Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Non default master key Server Side Encryption KMS support #235
Currently the buildkite agent KMS support is limited to (as per the environment script)
which ends up employing the default master key for the S3 service, i.e. the key that is used to encrypt S3 objects when no other key is defined.
It would be ideal to make use of an explicit kms key id issued exclusively for buildkite agent purposes. Something like
where the arn for the key could be passed in as a parameter to the Cloudformation template for the stack.
How can i overcome this issue? pls help me with this.
Do you have permission to write to that bucket?…
Sent from my iPhone
On 8 Sep 2017, at 5:31 pm, sushilvarma2 ***@***.***> wrote: yah that is right. that is just for reference. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
Yah, I assigned S3, KMS role to the user.
It works without any issue when I am using default KMS ID and not even providing kms id. Just simple copy to S3 bucket.
I have also used this option, as advised in aws documentation.
I have tried both these policies also to the bucket but no help: