[英]Encrypt EC2 Snapshot using AWS Java SDK
我正在嘗試使用 AWS Java SDK 加密未加密的 EC2 快照。它是這樣工作的:
1. we need to copy the unencrypted EC2 snapshot because we can't make a change in already existing snapshot.
2. while copying, we need to set encryption as encrypted and create it.
3. After creating the encrypted snapshot, delete the unencrypted snapshot.
這就是我使用 AWS Java SDK 的方式:
public static void encryptSnapshots(Ec2Client ec2, String snapshotId, String region, KmsClient kms){
DescribeSnapshotsRequest describeSnapshotsRequest = DescribeSnapshotsRequest.builder().snapshotIds(snapshotId).build();
DescribeSnapshotsResponse describeSnapshotsResponse = ec2.describeSnapshots(describeSnapshotsRequest);
KeyUsageType keyUsageType = KeyUsageType.ENCRYPT_DECRYPT;
CustomerMasterKeySpec customerMasterKeySpec = CustomerMasterKeySpec.SYMMETRIC_DEFAULT;
OriginType originType = OriginType.AWS_KMS;
CreateKeyRequest createKeyRequest = CreateKeyRequest.builder().keyUsage(keyUsageType).customerMasterKeySpec(customerMasterKeySpec).origin(originType).build();
CreateKeyResponse createKeyResponse = kms.createKey(createKeyRequest);
String kmsId = createKeyResponse.keyMetadata().keyId();
for(Snapshot snapshot: describeSnapshotsResponse.snapshots()){
if(!snapshot.encrypted()){
try{
CopySnapshotRequest copySnapshotRequest = CopySnapshotRequest.builder().sourceSnapshotId(snapshot.snapshotId()).sourceRegion(region).destinationRegion(region).kmsKeyId(kmsId).encrypted(true).copy().build();
CopySnapshotResponse copySnapshotResponse = ec2.copySnapshot(copySnapshotRequest);
TimeUnit.MINUTES.sleep(5);
DeleteSnapshotRequest deleteSnapshotRequest = DeleteSnapshotRequest.builder().snapshotId(snapshotId).build();
DeleteSnapshotResponse deleteSnapshotResponse = ec2.deleteSnapshot(deleteSnapshotRequest);
}
catch(InterruptedException e){
continue;
}
}
}
}
上述代碼的問題是新加密的快照顯示狀態為unavailable
我在復制快照時刪除了 keyID,這樣它就可以工作了。 更改代碼:
public static void encryptSnapshots(Ec2Client ec2, String snapshotId, String region, KmsClient kms){
DescribeSnapshotsRequest describeSnapshotsRequest = DescribeSnapshotsRequest.builder().snapshotIds(snapshotId).build();
DescribeSnapshotsResponse describeSnapshotsResponse = ec2.describeSnapshots(describeSnapshotsRequest);
KeyUsageType keyUsageType = KeyUsageType.ENCRYPT_DECRYPT;
CustomerMasterKeySpec customerMasterKeySpec = CustomerMasterKeySpec.SYMMETRIC_DEFAULT;
OriginType originType = OriginType.AWS_KMS;
CreateKeyRequest createKeyRequest = CreateKeyRequest.builder().keyUsage(keyUsageType).customerMasterKeySpec(customerMasterKeySpec).origin(originType).build();
CreateKeyResponse createKeyResponse = kms.createKey(createKeyRequest);
String kmsId = createKeyResponse.keyMetadata().keyId();
for(Snapshot snapshot: describeSnapshotsResponse.snapshots()){
if(!snapshot.encrypted()){
try{
CopySnapshotRequest copySnapshotRequest = CopySnapshotRequest.builder().sourceSnapshotId(snapshot.snapshotId()).sourceRegion(region).destinationRegion(region).encrypted(true).copy().build();
CopySnapshotResponse copySnapshotResponse = ec2.copySnapshot(copySnapshotRequest);
TimeUnit.MINUTES.sleep(5);
DeleteSnapshotRequest deleteSnapshotRequest = DeleteSnapshotRequest.builder().snapshotId(snapshotId).build();
DeleteSnapshotResponse deleteSnapshotResponse = ec2.deleteSnapshot(deleteSnapshotRequest);
}
catch(InterruptedException e){
continue;
}
}
}
}
如何使用 AWS Javascript SDK 從 EC2 實例連接其他 AWS 雲服務?
[英]How to connect other AWS cloud service from an EC2 instance using AWS Javascript SDK?
使用 AWS 獲取 EC2 實例列表和.networkIn.networkOut 數據 SDK JavaScript
[英]getting the EC2 Instance List and the networkIn networkOut data by using AWS SDK JavaScript
使用 AWS 獲取您的 Amazon EC2 Windows 密碼 PHP SDK
[英]Getting your Amazon EC2 Windows Password with the AWS PHP SDK
使用 Powershell 和 Terraform 挑戰為 AWS EC2 創建 EC2 用戶數據
[英]Create EC2 Userdata for AWS EC2 using Powershell with Terraform challenge
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.