我想使用Lambda函数从AWS S3检索特定的ZIP文件,解密并提取它。
这是我的代码:
const AWS = require('aws-sdk');
const zlib = require('zlib');
const fs = require('fs');
const stream = require('stream');
exports.handler = function (event, context) {
const jobInfo = event['CodePipeline.job'].data;
const artifactsInfo = jobInfo.inputArtifacts[0].location;
const bucket = artifactsInfo.s3Location.bucketName;
const key = artifactsInfo.s3Location.objectKey;
const credentials = jobInfo.artifactCredentials;
const s3 = new AWS.S3({
credentials: credentials,
});
const kms = new AWS.KMS({
credentials: credentials,
region: 'eu-central-1',
});
s3.getObject({
Bucket: bucket,
Key: key,
}, function(err, data) {
if (err) {
// context.done(err);
console.error(err);
return;
}
console.log('Received file', key);
const buff = new stream.PassThrough();
kms.decrypt({CiphertextBlob: data.Body}, function(err, decryptData) {
if (err) {
console.error(err);
return;
}
buff.end(decryptData.Plaintext);
console.log('Decoded S3 object encrypted with KMS ID', decryptData.KeyId);
buff
.pipe(zlib.createGunzip())
.on('error', console.error)
.on('entry', function(entry) {
console.log(entry);
});
});
});
};
但是,ZIP文件与5MiB类似,我从KMS请求中收到以下错误:
ValidationException: 1 validation error detected: Value 'java.nio.HeapByteBuffer[pos=0 lim=128011 cap=128011]' at 'ciphertextBlob' failed to satisfy constraint: Member must have length less than or equal to 6144
at Request.extractError (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/protocol/json.js:48:27)
at Request.callListeners (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
message: '1 validation error detected: Value \'java.nio.HeapByteBuffer[pos=0 lim=128011 cap=128011]\' at \'ciphertextBlob\' failed to satisfy constraint: Member must have length less than or equal to 6144'
我怎么处理这个?谢谢!
答案 0 :(得分:0)
在深入研究文档之后,我发现我不必自己解密该对象,因为它是明文到客户端。我删除了解密步骤,我的代码看起来像这样:
.zip 注意(我添加这个是因为我花了一些时间来弄明白)。亚马逊将zlib个文件导出为{{1}}格式{{1}}无法使用。