如何使用AWSSDK以编程方式启用s3存储桶默认加密?

时间:2018-05-29 02:19:24

标签: amazon-s3

我正在尝试以编程方式为s3 Bucket启用默认加密。以下不起作用也没有错误。有人知道这个的原因吗?

        private async Task<PutBucketEncryptionResponse> EnableServerSideEncriptionAsync(string bucketName)
    {
        return await S3Client.PutBucketEncryptionAsync(new PutBucketEncryptionRequest
        {
            BucketName = bucketName,
            ServerSideEncryptionConfiguration = new ServerSideEncryptionConfiguration()
            {
                ServerSideEncryptionRules = new List<ServerSideEncryptionRule>()
                {
                    new ServerSideEncryptionRule()
                    {
                        ServerSideEncryptionByDefault = new ServerSideEncryptionByDefault()
                        {
                            ServerSideEncryptionAlgorithm = ServerSideEncryptionMethod.AES256
                        }

                    }
                }
            }
        });
    }

4 个答案:

答案 0 :(得分:4)

我尝试使用AWS Command-Line Interface (CLI)来查看会发生什么。

我创建了一个新存储桶,然后运行:

aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

然后我转到Amazon S3控制台中的存储桶,单击属性选项卡并显示默认加密框: AES-256 < / EM>

S3 Bucket default encryption

答案 1 :(得分:1)

晚安,一个小时前我遇到了同样的问题,也许我找到了解决方法! 代码:

private async void EncryptBucket(string bucketName)
{
    var encryptResquest = new PutBucketEncryptionRequest
    {
        BucketName = bucketName,
        ServerSideEncryptionConfiguration = new ServerSideEncryptionConfiguration()
        {
            ServerSideEncryptionRules = new List<ServerSideEncryptionRule>()
            {
                new ServerSideEncryptionRule()
                {
                    ServerSideEncryptionByDefault = new ServerSideEncryptionByDefault()
                    {
                       ServerSideEncryptionAlgorithm = ServerSideEncryptionMethod.AWSKMS,
                       ServerSideEncryptionKeyManagementServiceKeyId = "arn:aws:kms:us-west-2:**insert your account id**:alias/aws/s3"
                    }
                }
            }
        }
    };

答案 2 :(得分:0)

最后,最终会出现权限问题。我没有权限查看默认加密的状态。拥有权限的用户可以看到默认加密已启用。

感谢John Rotenstein为您找到解决此问题的方法。

  

希望aws控制台显示一条消息“拒绝访问”   显示错误的默认加密被禁用。

答案 3 :(得分:0)

#!/bin/bash

for bucket_name in $(aws s3api list-buckets --query "Buckets[].Name" --output text);
do
        if (aws s3api get-bucket-encryption --bucket ${bucket_name})
        then
                echo "already encrypted"
        else
                echo "doing encrption"
                aws s3api put-bucket-encryption  --bucket ${bucket_name} --server-side-encryption-configuration  '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
                echo "done encrption"
        fi
done