s3 kms encryption fails due to auth protocol mismatch

[quiver]

API http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

$ aws s3api put-object --bucket bucket_name --key key_name --server-side-encryption aws:kms --ssekms-key-id kms_id
A client error (InvalidArgument) occurred when calling the PutObject operation: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

Debug message shows that hmacv1 auth is used while sse-kms requires sigv4 auth.

Changing "signatureVersion" of botocore/data/aws/s3/2006-03-01.api.json from s3 to s3v4 solved my problemn, but I won't PR because

• I've been told before that data/aws files are maintained by aws
• Small subsets of s3 api calls require sigv4. I'm not sure if changing whole s3 auth protocol is a good approach.

This may be related to https://forums.aws.amazon.com/thread.jspa?threadID=165286

[jamesls]

We're going to look into automatically switching the signature version dynamically, but in the next AWS CLI release, you can now explicitly set the signature version of S3 in the config file:

aws configure set default.s3.signature_version s3v4

See #382 for more info. For backwards compat reasons we can't switch over to s3v4 so for now users will have to specify the signature version explicitly when working with kms.

[quiver]

aws configure set default.s3.signature_version s3v4

Nice work, James.