Storage Connections

Storage Connections allows you to view your Amazon S3 buckets from within Vendia and enables AI applications to securely access files stored in your connected Amazon S3 buckets through the Vendia MCP Server. This capability extends your AI applications beyond Vendia data, providing access to reference files, images, and other content stored in your existing Amazon S3 infrastructure.

Connecting to Amazon S3

To configure Storage Connections, you need to provide connection information and set up appropriate AWS permissions for your Amazon S3 buckets.

Prerequisites

Before configuring Storage Connections, ensure you have:

AWS IAM Role: A role with appropriate S3 permissions for the buckets you want to access
S3 Bucket Access: The connected S3 bucket(s) you want to make available to AI applications
Vendia Account Permissions: Access to configure Storage Connections in your Vendia account

Configuring Storage Connections

Step 1: Start Storage Connection Configuration in Vendia

First, you need to start the configuration process in Vendia to obtain the required AWS account numbers:

Navigate to your Vendia dashboard
Go to Storage Connections
Click the ”+ Connection” button
Note the Vendia AWS account numbers displayed in the UI - you’ll need these for the IAM trust relationship

Step 2: Set Up IAM Role and Trust Relationship

Using the account numbers from Step 1, configure the AWS IAM role that Vendia will assume to access your connected S3 bucket.

Update Trust Relationship

Allow Vendia to access your S3 bucket by adding a trust relationship to your IAM role:

Go to the AWS IAM console
Find the role you’re using for Vendia access
Click on the “Trust relationships” tab
Click “Edit trust policy”
Add or merge the trust relationship policy shown below
Click “Update trust policy”

Note: Use the Vendia AWS account numbers displayed in the UI from Step 1.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::VENDIA_ACCOUNT_ID1:root",
          "arn:aws:iam::VENDIA_ACCOUNT_ID2:root"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Required IAM Permissions

The IAM role must have the following permissions for the connected S3 bucket:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject", "s3:ListBucket"],
      "Resource": [
        "arn:aws:s3:::your-external-bucket-name",
        "arn:aws:s3:::your-external-bucket-name/*"
      ]
    }
  ]
}

Step 3: Complete Storage Connection Configuration

Return to the Vendia UI to complete the configuration:

In the Storage Connection configuration dialog (from Step 1)
Provide the following information:
- Name: A friendly name to identify this storage connection configuration
- Role ARN: The ARN of the AWS role that Vendia will assume (configured in Step 2)
- S3 Bucket Name: The name of the connected S3 bucket
- Bucket Region: The AWS region where your S3 bucket is located
- Encryption Key (Optional): The encryption master key if using client-side encryption
Click Create Storage Connection to complete the configuration

Step 4: Using Storage Connections

Once configured, Storage Connections enables you to:

View S3 file metadata from within Vendia: Browse your connected S3 bucket and see file names, sizes, last modified timestamps, and file types directly in the Vendia interface
Enable AI Application Access: Allow MCP-compatible AI applications to read files from your connected S3 buckets
Manage access configurations: Delete storage connection configurations as needed

Available MCP Tools

When Storage Connections are configured, your AI applications gain access to additional MCP tools:

/list-storage-connections: List all configured storage connections and view their status
/list-storage-connection-contents: Browse folder structure and list files in connected S3 buckets with IDs, paths, and metadata
/read-storage-connection-file: Read content from text files, image files, and PDF documents in connected S3 buckets

Supported File Types

Storage Connections currently supports the following file types for direct reading through MCP:

File Type	Extensions	Description
Text Files	.txt, .md, .json, .csv, .xml, .yaml, .yml	Plain text content readable by AI applications
Image Files	.jpg, .jpeg, .png, .gif, .bmp, .webp	Image files for visual analysis by AI applications
PDF Files	.pdf	PDF documents for content extraction and analysis

Use Cases

Documentation and Knowledge Base Access

Enable AI applications to access your organization’s documentation, policies, and knowledge base stored in S3.

Reference Data Integration

Provide AI applications with access to reference datasets, lookup tables, or configuration files.

Image and Media Analysis

Allow AI applications to analyze images, diagrams, or other media files stored in S3.

Document Analysis and Processing

Enable AI applications to extract content from PDF documents such as reports, manuals, contracts, and research papers stored in S3.

Best Practices

Use descriptive names for storage connection configurations to easily identify their purpose
Use separate IAM roles for different storage connection configurations
Apply principle of least privilege when setting up S3 bucket permissions
Test access with AI applications after configuration to ensure functionality

Troubleshooting

If you encounter issues with Storage Connections:

Access Denied Errors

Verify the trust relationship includes correct Vendia account IDs
Check that IAM role has required S3 permissions
Ensure bucket policies don’t block Vendia access

Bucket Not Found Errors

Confirm bucket name is spelled correctly
Verify bucket region matches configuration
Check that bucket exists and is accessible

Authentication Failed Errors

Validate Role ARN format and existence
Ensure role can be assumed by Vendia accounts
Check for any conditional statements in trust policy

For additional help, contact Vendia Support.