eleven41 / aws-lambda-encrypt-s3-objects Goto Github PK
View Code? Open in Web Editor NEWAn AWS Lambda function to encrypt S3 objects using server-side AES256 encryption as they are added to the bucket.
License: MIT License
An AWS Lambda function to encrypt S3 objects using server-side AES256 encryption as they are added to the bucket.
License: MIT License
Hi there,
Really interested in using this function, but ran into the following error messages when deploying it.
I've granted full S3 access to the IAM role, just to ensure it's not a policy problem. No luck though. Any ideas?
Thanks!
2017-03-03T22:05:39.858Z 6597b97d-005d-11e7-a9fd-8fcdc456fbd0 Getting object head
2017-03-03T22:05:39.932Z 6597b97d-005d-11e7-a9fd-8fcdc456fbd0 Error getting object head:
2017-03-03T22:05:39.932Z 6597b97d-005d-11e7-a9fd-8fcdc456fbd0 { [Forbidden: null]
message: null,
code: 'Forbidden',
region: null,
time: Fri Mar 03 2017 22:05:39 GMT+0000 (UTC),
requestId: 'XXXXXXXXXXXX',
extendedRequestId: 'XXXXXXXXXX',
cfId: undefined,
statusCode: 403,
retryable: false,
retryDelay: 17.542093549855053 } 'Forbidden: null\n at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/services/s3.js:518:35)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:671:14)\n at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)\n at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)\n at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10\n at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)\n at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:673:12)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:115:18)'
Hi,
great script, thanks a lot.
Unfortunately, we want to use custom keys which we generate on-the-fly.
Did anyone ever try to implement that?
We already changed the copyObject part to following snippet:
`
s3.copyObject({
Bucket: bucket,
Key: key,
CopySource: encodeURIComponent(bucket + '/' + key),
MetadataDirective: 'COPY',
SSECustomerAlgorithm: 'AES256',
SSECustomerKey: 'key_=_string_of_exactly_32_bytes',
SSECustomerKeyMD5: '6535256929cded9f17f06e98de723096',
StorageClass: storageClass
`
Unfortunately, JS SDK documentation doesn't state clearly in which format customer-key and md5 should be transfered. So we didn't get it running as S3 just replies with a bad request.
Hello, I have not tried out your script but was curious that if you use this function to encryption logs generated by S3, does the lambda function generate more S3 logs that have to subsequently be encrypted. Basically, does this perpetually generate traffic that has to constantly be encrypted?
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.