1. 首頁
  2. 問答
  3. 此操作不支持x-amz-server-side-encryption標頭

此操作不支持x-amz-server-side-encryption標頭

2017-06-08 31 views
1

我在AWS AMI中運行我的應用程序。 AMI通過雲形成模板啓動,創建AWS::IAM::Role角色sts:AssumeRole。 EC2實例啓動後,我使用boto3.create_bucket從Ec2實例創建S3存儲桶。此操作不支持x-amz-server-side-encryption標頭

在我的應用程序中,我上傳了一個文件到已創建的存儲區,並且加密標誌已打開。不過,雖然上傳我得到一個錯誤:

com.amazonaws.services.s3.model.AmazonS3Exception: x-amz-server-side-encryption header is not supported for this operation. (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: 04DD9259D04F92CA), S3 Extended Request ID: EVdqFn6jUNshxUejZFWa6VN/lHPXHyi0F+TG+UZ3K9Sh8Gy0MPABi1AnxZloIajypLb39/5UAVA=

這是我的代碼在服務器端加密部分:

ObjectMetadata meta = new ObjectMetadata(); 
    meta.setContentLength(contentLength); 
    meta.setSSEAlgorithm(ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION)

我在做什麼錯?當我在其他地方運行我的代碼並使用S3存儲桶時,此操作按預期工作。這是否與雲形成或sts:AssumeRole

來源

2017-06-08 Anthony

回答

0

The Put object function in boto3有設置對象級加密的選項。

object = bucket.put_object(
    ServerSideEncryption='AES256'|'aws:kms', 
    SSECustomerAlgorithm='string', 
    SSECustomerKey='string', 
    SSEKMSKeyId='string', 
)

  • ServerSideEncryption (string) -- The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms). StorageClass (string) -- The type of storage to use for the object. Defaults to 'STANDARD'.

  • SSECustomerAlgorithm (string) -- Specifies the algorithm to use to when encrypting the object (e.g., AES256).

  • SSECustomerKey (string) -- Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm header.> -

  • SSECustomerKeyMD5 (string) -- Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error. Please note that this parameter is automatically populated if it is not provided. Including this parameter is not required

  • SSEKMSKeyId (string) -- Specifies the AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4. Documentation on configuring any of the officially supported AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)

http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

來源

2017-06-10 22:31:14 strongjz

相關問題

 相關問題