使用 Amazon KMS 通过服务器端加密上传 S3 对象时出错

Question

我在尝试重现 Amazon 提供的示例代码时遇到以下异常，该示例代码用于上传 S3 对象以使用 Amazon KMS（密钥管理服务）进行服务器端加密：

com.amazonaws.AmazonClientException: please use region-specific endpoint to access buckets located in regions that require V4 signing.
:: 
Caused by: com.amazonaws.services.s3.model.AmazonS3Exception: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument;

使用的代码是：

public void uploadServerSideEncryptedFileToS3( String bucketName , String key , String sourceFilePath , String masterKey ) {

    awsCredentials = new BasicAWSCredentials( awsAccessKey, awsSecretKey );
    PutObjectRequest putObjectRequest = new PutObjectRequest( bucketName,
                key , new File( sourceFilePath ) ).withSSEAwsKeyManagementParams( new SSEAwsKeyManagementParams( masterKey ) );

    ClientConfiguration clientConfiguration = new ClientConfiguration();
    clientConfiguration.setProtocol( Protocol.HTTPS );

    AmazonS3 connection = new AmazonS3Client( awsCredentials , clientConfiguration );
    connection.setRegion( com.amazonaws.regions.Region.getRegion( Regions.US_EAST_1 ) );
    PutObjectResult response = connection.putObject( putObjectRequest );
}

Answer 1

这是我用于 S3 上传的代码

    @Test
public void testNoMetaData() {
    AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
    AmazonS3 amazonS3 = new AmazonS3Client(awsCredentials);
    amazonS3.setRegion(Region.getRegion(region));

    byte[] bytes = content.getBytes(StandardCharsets.UTF_8);
    ObjectMetadata metadata = new ObjectMetadata();
    metadata.setSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
    InputStream inputStream = new ByteArrayInputStream(bytes);
    PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, key, inputStream, metadata);

    putObjectRequest.withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(awsKmsKeyId));
    amazonS3.putObject(putObjectRequest);
}