移動しました=> mazgi.log :: SSE-KMSで暗号化したS3バケットをs3fsでmountする
タイトルの通り「AWS Key Management Service (AWS KMS) 」を使って暗号化したAmazon S3バケットをs3fsでUbuntu 16上でmountした。
KMSについては以下のドキュメントが詳しいが要は暗号化の際に煩雑な鍵の管理をAWSにお願いできる仕組み。
docs.aws.amazon.com
S3バケットの準備
S3バケットを作り、画像のように Default encryption
を AWS-KMS
に設定する。
なおこのS3バケットは記事公開時点で削除済み。
s3fsの設定
Install
GitHubからアーカイブをダウンロードして
$ ./autogen.sh
$ ./configure
$ make
$ sudo make install
する。
github.com
mount
以下のようにAWSのcredentialを .secret
というファイルに ACCESS_KEY:SECRET_KEY
というフォーマットで書く。
またKMSの鍵IDを環境変数に設定した。
$ cat .secret
****ACCESS_KEY****:****SECRET_KEY****
$ export AWSSSEKMSID='********'
そしてmountする。
endpoint
, uid
, gid
, umask
あたりをきちんと設定しないと読み書きできない、ハマった。
なお鍵IDは環境変数使わなくても use_sse=kmsid:"${AWSSSEKMSID}"
でいける模様。
また -d
はdebug、 -f
はフォアグラウンド実行。
$ s3fs mazgi-s3-sse-kms-test-01-bucket-01 bucket -o passwd_file=.secret,use_sse=kmsid,endpoint=ap-northeast-1,allow_other,uid=1234,gid=1234,umask=227 -d -f
[CRT] s3fs.cpp:set_s3fs_log_level(271): change debug level from [CRT] to [INF]
[INF] s3fs.cpp:set_mountpoint_attribute(4206): PROC(uid=4600, gid=4600) - MountPoint(uid=4600, gid=4600, mode=40775)
[INF] s3fs.cpp:s3fs_init(3371): init v1.83(commit:unknown) with OpenSSL
[INF] s3fs.cpp:s3fs_check_service(3747): check services.
[INF] curl.cpp:CheckBucket(3068): check a bucket.
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
ファイル操作
ls
してみる。
なおS3バケットに入っているJPEG画像はこれ。かわいい。
「ぱくたそ」からお借りした。
$ ls -l bucket
total 179
-r-xr-x--- 1 user group 96870 Feb 1 07:10 cat.jpg*
-r-xr-x--- 1 user group 84999 Feb 1 07:13 cat_plain.jpg*
その時のコンソールログ。
[INF] s3fs.cpp:s3fs_getattr(841): [path=/]
[INF] s3fs.cpp:s3fs_opendir(2281): [path=/][flags=100352]
[INF] s3fs.cpp:s3fs_readdir(2432): [path=/]
[INF] s3fs.cpp:list_bucket(2477): [path=/]
[INF] curl.cpp:ListBucketRequest(3103): [tpath=/]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01?delimiter=/&max-keys=1000&prefix=
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com?delimiter=/&max-keys=1000&prefix=
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [delimiter=/&max-keys=1000&prefix=] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[INF] s3fs.cpp:readdir_multi_head(2346): [path=/][list=0]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/cat.jpg][bpath=cat.jpg][save=/cat.jpg][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/cat.jpg
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/cat.jpg
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/cat.jpg] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/cat_plain.jpg][bpath=cat_plain.jpg][save=/cat_plain.jpg][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/cat_plain.jpg
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/cat_plain.jpg
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/cat_plain.jpg] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:Request(3999): [count=2]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/cat_plain.jpg]
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/cat.jpg]
[INF] s3fs.cpp:s3fs_getattr(841): [path=/cat.jpg]
[INF] s3fs.cpp:s3fs_getattr(841): [path=/cat_plain.jpg]
アップロード前のチェックサムがこれ。
$ shasum -a 1 cat.jpg
fb9f3c47ad3d91ced2e62c82f0ae753330351b32 cat.jpg
mountしたS3バケットから読み取りテスト兼ねてチェックサムを取得してみる。
一致しているので正しく読み取れていることがわかる。
$ sha1sum bucket/cat.jpg
fb9f3c47ad3d91ced2e62c82f0ae753330351b32 bucket/cat.jpg
ファイル読み取り時のコンソールログ。
[INF] s3fs.cpp:s3fs_getattr(841): [path=/cat.jpg]
[INF] s3fs.cpp:s3fs_open(2063): [path=/cat.jpg][flags=32768]
[INF] cache.cpp:DelStat(565): delete stat cache entry[path=/cat.jpg]
[INF] curl.cpp:HeadRequest(2708): [tpath=/cat.jpg]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/cat.jpg][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/cat.jpg
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/cat.jpg
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/cat.jpg] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/cat.jpg]
[INF] fdcache.cpp:SetMtime(1019): [path=/cat.jpg][fd=7][time=1517436613]
[INF] curl.cpp:GetObjectRequest(3043): [tpath=/cat.jpg][start=0][size=96870]
[INF] curl.cpp:PreGetObjectRequest(2983): [tpath=/cat.jpg][start=0][size=96870]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/cat.jpg
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/cat.jpg
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/cat.jpg] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:GetObjectRequest(3058): downloading... [path=/cat.jpg][fd=7]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 206
[INF] s3fs.cpp:s3fs_getattr(841): [path=/cat.jpg]
[INF] s3fs.cpp:s3fs_flush(2185): [path=/cat.jpg][fd=7]
[INF] fdcache.cpp:RowFlush(1434): [tpath=][path=/cat.jpg][fd=7]
