0

我想使用 Lambda 函数从 AWS S3 检索特定的 ZIP 文件,将其解密并提取。

这是我的代码:

const AWS = require('aws-sdk');
const zlib = require('zlib');
const fs = require('fs');
const stream = require('stream');

exports.handler = function (event, context) {
  const jobInfo = event['CodePipeline.job'].data;
  const artifactsInfo = jobInfo.inputArtifacts[0].location;
  const bucket = artifactsInfo.s3Location.bucketName;
  const key = artifactsInfo.s3Location.objectKey;

  const credentials = jobInfo.artifactCredentials;
  const s3 = new AWS.S3({
    credentials: credentials,
  });
  const kms = new AWS.KMS({
    credentials: credentials,
    region: 'eu-central-1',
  });

  s3.getObject({
    Bucket: bucket,
    Key: key,
  }, function(err, data) {
    if (err) {
      // context.done(err);
      console.error(err);
      return;
    }

    console.log('Received file', key);

    const buff = new stream.PassThrough();

    kms.decrypt({CiphertextBlob: data.Body}, function(err, decryptData) {
      if (err) {
        console.error(err);
        return;
      }

      buff.end(decryptData.Plaintext);

      console.log('Decoded S3 object encrypted with KMS ID', decryptData.KeyId);

      buff
      .pipe(zlib.createGunzip())
      .on('error', console.error)
      .on('entry', function(entry) {
        console.log(entry);
      });
    });

  });
};

但是,ZIP 文件就像5MiB我从 KMS 请求中得到以下错误:

ValidationException: 1 validation error detected: Value 'java.nio.HeapByteBuffer[pos=0 lim=128011 cap=128011]' at 'ciphertextBlob' failed to satisfy constraint: Member must have length less than or equal to 6144
    at Request.extractError (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/protocol/json.js:48:27)
    at Request.callListeners (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
    at Request.emit (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
    at Request.emit (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:683:14)
    at Request.transition (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/request.js:685:12)
    at Request.callListeners (/home/victor/dev/s3-zip-extract/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
  message: '1 validation error detected: Value \'java.nio.HeapByteBuffer[pos=0 lim=128011 cap=128011]\' at \'ciphertextBlob\' failed to satisfy constraint: Member must have length less than or equal to 6144'

我该怎么办?谢谢!

4

1 回答 1

0

在深入研究文档后,我发现我不必自己解密对象,因为它以明文形式发送给客户端。我删除了解密步骤,我的代码看起来像这样:

buff.end(data.Body);
buff
  .pipe(zlib.createGunzip())
  .on('error', console.error)
  .on('entry', function(entry) {
    console.log(entry);
  });

注意(我添加这个是因为我花了一些时间才弄清楚)。亚马逊将其.zip文件导出为无法使用的PKZIP格式。zlib

于 2017-10-10T19:26:44.000 回答