- Newest
- Most votes
- Most comments
Hey, thanks for reaching out! It looks like your object is encrypted with KMS in addition to S3 SSE (Server Side Encryption), so you have 2 layers of encryption. Please note that S3 SSE is transparent to the user and systems consuming the API, so it's not responsible for the issue you are facing.
To make the restore work, you'll have to decrypt the backup using the KMS key before the restore process. Please have a look at the following for examples on how to do it using the s3api with the aws cli: https://repost.aws/knowledge-center/decrypt-kms-encrypted-objects-s3
The custom KMS key policy is likely the key and likely IAM policy/role as well. Does the key policy include grants?
You could try to side step it by using the S3 managed key instead of custom KMS and that will tell you if it is something with your key policy most likely.
Check out this: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html
This is about importing backup files but it might have some relevance.
Hi,
via the console i have done a copy files and put them in a new folder that has the default kms encrytpion removed and is set to sse-kms. I get the same error. Is the API doing something different this process?
Image of the bucket folder the files reside attached
Relevant content
- asked 9 months ago
- asked 9 months ago
- asked 2 years ago
- asked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Hi,
via the console i have done a copy files and put them in a new folder that has the default kms encrytpion removed and is set to sse-kms. I get the same error.
Is the API doing something different this process?