问题
We have images stored in the AWS S3 for our production services.
Is there any API which will allow to enable encryption on these existing resources without downloading and uploading again?
I see Boto module in Python allows to clone the key with additional parameters e.g encryption, but this will create a new key. As these keys are stored in a separate database, we want to retain existing keys but just enable encryption.
回答1:
Here's some code that will convert all files in a bucket to use server-side encryption:
import boto
conn = boto.connect_s3('REGION')
bucket = conn.get_bucket('BUCKET')
for k in bucket.list():
bucket.copy_key(new_key_name=k.key, src_bucket_name=bucket.name, src_key_name=k.key, encrypt_key=True)
It copies to the same key name, but you might want to tweak it to preserve storage class, ACLs, etc.
来源:https://stackoverflow.com/questions/32869556/aws-s3-enable-encryption-through-api-script