user2046117
Reputation:
AWS S3 client side encryption using KMS - Region being ignored
I'm using the recently release KMS service with Amazon and I'm getting an issue with the Region being ignored when passed into the AmazonS3EncryptionClient.
AmazonS3EncryptionClient s3 = new AmazonS3EncryptionClient(credentials,
new KMSEncryptionMaterialsProvider(keyId))
.withRegion(Region.getRegion(Regions.EU_WEST_1));
The error message coming back indicates that the key can't be found in the region US-East-1 despite actively setting it to EU-West-1
The error message is
com.amazonaws.services.kms.model.NotFoundException:
Key 'arn:aws:kms:us-east-1:account#:key/mykeyname' does not exist (Service: AWSKMS;
Status Code: 400; Error Code: NotFoundException;
Request ID: 8fb90ad0-7644-11e4-bf12-0b5a59268629)
I can't find any documentation to suggest this is a specific bug in the API, any suggestions?
Upvotes: 1
Views: 5726
Answers (1)
E.J. Brennan
Reputation: 46841
Try reading the comments/suggestions at the bottom of this thread:
http://java.awsblog.com/post/Tx19OLB7M3D6DS8/S3-Encryption-with-AWS-Key-Management-Service
Looks like there was a release to address this issue with the addition of a new parameter.
i.e:
AmazonS3 s3 = new AmazonS3EncryptionClient(new DefaultAWSCredentialsProviderChain(),
new KMSEncryptionMaterialsProvider(customerMasterKeyId),
new CryptoConfiguration().withKmsRegion(Regions.fromName("us-west-2")));
Upvotes: 1
Related Questions
- AWS S3 Server side encryption Access denied error
- AWS KMS Multi region
- AWS S3 using client side enctyption
- S3 PutObject with KMS encryption fails with 403 "Access Denied" error
- Force Server Side Encryption for S3 Bucket
- How to use AWS KMS Encryption in the node js SDK
- AWS: Cannot encrypt an S3 object using my own KMS key
- AWS S3 server side encryption using CLI
- Require KMS encryption with specific key ID in S3 bucket policy
- Error uploading S3 Object with Server Side Encryption using Amazon KMS