duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Requests specifying Server Side Encryption with AWS

From: Sinang, Danny
Subject: Re: [Duplicity-talk] Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
Date: Thu, 3 Jan 2019 19:44:50 +0000

Forgot to mention we’re using duplicity 0.7.18.2 on an AWS EC2 instance with this Linux flavor :

 

Linux version 4.14.42-52.37.amzn1.x86_64 (address@hidden) (gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC)) #1 SMP Tue May 22 00:41:10 UTC 2018

 

And boto-2.49.0 .

 

From: Duplicity-talk <duplicity-talk-bounces+address@hidden> On Behalf Of Sinang, Danny via Duplicity-talk
Sent: Thursday, January 3, 2019 2:31 PM
To: address@hidden
Cc: Sinang, Danny <address@hidden>
Subject: [Ext] [Duplicity-talk] Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

 

[Warning: This email originated from an outside source.]

Hi,

 

I’m trying to back up my files and directories to an s3 bucket (in the us-east-1 region) which has server-side encryption enabled and uses a custom KMS Key.

 

So I run the command below, but get the error : Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

 

# duplicity /notebooks s3://s3.amazonaws.com/my-own-backups --log-file /var/log/duplicity.log --no-encryption

 

Local and Remote metadata are synchronized, no sync needed.

Last full backup left a partial set, restarting.

Last full backup date: Thu Jan  3 18:52:13 2019

RESTART: The first volume failed to upload before termination.

         Restart is impossible...starting backup from beginning.

 

Local and Remote metadata are synchronized, no sync needed.

Last full backup date: none

No signatures found, switching to full backup.

Attempt 1 failed. S3ResponseError: S3ResponseError: 400 Bad Request

<?xml version="1.0" encoding="UTF-8"?>

<Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>13C499F10532F0B0</RequestId><HostId>H28IOyN2uWiFSwlRFic9+hy7CPPFFJAp2o1Yi+SiydgKwM0GmPvKQRnMYOiGAeRC2TOeBQunFZY=</HostId></Error>

 

I tried adding the --s3-use-server-side-encryption , but that made the uploaded objects use the default KMS key, which is not what I want since the custom KMS key I used restricts who can do decryption.

 

Is there an option I’m missing ?

 

Regards,

Danny

 

reply via email to
[Prev in Thread] Current Thread [Next in Thread]