search

aldy120 / s3-note

Note for Amazon S3
0 stars 0 forks source link

S3 KMS cannot be access by anonymous #13

Open aldy120 opened 3 years ago

aldy120 commented 3 years ago

When I try to make a object public, I get the following 400 error.

<Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>6354C1BE1ECC91FB</RequestId><HostId>k2SZqDRAr08K2BU+GVn868QHuRiFNbgvQfjtEdb2vLc+nOu4ijEr5Ne6/IOZdH9O41u+3hCeYaM=</HostId></Error>

The object is encryption by KMS. If I change the encryption to SSE-S3, the issue no longer happen.

All GET and PUT requests for an object protected by AWS KMS will fail if they are not made via SSL or if they are not made using SigV4.

Protecting Data Using Server-Side Encryption with CMKs Stored in AWS Key Management Service (SSE-KMS) - AWS Signature Version 4 - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html#aws-signature-version-4-sse-kms

aldy120 commented 9 months ago

The HEAD request can still get 200 OK if the object is public.