我从EFS收到了一个加密文件,我的lambda函数应该解密GPG文件(我有密钥)并将其发送到S3存储桶。
阅读了几篇博客后,我编写了以下代码(仍然没有对其进行测试)。
import boto3
import gnupg
# Create an S3 client
s3 = boto3.client('s3')
def lambda_handler(event, context):
Key = "/efs/iamfile.txt"
stream = open(Key, "rb")
decrypted_data = gpg.decrypt_file(stream)
bucketName = "op-efs-vpc"
outPutname = "decrypted_data"
s3 = boto3.client('s3')
s3.upload_file(Key,bucketName,outPutname)
Python -pnupg解密文件代码:-
import os
import gnupg
def initialize_gpg(key_paths):
gpg = gnupg.GPG()
for path in key_paths:
key_data = open(path).read()
gpg.import_keys(key_data)
# return
return gpg
def remove_gpg_from_path(path):
"""
We expect the given path as argument to have the form: file-name.ext.gpg
So we want to return: file-name.ext
For example:
input: bottles.csv.gpg
output: bottles.csv
"""
return os.path.splitext(path)[0]
def decrypt_file(gpg, encrypted_path):
with open(encrypted_path, 'rb') as a_file:
decrypted_path = remove_gpg_from_path(encrypted_path)
gpg.decrypt_file(a_file, output=decrypted_path)
return decrypted_path
如何将这两个代码集成在一起,并将解密的文件发送到S3 AWS存储桶,我应该在哪里在代码中输入“ Decryption_key”。