duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Requests specifying Server Side Encryption with AWS

From: Sinang, Danny
Subject: Re: [Duplicity-talk] Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
Date: Thu, 3 Jan 2019 23:23:46 +0000

I was able to work around the AWS Signature Version 4 problem by creating /etc/boto.cfg and adding these lines to it :

 

[s3]

use-sigv4 = True

host=s3.us-east-1.amazonaws.com

 

However, the error I get now is :

 

Attempt 1 failed. S3DataError: BotoClientError: ETag from S3 did not match computed MD5. "648ff6d0c349b9bc6557f161db3d36d9" vs. 688fea95f151e26c15722eb2863d8eea

 

From: Sinang, Danny
Sent: Thursday, January 3, 2019 2:45 PM
To: 'Discussion about duplicity backup' <address@hidden>
Subject: RE: [Ext] [Duplicity-talk] Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

 

Forgot to mention we’re using duplicity 0.7.18.2 on an AWS EC2 instance with this Linux flavor :

 

Linux version 4.14.42-52.37.amzn1.x86_64 (address@hidden) (gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC)) #1 SMP Tue May 22 00:41:10 UTC 2018

 

And boto-2.49.0 .

 

From: Duplicity-talk <duplicity-talk-bounces+address@hidden> On Behalf Of Sinang, Danny via Duplicity-talk
Sent: Thursday, January 3, 2019 2:31 PM
To: address@hidden
Cc: Sinang, Danny <address@hidden>
Subject: [Ext] [Duplicity-talk] Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

 

[Warning: This email originated from an outside source.]

Hi,

 

I’m trying to back up my files and directories to an s3 bucket (in the us-east-1 region) which has server-side encryption enabled and uses a custom KMS Key.

 

So I run the command below, but get the error : Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

 

# duplicity /notebooks s3://s3.amazonaws.com/my-own-backups --log-file /var/log/duplicity.log --no-encryption

 

Local and Remote metadata are synchronized, no sync needed.

Last full backup left a partial set, restarting.

Last full backup date: Thu Jan  3 18:52:13 2019

RESTART: The first volume failed to upload before termination.

         Restart is impossible...starting backup from beginning.

 

Local and Remote metadata are synchronized, no sync needed.

Last full backup date: none

No signatures found, switching to full backup.

Attempt 1 failed. S3ResponseError: S3ResponseError: 400 Bad Request

<?xml version="1.0" encoding="UTF-8"?>

<Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>13C499F10532F0B0</RequestId><HostId>H28IOyN2uWiFSwlRFic9+hy7CPPFFJAp2o1Yi+SiydgKwM0GmPvKQRnMYOiGAeRC2TOeBQunFZY=</HostId></Error>

 

I tried adding the --s3-use-server-side-encryption , but that made the uploaded objects use the default KMS key, which is not what I want since the custom KMS key I used restricts who can do decryption.

 

Is there an option I’m missing ?

 

Regards,

Danny

 

reply via email to
[Prev in Thread] Current Thread [Next in Thread]