Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I use Storage::disk('s3')->put() when my s3's x-amz-server-side-encryption is AES256 at Laravel 5.1?

RT.

This is my s3's filesystem configure:

's3' => [
        'driver' => 's3',
        'key'    => env('AWS_ACCESS_KEY_ID'),
        'secret' => env('AWS_SECRET_ACCESS_KEY'),
        'region' => env('AWS_REGION'),
        'bucket' => env('AWS_BUCKET'),
    ],

And this is my composer.json:

"require": {
        "laravel/framework": "5.1.*",
        "barryvdh/laravel-ide-helper": "~2.0",
        "predis/predis": "~1.0",
        "guzzlehttp/guzzle": "~5.0",
        "league/flysystem-aws-s3-v3": "~1.0",
        "raven/raven": "0.12.*"
    },

And this is my s3's bucket policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyUnEncryptedObjectUploads",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::*****bucket_name*****/*",
            "Condition": {
                "StringNotEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        }
    ]
}

Yes, I used "s3:x-amz-server-side-encryption": "AES256" as my PutObject's condition, but I wanna use like this code:

Storage::disk('s3')->put('test.log','123');

But when I run it, I will got response like this:

[Aws\S3\Exception\S3Exception]                                                                                                                                    
Error executing "HeadObject" on "https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log"; AWS HTTP error: Client error response [url]https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log [status code] 403 [reason phrase] Forbidden  (client): 403 Forbidden (Request-ID: 39C30C8512E5ED16) -

[GuzzleHttp\Exception\ClientException]                                                                                                                     
Client error response [url] https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log [status code] 403 [reason phrase] Forbidden

So, how can I do this? Thanks!

like image 297
jinchun Avatar asked Aug 06 '15 08:08

jinchun


People also ask

Will you use encryption for S3?

Amazon provides several encryption types for data stored in Amazon S3. Is S3 encrypted? By default, data stored in an S3 bucket is not encrypted, but you can configure the AWS S3 encryption settings.

What encryption does AWS use for S3?

Amazon S3 server-side encryption uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256). There are no additional fees for using server-side encryption with Amazon S3-managed keys (SSE-S3).

Which AWS service or functionality allows customers to encrypt data stored in Amazon S3 during the storage process?

AES-256 is the technology we use to encrypt data in AWS, including Amazon Simple Storage Service (S3) server-side encryption.

When using the AWS rest API to upload an object to S3 which of the following request headers will ensure that your data must be encrypted using SSE?

Set the value of the header to the encryption algorithm AES256 that Amazon S3 supports. Amazon S3 confirms that your object is stored using server-side encryption by returning the response header x-amz-server-side-encryption . The following REST upload APIs accept the x-amz-server-side-encryption request header.


1 Answers

(Laravel 5.3) If your bucket policy requires server side encryption for all objects, rather than access the S3 driver and pass arguments to that, I was able to universally enable S3 SSE by setting it as an option in the configuration:

config/filesystems.php

...

's3' => [
                'driver' => 's3',
                'key'    => env('AWS_ACCESS_KEY_ID'),
                'secret' => env('AWS_SECRET_ACCESS_KEY'),
                'region' => env('AWS_REGION'),
                'bucket' => env('AWS_S3_BUCKET'),
                'options' => [
                    'ServerSideEncryption' => 'AES256',
                ]
            ],

...

With the ServerSideEncryption option set in the configuration, I am able to make method calls on the "disk" directly.

$s3 = Storage::disk('s3');
$s3->putFileAs($prefix, new File($path), $filename);
like image 179
dmddmd Avatar answered Nov 04 '22 22:11

dmddmd