[MNT-20260] APS S3 does not work with GovCloud and AmazonS3Client deprecated Created: 21-Dec-18  Updated: 23-Jun-20

Status: Open
Project: Service Packs and Hot Fixes
Component/s: APS Kickstart/Studio
Affects Version/s: Alfresco Process Services
Fix Version/s: Alfresco Process Services .N

Type: Service Pack Request
Reporter: Jennie Soria [X] (Inactive) Assignee: Mark Howarth
Resolution: Unresolved Votes: 0
Labels: Atlanta, Content-Storage
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to ACTIVITI-1014 AWS Java SDK libraries in activiti-ap... Backlog
relates to MNT-20066 Change the APS S3 implementation to b... Open
relates to MNT-18822 APS add additonal encryption function... Need Info
Bug Priority:
Category 1
ACT Numbers:




The S3 connector for APS does not work with GovCloud, though GovCloud is in the enum region list of the SDK. The regions is not set for the s3 client therefore it defaults to something else. APS does not provide bucket location/region or endpoint properties to set.

There are a few main issues:

1 > We do not set the region, the region defaults to default provider and in this case fails with GovCloud. The regions are enumerated so can be set from this.

2 > AmazonS3Client is deprecated. We are using a deprecated method for s3 client.

3 > version sdk is outdated: aws-java-sdk-s3-1.11.335.jar ( APS), current version 1.11.473

Customer (Jeff Potts provided a fix, which workS by getting and setting the region from the list of enum regions in the source code (com.activiti.content.storage.s3.AmazonS3ContentStorage) with the deprecated AmazonS3Client method.

s3client = new AmazonS3Client(new BasicAWSCredentials(accessKey, secretKey));

But in actuality this should be fixed to use the non-deprecated AmazonS3ClientBuilder:

BasicAWSCredentials awsCreds = new BasicAWSCredentials("access_key_id", "secret_key_id");
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
                        .withCredentials(new AWSStaticCredentialsProvider(awsCreds))

Replication Steps

  • set S3 configuration for APS using GovCloud bucket

Additional Information

APS uses

  • aws-java-sdk-ec2-1.11.335.jar
  • aws-java-sdk-core-1.11.335.jar
  • aws-java-sdk-kms-1.11.335.jar
  • aws-java-sdk-s3-1.11.335.jar

so, s3 version 1.11.335 : http://central.maven.org/maven2/com/amazonaws/aws-java-sdk-s3/1.11.335/

Looking at the sources jar for 1.11.335 sdk s3, it includes US_GovCloud("us-gov-west-1") in the enum Region list. So the region is available (enumerated) in the aws-java-sdk-s3 that is in use. But it does not work with our implementation.

The AmazonS3Client is deprecated. Instead the AmazonS3ClientBuilder should be used.


  • ./activiti-bpm-suite/content-storage-s3/src/main/java/com/activiti/content/storage/s3/AmazonS3ContentStorage.java
. . .
private AmazonS3 s3client;
    private String bucket;
    private String objectKeyPrefix;
    public AmazonS3ContentStorage(String accessKey, String secretKey, String bucket, String objectKeyPrefix) {
        this.bucket = bucket;
        this.objectKeyPrefix = objectKeyPrefix;
        // Create shared instance of S3 client
        s3client = new AmazonS3Client(new BasicAWSCredentials(accessKey, secretKey));
. . .
  • ./activiti-bpm-suite/activiti-app/src/main/java/com/activiti/conf/ContentStorageConfiguration.java
public class ContentStorageConfiguration {
. . . 
    private static final String PROP_S3_ACCESS_KEY = "contentstorage.s3.accessKey";
    private static final String PROP_S3_SECRET_KEY = "contentstorage.s3.secretKey";
    private static final String PROP_S3_BUCKET_NAME = "contentstorage.s3.bucketName";
    private static final String PROP_S3_OBJECT_KEY_PREFIX = "contentstorage.s3.objectKeyPrefix";
. . .

Comment by Mark Howarth [ 23-Aug-19 ]

Reassigning to Doug Gruber, the new PM for APS.

Comment by Mark Howarth [ 02-Dec-19 ]

Assigning to Mark Howarth as PM for APS.

Generated at Mon Jul 13 09:17:21 BST 2020 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.