AWS S3 CopyObject method throws client side exception when Istio encrypts connection and SSE is enabled #3149
Unanswered
naveeniyengar
asked this question in
Q&A
Replies: 1 comment
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
copyObject method for AWS S3 SDK(AmazonS3Client.java) throws an exception "HTTPS must be used when sending customer encryption keys (SSE-C) to S3, in order to protect your encryption keys." when SSE is enabled and encryption is delegated to service mesh(Istio).
I checked further and found that exception is thrown from assertHttps . AWS SDK refuses to share encryption keys over what it thinks is a unsecured network, based on the protocol part in URI. However, encryption in my setup is provided by Istio.
I stumbled upon this problem while running a spark application which writes to Hadoop filesystem. In my case it happens to be a S3 filesystem.
At the time of writing of these functions(in 2014), concept of service mesh or delegation of security outside applicable probably never existed or still quite naive. However with increased adoption of such concepts, I wonder if this needs to be revisited?
Any thoughts or suggestions?
Beta Was this translation helpful? Give feedback.
All reactions