‘Date’, formattedDateString);
req.setHeader(‘ACL’,’public-read’);
req.setBody(binaryString);
String stringToSign = ‘PUTnnn’+formattedDateString+’nn/’+bucketname+’/’+filename;
String signed = createSignature(stringToSign,secret);
String authHeader = ‘AWS’ + ‘ ‘ + key + ‘:’ + signed;
req.setHeader(‘Authorization’,authHeader);
Http http = new Http();
try {
//Execute web service call
HTTPResponse res = http.send(req);
System.debug(‘RESPONSE STRING: ‘ + res.toString());
System.debug(‘RESPONSE STATUS: ‘+res.getStatus());
System.debug(‘STATUS_CODE: ‘+res.getStatusCode());
} catch(System.CalloutException e) {
system.debug(‘AWS Service Callout Exception: ‘ + e.getMessage());
}
}
public string createSignature(string canonicalBuffer,String secret){
string sig;
Blob mac = Crypto.generateMac(‘HMACSHA1’, blob.valueof(canonicalBuffer),blob.valueof(secret));
sig = EncodingUtil.base64Encode(mac);
return sig;
}
}
Hi,
Apart from integrating Amazon AWS S3 with Salesforce, we have a requirement to Gzip files before placing them in S3 bucket. Is there any way possible to Gzip TXT files? If yes then only thing I need is to Integrate S3 with Salesforce through RESTful Services.
Thanks in advance,
Shubham
Yes, you can do that setting setcompressed to true on HTTP request. And it is recommended to use header parameter content-encoding as gzip in this case.
Whats wrong here??
I am getting some or the other error code. AWS s3 is open to public
public class echo2 {
public void uploadToAmazonS3 (Attachment attach) {
String filename = attach.Name;
String attachmentBody = EncodingUtil.base64Encode(attach.Body);
String formattedDateString = DateTime.now().formatGMT(‘EEE, dd MMM yyyy HH:mm:ss z’);
String bucketname = ‘testing071’;
String host = ‘s3.us-east-1.amazonaws.com’;
HttpRequest req = new HttpRequest();
req.setMethod(‘PUT’);
req.setEndpoint(‘https://’ + bucketname + ‘.’ + host + ‘/’ + filename);
req.setHeader(‘Host’, bucketname + ‘.’ + host);
req.setHeader(‘Content-Length’, String.valueOf(attachmentBody.length()));
req.setHeader(‘Content-Type’, attach.ContentType);
req.setHeader(‘Connection’, ‘keep-alive’);
req.setHeader(‘Date’, formattedDateString);
req.setHeader(‘ACL’, ‘public-read-write’);
Blob blobBody = EncodingUtil.base64Decode(attachmentBody);
req.setBodyAsBlob(blobBody);
String key = ‘**’;
String secret = ‘**’;
String stringToSign = ‘PUT\n\n’ + attach.ContentType + ‘\n’ + ‘/’ + bucketname + ‘/’ + filename;
Blob mac = Crypto.generateMac(‘HMACSHA1’, blob.valueOf(stringToSign), blob.valueof(secret));
String signed = EncodingUtil.base64Encode(mac);
String authHeader = ‘AWS’ + ‘ ‘ + key + ‘:’ + signed;
req.setHeader(‘Authorization’, authHeader);
system.debug(‘rq body: ‘+req.getBody());
Http http = new Http();
HTTPResponse resp;
system.debug(‘req’+req);
resp = http.send(req);
system.debug(‘resp’+resp);
system.debug(resp.getBody());
}
}