Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

MultipartUpload doesn't seem to work with KMS Encryption

See original GitHub issue

Problem description

Trying to do a MultipartUpload doesn’t seem to work when using a KMS key.

“errorMessage”: “the bucket ‘BUCKET’ does not exist, or is forbidden for access (ClientError(‘An error occurred (KMS.NotFoundException) when calling the CreateMultipartUpload operation: Invalid keyId [’))”,

Steps/code to reproduce the problem

The code used was this:

config = boto3.session.Config(signature_version='s3v4')

with smart_open.open(url, 'r', transport_params={
                'session':                      SESSION,
                'resource_kwargs': {
                    'config':                   config
                },
                'multipart_upload_kwargs': {
                    'ServerSideEncryption':     'aws:kms',
                    'SSEKMSKeyId':              KEY_id
                }
            })

works for a normal upload only.

Issue Analytics

State:
Created 3 years ago
Comments:8

Top GitHub Comments

1reaction

joao-mirandacommented, Nov 17, 2020

@mpenkov Everything works after the update. Sorry about wasting your time.

1reaction

joao-mirandacommented, Nov 17, 2020

I did a new test project with smart_open 3.0 and it seems to work. I’ll get back to you after testing it on the actual project:

def main(event, context):
    session = boto3.Session()
    config = boto3.session.Config(signature_version='s3v4')
                    
    with smart_open.open(outputFileUrl, 'w', transport_params={
        'session': session,
                'resource_kwargs': {
                    'config': config
                },
                'multipart_upload_kwargs': {
                    'ServerSideEncryption': 'aws:kms',
                    'SSEKMSKeyId': KMS_ID
                }
            }
        ) as outputFile:
        with smart_open.open(inputFileurl, 'r', transport_params={
                'session': session,
                'resource_kwargs': {
                    'config': config
                },
                'multipart_upload_kwargs': {
                    'ServerSideEncryption': 'aws:kms',
                    'SSEKMSKeyId': KMS_ID
                }
            }
        ) as file:
            chunkCount = 0
            for chunk in iter(functools.partial(file.read, SIZE), ''):
                outputFile.write(chunk)
                print('chunk', chunk)

        print('Created file with url', outputFileUrl)```

Top Results From Across the Web

Multipart upload to AWS S3 does not seem to work · Issue #1025

program produces the following error: x-amz-server-side-encryption header is not supported for this operation; file is not uploaded. Repro steps ...

Access Denied when performing S3 Multipart Upload ...

Access for KMS is granted properly ( kms:Decrypt , kms:Encrypt and kms:GenerateDataKey* ) and it worked previously! This issues appears for both ...

CreateMultipartUpload - Amazon Simple Storage Service

To perform a multipart upload with encryption using an AWS KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions...

Upload large files to S3 with encryption using an AWS KMS key

To perform a multipart upload with encryption using an AWS KMS key, the requester must have kms:GenerateDataKey and kms:Decrypt permissions.

Amazon S3 Storage Providers - Rclone

Key Management System (KMS). If you are using server-side encryption with KMS then you must make sure rclone is configured with server_side_encryption =...