0

我正在尝试在启用 SSE 的情况下从 Android 设备上传到 S3 存储桶。

我尝试了以下方法:

val file = File(filePath)
val putRequest = PutObjectRequest(bucket, key, file)
s3Client.putObject(putRequest)

该对象确实已上传到指定位置,并且具有正确的 CMK,但putObject调用抛出“无法验证数据上传的完整性。客户端计算的内容哈希与 Amazon S3 计算的哈希不匹配

为了避免这个错误,我可以运行:

val file = File(filePath)
val putRequest = PutObjectRequest(bucket, key, file)
ServiceUtils.skipMd5CheckPerRequest(putRequest)
s3Client.putObject(putRequest)

这会引发相同的错误,因为skipMd5CheckPerRequest需要初始化 PutRequest 元数据。
所以我尝试了:

val file = File(filePath)
val metadata = ObjectMetadata()
metadata.sseAlgorithm = SSEAlgorithm.KMS.algorithm
val putRequest = PutObjectRequest(bucket, key, file)
   .withMetadata(metadata)
ServiceUtils.skipMd5CheckPerRequest(putRequest)
s3Client.putObject(putRequest)

现在对象已成功上传,没有任何错误。但是,它使用默认的 S3 KMS keyId 进行加密,aws/s3而不是KMSMasterKeyID按照 CF 中的存储桶定义中的指定(如下)。

CloudFormation 中的存储桶定义:


"Type": "AWS::S3::Bucket",
"Properties": {
    "AccessControl": "BucketOwnerFullControl",
    "BucketEncryption": {
        "ServerSideEncryptionConfiguration": [
            {
                "ServerSideEncryptionByDefault": {
                    "KMSMasterKeyID": {
                        "Fn::GetAtt": [
                            "someidhere",
                            "Arn"
                        ]
                    },
                    "SSEAlgorithm": "aws:kms"
                }
            }
        ]
    },
    "BucketName": "mybucketname",
    "LifecycleConfiguration": {
        "Rules": [
            {
                "ExpirationInDays": 30,
                "Status": "Enabled"
            }
        ]
    },
    "PublicAccessBlockConfiguration": {
        "BlockPublicAcls": true,
        "BlockPublicPolicy": true,
        "IgnorePublicAcls": true,
        "RestrictPublicBuckets": true
    }
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain",
"Metadata": {
    "aws:cdk:path": "path/to/cdk/CF-stack"
}
4

0 回答 0