By using AWS re:Post, you agree to the Terms of Use

Can't decrypt Aurora MySQL Kinesis activity stream. (error:InvalidCiphertextException)


I'm stuck developing an application using AWS SDK for Go, and I'm unable to decrypt the Kinesis activity stream records coming from my Aurora MySQL db.

Following these steps to decrypt the record payloads, as I try to decrypt the record data key, I get error:InvalidCiphertextException

I'm currently trying to decrypt the record data key (in order to decrypt the payload) using my KMS key, via this call:

kmsSession.Decrypt(&kms.DecryptInput{CiphertextBlob: []byte(record.Key)}) With record.key being the data encryption key from the record I'm reading, as a string, parsed from the whole record.

As far as I know, for this usecase there is no need to specify the Encryption Context, or my KMS keyID (although I tried it anyway, getting the same error).

I'm opening the kms session as an user with AdministratorAccess policy group rights, and the user is in the Key Users and Key Administrator list for this KMS key.

Also, does the record data key needs to be base-64 decoded?

Any help is appreciated. Thanks!