eleven41 / aws-lambda-encrypt-s3-objects Goto Github PK

Hi there,

Really interested in using this function, but ran into the following error messages when deploying it.

I've granted full S3 access to the IAM role, just to ensure it's not a policy problem. No luck though. Any ideas?

Thanks!

2017-03-03T22:05:39.858Z 6597b97d-005d-11e7-a9fd-8fcdc456fbd0 Getting object head
2017-03-03T22:05:39.932Z 6597b97d-005d-11e7-a9fd-8fcdc456fbd0 Error getting object head:
2017-03-03T22:05:39.932Z 6597b97d-005d-11e7-a9fd-8fcdc456fbd0 { [Forbidden: null]
message: null,
code: 'Forbidden',
region: null,
time: Fri Mar 03 2017 22:05:39 GMT+0000 (UTC),
requestId: 'XXXXXXXXXXXX',
extendedRequestId: 'XXXXXXXXXX',
cfId: undefined,
statusCode: 403,
retryable: false,
retryDelay: 17.542093549855053 } 'Forbidden: null\n at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/services/s3.js:518:35)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:671:14)\n at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)\n at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)\n at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10\n at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)\n at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:673:12)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:115:18)'

Hi,

great script, thanks a lot.

Unfortunately, we want to use custom keys which we generate on-the-fly.

Did anyone ever try to implement that?

We already changed the copyObject part to following snippet:
`
s3.copyObject({
Bucket: bucket,
Key: key,

                    CopySource: encodeURIComponent(bucket + '/' + key),
                    MetadataDirective: 'COPY',
                    SSECustomerAlgorithm: 'AES256',
                    SSECustomerKey: 'key_=_string_of_exactly_32_bytes',
                    SSECustomerKeyMD5: '6535256929cded9f17f06e98de723096',
                    StorageClass: storageClass

`
Unfortunately, JS SDK documentation doesn't state clearly in which format customer-key and md5 should be transfered. So we didn't get it running as S3 just replies with a bad request.

Hello, I have not tried out your script but was curious that if you use this function to encryption logs generated by S3, does the lambda function generate more S3 logs that have to subsequently be encrypted. Basically, does this perpetually generate traffic that has to constantly be encrypted?

Thanks!