Using AWS S3 encryption with inputstreams
Question
I have a rest service that streams content to a AWS S3 bucket. I was wondering what are the alternatives to encrypt that stream to the bucket, my requirements would be primary that the encryption key is automanaged (for example KMS) and then performance wise.
Is it possible to encrypt inputstreams with KMS without having to use byte[] and buffer the whole content in-memory ?
I am planning to upload some large files > 1GB (that's why the streaming to avoid OOM errors) what would be the preferred advice for this, is there any significant difference compared to small files < 10MB ?
Thanks
1 answers
solution1
1 ACCPTED 2016-04-08 14:38:40
I assume you are using this version of PutObjectRequest that takes an InputStream .
The data transmission to S3 is going over SSL, so the network transmission is encrypted.
To use a KMS key to encrypt the data stored on S3 you can simply specify the KMS key you want S3 to use. After creating the PutObjectRequest, simply call:
putObjectRequest.withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(keyID));before the call to s3Client.putObject()
Alternatively, if you want to do all the encryption on the client-side, you can use the AmazonS3EncryptionClient and EncryptedPutObjectRequest classes in the Java AWS SDK.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.