I have encrypted my S3 bucket with AWS-KMS. The idea is that when a user clicks an export button on web page the api is going to create an excel sheet of the data > upload it on the S3 and return the uploaded sheet url back to user (opening it on a new tab) so the user can download the excel sheet.
We are using lambda + api gateway for this project. The code looks something like this:
//...excel is generated
const s3 = new aws.S3({maxRetries: 10, signatureVersion: "v4"});
const stream = new Stream.PassThrough();
let uploadedFileName = excelFileName _ "_" _ Date.now() + '.xlsx';
await workbook.xlsx.write(stream);
let uploadResponse = await s3.upload({
Key: uploadedFileName,
Bucket: process.env.awsBucket,
Body: stream,
ACL: 'public-read',
}).promise();
return { url: uploadResponse.Location };
So the api gateway sends the following response:
{
"success":true,
"response":"https://my-bucket.amazonaws.com/the-excel-file.xlsx",
"errorCode":0,
"message":"Success"
}
The front end then opens the response link in a new tab where it gets downloaded.
Before the AWS-KMS encryption, this method was working well. However since I have encrypted the buckets when the file url is opened it gives the following error on the browser:
<Error>
<Code>InvalidArgument</Code>
<Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message>
<ArgumentName>Authorization</ArgumentName>
<ArgumentValue>null</ArgumentValue>
<RequestId>0M40K5V3CKDG6V3R</RequestId>
<HostId>JmKng3cm+HKNxFL8Pa0dZroosasBJy/8xxTsNqoFhOa/bR8inWeWeSr5iHTtPReOpIp5ayh3tw4=</HostId>
</Error>
Is there a way to return the decrypted file url to user or any other alternate solution to this?