Amazon S3 trading partner
This trading partner exchanges data with an Amazon S3 Bucket. The MFT Server initiates the connection to the remote Amazon S3 Bucket. It is assumed that the administrator of the Amazon account has configured an S3 Bucket, and has provided you with the details needed to set up the trading partner.
Adding the Amazon S3 trading partner
In the desired domain, navigate to the AUTOMATION > Trading Partners
module. Click on the Add
button, or right click anywhere in the grid area and select Add
from the pop-up menu. In the Add Trading Partner
dialog window, select Amazon S3
as the Protocol, then click OK. The Add "Amazon S3" Trading Partner
dialog will appear as depicted in the image below.
Timeout - The timeout (in seconds) for establishing a connection to the remote service.
Proxy
This section is for MFT Server customers who have configured a proxy server that the trading partner connection is required to go through.
Proxy Type - The type of proxy service - either None or HTTP. If HTTP is selected, the following fields can be set:
-
Proxy Host - The hostname or IP address of the proxy service
-
Proxy Port - The port number of the proxy service
-
Username - The username used when logging in to the proxy service
-
Password - The password used when logging in to the proxy service
Authentication
Use Credentials - If selected, enter the Username/Access key and Password/Secret key fields, which will be used to authenticate access to the Amazon S3 Bucket. These details would need to be provided to you by the administrator of the Amazon S3 Bucket. As a tip, this information can be generated by the S3 Bucket administrator using Amazon's IAM (Identity and Access Management) console. Using the console, navigate to the Access management heading, click on Users, then select the desired user. Next, click on the Security credentials tab and select the Create access key button. The key and password generated should be used in the fields below.
-
Username/Access key - The Username/Access key for the S3 Bucket
-
Password/Secret Key - The corresponding Password/Secret key
Use IAM Role - If selected, uses the Identity and Access Management role for authentication.
When connecting to an Amazon S3 trading partner and/or network storage using the IAM Role, it assumes the role provided by the EC2 metadata. While this works for most instances, it does not work when using a Kubernetes cluster. Therefore, below you will find instructions on how to access an AWS S3 Bucket from a K8 Cluster using the IAM role feature.
Create an IAM role with the following policy document. Replace jscape-test-eks-bucket with your bucket name.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::jscape-test-eks-bucket",
"arn:aws:s3:::jscape-test-eks-bucket/*"
]
}
]
}
Attach the IAM role to the cluster's node or instance.
Create a JSCAPE MFT pod using the Docker Instructions below:
Note: Modify the Policy document if the MFT needs to access more S3 buckets.
Use encryption - If checked, enables encryption for this trading partner connection.
-
AES-256 - If selected, uses server-side AES-256 encryption with Amazon S3 managed keys.
-
AWS-KMS - If selected, uses server-side encryption with AWS-KMS managed keys. AWS-KMS keys are created in AWS via the Key Management Service. The dropdown for this field pulls in a list of available keys from AWS.
Region - Select the Amazon region that the S3 Bucket belongs to.
Requester pays - If checked, configure an Amazon S3 bucket to be a Requester Pays bucket, meaning the requester pays the cost of the request and data download instead of the bucket owner.
Tags
Tags - If specified, this is the one or more tags that are used to limit which administrators have access to the network.
Example using the Amazon S3 Bucket trading partner in a trigger action
Triggers are created on the domain-level in AUTOMATION > Triggers
. Triggers listen for events (e.g., a file upload) and respond with actions. There are many trading partner-specific trigger actions. This example does not provide all the steps when creating a trigger; it describes how a trigger action would be configured using the Amazon S3 Bucket trading partner. For a complete discussion about triggers, see Adding triggers.
Assume, when a trigger event occurs, you would like a file to be automatically uploaded from the MFT Server to the Amazon S3 Bucket trading partner.
To accomplish this, you would need to add an action to the trigger, in the Trigger Actions area. The action to add is Trading Partner File Upload
as depicted in the image below.
Name - The Name of the Action. The system-generated default value (as depicted in the image above) can be changed to a more user-friendly name, if desired. The Name field can be specified as the input parameter when using the GetActionResult function. For backwards compatibility, the GetActionResult function still supports using the system-assigned Action ID as the input parameter.
Notes - This field is used to describe the action.
Both the Name and Notes fields are displayed as a tooltip when you mouse over an action node in the Trigger Actions canvas area.
Partner - This is the Amazon S3 Bucket trading partner name. A list of existing trading partners will appear in the dropdown list for you to choose from.
Local File - This is the local file on the MFT Server to upload to the Amazon S3 Bucket trading partner.
Remote File -This is the file name to upload. This optional field allows you to specify an alternative remote file name (one that is different from the source file name). You can specify the file's full path, or just the file name. If only the file name is specified, then the user's root path is used as the location to upload the file. This field's value takes precedence over the Remote Directory field. The Remote Directory field is ignored when the Remote File field is being used.
Remote Directory - This is the Amazon S3 Bucket name that identifies where to upload the file to. It is only used when the Remote File field is blank. When used, it is an existing bucket configured by the administrator of the Amazon S3 Bucket. It could consist of just the bucket name, or the bucket name followed by one or more folder names, as depicted in the above image (mfttestbucket/FolderA). The remote file path is constructed using the Remote Directory name and the source file name.
Using the Amazon Console UI, the image below depicts the results of the above Trading Partner File Upload
action example, after the trigger runs.