I want to enable SSE-KMS encryption on AWS S3 bucket and apply an existing KMS key to the bucket and also want to set the Bucket Key
to true.
AWS CLI put-bucket-encryption v2 doc: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/put-bucket-encryption.html
I followed the above mentioned aws cli documentation for put-bucket-encryption
and ran following command but got the validation error for BucketKeyEnabled
param.
If I remove that param then the command runs fine and sets the KMS key correctly.
However, I also want to set the Bucket Key
to true.
What's wrong with my command? I did compare the AWS CLI version v1 and v2 documentation and both looks same for put-bucket-encryption
.
Is this an aws cli version
Command:
aws s3api put-bucket-encryption \
--bucket my-bucket \
--server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"aws:kms","KMSMasterKeyID":"AWS_KMS_key_ARN"},"BucketKeyEnabled":true}]}'
Error:
Parameter validation failed: Unknown parameter in ServerSideEncryptionConfiguration.Rules[0]: "BucketKeyEnabled", must be one of: ApplyServerSideEncryptionByDefault
Following is my aws cli version info:
$ aws --version
aws-cli/1.16.306 Python/2.7.16 Darwin/20.5.0 botocore/1.13.42
As per documentation it should, but does this version not support BucketKeyEnabled
param? would updating to the latest aws cli version help?
CodePudding user response:
Version aws-cli/1.16.306
is very old, and BucketKeyEnabled
is not supported in the old version. If you want to keep using v1 of CLI, use the latest version which is 1.24.7
. Otherwise change to the current version 2.7.11
.