我找不到允许我在S3中创建KMS加密存储区的调用(使用Java AWS SDK),但我没有成功。
这种方法存在吗?如果是这样,我在哪里可以找到示例/文档?
答案 0 :(得分:2)
我找到了答案。我正在使用的AWS Java SDK版本不够新,无法使用该方法。
以下是如何操作:
Bucket bucket = amazonS3Client.createBucket( bucketName );
ServerSideEncryptionRule serverSideEncryptionRule = new ServerSideEncryptionRule();
ServerSideEncryptionByDefault serverSideEncryptionByDefault = new ServerSideEncryptionByDefault();
serverSideEncryptionByDefault.setKMSMasterKeyID( "xxxxxxxxx-xxx-xxxxx-xxxx-xxxxx-xxxx-xxxxxxx" );
serverSideEncryptionByDefault.setSSEAlgorithm( SSEAlgorithm.KMS.getAlgorithm() );
serverSideEncryptionRule.setApplyServerSideEncryptionByDefault( serverSideEncryptionByDefault );
SetBucketEncryptionRequest setBucketEncryptionRequest = new SetBucketEncryptionRequest();
setBucketEncryptionRequest.setBucketName( bucket.getName() );
ServerSideEncryptionConfiguration serverSideEncryptionConfiguration = new ServerSideEncryptionConfiguration();
ArrayList< ServerSideEncryptionRule > serverSideEncryptionRules = new ArrayList<>();
serverSideEncryptionRules.add( serverSideEncryptionRule );
serverSideEncryptionConfiguration.setRules( serverSideEncryptionRules );
setBucketEncryptionRequest.setServerSideEncryptionConfiguration( serverSideEncryptionConfiguration );
amazonS3Client.setBucketEncryption( setBucketEncryptionRequest );
答案 1 :(得分:0)
在该页面中,您可以使用Java AWS SDK尝试类似的内容:
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
// Can either be Key ID or alias (prefixed with 'alias/')
.withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
.build();
答案 2 :(得分:0)
一个不创建加密存储桶,而是将加密对象放入存储桶中。
以下是使用服务器端加密(SSE)的示例:
today, sun, mon, tue, wed, thu, fri, sat = get_dates()
参考链接: