以编程方式取消对AWS S3中文件的加密设置 [英] Programmatically unset encryption for a file in aws s3
问题描述
我正在通过aws code build
执行android构建.默认情况下,生成的apk文件将使用server side encryption (aws-kms)
进行应用.通过取消选择ASW-KMS,可以如下所示从s3存储桶中单击,以手动取消设置加密
I'm performing an android build via aws code build
. The apk files generated are by default applied with server side encryption (aws-kms)
I can unset the encryption manually by clicking as shown below from the s3 bucket by unselecting ASW-KMS
显示以下弹出窗口
在此处手动选择None
选项将使链接可下载. 我想以编程方式实现这一目标.
Here selecting None
option manually will make the link downloadable. I want to achieve this programmatically.
I have already tried adding permissions as mentioned here. Also did experiment a fair bit with python boto3. However didn't meet with any success so far. Thanks in advance!
推荐答案
好的,我为此找到了解决方法.创建加密的(服务器端aws-kms)工件并将其上传到s3后(作为aws代码构建的一部分),请使用'ACL':'public-read'
创建文件的副本.步骤如下:
OK, I got a workaround for this. After the encypted (server side aws-kms) artifact is created and uploaded to s3 (as part of aws code build), create a copy of the file with 'ACL':'public-read'
. The following are the steps:
s3 = boto3.resource('s3',aws_access_key_id='<YOUR ACCESS KEY>', aws_secret_access_key='<YOUR SECRET ACCESS KEY>', region_name = 'ap-southeast-1', config=Config(signature_version='s3v4'))
config=Config(signature_version='s3v4')
部分是获取对加密文件的访问的技巧.
The config=Config(signature_version='s3v4')
part is the trick to get access to the encrypted file.
copy_source = {'Bucket': 'SOURCE BUCKET','Key':'test/app-debug.apk'}
s3.meta.client.copy(copy_source, 'DESTINATION BUCKET', 'app-debug.apk', {'ACL':'public-read'})
从S3,您将获得一个可下载的URL.
From S3, you will get a downloadable URL.
或者,您可以直接从加密的S3项目获得可下载的链接,而无需将其复制到另一个存储桶.但是,问题是 s3v4加密的最长有效期为7天.因此,链接最多只能使用7天.以下是相同步骤:
Alternatively, you can get a downloadable link directly from the encrypted S3 item without copying it to another bucket. However, the issue is that s3v4 encryption comes with a maximum expiry of 7 days. So the link works at max for only 7 days.The following is the step for the same:
-
s3_client = boto3.client('s3',aws_access_key_id='<YOUR ACCESS KEY>', aws_secret_access_key='<YOUR SECRET KEY>', region_name='ap-southeast-1', config=Config(signature_version='s3v4'))
-
url = s3_client.generate_presigned_url(ClientMethod='get_object', Params={'Bucket':'SOURCE BUCKET', 'Key':'test/app-debug.apk'})
s3_client = boto3.client('s3',aws_access_key_id='<YOUR ACCESS KEY>', aws_secret_access_key='<YOUR SECRET KEY>', region_name='ap-southeast-1', config=Config(signature_version='s3v4'))
url = s3_client.generate_presigned_url(ClientMethod='get_object', Params={'Bucket':'SOURCE BUCKET', 'Key':'test/app-debug.apk'})
这篇关于以编程方式取消对AWS S3中文件的加密设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!