Re: Amazonica s3

Fri, 23 Feb 2018 03:20:27 -0800 

Hello Rohit,

We use Amazonica to read files from a bucket encrypted with Server-Side 
Encryption (SSE).

The way to do it depends on the way the files were encrypted. If the KMS 
key was "associated" with the encrypted file (not sure if I'm using the 
correct terminology, I'm no AWS expert) and the instance/role has IAM 
permission for that KMS key, it should be enough to add :encryption true to 
the parameters map:

(require '[amazonica.aws.s3 :as s3])
(s3/get-object {:bucket-name "mybucket", :key "/foo/bar", :encryption true}

If you need to set the KMS key explicitly, what worked for us is adding 
:sse-aws-key-management-params 
{:aws-kms-key-id "<encryption key name here>"} to the same parameters map.

Try this out, if it doesn't work I'll try to understand how our code works 
a little better. But ultimately we'll make it work for you;).

On Friday, February 23, 2018 at 2:48:48 AM UTC+2, Rohit Thadani wrote:
>
> Hi,
>
> I am trying to use the amazonica s3 library to get s3 objects trhat have 
> been encrypted using the KMSEncryptionMaterials but I cant seem to 
> understand how to do it with the library i.e how do i set the encryption 
> materials and then create the appropriate client
>
> The equivalent java code to do this would be like this 
>        KMSEncryptionMaterialsProvider encryptionMaterialsProvider = new 
> KMSEncryptionMaterialsProvider("<encryption key here>");
>         CryptoConfiguration config = new CryptoConfiguration();
>         
> config.setAwsKmsRegion(Region.getRegion(Regions.valueOf(profile.getRegion())));
>         return AmazonS3EncryptionClientBuilder.standard()
>             .withRegion(Regions.valueOf(profile.getRegion()))
>             .withEncryptionMaterials(encryptionMaterialsProvider)
>             .withCryptoConfiguration(config)
>             .build();
>   
>
> any help would be greatly appreciated
>
> Thanks
> Rohit.
>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
  • Amazonica s3 Rohit Thadani
    • Re: Amazonica s3 Alexander Yakushev

Reply via email to