[英]Encrypt a file using KMS and push to S3
I have a AWS lambda function written in Python that needs to create a file using data in a string variable , KMS encrypt the file and push the file to S3. 我有一个用Python编写的AWS lambda函数,该函数需要使用字符串变量中的数据创建文件,KMS对该文件进行加密并将其推送到S3。
s3_resource = boto3.resource("s3")
s3_resource.Bucket(bucket_name).put_object(Key=s3_path, Body=data)
I am using the above to create the file in S3 , but is there a way to use the KMS keys that I have to encrypt the file while pushing to S3 ? 我正在使用以上内容在S3中创建文件,但是有没有办法使用在推送到S3时必须加密文件的KMS密钥?
To use KMS encryption when adding an object use the server side encryption options: 要在添加对象时使用KMS加密,请使用服务器端加密选项:
ServerSideEncryption ="aws:kms"
- to enable KMS encryption ServerSideEncryption ="aws:kms"
-启用KMS加密 SSEKMSKeyId=keyId
- to specify the KMS key you want to use for encryption. SSEKMSKeyId=keyId
指定要用于加密的KMS密钥。 If you don't specify this, AWS will just use your default account key. For example: 例如:
s3_resource.Bucket(bucket_name).put_object(
Key=s3_path,
Body=data,
ServerSideEncryption ="aws:kms"
)
You may also need to enable v4 signing in your boto configuration file. 您可能还需要在Boto配置文件中启用v4签名 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.