Is there a way to generate a presigned url S3 for a private file encrypted with KMS Key using Python or AWS cli?
I searched in boto3 library docs and AWS cli docs, but i didn't find anything about KMS.
Thank you in advance
Related
I need to download a file from this URL https://desafio-rkd.s3.amazonaws.com/disney_plus_titles.csv with Python, try to do it with "" require.get '", but it returns me denied access. I understand that I have to authenticate. I have the key and the secret key, but I do not know how to do it.
Help me please?
The preferred way would be to use the boto3 library for Amazon S3. It has a download_file() command, for which you would use:
import boto3
s3_client = boto3.client('s3')
s3_client.download_file('desafio-rkd', 'disney_plus_titles.csv', 'disney_plus_titles.csv')
The parameters are: Bucket, Key, local filename to use when saving the file
Also, you will need to provide an Access Key and Secret Key. The preferred way to do this is to store them in a credentials file. This can be done by using the AWS Command-Line Interface (CLI) aws configure command.
See: Credentials — Boto3 documentation
I have a file that is stored on AWS s3 at https://xyz.s3.amazonaws.com/foo/file.json and I want to download that into my local machine using Python. However, the URL cannot be accessed publicly. I have the Account ID, IAM user name, and password (but NO Access Key or Secret Access Key and no permissions to view/change them either) to the resource that contains this file. How can I programmatically download this file instead of doing so from the console?
You could generate an Amazon S3 pre-signed URL, which would allow a private object to be downloaded from Amazon S3 via a normal HTTPS call (eg curl). This can be done easily using the AWS SDK for Python, or you could code it yourself without using libraries. Answer by John Rotenstein
here
How can I use boto3 resource to read a KMS encrypted file from S3 bucket?
Below is the snippet that I am using to read a non-encrypted file -
s3 = boto3.resource('s3')
obj = s3.Object(bucket_name, key)
body = obj.get()['Body'].read()
print(' body = {}'.format(body))
There's a helpful answer at Do I need to specify the AWS KMS key when I download a KMS-encrypted object from Amazon S3?
No, you don’t need to specify the AWS KMS key ID when you download an
SSE-KMS-encrypted object from an S3 bucket. Instead, you need the
permission to decrypt the AWS KMS key.
So, you don't need to provide KMS info on a GetObject request (which is what the boto3 resource-level methods are doing under the covers), unless you're doing CMK. You just need to have permission to access the KMS key for decryption. S3/KMS will do the rest for you.
You can configure the IAM policy associated with the Lambda function’s IAM role per the linked article.
I have been given a bucket name with ARN Number as below:
arn:aws:iam::<>:user/user-name
I was also given an access key.
I know that this can be done using boto.
Connect to s3 bucket using IAM ARN in boto3
As in the above link do i need to use 'sts'?
if so why am i provided with an access key?
First, I recommend you install the AWS Command-Line Interface (CLI), which provides a command-line for accessing AWS.
You can then store your credentials in a configuration file by running:
aws configure
It will prompt you for the Access Key and Secret Key, which will be stored in a config file.
Then, you will want to refer to S3 — Boto 3 documentation to find out how to access Amazon S3 from Python.
Here's some sample code:
import boto3
client = boto3.client('s3', region_name = 'ap-southeast-2') # Change as appropriate
client.upload_file('/tmp/hello.txt', 'mybucket', 'hello.txt')
I'm using an S3 compatible service. That means my dynamic storage is not hosted on AWS. I found a couple of python scripts that upload files to AWS S3. I would like to do the same but I need to be able to set my own host url. How can that be done?
You can use the Boto3 library (https://boto3.readthedocs.io/en/latest/) for all your S3 needs in Python. To use a custom S3-compatible host instead of the AWS, set the endpoint_url argument when constructing a S3 resource object, e.g.:
import boto3
session = boto3.session.Session(...)
s3 = session.resource("s3", endpoint_url="http://...", ...)
You can use amazon route53.
Please refer
http://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.html