Decryption of encrypted S3 file using aws-encryption-cli --decrypt - amazon-web-services

I am looking for a way to decrypt an already encrypted file using aws-encryption-cli --decrypt.
Is there a way I can specify the encrypted S3 object location? I am using role based decryption where the current role has permission to decrypt the object even if i do not specify the KMS key.
I was trying to use below command:
aws-encryption-cli --decrypt --input s3://XXX/encryptedfile.text --encryption-context purpose=test --metadata-output ~/metadata --output .
Could you please help if you know about encryption/decryption using aws-cli
Many thanks in advance

you have an option with AWS CLI AWS CLI Command Reference
For encryption :
Below command for upload your file or object with KMS KEY Please refer Stackoverflow question
aws s3 cp /home/ubuntu/Desktop/abc_count.png s3://mybucket/abc_count.png --sse aws:kms --sse-kms-key-id (KMS KEY with arn)
For Decrypt:
Below command for Decrypt file/object or download Encrypted file refer this document and also refer Question for get presign URL
Use command :
aws s3 presign s3://mybucket/abc_count.png
you get presign URL for access uploaded file/object
Output : https://mybucket.s3.amazonaws.com/abc_count.png?AWSAccessKeyId=AKIAJXXXXXXXXXXXXXXX&Expires=1503602631&Signature=ibOGfAovnhIF13DALdAgsdtg2s%3D
than you can directly download Encrypted file/object using below command :
wget -P /home/ubuntu/Desktop/abc_count1.png "your presign URL"
Hope it will work.

Related

How to upload local system files in my Linux server to Amazon S3 Bucket using ssh?

I am trying to upload a file which I have on my Linux server onto my AWS S3 bucket. Can anyone please advise on how to do so as I only find documentations which is related to upload the files to EC2 instead.
I do have the .pem certificate present on my server directory.
I tried to run the following command but it doesn't solve the issue
scp -i My_PEM_FILE.pem "MY_FILE_TO_BE_UPLOADED.txt" MY_USER#S3-INSTANCE.IP.ADDRESS.0.compute.amazonaws.com
It is not possible to upload to Amazon S3 by using SSH.
The easiest way to upload from anywhere to an Amazon S3 bucket is to use the AWS Command-Line Interface (CLI):
aws s3 cp MY_FILE_TO_BE_UPLOADED.txt s3://my-bucket/
This will require an Access Key and a Secret Key to be stored via the aws configure command. You can obtain these keys from your IAM User in the IAM management console (Security Credentials tab).
See: aws s3 cp — AWS CLI Command Reference

Where to run the command to access private S3 bucket?

Apologies, this is such a rookie question. A report I set up is being run daily and deposited in the customer S3 bucket. I was given the command to run if I wanted to inspect the bucket contents. I want to verify my report is as expected in there, so I'd like to access it. But I have no idea where to actually run the command.
Do I need to install AWS CLI and run it there, is there something I need to install so I can run it from Terminal. The command has the AWS secret key, access key and URL.
If you wish to access an object from Amazon S3 on your own computer:
Download the AWS Command-Line Interface (CLI)
Run: aws configure and provide your Access Key & Secret Key
To list a bucket: aws s3 ls s3://bucket-name
To download an object: aws s3 cp s3://bucket-name/object-name.txt .
(That last period means "to the current directory".)

how to upload files to s3 from aws cli with kms encryption

I want to upload a file from local machine to s3 with kms encryption . I have been using the following command:
aws s3 cp /filepath s3://mybucket/filename --sse-kms-key-id <key id>
it shows the following error " error occured:when calling the PutObject operation: Server Side Encryption with AWS KMS managed key requires HTTP header x-amz -server-side-encryption : aws:kms"
What could possibly be causing this error?
It looks like you're missing the --sse aws:kms flag. You're likely looking for something like
aws s3 cp /filepath s3://mybucket/filename --sse aws:kms --sse-kms-key-id <key id>
Check out aws s3 cp options for more details.
I just did this and it worked well, using the AWS S3 Master key:
aws s3 cp myfile.txt s3://mybucketname/ --sse AES256
Based on reading this about encrypting sensitive data stored on s3.

Upload File to AWS S3 using Server Side Encryptions

I am new to Amazon AWS , I can upload file through AWS Command line using aws cp from local machine to S3 bucket
aws s3 cp "E:/AWS/test.txt" s3://mybucket/test.txt
Now I want to encrypt the files Server Side Encryptions, Amazon Customer Provided Key (SSE-C) and AWS-Managed Encryption Keys (SSE-KMS). Can anybody help How I can do this ?
Please take a look at the documentation.
You would add the appropriate parameter like --sse AES256 for basic server side encryption.
I have find the solution using following way for SSE-C:
to copy file from local file to S3 bucket:
aws s3 cp "e:/AWS/test.txt" s3://mybucket/test.txt --sse-c AES256 --sse-c-key B3DBCB8D7594F0A21D3D9E0EA3B75444
to download from S3 bucket
aws s3 cp s3://mybucket/test.txt "e:/AWS/test.txt"--sse-c AES256 --sse-c-key B3DBCB8D7594F0A21D3D9E0EA3B75444

How to configure aws CLI to s3 cp with anonymous user

I need to download files recursively from a s3 bucket. The s3 bucket lets anonymous access.
How to list files and download them without providing AWS Access Key using an anonymous user?
My command is:
aws s3 cp s3://anonymous#big-data-benchmark/pavlo/text/tiny/rankings/uservisits uservisit --region us-east --recursive
The aws compains that:
Unable to locate credentials. You can configure credentials by running "aws configure"
You can use no-sign-request option
aws s3 cp s3://anonymous#big-data-benchmark/pavlo/text/tiny/rankings/uservisits uservisit --region us-east --recursive --no-sign-request
you probably have to provide an access keys and secret key, even if you're doing anonymous access. don't see an option for anonymous for the AWS cli.
another way to do this, it to hit the http endpoint and grab the files that way.
In your case: http://big-data-benchmark.s3.amazonaws.com
You will get and XML listing all the keys in the bucket. You can extract the keys and issues requests for each. Not the fastest thing out there but it will get the job done.
For example: http://big-data-benchmark.s3.amazonaws.com/pavlo/sequence-snappy/5nodes/crawl/000741_0
for getting the files curl should be enough. for parsing the xml depending on what you like you can go as lo-level as sed and as high-level as a proper language.
hope this helps.