Todd
Reputation: 2999
Create an S3 bucket with KMS encryption?
I've been unsuccessful in locating a call that would allow me to create a KMS encrypted bucket in S3 (using the Java AWS SDK).
Does such a method exist? And if so, where can I find examples/documentation?
Upvotes: 3
Views: 2536
Answers (3)
Todd
Reputation: 2999
I found the answer. The version of the AWS Java SDK I was using wasn't recent enough to have the method.
Here is how to do it:
Bucket bucket = amazonS3Client.createBucket( bucketName );
ServerSideEncryptionRule serverSideEncryptionRule = new ServerSideEncryptionRule();
ServerSideEncryptionByDefault serverSideEncryptionByDefault = new ServerSideEncryptionByDefault();
serverSideEncryptionByDefault.setKMSMasterKeyID( "xxxxxxxxx-xxx-xxxxx-xxxx-xxxxx-xxxx-xxxxxxx" );
serverSideEncryptionByDefault.setSSEAlgorithm( SSEAlgorithm.KMS.getAlgorithm() );
serverSideEncryptionRule.setApplyServerSideEncryptionByDefault( serverSideEncryptionByDefault );
SetBucketEncryptionRequest setBucketEncryptionRequest = new SetBucketEncryptionRequest();
setBucketEncryptionRequest.setBucketName( bucket.getName() );
ServerSideEncryptionConfiguration serverSideEncryptionConfiguration = new ServerSideEncryptionConfiguration();
ArrayList< ServerSideEncryptionRule > serverSideEncryptionRules = new ArrayList<>();
serverSideEncryptionRules.add( serverSideEncryptionRule );
serverSideEncryptionConfiguration.setRules( serverSideEncryptionRules );
setBucketEncryptionRequest.setServerSideEncryptionConfiguration( serverSideEncryptionConfiguration );
amazonS3Client.setBucketEncryption( setBucketEncryptionRequest );
Upvotes: 4
nicholas.hauschild
Reputation: 42849
One does not create an encrypted bucket, but instead puts encrypted objects into the bucket.
Here is an example using Server Side Encryption (SSE):
AmazonS3 s3 = AmazonS3Client.standard();
s3.putObject(new PutObjectRequest()
// this will default to AES-256...no KMS Client key used
.withSSEAwsKeymanagementParams(new SSEAwsKeyManagementParams())
// alternative if you are looking to do SSE with a Client Master Key from KMS
//.withSSEAwsKeymanagementParams(new SSEAwsKeyManagementParams(...KMS Key Alias or ARN...))
.withKey(myKey)
.withFile(myFile));
Reference links:
Upvotes: 0
Adil B
Reputation: 16778
From that page, you could try something like this with the Java AWS SDK:
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
// Can either be Key ID or alias (prefixed with 'alias/')
.withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
.build();
Upvotes: 0
Related Questions
- how to upload files to s3 from aws cli with kms encryption
- how to get encrypted file (KMS Server side) from AWS using java
- AWS Encryption SDK Encrypt/Decrypt with Data Key
- How to use AWS KMS Encryption in the node js SDK
- AWS: Cannot encrypt an S3 object using my own KMS key
- AWS S3 server side encryption using CLI
- Can I use AWS KMS encryption for client side encryption in Android?
- Require KMS encryption with specific key ID in S3 bucket policy
- Error uploading S3 Object with Server Side Encryption using Amazon KMS
- java : Use Server-Side Encryption in Amazon S3 using vfs s3 plugin