Link Search Menu Expand Document

AWS S3 Integration

The AS2 Gateway provides one-way access to incoming messages by optionally placing them into an AWS S3 bucket. Visiting the AWS S3 menu item, you can navigate to the S3 integration configuration page. Direct S3 integration will be helpful where backend systems processing incoming files are executing in a native AWS environment, like Lambda functions etc.

1 AWS S3 Bucket and Access Credentials

To allow AS2 Gateway to place incoming messages into an S3 bucket, first create a new bucket on your desired AWS account, and note its region. Next, you will need to create a security policy as shown below. Replace the text ‘<bucket-name>’ with the name of your S3 bucket. Once the policy is created, then create a user with programmatic access (i.e. using an Access key and Secret Key pair) assigned with the aforementioned policy.

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "BasicAccessToAS2Folder",
            "Effect": "Allow",
            "Action": [
            "Resource": "arn:aws:s3:::<bucket-name>/as2gateway/*"

Note: You can customize the security policy further if desired

Provide the plain S3 bucket name without any s3:// prefix, the region, and the access and secret keys in the page as shown below, and click Setup AWS S3 button.

AWS S3 Configuration
AWS S3 Configuration

AS2 Gateway will first perform a series of S3 operations on your bucket, to ensure that the provided credentials have sufficient permissions to access the bucket. (It will automatically revert/clean up the results after completion.) If there is any issue encountered during the access check, AS2 Gateway will flag the error and refuse to proceed. You can then make necessary changes on the configurations and key-pair permissions and re-submit, so that AS2 Gateway can re-run the check. Once the integration is performed successfully, you will see an output as follows.

AWS S3 Configuration Completed
AWS S3 Configuration Completed

S3 Folder and File Structure

After S3 integration, all files received to your AS2 Gateway trading stations will be saved into the S3 bucket; under the following path/prefix pattern:

AWS S3 File Path
e.g. AWS S3 File Path


  • Depending on the Partner type (i.e. test vs production), there may be an extra test/ sub-level after the <partner-AS2-ID>/ fragment.
  • Depending on the folder-structure format selected on the receiving trading station, there may be an extra sub-level or file-name prefix after the inbox/ fragment as can be seen in the example above.

For more details on these variations, check the SFTP folder structure documentation