[英]boto3 generate_presigned_url with SSE encryption
I am looking for examples to generate presigned url using boto3 and sse encryption.我正在寻找使用 boto3 和 sse 加密生成预签名 url 的示例。
Here is my code so far到目前为止,这是我的代码
s3_client = boto3.client('s3',
region_name='ap-south-1',
endpoint_url='http://s3.ap-south-1.amazonaws.com',
config=boto3.session.Config(signature_version='s3v4'),
)
try:
response = s3_client.generate_presigned_url('put_object',
Params={'Bucket': bucket_name,
'Key': object_name},
ExpiresIn=expiration)
except ClientError as e:
logging.error("In client error exception code")
logging.error(e)
return None
I am struggling to find the right parameters to use SSE encryption.我正在努力寻找使用 SSE 加密的正确参数。 I am able to use PUT call to upload a file.
我可以使用 PUT 调用来上传文件。 I would also like to know the headers to use from the client side to adhere to sse encryption.
我还想知道从客户端使用的标头以遵守 sse 加密。
import boto3
access_key = "..."
secret_key = "..."
bucket = "..."
s3 = boto3.client('s3',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key)
return(s3.generate_presigned_url(
ClientMethod='get_object',
Params={
'Bucket': bucket,
'Key': filename,
'SSECustomerAlgorithm': 'AES256',
}
))
Also add the header:-还要添加 header:-
'x-amz-server-side-encryption': 'AES256'
in the front end code while calling the presigned url在前端代码中调用预签名 url
You can add Conditions to the pre-signed URL that must be met for the upload to be valid.您可以将条件添加到必须满足的预签名 URL 才能使上传有效。 This could probably include
x-amz-server-side-encryption
.这可能包括
x-amz-server-side-encryption
。
See: Creating a POST Policy - Amazon S3请参阅: 创建 POST 策略 - Amazon S3
Alternatively, you could add a bucket policy that denies any request that is not encrypted.或者,您可以添加一个存储桶策略来拒绝任何未加密的请求。
See: How to Prevent Uploads of Unencrypted Objects to Amazon S3 |请参阅: 如何防止将未加密的对象上传到 Amazon S3 | AWS Security Blog
AWS 安全博客
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.