Reputation: 719
s3cmd : copy file from encrypted buckets in s3 to local machine
I want to download a file from an encypted bucket in s3. The bucket is encrypted using AES256. I am using the following command
s3cmd --access_key=<access_key> --secret_key=<secret_key> get <s3_key_location> <target_loc>.
I read the s3 usage. It did not help much.
How do I specify the option that I want to download the file after decryption from s3?
Also since the bucket is encrypted, this command creates a dummy file with the same name as the key present in the s3 location having a size 0 in the target location.
One important thing to note here is that I am using boto to run the s3cmd commands.
s3cmd version 1.5.2
Upvotes: 0
Views: 3457
Answers (3)
Reputation: 269282
Amazon S3 objects encrypted with server side encryption are automatically decrypted when they are retrieved. The encryption affects how the data is stored on disk but you will never see encrypted objects.
Therefore, just download the file as normal.
By the way, these days it is preferable to use the AWS Command-Line Interface (CLI) rather than s3cmd.
If you wish to download via Python, use the boto function: get_contents_to_file()
Upvotes: 0
Reputation: 719
So along with this optional parameter --server-side-encryption you have to give the encryption paraphrase while configuring the s3cmd.
Unfortunately , I did not find any parameter in the s3cmd command which can override the value specified in the encryption paraphrase. There are a couple of ways with which you can configure the encryption paraphase :
1.using the s3cmd --configure option
2.Modifying the .s3cfg config file present in the home directory.
I was looking for a parameter which can override the value given in the config file.
Example : If the access key in the file is A and while running the s3cmd I specify --access_key B. The value A will not be used for the s3cmd for that command execution , however the value A will always be used when we are not specifying the access key. So If there is any parameter for encryption paraphase also , please post that here.
Upvotes: 0
Reputation: 8178
Why don't you use aws command line? I guess it has better support with encrypted s3 bucket.
e.g. aws s3 cp <s3_path> <local_path>
Upvotes: 0
Related Questions
- how to copy file from amazon server to s3 bucket
- how to upload files to s3 from aws cli with kms encryption
- How to copy files from AWS S3 to local machine?
- AWS S3 copy using key and secret
- How to upload encrypted data to S3?
- Decryption of encrypted S3 file using aws-encryption-cli --decrypt
- Transfer files from S3 to untrusted server via intermediary
- How to copy files from an encrypted S3 bucket to Google Cloud Storage?
- Copy files from S3 bucket to local machine using file index
- Is it possible to copy all files from one S3 bucket to another with s3cmd?