[英]AccessDenied when sending Encrypt request to Amazon KMS
I want to encrypt a string using Amazon KMS services. 我想使用Amazon KMS服务加密字符串。 My credentials work, I can use the client to get a list of keys, but I get a 400 when I try to encrypt my string.
我的凭据有效,我可以使用客户端来获取密钥列表,但是当我尝试加密字符串时却得到了400。 This is my code (I bet I'm missing something simple):
这是我的代码(我敢打赌我缺少一些简单的东西):
public static string Encrypt(string str, string awsRegion, string theKey)
{
var keyId = "arn:aws:kms:" + awsRegion + ":0987654321:key/" + thekey;
using (var client = new AmazonKeyManagementServiceClient(AWSId, AWSSK, RegionEndpoint.USEast1))
{
var req = new EncryptRequest
{
KeyId = keyId,
Plaintext = new MemoryStream(Encoding.UTF8.GetBytes(str))
};
var blob = client.Encrypt(req).CiphertextBlob;
return new StreamReader(blob).ReadToEnd();
}
}
What could be the cause of this? 这可能是什么原因?
I also have my profile set up in visual studio. 我还在Visual Studio中设置了我的个人资料。
Edit 1: The error message is: 编辑1:错误消息是:
Error making request with Error Code AccessDeniedException and Http Status Code BadRequest.
使用错误代码AccessDeniedException和Http状态代码BadRequest发出请求时出错。 No further error information was returned by the service.
该服务未返回其他错误信息。
Turns out that integer that's between the region and key in the keyId string isn't arbitrary. 事实证明,在region和keyId字符串中的key之间的整数不是任意的。
I got it working by getting the list of keys that are available to me, finding the corresponding key and copying that integer into my keyId string in-place of the 0987654321. 通过获取可供使用的键列表,找到相应的键并将该整数复制到我的098Id54321的keyId字符串中,使它起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.