Python 如何将Boto3下载_文件与AWS KMS一起使用?
我有一个非常简单的脚本,可以从bucket下载一个文件。该文件正在利用KMS加密密钥,我的策略和角色设置正确,但仍然出现错误 代码Python 如何将Boto3下载_文件与AWS KMS一起使用?,python,amazon-web-services,amazon-s3,boto,Python,Amazon Web Services,Amazon S3,Boto,我有一个非常简单的脚本,可以从bucket下载一个文件。该文件正在利用KMS加密密钥,我的策略和角色设置正确,但仍然出现错误 代码 #!/usr/bin/env python import boto3 s3_client = boto3.client('s3') s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt') #!/usr/bin/env python import boto3 from botocore
#!/usr/bin/env python
import boto3
s3_client = boto3.client('s3')
s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt')
#!/usr/bin/env python
import boto3
from botocore.client import Config
s3_client = boto3.client('s3', config=Config(signature_version='s3v4'))
s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt')
Traceback (most recent call last):
File "./getfile.py", line 4, in <module>
s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt')
File "/usr/local/lib/python2.7/dist-packages/boto3/s3/inject.py", line 91, in download_file
extra_args=ExtraArgs, callback=Callback)
File "/usr/local/lib/python2.7/dist-packages/boto3/s3/transfer.py", line 659, in download_file
extra_args, callback)
File "/usr/local/lib/python2.7/dist-packages/boto3/s3/transfer.py", line 674, in _download_file
self._get_object(bucket, key, filename, extra_args, callback)
File "/usr/local/lib/python2.7/dist-packages/boto3/s3/transfer.py", line 698, in _get_object
extra_args, callback)
File "/usr/local/lib/python2.7/dist-packages/boto3/s3/transfer.py", line 712, in _do_get_object
**extra_args)
File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 301, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 386, in _make_api_call
raise ClientError(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (InvalidArgument) when calling the GetObject operation: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
回溯(最近一次呼叫最后一次):
文件“/getfile.py”,第4行,在
s3_client.download_文件('testtest','test.txt','/tmp/test.txt'))
下载文件第91行的文件“/usr/local/lib/python2.7/dist-packages/boto3/s3/inject.py”
额外参数=额外参数,回调=回调)
文件“/usr/local/lib/python2.7/dist packages/boto3/s3/transfer.py”,第659行,在下载文件中
额外参数,回调)
文件“/usr/local/lib/python2.7/dist packages/boto3/s3/transfer.py”,第674行,在下载文件中
self.\u get\u对象(bucket、key、filename、额外参数、回调)
文件“/usr/local/lib/python2.7/dist packages/boto3/s3/transfer.py”,第698行,位于get对象中
额外参数,回调)
文件“/usr/local/lib/python2.7/dist-packages/boto3/s3/transfer.py”,第712行,在“do\u get\u”对象中
**额外参数)
文件“/usr/local/lib/python2.7/dist packages/botocore/client.py”,第301行,在api调用中
返回self.\u make\u api\u调用(操作名称,kwargs)
文件“/usr/local/lib/python2.7/dist packages/botocore/client.py”,第386行,在make\u api\u调用中
raise ClientError(已解析的\u响应、操作\u名称)
botocore.exceptions.ClientError:调用GetObject操作时发生错误(InvalidArgument):使用AWS KMS托管密钥指定服务器端加密的请求需要AWS签名版本4。
#!/usr/bin/env python
import boto3
s3_client = boto3.client('s3')
s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt')
#!/usr/bin/env python
import boto3
from botocore.client import Config
s3_client = boto3.client('s3', config=Config(signature_version='s3v4'))
s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt')
您可能还想知道如何使用kms密钥将文件上载到s3
s3_client = boto3.client('s3', config=Config(signature_version='s3v4'))
s3_client.upload_file(filename, bucketname, objectkey, ExtraArgs={"ServerSideEncryption": "aws:kms", "SSEKMSKeyId": <somekmskeyid>})
s3\u client=boto3.client('s3',config=config(signature\u version='s3v4'))
s3_client.upload_文件(文件名、bucketname、objectkey、ExtraArgs={“ServerSideEncryption”:“aws:kms”、“SSEKMSKeyId”:})
如果您不提供kms密钥id,则默认情况下它使用s3 kms主密钥。谢谢!一个小时以来我一直在想这个问题。你让我的日子轻松多了。没问题,很高兴我能帮上忙@Valdogg21未来读者注意:默认值为“s3v4”,因此无需显式指定,除非它从某个配置文件或环境中获取该值。签入
boto3.client('s3').meta.config.signature\u version