I'm performing an android build via aws code build. The apk files generated are by default applied with server side encryption (aws-kms) I can unset the encryption manually by clicking as shown below from the s3 bucket by unselecting ASW-KMS
which gives the following popup
Here selecting None option manually will make the link downloadable. I want to achieve this programmatically.
I have already tried adding permissions as mentioned here. Also did experiment a fair bit with python boto3. However didn't meet with any success so far. Thanks in advance!
OK, I got a workaround for this. After the encypted (server side aws-kms) artifact is created and uploaded to s3 (as part of aws code build), create a copy of the file with 'ACL':'public-read'. The following are the steps:
s3 = boto3.resource('s3',aws_access_key_id='<YOUR ACCESS KEY>', aws_secret_access_key='<YOUR SECRET ACCESS KEY>', region_name = 'ap-southeast-1', config=Config(signature_version='s3v4'))
The config=Config(signature_version='s3v4')part is the trick to get access to the encrypted file.
copy_source = {'Bucket': 'SOURCE BUCKET','Key':'test/app-debug.apk'}
s3.meta.client.copy(copy_source, 'DESTINATION BUCKET', 'app-debug.apk', {'ACL':'public-read'})
From S3, you will get a downloadable URL.
Alternatively, you can get a downloadable link directly from the encrypted S3 item without copying it to another bucket. However, the issue is that s3v4 encryption comes with a maximum expiry of 7 days. So the link works at max for only 7 days.The following is the step for the same:
s3_client = boto3.client('s3',aws_access_key_id='<YOUR ACCESS KEY>', aws_secret_access_key='<YOUR SECRET KEY>', region_name='ap-southeast-1', config=Config(signature_version='s3v4'))url = s3_client.generate_presigned_url(ClientMethod='get_object', Params={'Bucket':'SOURCE BUCKET', 'Key':'test/app-debug.apk'})
来源:https://stackoverflow.com/questions/44229317/programmatically-unset-encryption-for-a-file-in-aws-s3