Permission Denied Issue while Accessing S3 Bucket via UiPath Robot with AWS EC2 Instance Profile

Hello all,

Currently, we are testing a simple code to upload files to a specific S3 bucket defined within UiPath Studio. The code we are using is as follows:

Dim folderPath As String = “C:\Users\UatRobot001\Downloads\xxxxxx\yyyyy\Data”
Dim hs As System.Security.Cryptography.MD5 = System.Security.Cryptography.MD5.Create()
Dim bucketName As String = “your-robot-bucket-name”
Dim accessKey As String = “secreAccess”
Dim secreteKey As String = “secretKey”
Dim regionEndpoint As Amazon.RegionEndpoint = Amazon.RegionEndpoint.EUCentral1
Dim client As Amazon.S3.AmazonS3Client = New Amazon.S3.AmazonS3Client(accessKey, secreteKey, regionEndpoint)

So far, everything is working fine. We are able to list objects, upload files, and perform other operations. However, since we have already attached an IAM role to our AWS EC2 instance profile, we expect the following code to work:

Dim folderPath As String = “C:\Users\UatRobot001\Downloads\xxxxxx\yyyyy\Data”
Dim hs As System.Security.Cryptography.MD5 = System.Security.Cryptography.MD5.Create()
Dim bucketName As String = “your-robot-bucket-name”
Dim regionEndpoint As Amazon.RegionEndpoint = Amazon.RegionEndpoint.EUCentral1

’ Create the client with the regionEndpoint, assuming we can retrieve the credentials from the instance profile:
Dim client As New Amazon.S3.AmazonS3Client(regionEndpoint)

Unfortunately, this code fails with a “permission denied” error. Please note that if we use the AWS CLI with the attached EC2 instance profile, like:

aws s3 ls your-robot-bucket-name/prefix/blabla
aws s3 cp file.pdf your-robot-bucket-name/prefix/blabla

It works perfectly fine. Therefore, it is evident that the attached IAM role has the necessary permissions.

So, either UiPath Robot is unable to retrieve the correct credentials because our code is incorrect, or maybe this scenario is still not supported?

We also try the following:

Dim regionEndpoint As Amazon.RegionEndpoint = Amazon.RegionEndpoint.EUCentral1

Dim credentials As Amazon.Runtime.AWSCredentials = New Amazon.Runtime.InstanceProfileAWSCredentials()
Dim client As New Amazon.S3.AmazonS3Client(credentials, regionEndpoint)

and

Dim roleName As String = “your-robot-bucket-name”

Dim credentials As Amazon.Runtime.AWSCredentials = New Amazon.Runtime.InstanceProfileAWSCredentials(roleName)

Dim client As Amazon.S3.AmazonS3Client = New Amazon.S3.AmazonS3Client(credentials, regionEndpoint)

Crash! → Permission

Please find the attached error.

Screenshot from 2023-06-30 13-50-52740×308 137 KB

Any help or hints would be greatly appreciated. Thank you!

Hi,

Can you check if the object is public(If not make it public from the bucket) and see if you are able to access it.

Might help to narrow down the error.

Also, try

Set up your AWS credentials in UiPath, you can do this by creating an AWSCredentials object with your access key and secret access key. You can store these credentials securely in UiPath’s Credential Manager.Once you have the AWS credentials, you need to generate the AWS signature for your API requests. You can use the AmazonS3Client class from the AWS SDK to generate the signature. With the AWS signature, you can now make API requests to read the contents of the file from the S3 bucket.

Thanks.

Hello Prateek,

Thanks a lot for your feedback. Unfortunately we can’t make the object available since it is an external AWS account.

Regarding credentials options. That scenario is already working. (ccess key and secret access key) for an user with the same IAM policies attached works perfectly. The problems is that for production the only available scenario is via AWS EC2 Instance Profile.

Best Regards