Hi,
I am trying to create a file from an encrypted s3 bucket in my EB instance using the "files" key in an ebextensions configuration file.
It's failing with a 400 error and the message: "Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4."
Here are some details:
- The bucket is encrypted with a custom KMS key
- I'm using the "AWS::CloudFormation::Authentication" resource with role-based authentication
eg:
Resources:
AWSEBAutoScalingGroup:
Metadata:
AWS::CloudFormation::Authentication:
S3Auth:
type: "s3"
buckets:
- "Fn::GetOptionSetting":
Namespace: "aws:elasticbeanstalk:application:environment"
OptionName: "ConfigBucketName"
roleName:
"Fn::GetOptionSetting":
Namespace: "aws:autoscaling:launchconfiguration"
OptionName: "IamInstanceProfile"
The role is set up with the correct policy to ListBucket and GetObject on the s3 bucket and the role is added as a Key User in KMS.
Any pointers on how to get this to work?
Thanks,
Kwan