SSE-KMSで暗号化したS3バケットをs3fsでmountする
タイトルの通り「AWS Key Management Service (AWS KMS) 」を使って暗号化した Amazon S3 バケットを s3fs で Ubuntu 16 上で mount した。
KMS については以下のドキュメントが詳しいが要は暗号化の際に煩雑な鍵の管理を AWS にお願いできる仕組み。
AWS KMS で管理されたキーによるサーバー側の暗号化 (SSE-KMS) を使用したデータの保護 - Amazon Simple Storage Service
S3 バケットの準備
S3 バケットを作り、画像のように Default encryption
を AWS-KMS
に設定する。
なおこの S3 バケットは記事公開時点で削除済み。
s3fs の設定
Install
GitHub からアーカイブをダウンロードして
$ ./autogen.sh
$ ./configure
$ make
$ sudo make install
する。
Release Release verson 1.83 · s3fs-fuse/s3fs-fuse
mount
以下のように AWS の credential を .secret
というファイルに ACCESS_KEY:SECRET_KEY
というフォーマットで書く。
また KMS の鍵 ID を環境変数に設定した。
$ cat .secret \***\*ACCESS_KEY\*\***:\***\*SECRET_KEY\*\***
$ export AWSSSEKMSID='**\*\*\*\***'
そして mount する。
endpoint
, uid
, gid
, umask
あたりをきちんと設定しないと読み書きできない、ハマった。
なお鍵 ID は環境変数使わなくても use_sse=kmsid:"${AWSSSEKMSID}"
でいける模様。
また -d
は debug、 -f
はフォアグラウンド実行。
$ s3fs mazgi-s3-sse-kms-test-01-bucket-01 bucket -o passwd_file=.secret,use_sse=kmsid,endpoint=ap-northeast-1,allow_other,uid=1234,gid=1234,umask=227 -d -f
[CRT] s3fs.cpp:set_s3fs_log_level(271): change debug level from [CRT] to [INF]
[INF] s3fs.cpp:set_mountpoint_attribute(4206): PROC(uid=4600, gid=4600) - MountPoint(uid=4600, gid=4600, mode=40775)
[INF] s3fs.cpp:s3fs_init(3371): init v1.83(commit:unknown) with OpenSSL
[INF] s3fs.cpp:s3fs_check_service(3747): check services.
[INF] curl.cpp:CheckBucket(3068): check a bucket.
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
ファイル操作
ls
してみる。
なお S3 バケットに入っている JPEG 画像はこれ。かわいい。
「ぱくたそ」からお借りした。
$ ls -l bucket
total 179
-r-xr-x--- 1 user group 96870 Feb 1 07:10 cat.jpg*
-r-xr-x--- 1 user group 84999 Feb 1 07:13 cat_plain.jpg*
その時のコンソールログ。
[INF] s3fs.cpp:s3fs_getattr(841): [path=/]
[INF] s3fs.cpp:s3fs_opendir(2281): [path=/][flags=100352]
[INF] s3fs.cpp:s3fs_readdir(2432): [path=/]
[INF] s3fs.cpp:list_bucket(2477): [path=/]
[INF] curl.cpp:ListBucketRequest(3103): [tpath=/]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01?delimiter=/&max-keys=1000&prefix=
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com?delimiter=/&max-keys=1000&prefix=
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [delimiter=/&max-keys=1000&prefix=] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[INF] s3fs.cpp:readdir_multi_head(2346): [path=/][list=0]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/cat.jpg][bpath=cat.jpg][save=/cat.jpg][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/cat.jpg
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/cat.jpg
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/cat.jpg] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/cat_plain.jpg][bpath=cat_plain.jpg][save=/cat_plain.jpg][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/cat_plain.jpg
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/cat_plain.jpg
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/cat_plain.jpg] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:Request(3999): [count=2]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/cat_plain.jpg]
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/cat.jpg]
[INF] s3fs.cpp:s3fs_getattr(841): [path=/cat.jpg]
[INF] s3fs.cpp:s3fs_getattr(841): [path=/cat_plain.jpg]
アップロード前のチェックサムがこれ。
$ shasum -a 1 cat.jpg
fb9f3c47ad3d91ced2e62c82f0ae753330351b32 cat.jpg
mount した S3 バケットから読み取りテスト兼ねてチェックサムを取得してみる。
一致しているので正しく読み取れていることがわかる。
$ sha1sum bucket/cat.jpg
fb9f3c47ad3d91ced2e62c82f0ae753330351b32 bucket/cat.jpg
ファイル読み取り時のコンソールログ。
[INF] s3fs.cpp:s3fs_getattr(841): [path=/cat.jpg]
[INF] s3fs.cpp:s3fs_open(2063): [path=/cat.jpg][flags=32768]
[INF] cache.cpp:DelStat(565): delete stat cache entry[path=/cat.jpg]
[INF] curl.cpp:HeadRequest(2708): [tpath=/cat.jpg]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/cat.jpg][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/cat.jpg
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/cat.jpg
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/cat.jpg] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/cat.jpg]
[INF] fdcache.cpp:SetMtime(1019): [path=/cat.jpg][fd=7][time=1517436613]
[INF] curl.cpp:GetObjectRequest(3043): [tpath=/cat.jpg][start=0][size=96870]
[INF] curl.cpp:PreGetObjectRequest(2983): [tpath=/cat.jpg][start=0][size=96870]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/cat.jpg
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/cat.jpg
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/cat.jpg] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:GetObjectRequest(3058): downloading... [path=/cat.jpg][fd=7]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 206
[INF] s3fs.cpp:s3fs_getattr(841): [path=/cat.jpg]
[INF] s3fs.cpp:s3fs_flush(2185): [path=/cat.jpg][fd=7]
[INF] fdcache.cpp:RowFlush(1434): [tpath=][path=/cat.jpg][fd=7]
[INF] s3fs.cpp:s3fs_release(2238): [path=/cat.jpg][fd=7]
[INF] fdcache.cpp:GetFdEntity(1995): [path=/cat.jpg][fd=7]
今度は S3 バケットにファイルを書き込んでみる。
適当にファイルを作りチェックサムを取得。
$ head -1 /dev/urandom|od -x > rand.txt
$ sha1sum rand.txt
bb02ee0d5fc5b459ca1978fcc0e53649d144554c rand.txt
マウントポイントにコピーする。
コピー後のチェックサムが一致しているので正しくコピーできたことがわかる。
$ cp rand.txt bucket/
$ sha1sum bucket/rand.txt
