I want to upload a file from local machine to s3 with kms encryption . I have been using the following command:
aws s3 cp /filepath s3://mybucket/filename --sse-kms-key-id <key id>
it shows the following error " error occured:when calling the PutObject operation: Server Side Encryption with AWS KMS managed key requires HTTP header x-amz -server-side-encryption : aws:kms"
What could possibly be causing this error?
It looks like you're missing the --sse aws:kms flag. You're likely looking for something like
aws s3 cp /filepath s3://mybucket/filename --sse aws:kms --sse-kms-key-id <key id>
Check out aws s3 cp options for more details.
I just did this and it worked well, using the AWS S3 Master key:
aws s3 cp myfile.txt s3://mybucketname/ --sse AES256
Based on reading this about encrypting sensitive data stored on s3.
Related
I have two s3 bucket: S3 (A) on my AWS Account(A) and S3(B) on my AWS Account(B). I was able to successfully export/copy my S3(A) to S3(B).
But when I checked the objects on the S3(B), it has error on the "Server-side encryption settings"
But on my S3(A) there is no server encryption .
I just run the command on my aws cli like this
aws s3 sync s3://bucket-a s3://bucket-b
I am looking for a way to decrypt an already encrypted file using aws-encryption-cli --decrypt.
Is there a way I can specify the encrypted S3 object location? I am using role based decryption where the current role has permission to decrypt the object even if i do not specify the KMS key.
I was trying to use below command:
aws-encryption-cli --decrypt --input s3://XXX/encryptedfile.text --encryption-context purpose=test --metadata-output ~/metadata --output .
Could you please help if you know about encryption/decryption using aws-cli
Many thanks in advance
you have an option with AWS CLI AWS CLI Command Reference
For encryption :
Below command for upload your file or object with KMS KEY Please refer Stackoverflow question
aws s3 cp /home/ubuntu/Desktop/abc_count.png s3://mybucket/abc_count.png --sse aws:kms --sse-kms-key-id (KMS KEY with arn)
For Decrypt:
Below command for Decrypt file/object or download Encrypted file refer this document and also refer Question for get presign URL
Use command :
aws s3 presign s3://mybucket/abc_count.png
you get presign URL for access uploaded file/object
Output : https://mybucket.s3.amazonaws.com/abc_count.png?AWSAccessKeyId=AKIAJXXXXXXXXXXXXXXX&Expires=1503602631&Signature=ibOGfAovnhIF13DALdAgsdtg2s%3D
than you can directly download Encrypted file/object using below command :
wget -P /home/ubuntu/Desktop/abc_count1.png "your presign URL"
Hope it will work.
I am new to Amazon AWS , I can upload file through AWS Command line using aws cp from local machine to S3 bucket
aws s3 cp "E:/AWS/test.txt" s3://mybucket/test.txt
Now I want to encrypt the files Server Side Encryptions, Amazon Customer Provided Key (SSE-C) and AWS-Managed Encryption Keys (SSE-KMS). Can anybody help How I can do this ?
Please take a look at the documentation.
You would add the appropriate parameter like --sse AES256 for basic server side encryption.
I have find the solution using following way for SSE-C:
to copy file from local file to S3 bucket:
aws s3 cp "e:/AWS/test.txt" s3://mybucket/test.txt --sse-c AES256 --sse-c-key B3DBCB8D7594F0A21D3D9E0EA3B75444
to download from S3 bucket
aws s3 cp s3://mybucket/test.txt "e:/AWS/test.txt"--sse-c AES256 --sse-c-key B3DBCB8D7594F0A21D3D9E0EA3B75444
i have created an S3 bucket and assigned SSE bucket policy(server side encryption with Amazon S3-managed keys ) to it via cloud formation. how to upload an object to S3 bucket via AWS cli with x-aws-server-side-encryption set on the object? An example would be much appreciated.
You don't mention what tool or SDK you are using to interact with S3. To use the AWS CLI tool to copy a file to S3 with the server-side-encryption flag set:
aws s3 cp <local path> <s3 path> --sse AES256
There are other -sse options you can use to specify other encryption keys such as KMS keys.
I need to download files recursively from a s3 bucket. The s3 bucket lets anonymous access.
How to list files and download them without providing AWS Access Key using an anonymous user?
My command is:
aws s3 cp s3://anonymous#big-data-benchmark/pavlo/text/tiny/rankings/uservisits uservisit --region us-east --recursive
The aws compains that:
Unable to locate credentials. You can configure credentials by running "aws configure"
You can use no-sign-request option
aws s3 cp s3://anonymous#big-data-benchmark/pavlo/text/tiny/rankings/uservisits uservisit --region us-east --recursive --no-sign-request
you probably have to provide an access keys and secret key, even if you're doing anonymous access. don't see an option for anonymous for the AWS cli.
another way to do this, it to hit the http endpoint and grab the files that way.
In your case: http://big-data-benchmark.s3.amazonaws.com
You will get and XML listing all the keys in the bucket. You can extract the keys and issues requests for each. Not the fastest thing out there but it will get the job done.
For example: http://big-data-benchmark.s3.amazonaws.com/pavlo/sequence-snappy/5nodes/crawl/000741_0
for getting the files curl should be enough. for parsing the xml depending on what you like you can go as lo-level as sed and as high-level as a proper language.
hope this helps.