search

aws / amazon-s3-encryption-client-dotnet

An encryption client that allows you to secure your sensitive data before you send it to Amazon S3.
https://aws.github.io/amazon-s3-encryption-client-dotnet/
Apache License 2.0
15 stars 10 forks source link

Timeout set on the S3Client does not apply to the internal KMS client #31

Closed 1rjt closed 10 months ago

1rjt commented 2 years ago

Description

A client timeout can be set via AmazonS3CryptoConfigurationV2.Timeout but this value is not used by the internal KMSClient. The internal KMS client does not have a timeout set so is always 100 seconds

The only value copied over to the KMS client config is region endpoint https://github.com/aws/amazon-s3-encryption-client-dotnet/blob/main/src/AmazonS3EncryptionClientBase.cs#L54

Reproduction Steps

  1. Create AmazonS3EncryptionClientV2 with timeout set to 5 seconds
  2. Use client in network with slow/varied performance.
  3. Calls can exceed 5 seconds due to the internal KMS client call.

Logs

Environment

Resolution

This is a :bug: bug-report

ashovlin commented 10 months ago

Hello, there are now two possible ways to work around this:

  1. In version 2.0.4 and later, we began copying the timeout specified on the S3 configuration to the configuration for the internal KMS client.
var config = new AmazonS3CryptoConfigurationV2(securityProfile)
{
    Timeout = TimeSpan.FromSeconds(10) // this will apply to both S3 and KMS
}
  1. In version 2.1.0 that was released today, you can now optionally configure the internal KMS client independently of the S3 client.
 var config = new AmazonS3CryptoConfigurationV2(securityProfile)
 {
     KmsConfig = new AmazonKeyManagementServiceConfig
     {
         Timeout = TimeSpan.FromSeconds(10) // this will only apply to KMS
     }
 };
github-actions[bot] commented 10 months ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.