Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Issue with getting Region when federated

See original GitHub issue

Wondering if there is an issue with getting the region when the profile is federated. I am in a federated account using a role that has kms:*, and I get this when decrypting:

com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys

This is not an issue with using aliases. This works perfect in another account where I am not federated, using an IAM User with full admin permissions. Is there something else needed here?

    @Override
    public void decryptFile(
            final String encryptedFilename, 
            final String decryptedFilename) {

        final KmsMasterKeyProvider provider
                = new KmsMasterKeyProvider(
                        new DefaultAWSCredentialsProviderChain());

        final AwsCrypto awsCrypto
                = new AwsCrypto();

        try (final FileInputStream fileInputStream
                = new FileInputStream(
                        encryptedFilename);

                final FileOutputStream fileOutputStream
                        = new FileOutputStream(
                                decryptedFilename);

                final CryptoInputStream<?> decryptingStream
                        = awsCrypto
                                .createDecryptingStream(
                                        provider, 
                                        fileInputStream)) {

            IOUtils.copy(
                    decryptingStream,
                    fileOutputStream);

        } catch (IOException exception) {
            throw new DecryptionException(exception);
        }
    }

Issue Analytics

State:
Created 5 years ago
Comments:23 (7 by maintainers)

Top GitHub Comments

1reaction

bdonlancommented, Apr 5, 2018

Okay, that explains things then. We’ll get the fix merged and spin a new version. Thanks for reporting this!

0reactions

michaelajrcommented, Apr 5, 2018

Sure. Sorry again for all the spin.

Top Results From Across the Web

Limitations and considerations when accessing federated ...

Federated queries are only available in AWS Regions where both Amazon Redshift and Amazon RDS or Aurora are available. Federated queries currently don't ......

Update a Federated Database Instance Region - MongoDB

Select Data Federation from the left-hand navigation. · Click Ellipses (...) for your federated database instance. · Select Update Region from the dropdown...

Message replication and cross-region federation

This article provides an overview of event replication and cross-region federation with Azure Service Bus.

Introduction to federated queries | BigQuery - Google Cloud

Describes federated queries in BigQuery, their syntax and how they can be used to query external databases, such as Cloud Spanner and Cloud...

NSX-T Federated VCF Regions (VCF Multi-Region)

The issue you will have with adding the AVN's now, at least what I would envisage happening are. 1. It works, but creates...