堆栈内存溢出
  简体   繁体   English

AWS 错误消息:使用 AWS KMS 托管密钥指定服务器端加密的请求需要 AWS 签名版本 4

[英]AWS Error Message: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4

 原文  2020-10-19 09:10:59       amazon-web-services/ encryption/ pyspark/ server-side/ aws-kms

问题描述

I am facing the following error while writing to S3 bucket using pyspark.使用 pyspark 写入 S3 存储桶时遇到以下错误。

com.amazonaws.services.s3.model.AmazonS3Exception: Status Code: 400, AWS Service: Amazon S3, AWS Request ID: A0B0C0000000DEF0, AWS Error Code: InvalidArgument, AWS Error Message: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4., com.amazonaws.services.s3.model.AmazonS3Exception:状态代码:400,AWS 服务:Amazon S3,AWS 请求 ID:A0B0C0000000DEF0,AWS 错误代码:InvalidArgument,AWS 错误消息:使用 AWS KMS 托管密钥指定服务器端加密的请求需要AWS 签名版本 4.,

I have applied server-side encryption using AWS KMS service on the S3 bucket.我在 S3 存储桶上使用 AWS KMS 服务应用了服务器端加密。 I am using the following spark-submit command -我正在使用以下 spark-submit 命令 -

spark-submit --packages com.amazonaws:aws-java-sdk-pom:1.10.34,org.apache.hadoop:hadoop-aws:2.7.2 --jars sample-jar sample_pyspark.py

This is the sample code I am working on -这是我正在处理的示例代码 -

spark_context = SparkContext()
sql_context = SQLContext(spark_context) 
spark = SparkSession.builder.appName('abc').getOrCreate()
hadoopConf = spark_context._jsc.hadoopConfiguration()
hadoopConf.set("fs.s3a.impl", "org.apache.hadoop.fs.s3a.S3AFileSystem")
#Have a spark dataframe 'source_data
source_data.coalesce(1).write.mode('overwrite').parquet("s3a://sample-bucket")

Note: Tried to load the spark-dataframe into s3 bucket [without server-side encryption enabled] and it was successful注意:尝试将 spark-dataframe 加载到 s3 存储桶 [未启用服务器端加密] 并成功

1 个解决方案

解决方案1
 2  2020-10-31 15:18:50

The error seems to be telling you to enable V4 S3 signatures on the Amazon SDK.该错误似乎告诉您在 Amazon SDK 上启用 V4 S3 签名。 One way to do it is from the command line:一种方法是从命令行:

spark-submit --conf spark.driver.extraJavaOptions='-Dcom.amazonaws.services.s3.enableV4' \
    --conf spark.executor.extraJavaOptions='-Dcom.amazonaws.services.s3.enableV4' \
    ... (other spark options)

That said, I agree with Steve that you should use a more recent hadoop library.也就是说,我同意史蒂夫的观点,你应该使用更新的 hadoop 库。

References:参考:

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 即使在设置 v4 签名之后,AWS 异常“使用 AWS KMS 托管密钥指定服务器端加密的请求需要 AWS 签名版本 4” - AWS Exception “Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4” even after set the v4 signature AWS 跨区域复制和 AWS KMS 客户托管密钥 - AWS Cross Region replication and AWS KMS Customer Managed Keys 我可以禁用或删除 AWS KMS 中的 AWS 托管密钥吗 - Can I disable or delete the AWS managed keys in AWS KMS 使用对象锁定参数放置对象请求需要AWS Signature版本4 - Put Object requests with Object Lock parameters require AWS Signature Version 4 我可以将AWS KMS加密用于Android中的客户端加密吗? - Can I use AWS KMS encryption for client side encryption in Android? AWS KMS 中的非对称密钥 - Asymmetric keys in AWS KMS 列出所有密钥时忽略 AWS 托管/默认 KMS 密钥? - Ignoring AWS Managed/Default KMS Keys When Listing All Keys? 如何在 S3 加密中启用 AWS 托管密钥 (aws/s3) 作为 AWS KMS 密钥 - How to enable AWS managed key (aws/s3) as a AWS KMS key in S3 encryption AWS SQS 服务器端加密 - AWS SQS Server Side Encryption 使用 AWS KMS 的确定性加密 - Deterministic encryption using AWS KMS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM