Integration deep-dive: AWS S3 exports

Setup to deliver completed agreements into a destination S3 bucket

Harbour fully supports the ongoing exporting of completed agreement data into a customer-owned S3 bucket including agreement metadata, the signed agreement pdf, and any agreement file attachments.

For other integration and connector options, please check out full integrations and connectors guide here. Or continue here for a deep-dive on S3:

AWS Customer setup

  1. Create a new S3 bucket to receive agreement content (e.g., "inbound-agreementcontent-harbour") with the following requirements:
    1. The bucket name must be all lowercase
    2. The bucket region must be one of these: Us-East-1, Eu-West-1, Eu-Central-1, Us-West-1, Us-West-2, Sa-East-1, Ap-Northeast-1, Ap-Southeast-1, Ap-Southeast-2, or Cn-North-1

  2. Create and name a new service account (AWS documentation) for this ongoing integration (e.g., "serviceaccount-agreementcontent-harbour") and give it access (AWS setup guide) to the created S3 bucket above with permissions to list all bucket and view/add files to this new bucket (see below).

    Full permissions example
      "Version": "2022-02-25",
        "Statement": [
                "Sid": "AllowViewBuckets",
                "Action": [
                "Effect": "Allow",
                "Resource": [

                "Sid": "FullAccessToBucket",
                "Action": "s3:*",
                "Effect": "Allow",
              "Resource": "arn:aws:s3:::inbound-agreementcontent-harbour"
                "Sid": "FullAccessToBucketContent",
                "Action": "s3:*",
                "Effect": "Allow",
              "Resource": "arn:aws:s3:::inbound-agreementcontent-harbour/*"

    For this new account above, also get and record its access keys too (AWS reference).

    *Note: please also make sure the new service account has the iam:ChangePassword ability too to change its own password  too (*usually required with first login use)

  3. Almost done -- now collect the following information (example values below too) and provide it to your Harbour customer representative (or contact us at
    1. AWS console URL:
    2. username: serviceaccount-agreementcontent-harbour
    3. user id: 945203924714
    4. user password: maj8JUHY7h8n23
    5. user access key: AKIAaU2dfas2sSGAK2HV
    6. user secret access key: qKR88kN+5SdDD7zSX2kWQil9adsfSDs34fsdfsf7
    7. bucket name: inbound-agreementcontent-harbour
    8. bucket location: Us-East-1

That's it! -- we will then shortly get back to you with a working integration and examples. When the metadata comes back too, it will be in this JSON data schema. The files will also now be in the S3 bucket then too.

From here, you can then additionally use the standard S3 REST API or triggered S3 Lambda events for further data processing and automation workflows.