0
我想使用Lambda函数从AWS S3检索特定的ZIP文件,将其解密并解压缩。从AWS S3中提取KMS加密的ZIP文件
这里是我的代码:
const AWS = require('aws-sdk');
const zlib = require('zlib');
const fs = require('fs');
const stream = require('stream');
exports.handler = function (event, context) {
const jobInfo = event['CodePipeline.job'].data;
const artifactsInfo = jobInfo.inputArtifacts[0].location;
const bucket = artifactsInfo.s3Location.bucketName;
const key = artifactsInfo.s3Location.objectKey;
const credentials = jobInfo.artifactCredentials;
const s3 = new AWS.S3({
credentials: credentials,
});
const kms = new AWS.KMS({
credentials: credentials,
region: 'eu-central-1',
});
s3.getObject({
Bucket: bucket,
Key: key,
}, function(err, data) {
if (err) {
// context.done(err);
console.error(err);
return;
}
console.log('Received file', key);
const buff = new stream.PassThrough();
kms.decrypt({CiphertextBlob: data.Body}, function(err, decryptData) {
if (err) {
console.error(err);
return;
}
buff.end(decryptData.Plaintext);
console.log('Decoded S3 object encrypted with KMS ID', decryptData.KeyId);
buff
.pipe(zlib.createGunzip())
.on('error', console.error)
.on('entry', function(entry) {
console.log(entry);
});
});
});
};
然而,ZIP文件就像5MiB
,我从KMS请求得到以下错误:
ValidationException: 1 validation error detected: Value 'java.nio.HeapByteBuffer[pos=0 lim=128011 cap=128011]' at 'ciphertextBlob' failed to satisfy constraint: Member must have length less than or equal to 6144
at Request.extractError (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/protocol/json.js:48:27)
at Request.callListeners (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
message: '1 validation error detected: Value \'java.nio.HeapByteBuffer[pos=0 lim=128011 cap=128011]\' at \'ciphertextBlob\' failed to satisfy constraint: Member must have length less than or equal to 6144'
我怎么能解决这个问题?谢谢!
您的S3对象在上传时是否加密了客户端?或者,您是否使用带有KMS密钥的服务器端S3加密? –
我正在使用SSE-KMS,所以没有进行客户端加密。 – Victor
@MattHouser请看我的编辑!我已经更新了我的情况! – Victor