Reputation: 2530
I have a rest service that streams content to a AWS S3 bucket. I was wondering what are the alternatives to encrypt that stream to the bucket, my requirements would be primary that the encryption key is automanaged (for example KMS) and then performance wise.
Is it possible to encrypt inputstreams with KMS without having to use byte[]
and buffer the whole content in-memory ?
I am planning to upload some large files > 1GB (that's why the streaming to avoid OOM errors) what would be the preferred advice for this, is there any significant difference compared to small files < 10MB ?
Thanks
Upvotes: 0
Views: 998
Reputation: 201088
I assume you are using this version of PutObjectRequest
that takes an InputStream
.
The data transmission to S3 is going over SSL, so the network transmission is encrypted.
To use a KMS key to encrypt the data stored on S3 you can simply specify the KMS key you want S3 to use. After creating the PutObjectRequest, simply call: putObjectRequest.withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(keyID));
before the call to s3Client.putObject()
Alternatively, if you want to do all the encryption on the client-side, you can use the AmazonS3EncryptionClient
and EncryptedPutObjectRequest
classes in the Java AWS SDK.
Upvotes: 2