EC2实例上的AWS AmazonKeyManagementServiceClient.decrypt()超时

时间:2018-08-19 11:43:40

标签: .net amazon-web-services amazon-ec2 aws-sdk aws-kms

我正在尝试使用AWS KMS解密数据。我能够在本地成功使用以下代码,但是在EC2实例上部署时请求失败。我的EC2是受限制的子网。我需要打开与EC2的特定连接才能访问AWS KMS吗?

超时发生在行

MemoryStream plainText = kmsClient.Decrypt(decryptRequest).Plaintext;


public static string DecryptCC(string data)
    {
        try
        {
            string decryptedString = string.Empty;
            byte[] stringForDecryption = Convert.FromBase64String(data);

            Console.WriteLine("heelo , I am in DC");

            //Move to config
            AmazonKeyManagementServiceConfig config = new AmazonKeyManagementServiceConfig();
            config.RegionEndpoint = RegionEndpoint.APSoutheast2;
            var awsCredentials = new Amazon.Runtime.BasicAWSCredentials("xxxxxxxxxxxxxxxx", "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy");

            AmazonKeyManagementServiceClient kmsClient = new AmazonKeyManagementServiceClient(awsCredentials, config);
            Console.WriteLine("heelo , I am in DC after client");
            MemoryStream ciphertext = new MemoryStream();
            ciphertext.Write(stringForDecryption, 0, stringForDecryption.Length);

            DecryptRequest decryptRequest = new DecryptRequest()
            {
                CiphertextBlob = ciphertext,

            };
            MemoryStream plainText = kmsClient.Decrypt(decryptRequest).Plaintext;

            //var reader = new StreamReader(plainText);
            decryptedString = Encoding.UTF8.GetString(plainText.ToArray());


            if (decryptedString == null)
            {
                decryptedString = string.Empty;
            }

            return decryptedString;
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
        return null;
    }

1 个答案:

答案 0 :(得分:1)

您不能从EC2内部访问任何 AWS服务,除非您的实例 具有出站互联网访问权限 或相关服务支持VPC端点,并且您已正确配置了端点。

请参阅《 KMS开发人员指南》中的Connecting to AWS KMS Through a VPC Endpoint

相关问题
最新问题