Genesys Cloud - Main

 View Only

Discussion Thread View
  • 1.  S3 Bucket Integration

    Posted 07-29-2024 06:44
    Edited by Mateusz Janowicz 07-29-2024 06:44

    Hi,

    I'm trying to configure the S3 Bucket Integration.

    It is configured within Genesys Cloud with the S3 Bucket name and the credentials look as follows:

    arn:aws:iam::accountid:role/myrole

    Credentials are marked with green checkbox Configured.

    AWS:

    Roles trusted entities:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::765628985471:root"
                },
                "Action": "sts:AssumeRole",
                "Condition": {
                    "StringEquals": {
                        "sts:ExternalId": "org_ID"
                    }
                }
            }
        ]
    }

    This role has permissions assigned:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject",
                    "s3:GetEncryptionConfiguration",
                    "s3:GetBucketLocation",
                    "s3:PutObjectAcl"
                ],
                "Resource": "arn:aws:s3:::mybucket"
            }
        ]
    }

    Block all public access is set to off.

    However when activating the integration I'm getting the following:

    Integration failed validation: Exception creating test object with ARN provided

    Has anyone encountered this issue before?

    BR,

    Mateusz

              


    #API/Integrations

    ------------------------------
    Mateusz Janowicz
    infinit.cx GmbH
    ------------------------------



  • 2.  RE: S3 Bucket Integration

    GENESYS
    Posted 07-29-2024 11:35

    Hey Matuesz,

    I haven't experienced the same issue before, so I would recommend raising a case with care for this one, its hard for us to tell what could be causing the issue and care will be able to review the logs to see what is causing the issue.

    In the meantime, if someone else has experienced the issue and knows the cause, hopefully they will let us know here



    ------------------------------
    Sam Jillard
    Online Community Manager/Moderator
    Genesys - Employees
    ------------------------------



  • 3.  RE: S3 Bucket Integration

    Posted 09-25-2024 23:14

    Hi Mateusz,

    We are facing the same error message when we updated new credential information to the integration. is this resolved now?

    Cheers,

    Priya



    ------------------------------
    Priyavarshini Manohar
    Black Box Technologies New Zealand Limited
    ------------------------------



  • 4.  RE: S3 Bucket Integration

    Posted 09-26-2024 05:47
    Edited by Samuel Jillard 28 days ago

    Hi Priya,

    I resolved this by adjusting the S3 bucket policy. I was getting an error 

    stack_trace:"com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied 

    Genesys Cloud wants to put a test object to the bucket, while activating the integration. Make sure the policy for the bucket is set properly in terms of putting objects, by other accounts.



    ------------------------------
    Mateusz Janowicz
    infinit.cx GmbH
    ------------------------------



  • 5.  RE: S3 Bucket Integration

    Posted 09-29-2024 16:19
    Thanks for your solution, Mateusz! I guess this will do the trick.

    Kind Regards,

     

    Priyavarshini Manohar

    Development Operations Engineer

    Black Box Technologies New Zealand Ltd
    Mob: +64 27 700 8870 | Office: +64 09 477 0501

       

    Next Leave Notification: NA






  • 6.  RE: S3 Bucket Integration
    Best Answer

    Posted 28 days ago

    Hi there,

    There is actually no need for setting up the bucket policy at all. It can just be set to block the public access.

    Important thing is to setup the role and it's permission profile correctly.

    Make sure you have the role for S3 adjusted correctly:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::<aws_account_ID_for_gc_region>:root"
                },
                "Action": "sts:AssumeRole",
                "Condition": {
                    "StringEquals": {
                        "sts:ExternalId": "<org_ID>"
                    }
                }
            }
        ]
    }

    And the IAM S3 policy looks as follows:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "ForGC",
                "Effect": "Allow",
                "Action": [
                    "s3:GetEncryptionConfiguration",
                    "s3:PutObjectAcl",
                    "s3:PutObject",
                    "s3:GetBucketLocation"
                ],
                "Resource": [
                    "arn:aws:s3:::<bucket_name>",
                    "arn:aws:s3:::*/*"
                ]
            }
        ]
    }

    Then the integration will work as well, and you don't need to make the s3 bucket public.



    ------------------------------
    Mateusz Janowicz
    -
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources