|
From: | Sinang, Danny |
Subject: | [Duplicity-talk] Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. |
Date: | Thu, 3 Jan 2019 19:30:59 +0000 |
Hi, I’m trying to back up my files and directories to an s3 bucket (in the us-east-1 region) which has server-side encryption enabled and uses a custom KMS Key. So I run the command below, but get the error : Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. # duplicity /notebooks s3://s3.amazonaws.com/my-own-backups --log-file /var/log/duplicity.log --no-encryption Local and Remote metadata are synchronized, no sync needed. Last full backup left a partial set, restarting. Last full backup date: Thu Jan 3 18:52:13 2019 RESTART: The first volume failed to upload before termination. Restart is impossible...starting backup from beginning. Local and Remote metadata are synchronized, no sync needed. Last full backup date: none No signatures found, switching to full backup. Attempt 1 failed. S3ResponseError: S3ResponseError: 400 Bad Request <?xml version="1.0" encoding="UTF-8"?> <Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>13C499F10532F0B0</RequestId><HostId>H28IOyN2uWiFSwlRFic9+hy7CPPFFJAp2o1Yi+SiydgKwM0GmPvKQRnMYOiGAeRC2TOeBQunFZY=</HostId></Error> I tried adding the
--s3-use-server-side-encryption , but that made the uploaded objects use the default KMS key, which is not what I want since the custom KMS key I used restricts who can do decryption. Is there an option I’m missing ? Regards, Danny |
[Prev in Thread] | Current Thread | [Next in Thread] |