Loading
Public Sector Solutions Documentation
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Set Up the Salesforce Connection to Amazon S3

            You are here:

            1. Salesforce Help
            2. Docs
            3. Public Sector Solutions

            Set Up the Salesforce Connection to Amazon S3

            Access, link to a record, and stream Amazon S3 files by configuring Amazon S3 as an external data source in Salesforce.

            Required Editions

            Enable Files Connect

            Let users access, link to a record, and stream files from an external storage system, such as Amazon S3.

            We recommend that you use Reference as the File Sharing mode during configuration. The Copy mode of File Sharing doesn’t support files larger than 2 GB.

            For instructions, see Enable Salesforce Files Connect for Your Organization.

            Enable File Access in Amazon S3

            Let users access and link Amazon S3 files to a record, such as a case.

            Required Editions

            User Permissions Needed
            To enable file access in Amazon S3: Customize Application
            1. From Setup, enter External Storage in the Quick Find box, and then select External Storage Settings.
            2. Turn on Access files in Amazon S3.

            Configure a Named Credential for Amazon S3

            Secure and simplify authenticated API callouts to your Amazon S3 buckets by defining a named credential. To simplify the setup of authenticated callouts, create an external credential to specify an authentication protocol and then specify a named credential as the callout endpoint.

            1. Create an external credential and its principal to specify details of how Salesforce authenticates callouts to resources in Amazon Web Services over HTTP by using the AWS Signature v4 protocol.
              For higher security, we recommend that you use STS. See Create or Edit an AWS Signature v4 External Credential.
            2. Define a named credential to specify the URL of a callout endpoint.

              Make sure that the URL is in this format: https://<bucketname>.s3.<region>.amazonaws.com.

              For example, https://evidences-user2.s3.us-west-2.amazonaws.com. See Create a Named Credential.

            3. Use the principal to link the external credential to a permission set or user profile so that users can make callouts using the named credential.

            Define an External Data Source for Amazon S3

            Let business users, such as caseworkers and investigators, access Amazon S3 as an external data source from within Salesforce.

            1. From Setup, in the Quick Find box, enter External, and then select External Data Sources.
            2. Click New External Data Source.
            3. Enter the external data source label and name.
            4. Select Files Connect: Amazon S3 as the type of the external data source.
            5. Select the named credential that contains the URL to the Amazon S3 bucket.
            6. If necessary, modify the presigned URL timeout.
            7. Save your changes.

            Enable User External Credentials

            Make sure that all users who need to access the Amazon S3 content have read access to user external credentials.

            Add the Named Credential URL as a Trusted URL

            Specify the named credential URL as a trusted URL ​​that your users and the network can interact with.

            Select these Content Security Policy (CSP) directives for the trusted URL: scripts, images, audio and video. The Lightning components, third-party APIs, and WebSocket connections can load these directives from the trusted URL.

            See Add or Edit a Trusted URL and Specify CSP Directives for a Trusted URL sections in Managed Trusted URLs.

            Create and Assign User Permissions to Access Files in Amazon S3

            Create a permission set for the business users to access files in S3 buckets.

            Required Editions

            User Permissions Needed
            To create and assign permission sets:

            View Setup and Configuration

            AND

            Assign Permission Sets

            AND

            Customize Application
            1. From Setup, enter Permission Sets in the Quick Find box, then select Permission Sets.
            2. Create a permission set.
              For example, AmazonS3 User Access.
            3. Make sure that User License is set to the default option None.
            4. Save your changes.
            5. Click System Permissions, then click Edit.
            6. To access files in Amazon S3, select Files Connect Cloud.
            7. Save your changes.
            8. Click Manage Assignments in the toolbar at the top of the page. Then, click Add Assignments, select users for the permission set, and click Assign.
            9. In Setup, return to the detail page for the permission set.
            10. For a permission set, in the Apps section, click External Data Source Access.
            11. Click Edit, add specific data sources to the Enabled External Data Sources list, and click Save.

            See Also

             
            Loading
            Salesforce Help | Article