我试图找出我需要为了做到这一点已经通过KMS密钥使用服务器端加密加密的S3对象的GET操作来提供。当试图做我的测试文档的卷曲我收到以下错误:卷曲和S3 GET
Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
UPDATE:添加从卷曲
$ curl -v https://s3-us-west-2.amazonaws.com/rkbtest/check.png
* Trying 54.231.185.12...
* Connected to s3-us-west-2.amazonaws.com (54.231.185.12) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.s3-us-west-2.amazonaws.com
* Server certificate: DigiCert Baltimore CA-2 G2
* Server certificate: Baltimore CyberTrust Root
> GET /rkbtest/check.png HTTP/1.1
> Host: s3-us-west-2.amazonaws.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< x-amz-request-id: 2DECE9C69BDB8F0F
< x-amz-id-2: bs8xGSbAHksE2mSb/+r4AG3B9RlRTODasFyr5S3jMU2sNA7eJTEQr0dJTro5P2QKLRuMQtGw6tk=
< x-amz-region: us-west-2
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Wed, 21 Sep 2016 15:26:13 GMT
< Connection: close
< Server: AmazonS3
<
<?xml version="1.0" encoding="UTF-8"?>
* Closing connection 0
<Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>2DECE9C69BDB8F0F</RequestId><HostId>bs8xGSbAHksE2mSb/+r4AG3B9RlRTODasFyr5S3jMU2sNA7eJTEQr0dJTro5P2QKLRuMQtGw6tk=</HostId></Error>
那么,你需要使用当然[签名版本4(http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html)。 ..但我们需要看到一些代码,或者至少是'curl -v'https:// ...' –
的输出完成。谢谢@ Michael-sqlbot。 – RockyMountainHigh
您无法匿名请求使用SSE-KMS加密的对象。我不知道这是否是因为匿名请求缺乏S3为了解密对象而实际访问KMS的必要授权,或者S3架构师认为如果您要使用SSE- KMS,然后允许匿名访问对象排序的目的。目前还不清楚为什么要混合使用匿名访问和SSE-KMS。你能详细说明一下吗? –