Set an S3 SSE key-id in EKS #1156

timothystone-knsl · 2024-05-24T18:31:00Z

timothystone-knsl
May 24, 2024

It's not clear how I can use a KMS key-id in an S3Operation leveraging STS in EKS.

We have the StsWebIdentityTokenFileCredentialsProvider working with the software.amazon.awssdk:sts module loading however we can not access the bucket.

In the CLI we can perform the following from the container on the Node:

# aws s3 cp test s3://important-bucket/test
upload failed:./test to s3://important-bucket/test An error occurred (AccessDenied) when calling the PutObject operation: Access Denied 
# aws s3 cp test s3://important-bucket/test --sse-kms-key-id d0b40e5f-ce3c-457f-87e0-5b9047470d94 --sse aws: kms 
upload: /test to s3://important-bucket/test

We've looked at Zalando's org.zalando:zalando-cloud-aws-kms library and added the encrypt.kms.keyId but no help (though I'm under the impression that Zalando's library provides encryption/decryption of properties). Zalando makes a note, almost as an aside, on the use of the aws.key.keyId but not how it should be used, strictly defined, or what should be included to provide it.

Anything stand out that might point us in the right direction?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set an S3 SSE key-id in EKS #1156

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 0 comments

Select a reply

Set an S3 SSE key-id in EKS #1156

timothystone-knsl May 24, 2024

Replies: 0 comments

timothystone-knsl
May 24, 2024