Java 使用KMS管理的CMK时,复制到红移失败并出现错误
我试图编写一个java程序,使用KMS密钥id加密数据。我使用默认java代码将对象上载到S3。我正在将要上载到S3的值更改为一个记录,以便使用load将其加载到红移Java 使用KMS管理的CMK时,复制到红移失败并出现错误,java,amazon-redshift,aws-kms,amazon-kms,Java,Amazon Redshift,Aws Kms,Amazon Kms,我试图编写一个java程序,使用KMS密钥id加密数据。我使用默认java代码将对象上载到S3。我正在将要上载到S3的值更改为一个记录,以便使用load将其加载到红移 import java.io.ByteArrayInputStream; import java.util.Arrays; import junit.framework.Assert; import org.apache.commons.io.IOUtils; import com.amazonaws.auth.profil
import java.io.ByteArrayInputStream;
import java.util.Arrays;
import junit.framework.Assert;
import org.apache.commons.io.IOUtils;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.S3Object;
public class testKMSkeyUploadObject {
private static AmazonS3EncryptionClient encryptionClient;
public static void main(String[] args) throws Exception {
String bucketName = "***bucket name***";
String objectKey = "ExampleKMSEncryptedObject";
String kms_cmk_id = "***AWS KMS customer master key ID***";
KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(kms_cmk_id);
encryptionClient = new AmazonS3EncryptionClient(new ProfileCredentialsProvider(), materialProvider,
new CryptoConfiguration().withKmsRegion(Regions.US_EAST_1))
.withRegion(Region.getRegion(Regions.US_EAST_1));
// Upload object using the encryption client.
byte[] plaintext = "xyz,abc,1"
.getBytes();
System.out.println("plaintext's length: " + plaintext.length);
encryptionClient.putObject(new PutObjectRequest(bucketName, objectKey,
new ByteArrayInputStream(plaintext), new ObjectMetadata()));
// Download the object.
S3Object downloadedObject = encryptionClient.getObject(bucketName,
objectKey);
byte[] decrypted = IOUtils.toByteArray(downloadedObject
.getObjectContent());
// Verify same data.
Assert.assertTrue(Arrays.equals(plaintext, decrypted));
}
}
copy table_name from 's3://bucket-name/KMSEncryptedObject' credentials as
'aws_access_key_id=<access-key-id>;aws_secret_access_key=<secret-access-key>;master_symmetric_key=<master-key>'
我正在使用以下语法的Redhsift copy命令将记录复制到redshift
import java.io.ByteArrayInputStream;
import java.util.Arrays;
import junit.framework.Assert;
import org.apache.commons.io.IOUtils;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.S3Object;
public class testKMSkeyUploadObject {
private static AmazonS3EncryptionClient encryptionClient;
public static void main(String[] args) throws Exception {
String bucketName = "***bucket name***";
String objectKey = "ExampleKMSEncryptedObject";
String kms_cmk_id = "***AWS KMS customer master key ID***";
KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(kms_cmk_id);
encryptionClient = new AmazonS3EncryptionClient(new ProfileCredentialsProvider(), materialProvider,
new CryptoConfiguration().withKmsRegion(Regions.US_EAST_1))
.withRegion(Region.getRegion(Regions.US_EAST_1));
// Upload object using the encryption client.
byte[] plaintext = "xyz,abc,1"
.getBytes();
System.out.println("plaintext's length: " + plaintext.length);
encryptionClient.putObject(new PutObjectRequest(bucketName, objectKey,
new ByteArrayInputStream(plaintext), new ObjectMetadata()));
// Download the object.
S3Object downloadedObject = encryptionClient.getObject(bucketName,
objectKey);
byte[] decrypted = IOUtils.toByteArray(downloadedObject
.getObjectContent());
// Verify same data.
Assert.assertTrue(Arrays.equals(plaintext, decrypted));
}
}
copy table_name from 's3://bucket-name/KMSEncryptedObject' credentials as
'aws_access_key_id=<access-key-id>;aws_secret_access_key=<secret-access-key>;master_symmetric_key=<master-key>'
好的,当从S3复制数据时,您不必指定KMS密钥id。只需从凭证字符串中删除
master\u symmetric\u key
参数
查看一下,您只需要上传KMS密钥ID(当然IAM用户/角色需要有权访问此密钥)