Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update "--output-dir s3://.. to include the KMS key" #5344

Open
satvan23 opened this issue Feb 13, 2020 · 2 comments
Open

Update "--output-dir s3://.. to include the KMS key" #5344

satvan23 opened this issue Feb 13, 2020 · 2 comments
Labels
area/outputs kind/enhancement provider/aws

Comments

@satvan23
Copy link

satvan23 commented Feb 13, 2020
edited

Update: ( After some more testing ).

  1. The usual option to write to s3 bucket was working until Security team changed the bucket policy.
  2. So, now I need an option to include the KMS key I have in "--output-dir s://..." ( like I see in s3cmd )
    ( s3cmd --server-side-encryption-kms-id=KMS_KEY )
  3. Does the option to write to S3 use https ? If not then that is needed.
  4. I can do a s3 cp without giving any KMS option, so https is used.

Thanks

s3-error
@kapilt
Copy link
Collaborator

kapilt commented Feb 17, 2020
edited

couple of followup questions

  1. is the default kms s3 service key sufficient?
  2. does this need to be able to specify custom kms key?
  3. if so, does it need to be specify by key alias, or key id?
  4. does encryption context need to be provided?

@satvan23
Copy link
Author

1 & 2 Unfortunately no, company policy is for custom kms key. Not the default one
3. Alias is good
4. Looking at the list of keys, all are "SYMMETRIC_DEFAULT"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/outputs kind/enhancement provider/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kapilt @satvan23