stackoom
  简体   繁体   中英

Read a KMS encrypted file from S3

 原文  2019-05-02 21:46:10       python/ amazon-web-services/ amazon-s3/ aws-lambda/ boto3

Question

How can I use boto3 resource to read a KMS encrypted file from S3 bucket?

Below is the snippet that I am using to read a non-encrypted file - 

s3 = boto3.resource('s3')
obj = s3.Object(bucket_name, key)
body = obj.get()['Body'].read()
print(' body = {}'.format(body))

1 answers

solution1
 1 ACCPTED  2019-05-03 19:59:26

There's a helpful answer at Do I need to specify the AWS KMS key when I download a KMS-encrypted object from Amazon S3?

No, you don't need to specify the AWS KMS key ID when you download an SSE-KMS-encrypted object from an S3 bucket. Instead, you need the permission to decrypt the AWS KMS key.

So, you don't need to provide KMS info on a GetObject request (which is what the boto3 resource-level methods are doing under the covers), unless you're doing CMK . You just need to have permission to access the KMS key for decryption. S3/KMS will do the rest for you.

You can configure the IAM policy associated with the Lambda function's IAM role per the linked article.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Python - Decrypt S3 image file, encrypted with CSE KMS Encrypt a file using KMS and push to S3 How to use smart_open to write a stream to a KMS-encrypted S3 bucket? Read .pptx file from s3 Read ORC file from S3 to Pandas Read gzip file from s3 bucket Read file from S3 into Python memory How can I download encrypted .gz file from AWS S3 bucket Difference between KMS encryption and S3 SSE Read csv file from S3 with Python DictReader
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM