以编程方式取消对AWS S3中文件的加密设置 [英] Programmatically unset encryption for a file in aws s3

问题描述

我正在通过aws code build执行android构建.默认情况下，生成的apk文件将使用server side encryption (aws-kms)进行应用.通过取消选择ASW-KMS，可以如下所示从s3存储桶中单击，以手动取消设置加密

I'm performing an android build via aws code build. The apk files generated are by default applied with server side encryption (aws-kms) I can unset the encryption manually by clicking as shown below from the s3 bucket by unselecting ASW-KMS

显示以下弹出窗口

在此处手动选择None选项将使链接可下载. 我想以编程方式实现这一目标.

Here selecting None option manually will make the link downloadable. I want to achieve this programmatically.

我已经尝试添加提及的权限，如

I have already tried adding permissions as mentioned here. Also did experiment a fair bit with python boto3. However didn't meet with any success so far. Thanks in advance!

推荐答案

好的，我为此找到了解决方法.创建加密的(服务器端aws-kms)工件并将其上传到s3后(作为aws代码构建的一部分)，请使用'ACL':'public-read'创建文件的副本.步骤如下:

OK, I got a workaround for this. After the encypted (server side aws-kms) artifact is created and uploaded to s3 (as part of aws code build), create a copy of the file with 'ACL':'public-read'. The following are the steps:

s3 = boto3.resource('s3',aws_access_key_id='<YOUR ACCESS KEY>', aws_secret_access_key='<YOUR SECRET ACCESS KEY>', region_name = 'ap-southeast-1', config=Config(signature_version='s3v4'))

config=Config(signature_version='s3v4')部分是获取对加密文件的访问的技巧.

The config=Config(signature_version='s3v4')part is the trick to get access to the encrypted file.

copy_source = {'Bucket': 'SOURCE BUCKET','Key':'test/app-debug.apk'}
s3.meta.client.copy(copy_source, 'DESTINATION BUCKET', 'app-debug.apk', {'ACL':'public-read'})

从S3，您将获得一个可下载的URL.

From S3, you will get a downloadable URL.

或者，您可以直接从加密的S3项目获得可下载的链接，而无需将其复制到另一个存储桶.但是，问题是 s3v4加密的最长有效期为7天.因此，链接最多只能使用7天.以下是相同步骤:

Alternatively, you can get a downloadable link directly from the encrypted S3 item without copying it to another bucket. However, the issue is that s3v4 encryption comes with a maximum expiry of 7 days. So the link works at max for only 7 days.The following is the step for the same:

1. s3_client = boto3.client('s3',aws_access_key_id='<YOUR ACCESS KEY>', aws_secret_access_key='<YOUR SECRET KEY>', region_name='ap-southeast-1', config=Config(signature_version='s3v4'))
2. url = s3_client.generate_presigned_url(ClientMethod='get_object', Params={'Bucket':'SOURCE BUCKET', 'Key':'test/app-debug.apk'})

1. s3_client = boto3.client('s3',aws_access_key_id='<YOUR ACCESS KEY>', aws_secret_access_key='<YOUR SECRET KEY>', region_name='ap-southeast-1', config=Config(signature_version='s3v4'))
2. url = s3_client.generate_presigned_url(ClientMethod='get_object', Params={'Bucket':'SOURCE BUCKET', 'Key':'test/app-debug.apk'})

这篇关于以编程方式取消对AWS S3中文件的加密设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！