aws-kms

How to use AWS KMS in AWS lambda

房东的猫 提交于 2019-12-05 06:34:30
I've just started to work with AWS services, particularly AWS Lambda. Is there a way to use AWS KMS service from within Lambda code (Java). I'd like to use KMS to decrypt an encrypted externalized (read from a property) secret. My Lambda code is in java. Thanks in advance. Yes, it should work fine. I recently ported a Node.js RESTful API over to Lambda and didn't have to change any KMS code. You'll just need to make sure the role your Lambda function runs under has permissions to the key you setup through AWS to use with the encrypt/decrypt calls. kleaver In Python: with open('encrypted_pem

Does AWS RDS encryption with KMS affect performance?

杀马特。学长 韩版系。学妹 提交于 2019-12-04 23:46:04
Amazon states that Encryption and decryption are handled transparently so you don’t have to modify your application to access your data My application (Rails, MySQL, Elasticsearch) builds a lot of graphics and therefore queries a lot of data. From my prior experience with database encryption, it really affects data retrieving speed (as we can only say if record matches condition after reading and decryptng it). Is there any relevant benchmarks? Or maybe you have worked with such server-side encryption from AWS? Do I need to worry about performance changes at all? Also it's not quite clear for

Error while decrypting file using KMS key in Amazon S3

限于喜欢 提交于 2019-12-04 10:12:18
I am trying to use Amazon S3 as a file system with encryption. I am successfully able to achieve uploading file on AWS S3 server using KMS Encrypted key (Server side Encryption). Please find below working code : For Encrypt: private static final String AWS_KMS_KEY = "---KMS Key---" private static final String BUCKET_NAME = "---bucket name---" private static final String keyName = "---display key name---" private static final String filePath = "---File Path---" private static final String ACCESS_KEY_ID = "---aws accesskey---" private static final String SECRET_ACCESS_KEY = "---aws secret key---

S3 Multipart Upload with SSE-KMS

故事扮演 提交于 2019-12-03 23:03:58
问题 I am trying to write a utility using aws-java-sdk (1.11.230). I am able to write a file with SSE-KMS by using PutObjectRequest as follow: PutObjectRequest putRequest = new PutObjectRequest(existingBucketName, keyName, file) .withSSEAwsKeyManagementParams(kmsKeyId); but while trying to upload it in multipart, I could not find any way to specify encryption configuration for SSE-KMS. Could anyone please suggest a way to go through this successfully. Any suggestion will be appreciated. Vikash

boto3 client NoRegionError: You must specify a region error only sometimes

亡梦爱人 提交于 2019-12-03 02:54:01
问题 I have a boto3 client : boto3.client('kms') But it happens on new machines, They open and close dynamically. if endpoint is None: if region_name is None: # Raise a more specific error message that will give # better guidance to the user what needs to happen. raise NoRegionError() Why is this happening? and why only part of the time? 回答1: One way or another you must tell boto3 in which region you wish the kms client to be created. This could be done explicitly using the region_name parameter

AWS CLI Query - describe-keys with parameters

牧云@^-^@ 提交于 2019-12-02 21:57:41
问题 So this week, I have started to begin learning the CLI and seeing what can be done within this. I was given the task of grabbing information regarding this: Key Alias Key ID All associated tags I have tried many methods within this... and can't seem to get anywhere. I have only been doing this for around 4 days and I just began documenting key API calls that will come in use for the future. I seem to not be able to grab this in a --output table. If anyone could be able to give me a guidance

AWS CLI Query - describe-keys with parameters

ⅰ亾dé卋堺 提交于 2019-12-02 10:13:49
So this week, I have started to begin learning the CLI and seeing what can be done within this. I was given the task of grabbing information regarding this: Key Alias Key ID All associated tags I have tried many methods within this... and can't seem to get anywhere. I have only been doing this for around 4 days and I just began documenting key API calls that will come in use for the future. I seem to not be able to grab this in a --output table. If anyone could be able to give me a guidance on this. Also, does anyone have any tips from someone who is just starting his Cloud Journey and any

S3 Multipart Upload with SSE-KMS

余生长醉 提交于 2019-12-01 01:44:22
I am trying to write a utility using aws-java-sdk (1.11.230). I am able to write a file with SSE-KMS by using PutObjectRequest as follow: PutObjectRequest putRequest = new PutObjectRequest(existingBucketName, keyName, file) .withSSEAwsKeyManagementParams(kmsKeyId); but while trying to upload it in multipart, I could not find any way to specify encryption configuration for SSE-KMS. Could anyone please suggest a way to go through this successfully. Any suggestion will be appreciated. Vikash Pareek Finally, I am able to find the solution for this. It can be done by setting headers to

How to use Async and Await with AWS SDK Javascript

非 Y 不嫁゛ 提交于 2019-11-30 07:52:24
I am working with the AWS SDK using the KMS libary. I would like to use async and await instead of callbacks. import AWS, { KMS } from "aws-sdk"; this.kms = new AWS.KMS(); const key = await this.kms.generateDataKey(); However this does not work, when wrapped in an async function. How can i use async and await here? If you are using aws-sdk with version > 2.x, you can tranform a aws.Request to a promise with chain .promise() function. For your case: try { let key = await kms.generateDataKey().promise(); } catch (e) { console.log(e); } the key is a KMS.Types.GenerateDataKeyResponse - the second

How to use Async and Await with AWS SDK Javascript

眉间皱痕 提交于 2019-11-26 23:06:03
问题 I am working with the AWS SDK using the KMS libary. I would like to use async and await instead of callbacks. import AWS, { KMS } from "aws-sdk"; this.kms = new AWS.KMS(); const key = await this.kms.generateDataKey(); However this does not work, when wrapped in an async function. How can i use async and await here? 回答1: If you are using aws-sdk with version > 2.x, you can tranform a aws.Request to a promise with chain .promise() function. For your case: try { let key = await kms