使用KMS加密文件并推送到S3
[英]Encrypt a file using KMS and push to S3
问题描述
I have a AWS lambda function written in Python that needs to create a file using data in a string variable , KMS encrypt the file and push the file to S3. 
我有一个用Python编写的AWS lambda函数,该函数需要使用字符串变量中的数据创建文件,KMS对该文件进行加密并将其推送到S3。
s3_resource = boto3.resource("s3")
s3_resource.Bucket(bucket_name).put_object(Key=s3_path, Body=data)
I am using the above to create the file in S3 , but is there a way to use the KMS keys that I have to encrypt the file while pushing to S3 ? 我正在使用以上内容在S3中创建文件,但是有没有办法使用在推送到S3时必须加密文件的KMS密钥?
1 个解决方案
解决方案1
1 已采纳 2019-05-02 19:24:23
To use KMS encryption when adding an object use the server side encryption options: 要在添加对象时使用KMS加密,请使用服务器端加密选项:
-
ServerSideEncryption ="aws:kms"- to enable KMS encryptionServerSideEncryption ="aws:kms"-启用KMS加密 -
SSEKMSKeyId=keyId- to specify the KMS key you want to use for encryption.SSEKMSKeyId=keyId指定要用于加密的KMS密钥。 If you don't specify this, AWS will just use your default account key.如果您未指定,则AWS将仅使用您的默认帐户密钥。
For example: 例如:
s3_resource.Bucket(bucket_name).put_object(
Key=s3_path,
Body=data,
ServerSideEncryption ="aws:kms"
)
You may also need to enable v4 signing in your boto configuration file. 您可能还需要在Boto配置文件中启用v4签名 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.