Bạn có 1 S3 và bạn muốn encyption data khi bạn quang file lên S3 đó.
1) Amazon S3 – customer-provided encryption key (SSE-C)
–sse-c-key: là string gồm 32 kí tự
##Uploading a file on local or your laptop to S3 with the declarations such as: "sse-c, sse-c-key" ############### aws s3 cp ./dev.yaml s3://access-s3-from-other-account/sse-c-dev.yaml --sse-c AES256 --sse-c-key 11111111111111111111111111111111 --profile k8s-mdaas-staging upload: ./dev.yaml to s3://access-s3-from-other-account/sse-c-dev.yaml ##Checking this file to exist on S3 aws s3 ls s3://access-s3-from-other-account/ 2022-09-22 23:04:38 348 dev.yaml 2022-09-23 00:01:08 348 sse-c-dev.yaml ###Download this file on S3 without "--sse-c --sse-c-key" aws s3 cp s3://access-s3-from-other-account/sse-c-dev.yaml . --profile k8s-mdaas-staging fatal error: An error occurred (400) when calling the HeadObject operation: Bad Request ###Download this file on S3 with invalid sse-c-key. aws s3 cp s3://access-s3-from-other-account/sse-c-dev.yaml . --sse-c AES256 --sse-c-key 11111111111111111111111111221111 --profile k8s-mdaas-staging fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden root@LP11-D7891:~/demo-kms# aws s3 cp s3://access-s3-from-other-account/sse-c-dev.yaml . --sse-c AES256 --sse-c-key 11111111111111111111111111111111 --profile k8s-mdaas-staging download: s3://access-s3-from-other-account/sse-c-dev.yaml to ./sse-c-dev.yaml
https://kungfutech.edu.vn/bai-viet/aws/s3-encryption#s3-encryption-trong-aws
Bạn có thể đọc thêm bài này, vì chúng ta còn 2 kiểu encrypt khác
