stackoom
  简体   繁体   中英

AWS AmazonKeyManagementServiceClient.decrypt() timed out on EC2 instance

 原文  2018-08-19 11:43:40       .net/ amazon-web-services/ amazon-ec2/ aws-sdk/ aws-kms

Question

I am trying to use AWS KMS to decrypt data. I am able to use below code successfully locally but the request fails while deployed on EC2 instance. My EC2 is restricted subnet. Do i need to open some specific connection to EC2 to access AWS KMS?

the timeout happens at line 

MemoryStream plainText = kmsClient.Decrypt(decryptRequest).Plaintext;


public static string DecryptCC(string data)
    {
        try
        {
            string decryptedString = string.Empty;
            byte[] stringForDecryption = Convert.FromBase64String(data);

            Console.WriteLine("heelo , I am in DC");

            //Move to config
            AmazonKeyManagementServiceConfig config = new AmazonKeyManagementServiceConfig();
            config.RegionEndpoint = RegionEndpoint.APSoutheast2;
            var awsCredentials = new Amazon.Runtime.BasicAWSCredentials("xxxxxxxxxxxxxxxx", "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy");

            AmazonKeyManagementServiceClient kmsClient = new AmazonKeyManagementServiceClient(awsCredentials, config);
            Console.WriteLine("heelo , I am in DC after client");
            MemoryStream ciphertext = new MemoryStream();
            ciphertext.Write(stringForDecryption, 0, stringForDecryption.Length);

            DecryptRequest decryptRequest = new DecryptRequest()
            {
                CiphertextBlob = ciphertext,

            };
            MemoryStream plainText = kmsClient.Decrypt(decryptRequest).Plaintext;

            //var reader = new StreamReader(plainText);
            decryptedString = Encoding.UTF8.GetString(plainText.ToArray());


            if (decryptedString == null)
            {
                decryptedString = string.Empty;
            }

            return decryptedString;
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
        return null;
    }

1 answers

solution1
 1  2018-08-19 14:44:22

You can't access any AWS services from inside EC2 unless either your instance has outbound Internet access or the service in question supports VPC endpoints, and you have an endpoint configured correctly.

See Connecting to AWS KMS Through a VPC Endpoint in the KMS Developer Guide.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS ECS EC2: TaskCanceledException when calling AWS API (connection timed out) AWS EC2 instance, Access Denied Filter EC2 Instance with “DescribeInstanceStatus” routine - AWS SDK Awaiting AWS EC2 instance stop or start completion Deploying to specifc AWS ec2 instance from Visual Studio AWS EC2 folder access .NET - Tagging an EC2 Instance using AWS CDK for .NET's low-level CloudFormation Resource constructs Can AWS Elastic Beanstalk be used to deploy to an already existing EC2 instance? .net Launch AWS EC2 Instance with User-data using the .NET SDK AWS DotNet SDK Error: Unable to get IAM security credentials from EC2 Instance Metadata Service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM