CODEWITHSUNDEEP
javaamazon-s3encryptionrequest-headersamazon-kms
user3115056
user3115056

Reputation: 1280

How do I set a request header(x-amz-server-side-encryption : aws:kms) while saving file to S3 in Java code?

Below is the code that I have for uploading files to S3 using KMS server side encryption. However I am getting the exception "Server Side Encryption with AWS KMS managed key requires HTTP header x-amz-server-side-encryption : aws:kms";

Not sure where to place the header in the Java code to save file.

private static void saveServerSideEncryptedFileToAWS(String clientRegion, String bucketName, String awsFilePath, File file) {
            AmazonS3 s3client = AmazonS3Client.builder()
                    .withRegion(clientRegion)
                    .withCredentials(new AWSStaticCredentialsProvider(credentials))
                    .build();

            ObjectMetadata objectMetadata = new ObjectMetadata();
            //objectMetadata.setHeader("x-amz-server-side-encryption" , "aws:kms");

            objectMetadata.setSSEAlgorithm(ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION);

            PutObjectRequest putRequest = null;
            try {
                putRequest = new PutObjectRequest(bucketName,
                        awsFilePath,
                        new FileInputStream(file),
                        objectMetadata).withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams("arn:aws:kms:<<key>>"));
            } catch (FileNotFoundException e) {
                e.printStackTrace();
            }

            // Upload the object and check its encryption status.
            PutObjectResult putResult = s3client.putObject(putRequest);
            printEncryptionStatus(putResult);
        }

Upvotes: 3

Views: 3795

Answers (2)

Martin Bamford
Martin Bamford

Reputation: 404

To answer the question above from Balaji on how to do the same thing in AWS SDKv2, you need to use the property serverSideEncryption on the PutObjectRequest object, ie

final PutObjectRequest por = PutObjectRequest.builder()
                .bucket(bucketName)
                .key(key)
                .contentLength((long) contentLength)
                .ssekmsKeyId(kmsKey)
                .serverSideEncryption("aws:kms")
                .build();

Upvotes: 1

user3115056
user3115056

Reputation: 1280

I got the answer by some hit and trials... -- putRequest.putCustomRequestHeader("x-amz-server-side-encryption","aws:kms");

Upvotes: 4

Related Questions