Questions tagged with AWS Key Management Service

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

getSignedUrl - SignatureDoesNotMatch wit SSE-C encryption

my AWS config ``` AWS.config.update({ accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey, signatureVersion: 'v4' }); ``` Function upload and generate getSignedUrl ``` let sseKey = '12345678901234567890121234567890'; let md5 = crypto.createHash('md5').update(sseKey.toString(), 'utf8').digest('hex').toUpperCase(); S3.putObject({ Bucket: 'Bucket', Body: buff, Key: 'test_file.jpg', SSECustomerAlgorithm: 'AES256', SSECustomerKey: sseKey, SSECustomerKeyMD5: md5 }, (err,data) => { console.log("🚀 file: aws.js line 203 returnnewPromise data", data) if (err) return console.error(err.stack) S3.getSignedUrl('getObject', { Bucket: 'Bucket', Key: 'test_file.jpg', Expires: 6000, SSECustomerAlgorithm: 'AES256', SSECustomerKey: sseKey, SSECustomerKeyMD5: md5 }, (err, data) => { if (err) return console.error(err.stack) console.log(data) resolve(data) }) }) ``` I got the link like this ``` https://$BUCKET_PATH/test_file.jpg? X-Amz-Algorithm=AWS4-HMAC-SHA256& X-Amz-Credential=$SECRECT_CRE%2F20220821%2Fus-west-2%2Fs3%2Faws4_request& X-Amz-Date=20220821T022426Z& X-Amz-Expires=6000& X-Amz-Signature=5e7cd0362b2543140b46c025044c11c2da2202e7ca59811fecf1837b6cdd4713& X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption-customer-algorithm%3Bx-amz-server-side-encryption-customer-key%3Bx-amz-server-side-encryption-customer-key-md5& x-amz-server-side-encryption-customer-algorithm=AES256& x-amz-server-side-encryption-customer-key=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjEyMzQ1Njc4OTA%3D& x-amz-server-side-encryption-customer-key-MD5=tbeqTQ80K9Hdr45q0i%2FNNQ%3D%3D ``` copy link to browser get error ``` <Error> <Code>SignatureDoesNotMatch</Code> <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message> ``` I also use `https://www.npmjs.com/package/request` POST and set header params but not work ``` headers: { 'x-amz-server-side-encryption-customer-algorithm': 'AES256', 'x-amz-server-side-encryption-customer-key': encryptKey.toString('base64'), }, ``` Please help me , i dont know where problem . Thank you
1
answers
0
votes
55
views
asked 4 months ago

MSSQL RDS Backup and Restore

I am trying to do a MSSQL database backup and restore (from one AWS account to another) following the native backup and restore documentation. - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.html#SQLServer.Procedural.Importing.Native.Enabling - The backup seems to work fine to an S3 bucket. I am then downloading it from Account A and uploading it back to an S3 bucket in Account B. When I then try to restore using - exec msdb.dbo.rds_restore_database @restore_db_name='database_name', @s3_arn_to_restore_from='arn:aws:s3:::bucket_name/file_name.extension', - I get the following error - Aborted the task because of a task failure or a concurrent RESTORE_DB request. Task has been aborted ** The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.** - This suggests to me an encryption issue however I have not specified a KMS key using the '@kms_master_key_arn' parameter on either the export or import which the documentation suggests should export an unencrypted DB: The following parameters are optional: @kms_master_key_arn – The ARN for the symmetric encryption KMS key to use to encrypt the item. *** If you don't specify a KMS key identifier, the backup file won't be encrypted.** - I'd appreciate any ideas if anyone has come across this problem before.
1
answers
0
votes
55
views
asked 4 months ago

Unable to enter other created instances with putty, except for first instance

I've created an instance, created key-pair able to connect to it with putty. All my instances in the past worked fine, no key pair / putty client issue, my security groups are set with default open ssh accounts (open only to my ip which I've checked and matches my current ip) 2nd ec2 instance was created, created a new key pair, created all settings from scratch, added my_key.ppk to putty>Auth and now I'm not getting access, putty is throwing: --------------------------- PuTTY Fatal Error --------------------------- No supported authentication methods available (server sent: publickey) --------------------------- Now i've already been through this => https://aws.amazon.com/premiumsupport/knowledge-center/linux-credentials-error/ It's basically saying problem stems from either: 1. You're not connecting with the appropriate user name for your AMI when you negotiate an SSH session with an EC2 instance. OR 2. You're using the wrong private key when you negotiate an SSH session with an EC2 instance. I'm neither, (1) doesn't apply since I don't use an AMI. I went through resolution and nothing was relevant or went through all of those and I'm on Windows 10 so I can't use the EC2 Serial Console. I have opened several instances by now, created instances with new keys, then tried with an already existing key pairs. nothing. Any help at this point would be appreciated 🙏
1
answers
0
votes
36
views
erezt
asked 5 months ago