bb02ee0d5fc5b459ca1978fcc0e53649d144554c bucket/rand.txt
書き込み時のコンソールログ。
[INF] s3fs.cpp:s3fs*getattr(841): [path=/]
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt/]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt/][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt/] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt*$folder$]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt\_$folder$][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare*url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt*%24folder%24
[INF] curl.cpp:prepare*url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt*%24folder%24
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt_$folder$] [] []
[INF] curl.cpp:url*to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] s3fs.cpp:list_bucket(2477): [path=/rand.txt]
[INF] curl.cpp:ListBucketRequest(3103): [tpath=/rand.txt]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [delimiter=/&max-keys=2&prefix=rand.txt/] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt/]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt/][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt/] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt*$folder$]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt\_$folder$][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare*url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt*%24folder%24
[INF] curl.cpp:prepare*url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt*%24folder%24
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt_$folder$] [] []
[INF] curl.cpp:url*to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] s3fs.cpp:list_bucket(2477): [path=/rand.txt]
[INF] curl.cpp:ListBucketRequest(3103): [tpath=/rand.txt]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [delimiter=/&max-keys=2&prefix=rand.txt/] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[INF] s3fs.cpp:s3fs_create(999): [path=/rand.txt][mode=100664][flags=32961]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt/]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt/][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt/] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt*$folder$]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt\_$folder$][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare*url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt*%24folder%24
[INF] curl.cpp:prepare*url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt*%24folder%24
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt_$folder$] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] s3fs.cpp:list_bucket(2477): [path=/rand.txt]
[INF] curl.cpp:ListBucketRequest(3103): [tpath=/rand.txt]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [delimiter=/&max-keys=2&prefix=rand.txt/] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[INF] s3fs.cpp:create_file_object(960): [path=/rand.txt][mode=100664]
[INF] curl.cpp:PutRequest(2872): [tpath=/rand.txt]
[INF] curl.cpp:PutRequest(2889): create zero byte file object.
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [PUT] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:PutRequest(2969): uploading... [path=/rand.txt][fd=-1][size=0]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:DelStat(565): delete stat cache entry[path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/rand.txt]
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] s3fs.cpp:s3fs_flush(2185): [path=/rand.txt][fd=7]
[INF] fdcache.cpp:RowFlush(1434): [tpath=][path=/rand.txt][fd=7]
[INF] curl.cpp:PutRequest(2872): [tpath=/rand.txt]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [PUT] [/rand.txt] [] [2a5b392dff6867a115948ff04fbec762a6f007cffebf40544c62308ec9eab099]
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:PutRequest(2969): uploading... [path=/rand.txt][fd=7][size=996]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] s3fs.cpp:s3fs_release(2238): [path=/rand.txt][fd=7]
[INF] cache.cpp:DelStat(565): delete stat cache entry[path=/rand.txt]
[INF] fdcache.cpp:GetFdEntity(1995): [path=/rand.txt][fd=7]
こちらはチェックサム取得時のコンソールログ。
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/rand.txt]
[INF] s3fs.cpp:s3fs_open(2063): [path=/rand.txt][flags=32768]
[INF] cache.cpp:DelStat(565): delete stat cache entry[path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/rand.txt]
[INF] fdcache.cpp:SetMtime(1019): [path=/rand.txt][fd=7][time=1517862525]
[INF] curl.cpp:GetObjectRequest(3043): [tpath=/rand.txt][start=0][size=996]
[INF] curl.cpp:PreGetObjectRequest(2983): [tpath=/rand.txt][start=0][size=996]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:GetObjectRequest(3058): downloading... [path=/rand.txt][fd=7]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 206
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] s3fs.cpp:s3fs_flush(2185): [path=/rand.txt][fd=7]
[INF] fdcache.cpp:RowFlush(1434): [tpath=][path=/rand.txt][fd=7]
[INF] s3fs.cpp:s3fs_release(2238): [path=/rand.txt][fd=7]
[INF] fdcache.cpp:GetFdEntity(1995): [path=/rand.txt][fd=7]
以上、ちょっとハマったができてみるとあっさり暗号化した S3 バケットが扱えた。
で、「これを provisioning するの時間がないなー」とか思ってたら斜め後ろのベテランエンジニアがサクッと itamae の recipe にしてくれた。感謝。