RT.
This is my s3's filesystem configure:
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_REGION'),
'bucket' => env('AWS_BUCKET'),
],
And this is my composer.json:
"require": {
"laravel/framework": "5.1.*",
"barryvdh/laravel-ide-helper": "~2.0",
"predis/predis": "~1.0",
"guzzlehttp/guzzle": "~5.0",
"league/flysystem-aws-s3-v3": "~1.0",
"raven/raven": "0.12.*"
},
And this is my s3's bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyUnEncryptedObjectUploads",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::*****bucket_name*****/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
]
}
Yes, I used "s3:x-amz-server-side-encryption": "AES256"
as my PutObject's condition, but I wanna use like this code:
Storage::disk('s3')->put('test.log','123');
But when I run it, I will got response like this:
[Aws\S3\Exception\S3Exception]
Error executing "HeadObject" on "https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log"; AWS HTTP error: Client error response [url]https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log [status code] 403 [reason phrase] Forbidden (client): 403 Forbidden (Request-ID: 39C30C8512E5ED16) -
[GuzzleHttp\Exception\ClientException]
Client error response [url] https://s3-ap-northeast-1.amazonaws.com/****bucket_name****/test.log [status code] 403 [reason phrase] Forbidden
So, how can I do this? Thanks!
Amazon provides several encryption types for data stored in Amazon S3. Is S3 encrypted? By default, data stored in an S3 bucket is not encrypted, but you can configure the AWS S3 encryption settings.
Amazon S3 server-side encryption uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256). There are no additional fees for using server-side encryption with Amazon S3-managed keys (SSE-S3).
AES-256 is the technology we use to encrypt data in AWS, including Amazon Simple Storage Service (S3) server-side encryption.
Set the value of the header to the encryption algorithm AES256 that Amazon S3 supports. Amazon S3 confirms that your object is stored using server-side encryption by returning the response header x-amz-server-side-encryption . The following REST upload APIs accept the x-amz-server-side-encryption request header.
(Laravel 5.3) If your bucket policy requires server side encryption for all objects, rather than access the S3 driver and pass arguments to that, I was able to universally enable S3 SSE by setting it as an option in the configuration:
config/filesystems.php
...
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_REGION'),
'bucket' => env('AWS_S3_BUCKET'),
'options' => [
'ServerSideEncryption' => 'AES256',
]
],
...
With the ServerSideEncryption option set in the configuration, I am able to make method calls on the "disk" directly.
$s3 = Storage::disk('s3');
$s3->putFileAs($prefix, new File($path), $filename);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With