EMR File System Client-side Encryption Using AWS KMS-managed KeysGo to Lab
In putty my text was not displayed as encrypted
Good real world example.
Excellent lab. No issues.
Lab didn't function correctly - got error on the confirm encrypted txt retrieval form s3: [hadoop@ip-172-31-13-47 ~]$ aws s3 cp s3://emr-seclab-bucket/outputfile.txt encryptedOutputFile.txt download failed: s3://emr-seclab-bucket/outputfile.txt to ./encryptedOutputFile.txt An error occurred (InvalidArgument) when calling the GetObject operation: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. You can enable AWS Signature Version 4 by running the command: aws configure set s3.signature_version s3v4 After executing the requested command, I could read the cleartext, I assume because s3 supports transparent decryption for users who have access to the key.
Worked as designed.