AWS Plugin

Integrate with Amazon Web Services and S3


The AWS plugin allows you to easily integrate with Amazon Web Services.

The current version focuses on Amazon Simple Storage Service (Amazon S3) & lambda, but additional services will be added over time.  Contact us if you have any specific feature requests. The plugin price will continue to increase as features are added, but existing users will continue to get those new features, even with their lower locked in price.

The plugin is capable of connecting to AWS using the server credentials, environment variables, or key/secret pair.

S3 Features:

  • Connect to any S3 bucket by region
  • List objects by bucket/folder
  • Get object details
  • Add new objects
  • Delete objects
  • Get signed URL for download
    • Returns a temporary, secure URL to stream the object directly from S3 to the clients browser.
  • Get signed URL for Upload
    • Returns a temporary, secure URL to stream the object directly from the clients browser to S3.


  • Execute a Lambda function with arguments and get the result back


  • Store objects in S3 and just maintain a link to them from your Servoy Application.
  • Allows users super fast uploads and downloads by connecting directly to S3 via Signed URLS.
  • Trigger Lambda function to run when needed.


Smart client Headless client Web client Mobile client NG client
8.0+ 1.6+
7.0+ 1.6+ n/a
6.1+ 1.6+ n/a n/a


We published our API Specifications for the AWS Plug-in as a future and current reference.


How does it authenticate with AWS?

When using plugins.it2be_aws.setCredentials(), the plugin uses the AWS credentials provider chain that looks for credentials in this order:

  1. Environment Variables – AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
  2. Java System Properties – aws.accessKeyId and aws.secretKey
  3. Web Identity Token credentials from the environment or container
  4. Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
  5. Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI” environment variable is set and security manager has permission to access the variable,
  6. Instance profile credentials delivered through the Amazon EC2 metadata service

In addition, you may manually pass a key and secret from IAM credentials using plugins.it2be_aws.setCredentials(secret, key)

How secure are signed urls?

Signed URLs are Amazons way of delivering content directly between S3 and the end user without exposing any of your credentials.  When generating a signed URL, a unique URL is created that contains the file path and a duration of availability.  That information is then signed with your credentials creating a unique URL that is safe to share with the user.

For example, on downloads a signed URL can be generated that is good for 1 minute, then immediately downloaded to the clients browser via the File plugin.  After 1 minute, that URL is no longer valid.  On uploads, you can capture the filename the user wishes to upload, and then follow the same process of generating a signed url, and then uploading directly to that url.

Since the file path is part of the of the signed URL, users can only upload to that single location, and the duration limits its available lifetime.





One developer & unlimited deployment

  • +35% p/y
    maintenance fee



Team of developers & unlimited deployment

  • +35% p/y
    maintenance fee