Certified Security - Specialty
  1. Rooms
  2. Certified Security - Specialty

Sign Up Free or Log In to participate!

Accessing S3 encrypted object

How do I access a public s3 object that is encrypted using KMS keys using the object URL?

1 Answers

Hi Ajay, 

It is not possible to access a public s3 object that is encrypted using KMS keys using the object URL.  

The only way you can access an encrypted object is if your user account has permission to use the CMK to decrypt the file. 

When you click on the object url link, you are attempting to access the file anonymously, i.e, you are not passing any AWS IAM credentials in this request, and you are accessing the file as an anonymous user. As the encryption key is managed in KMS rather than S3, S3 cannot decrypt the file for you. Therefore you will not be able to access the file in this way even though public access has been configured. 

Faye

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization