aws-kms

How can a Cloudfront distribution an AWS KMS key to GET an S3 image encrypted at rest?

穿精又带淫゛_ 提交于 2020-12-08 10:42:28
问题 I would like to use AWS's Server Side Encryption (SSE) with the AWS Key Management Service (KMS) to encrypt data at rest in S3. (See this AWS blog post detailing SSE-KMS.) However, I also have the requirement that I use Cloudfront Presigned URLs. How can I set up a Cloudfront distribution to use a key in AWS KMS to decrypt and use S3 objects encrypted at rest? (This Boto3 issue seems to be from someone looking for the same answers as me, but with no results). 回答1: This was previously not

How can a Cloudfront distribution an AWS KMS key to GET an S3 image encrypted at rest?

徘徊边缘 提交于 2020-12-08 10:40:02
问题 I would like to use AWS's Server Side Encryption (SSE) with the AWS Key Management Service (KMS) to encrypt data at rest in S3. (See this AWS blog post detailing SSE-KMS.) However, I also have the requirement that I use Cloudfront Presigned URLs. How can I set up a Cloudfront distribution to use a key in AWS KMS to decrypt and use S3 objects encrypted at rest? (This Boto3 issue seems to be from someone looking for the same answers as me, but with no results). 回答1: This was previously not

How can a Cloudfront distribution an AWS KMS key to GET an S3 image encrypted at rest?

☆樱花仙子☆ 提交于 2020-12-08 10:36:52
问题 I would like to use AWS's Server Side Encryption (SSE) with the AWS Key Management Service (KMS) to encrypt data at rest in S3. (See this AWS blog post detailing SSE-KMS.) However, I also have the requirement that I use Cloudfront Presigned URLs. How can I set up a Cloudfront distribution to use a key in AWS KMS to decrypt and use S3 objects encrypted at rest? (This Boto3 issue seems to be from someone looking for the same answers as me, but with no results). 回答1: This was previously not

Attempting to decrypt ciphertext within a Lambda function using KMS results in timeout

孤人 提交于 2020-11-30 03:12:04
问题 When decrypting ciphertext from the command line using the AWS CLI, the ciphertext gets decrypted without issues: $ aws kms decrypt --ciphertext-blob fileb://encrypted-secrets --output text --query Plaintext --region us-east-1 | base64 --decode > decryped-secrets This decryption operation also works locally when attempting to do so from a js script: #!/usr/local/bin/node const fs = require('fs'); const AWS = require('aws-sdk'); const kms = new AWS.KMS({region:'us-east-1'}); const secretPath =

Attempting to decrypt ciphertext within a Lambda function using KMS results in timeout

|▌冷眼眸甩不掉的悲伤 提交于 2020-11-30 02:56:17
问题 When decrypting ciphertext from the command line using the AWS CLI, the ciphertext gets decrypted without issues: $ aws kms decrypt --ciphertext-blob fileb://encrypted-secrets --output text --query Plaintext --region us-east-1 | base64 --decode > decryped-secrets This decryption operation also works locally when attempting to do so from a js script: #!/usr/local/bin/node const fs = require('fs'); const AWS = require('aws-sdk'); const kms = new AWS.KMS({region:'us-east-1'}); const secretPath =

How to verify the Secrets Manager credential rotation is successful

为君一笑 提交于 2020-08-25 06:12:31
问题 I enabled the rotation and checked lambda funcion logs, there is no error, everything looks fine. But I retrieved the secret in Secrets Manager console, it's still the old password. I don't know what's going on. In AWS CLI: aws secretsmanager list-secret-version-ids --secret-id xxx Output: { "Versions": [ { "VersionId": "4********2f", "VersionStages": [ "AWSPREVIOUS" ], "LastAccessedDate": 1580428800.0, "CreatedDate": 1580484370.988 }, { "VersionId": "9********69", "VersionStages": [

How AWS KMS determine which key to use when decrypt?

安稳与你 提交于 2020-02-23 12:47:16
问题 I'm confused on how the aws-kms select which key to use to decrypt a ciphertextblob? When calling the decrypt method, no key information is provided. 回答1: When you encrypt, KMS stores the CMK information in the ciphertextblob (CiphertextBlob: Ciphertext including metadata) as metadata. So while calling decrypt, KMS knows which CMK to use. More details in: https://d1.awsstatic.com/whitepapers/aws-kms-best-practices.pdf https://docs.aws.amazon.com/cli/latest/reference/kms/encrypt.html 回答2: If

How Can I get details of an AMI or Snapshot if It is encrypted and with which key AWS Managed CMK or Customer Manager CMK in AWS

你说的曾经没有我的故事 提交于 2020-01-26 04:42:27
问题 Issue : ➜ I want to get information about my AMI to know if it is Encrypted or not and If yes, then with which key it is encrypted with (AWS Managed CMK or Customer Manager CMK) so that I can utilize this information while sharing my AMI with another account without any issues. 回答1: Solution :➜ ****We can get this information using AWS Console as well as AWS CLI which could be useful while troubleshooting Encrypted AMI/Snapshots and KMS co-relation**** How can I check using AWS CLI Commands:

TypeError : “errorMessage”: “argument should be a bytes-like object or ASCII string, not 'Binary'”,

佐手、 提交于 2020-01-15 15:08:05
问题 I tried another program to validate the saved list of username and encrypted password from the above table and username and allowed resources in a different table. This program needs to be integrated with API request, however I have changed to send event test parameters from lambda test config, I tried the same for decoding as guided in the previous comments. Based on the previous error and comments, I was able to resolve that. "errorMessage": "string argument without an encoding", TypeError: