When using KMS, default profile is used instead of intended profile - Githubissues

aws / amazon-s3-encryption-client-dotnet

An encryption client that allows you to secure your sensitive data before you send it to Amazon S3.

https://aws.github.io/amazon-s3-encryption-client-dotnet/

Apache License 2.0

15 stars 10 forks source link

When using KMS, default profile is used instead of intended profile #6

Closed freiguy1 closed 3 years ago

freiguy1 commented 3 years ago

My local dev machine is set up with multiple AWS credential profiles. My ~/.aws/credentials contains

[default]
aws_access_key_id = xxxxxxxxx
aws_secret_access_key = xxxxxxxxxx

[other-profile]
aws_access_key_id = xxxxxxxxx
aws_secret_access_key = xxxxxxxxxx

I want to use other-profile and that is working correctly with S3 without client-side encryption. But when I use KMS client-side encryption and attempt PutObject, I get this exception:

'User: [default] is not authorized to perform: kms:GenerateDataKey on resource: [my KMS id]'

When I expect to use other-profile profile instead of default profile.

Furthermore, when I inspect my s3Client while debugging, I see the correct credentials. But KMS isn't respecting them.

normj commented 3 years ago

Thanks for reporting the issue. We have identified what is going wrong in the code and working on getting a fix out.

normj commented 3 years ago

Version 1.2.0 has been released with the fix.

freiguy1 commented 3 years ago

It verks!

Thanks for the super fast turnaround time.