AWS S3:通过API/脚本启用加密 [英] AWS S3: Enable encryption through API/Script

问题描述

我们将图像存储在AWS S3中用于生产服务.
是否有任何API可以对这些现有资源启用加密，而无需再次下载和上传?

We have images stored in the AWS S3 for our production services.
Is there any API which will allow to enable encryption on these existing resources without downloading and uploading again?

我看到了 Boto模块在Python中允许使用其他参数(例如加密)克隆密钥，但这将创建一个新密钥.由于这些密钥存储在单独的数据库中，因此我们希望保留现有密钥，而仅启用加密.

I see Boto module in Python allows to clone the key with additional parameters e.g encryption, but this will create a new key. As these keys are stored in a separate database, we want to retain existing keys but just enable encryption.

推荐答案

以下代码可以将存储桶中的所有文件转换为使用服务器端加密:

Here's some code that will convert all files in a bucket to use server-side encryption:

import boto

conn = boto.connect_s3('REGION')
bucket = conn.get_bucket('BUCKET')

for k in bucket.list():
  bucket.copy_key(new_key_name=k.key, src_bucket_name=bucket.name, src_key_name=k.key, encrypt_key=True)

它会复制到相同的键名，但是您可能需要对其进行调整以保留存储类，ACL等.

It copies to the same key name, but you might want to tweak it to preserve storage class, ACLs, etc.

这篇关于AWS S3:通过API/脚本启用加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！