通过编程将默认加密KMS添加到存储桶

时间:2018-06-21 19:52:28

标签: ios objective-c amazon-web-services amazon-s3 aws-sdk

我正在使用AWS开发工具包iOS iOS v2.6.21以编程方式将KMS(SSE-KMS)加密添加到AWS S3存储桶中。我使用以下Objective-C代码进行此操作:

AWSS3 *awsClient = [AWSS3 S3ForKey:bucketObject.regionShortName];
AWSS3ServerSideEncryptionRule *rule= [AWSS3ServerSideEncryptionRule new];
AWSS3ServerSideEncryptionByDefault *applyServerSideEncryptionByDefault =[AWSS3ServerSideEncryptionByDefault new];applyServerSideEncryptionByDefault.SSEAlgorithm=AWSS3ServerSideEncryptionAwsKms;

applyServerSideEncryptionByDefault.KMSMasterKeyID=kmsAliasKeyId;
AWSS3ServerSideEncryptionConfiguration *configuration = 
[AWSS3ServerSideEncryptionConfiguration new];
configuration.rules = @[rule];

AWSS3PutBucketEncryptionRequest *request = 
[AWSS3PutBucketEncryptionRequest new];
request.bucket = bucketObject.name;
request.serverSideEncryptionConfiguration=configuration;

[awsClient putBucketEncryption:request];

}

这似乎有效,并且显示了我的存储桶具有默认加密。但是,它没有指定加密为KMS,而只是显示一个选中标记(表明已启用加密)(在查看控制台时)。 AWS console after enabling encryption using KMS

当我以编程方式检查加密状态时,它没有为SSEAlgorithm指定任何内容:

<AWSS3ServerSideEncryptionConfiguration: 0x604000008790> {
    rules =     (
        "<AWSS3ServerSideEncryptionRule: 0x6040000087f0> {\n}"
    );
}

基于AWS SDK中如何定义AWSS3ServerSideEncryption,我希望显示SSEAlgorithm的输出为2:

AWSS3ServerSideEncryption:
AWSS3ServerSideEncryptionUnknown,
AWSS3ServerSideEncryptionAES256,
AWSS3ServerSideEncryptionAwsKms,

当我使用SSE-S3(AWSS3ServerSideEncryptionAES256)执行相同代码时比较输出时,输出为:

<AWSS3ServerSideEncryptionConfiguration: 0x600000009c40> {
    rules =     (
        "<AWSS3ServerSideEncryptionRule: 0x600000009c50> {\n    
applyServerSideEncryptionByDefault = \"<AWSS3ServerSideEncryptionByDefault: 0x60000022b6a0> {\\n    SSEAlgorithm = 1;\\n}\";\n}"
    );
}

有人能看到我在正确使用KMS作为整个存储桶的默认加密的请求中缺少的内容吗?

谢谢。干杯,特隆德

1 个答案:

答案 0 :(得分:1)

您已经正确设置了所有对象,请执行将加密与规则相关联的步骤。请参见下面的代码,以了解正确进行设置所需的更改。

...
...
...

AWSS3ServerSideEncryptionRule *rule= [AWSS3ServerSideEncryptionRule new];

AWSS3ServerSideEncryptionByDefault *applyServerSideEncryptionByDefault =[AWSS3ServerSideEncryptionByDefault new];
applyServerSideEncryptionByDefault.SSEAlgorithm=AWSS3ServerSideEncryptionAwsKms;
applyServerSideEncryptionByDefault.KMSMasterKeyID=kmsAliasKeyId;

//Add the encryption information to the rule
rule.applyServerSideEncryptionByDefault = applyServerSideEncryptionByDefault;


AWSS3ServerSideEncryptionConfiguration *configuration = 

...
...
...
相关问题
最新问题