我試圖找出我需要爲了做到這一點已經通過KMS密鑰使用服務器端加密加密的S3對象的GET操作來提供。當試圖做我的測試文檔的捲曲我收到以下錯誤:捲曲和S3 GET
Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
UPDATE:添加從捲曲
$ curl -v https://s3-us-west-2.amazonaws.com/rkbtest/check.png
* Trying 54.231.185.12...
* Connected to s3-us-west-2.amazonaws.com (54.231.185.12) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.s3-us-west-2.amazonaws.com
* Server certificate: DigiCert Baltimore CA-2 G2
* Server certificate: Baltimore CyberTrust Root
> GET /rkbtest/check.png HTTP/1.1
> Host: s3-us-west-2.amazonaws.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< x-amz-request-id: 2DECE9C69BDB8F0F
< x-amz-id-2: bs8xGSbAHksE2mSb/+r4AG3B9RlRTODasFyr5S3jMU2sNA7eJTEQr0dJTro5P2QKLRuMQtGw6tk=
< x-amz-region: us-west-2
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Wed, 21 Sep 2016 15:26:13 GMT
< Connection: close
< Server: AmazonS3
<
<?xml version="1.0" encoding="UTF-8"?>
* Closing connection 0
<Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>2DECE9C69BDB8F0F</RequestId><HostId>bs8xGSbAHksE2mSb/+r4AG3B9RlRTODasFyr5S3jMU2sNA7eJTEQr0dJTro5P2QKLRuMQtGw6tk=</HostId></Error>
那麼,你需要使用當然[簽名版本4(http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html)。 ..但我們需要看到一些代碼,或者至少是'curl -v'https:// ...' –
的輸出完成。謝謝@ Michael-sqlbot。 – RockyMountainHigh
您無法匿名請求使用SSE-KMS加密的對象。我不知道這是否是因爲匿名請求缺乏S3爲了解密對象而實際訪問KMS的必要授權,或者S3架構師認爲如果您要使用SSE- KMS,然後允許匿名訪問對象排序的目的。目前還不清楚爲什麼要混合使用匿名訪問和SSE-KMS。你能詳細說明一下嗎? –