Amazon S3 · Apex · Integration · REST · Salesforce

Upload files in Amazon S3 from Salesforce

When we have to upload multiple files or attach many files to any record, Salesforce provides storage limit per user license purchased. It varies from edition to edition. So, sometimes organisations decide to use external storage service like Amazon S3 cloud.

User can be given option to upload files to Amazon S3 via Salesforce and access them using the uploaded URLs. REST protocol is used in this scenario.

Files will be uploaded securely from Salesforce to Amazon server. After create your AWS (Amazon Web Service) user account, login secret and key ID will be shared with you by Amazon. This will be used to login to S3 Cloud from Salesforce.

After logging in to AWS, you can go to console screen and click on S3 under Storage & Content Delivery section.

You can create a bucket where the files will be uploaded.

You can not create folders inside bucket, but a logical folder using ‘/’ slash can be created.

We will see here everything in action:

public void uploadToAmazonS3 (Attachment attach, String folderName) {

String filename = folderName+'/' + attach.Name;
String attachmentBody = EncodingUtil.base64Encode(attach.Body);
String formattedDateString ='EEE, dd MMM yyyy HH:mm:ss z');
String bucketname = //you can write the bucket name where files should be uploaded
String host = //aws server base url

HttpRequest req = new HttpRequest();
req.setEndpoint('https://' + bucketname + '.' + host + '/' + filename);
req.setHeader('Host', bucketname + '.' + host);
req.setHeader('Content-Length', String.valueOf(attachmentBody.length()));
req.setHeader('Content-Type', attach.ContentType);
req.setHeader('Connection', 'keep-alive');
req.setHeader('Date', formattedDateString);
req.setHeader('ACL', 'public-read-write');
Blob blobBody = EncodingUtil.base64Decode(attachmentBody);

Create a REST request and set the headers as mentioned.

host can be region specific server ‘’ or the generic ‘’.

The request needs to be equipped with proper authentication so that it reaches securely at correct endpoint. To achieve this, Amazon provided login secret and key  ID will be used and an authorization string will be created. Authorization string will contain an encrypted signature.


String stringToSign = 'PUT\n\n' + attach.ContentType + '\n' + '/' + bucketname + '/' + filename;

Blob mac = Crypto.generateMac('HMACSHA1', blob.valueOf(stringToSign), blob.valueof(secret));
String signed = EncodingUtil.base64Encode(mac);
String authHeader = 'AWS' + ' ' + key + ':' + signed;

The above authorization string needs to be passed as a header to the http request. And then make the REST send the request.

req.setHeader('Authorization', authHeader);
Http http = new Http();
HTTPResponse resp;

resp = http.send(req);

The response status code of 200 means a successful upload.

Now, the bucket needs to be configured as a website. The objects (files uploaded) should be made publicly readable, so that the same URL using which the file is uploaded can be used to access the files publicly. To do so you need to write a bucket policy that grants everyone “s3:GetObject” permission.

You can go to

and create a policy. Follow the below steps to create the policy.

Principal: *

Set the Amazon Resource Name (ARN) to arn:aws:s3:::<bucket_name>/<key_name>

Add your bucket above and <key_name> is set to *.

Click on Add Statement and then Generate Policy. Copy the JSON script generated.

To provide you an example how does the policy looks, I have created a bucket policy script.

	"Version": "2012-10-17",
	"Id": "Policy1463490894535",
	"Statement": [
			"Sid": "Stmt1463490882740",
			"Effect": "Allow",
			"Principal": "*",
			"Action": "s3:GetObject",
			"Resource": "arn:aws:s3:::bucket_name/*"
Then open the bucket you created, go to properties. Click on Add Bucket Policy, when the popup opens, paste the script generated and save. This will make the files uploaded in the bucket publicly accessible.


10 thoughts on “Upload files in Amazon S3 from Salesforce

  1. Hi,

    I tried exactly the same way but i am getting “400 Error – Bad Request”. What could be the issue ?



    1. Hi Aditya,

      First thing I would say to check the error code in the response. It can be something like ‘CredentialsNotSupported’, ‘ExpiredToken’, ‘IncompleteBody’ etc. Then based on that, modify your request body or parameter as needed.
      For example, if you don’t provide the number of bytes specified by the Content-Length HTTP header, you will 400 bad request with IncompleteBody code.



  2. Hi,
    i got this type of error:
    RESPONSE STRING: System.HttpResponse[Status=Forbidden, StatusCode=403]

    AccessDeniedAccess DeniedA6F24AA2A978CDF8K7F4xK71TB6xo0/tTcdDEXRMpEMbaM0od0BbfVO7bPAsPRKeZOWVbm/2QQLfOHH5Y5bi0KoRUJk=
    what i do?


  3. Hi,
    I am trying to upload a JSON file to amazon s3 bucket. But I am getting an exception as :
    Callout Exception: Unexpected end of file from server

    My Code:
    public class ProductAmazon_RestClass {
    public void ProductAmazon_RestMethod(string folderName){
    string binaryString = ProductAmazonIntegration.ProductAmazonIntegration();
    String key=’***********************’;
    String secret=’*********************************************************************’;
    String formattedDateString=‘EEE, dd MMM yyyy HH:mm:ss z’);
    String bucketname = ”;
    String host = ‘’;
    String method = ‘PUT’;
    String filename = ‘Product/Product.json’;

    //Request starts
    HttpRequest req = new HttpRequest();
    req.setEndpoint(‘https://’ + bucketname + ‘.’ + host + ‘/’ + bucketname + ‘/’ + filename);
    req.setHeader(‘Host’, bucketname + ‘.’ + host);
    req.setHeader(‘Content-Length’, string.valueOf(binaryString.length()));
    req.setHeader(‘Content-Encoding’, ‘UTF-8’);
    req.setHeader(‘Content-type’, ‘application/json’);
    req.setHeader(‘Date’, formattedDateString);

    String stringToSign = ‘PUT\n\n\n’+formattedDateString+’\n\n/’+bucketname+’/’+filename;
    String signed = createSignature(stringToSign,secret);
    String authHeader = ‘AWS’ + ‘ ‘ + key + ‘:’ + signed;
    Http http = new Http();
    try {
    //Execute web service call
    HTTPResponse res = http.send(req);
    System.debug(‘RESPONSE STRING: ‘ + res.toString());
    System.debug(‘RESPONSE STATUS: ‘+res.getStatus());
    System.debug(‘STATUS_CODE: ‘+res.getStatusCode());

    } catch(System.CalloutException e) {
    system.debug(‘AWS Service Callout Exception: ‘ + e.getMessage());


    public string createSignature(string canonicalBuffer,String secret){
    string sig;
    Blob mac = Crypto.generateMac(‘HMACSHA1’, blob.valueof(canonicalBuffer),blob.valueof(secret));
    sig = EncodingUtil.base64Encode(mac);
    return sig;


    Liked by 1 person

  4. Hi,
    Apart from integrating Amazon AWS S3 with Salesforce, we have a requirement to Gzip files before placing them in S3 bucket. Is there any way possible to Gzip TXT files? If yes then only thing I need is to Integrate S3 with Salesforce through RESTful Services.
    Thanks in advance,


  5. Hi Subrat, I am working on displaying Amazon S3 objects in Salesforce. For instance – A folder created in S3 corresponding to Salesforce user and the user is expected to see all files in Salesforce under his folder. Any idea on how to implement this in apex?


  6. Thanks for the solutionl. But I am only being able to upload files upto 12 MB through this code. Apex HttpRequest has a size liit for the request body. how to upload files larger than 12 MB. any solution ? Thanks in advance


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s