我正在尝试以编程方式为s3 Bucket启用默认加密。以下不起作用也没有错误。有人知道这个的原因吗?
private async Task<PutBucketEncryptionResponse> EnableServerSideEncriptionAsync(string bucketName)
{
return await S3Client.PutBucketEncryptionAsync(new PutBucketEncryptionRequest
{
BucketName = bucketName,
ServerSideEncryptionConfiguration = new ServerSideEncryptionConfiguration()
{
ServerSideEncryptionRules = new List<ServerSideEncryptionRule>()
{
new ServerSideEncryptionRule()
{
ServerSideEncryptionByDefault = new ServerSideEncryptionByDefault()
{
ServerSideEncryptionAlgorithm = ServerSideEncryptionMethod.AES256
}
}
}
}
});
}
答案 0 :(得分:4)
我尝试使用AWS Command-Line Interface (CLI)来查看会发生什么。
我创建了一个新存储桶,然后运行:
aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
然后我转到Amazon S3控制台中的存储桶,单击属性选项卡并显示默认加密框: AES-256 < / EM> 强>
答案 1 :(得分:1)
晚安,一个小时前我遇到了同样的问题,也许我找到了解决方法! 代码:
private async void EncryptBucket(string bucketName)
{
var encryptResquest = new PutBucketEncryptionRequest
{
BucketName = bucketName,
ServerSideEncryptionConfiguration = new ServerSideEncryptionConfiguration()
{
ServerSideEncryptionRules = new List<ServerSideEncryptionRule>()
{
new ServerSideEncryptionRule()
{
ServerSideEncryptionByDefault = new ServerSideEncryptionByDefault()
{
ServerSideEncryptionAlgorithm = ServerSideEncryptionMethod.AWSKMS,
ServerSideEncryptionKeyManagementServiceKeyId = "arn:aws:kms:us-west-2:**insert your account id**:alias/aws/s3"
}
}
}
}
};
答案 2 :(得分:0)
最后,最终会出现权限问题。我没有权限查看默认加密的状态。拥有权限的用户可以看到默认加密已启用。
感谢John Rotenstein为您找到解决此问题的方法。
希望aws控制台显示一条消息“拒绝访问” 显示错误的默认加密被禁用。
答案 3 :(得分:0)
#!/bin/bash
for bucket_name in $(aws s3api list-buckets --query "Buckets[].Name" --output text);
do
if (aws s3api get-bucket-encryption --bucket ${bucket_name})
then
echo "already encrypted"
else
echo "doing encrption"
aws s3api put-bucket-encryption --bucket ${bucket_name} --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
echo "done encrption"
fi
done