[INF] s3fs.cpp:s3fs_release(2238): [path=/cat.jpg][fd=7]
[INF] fdcache.cpp:GetFdEntity(1995): [path=/cat.jpg][fd=7]
今度はS3バケットにファイルを書き込んでみる。
適当にファイルを作りチェックサムを取得。
$ head -1 /dev/urandom|od -x > rand.txt
$ sha1sum rand.txt
bb02ee0d5fc5b459ca1978fcc0e53649d144554c rand.txt
マウントポイントにコピーする。
コピー後のチェックサムが一致しているので正しくコピーできたことがわかる。
$ cp rand.txt bucket/
$ sha1sum bucket/rand.txt
bb02ee0d5fc5b459ca1978fcc0e53649d144554c bucket/rand.txt
書き込み時のコンソールログ。
[INF] s3fs.cpp:s3fs_getattr(841): [path=/]
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt/]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt/][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt/] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt_$folder$]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt_$folder$][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt_%24folder%24
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt_%24folder%24
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt_$folder$] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] s3fs.cpp:list_bucket(2477): [path=/rand.txt]
[INF] curl.cpp:ListBucketRequest(3103): [tpath=/rand.txt]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [delimiter=/&max-keys=2&prefix=rand.txt/] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt/]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt/][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt/] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt_$folder$]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt_$folder$][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt_%24folder%24
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt_%24folder%24
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt_$folder$] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] s3fs.cpp:list_bucket(2477): [path=/rand.txt]
[INF] curl.cpp:ListBucketRequest(3103): [tpath=/rand.txt]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [delimiter=/&max-keys=2&prefix=rand.txt/] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[INF] s3fs.cpp:s3fs_create(999): [path=/rand.txt][mode=100664][flags=32961]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt/]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt/][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt/] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt_$folder$]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt_$folder$][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt_%24folder%24
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt_%24folder%24
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt_$folder$] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2073): HTTP response code 404 was returned, returning ENOENT
[INF] s3fs.cpp:list_bucket(2477): [path=/rand.txt]
[INF] curl.cpp:ListBucketRequest(3103): [tpath=/rand.txt]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com?delimiter=/&max-keys=2&prefix=rand.txt/
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/] [delimiter=/&max-keys=2&prefix=rand.txt/] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[WAN] s3fs.cpp:append_objects_from_xml_ex(2575): contents_xp->nodesetval is empty.
[INF] s3fs.cpp:create_file_object(960): [path=/rand.txt][mode=100664]
[INF] curl.cpp:PutRequest(2872): [tpath=/rand.txt]
[INF] curl.cpp:PutRequest(2889): create zero byte file object.
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [PUT] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:PutRequest(2969): uploading... [path=/rand.txt][fd=-1][size=0]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:DelStat(565): delete stat cache entry[path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/rand.txt]
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] s3fs.cpp:s3fs_flush(2185): [path=/rand.txt][fd=7]
[INF] fdcache.cpp:RowFlush(1434): [tpath=][path=/rand.txt][fd=7]
[INF] curl.cpp:PutRequest(2872): [tpath=/rand.txt]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [PUT] [/rand.txt] [] [2a5b392dff6867a115948ff04fbec762a6f007cffebf40544c62308ec9eab099]
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:PutRequest(2969): uploading... [path=/rand.txt][fd=7][size=996]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] s3fs.cpp:s3fs_release(2238): [path=/rand.txt][fd=7]
[INF] cache.cpp:DelStat(565): delete stat cache entry[path=/rand.txt]
[INF] fdcache.cpp:GetFdEntity(1995): [path=/rand.txt][fd=7]
こちらはチェックサム取得時のコンソールログ。
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/rand.txt]
[INF] s3fs.cpp:s3fs_open(2063): [path=/rand.txt][flags=32768]
[INF] cache.cpp:DelStat(565): delete stat cache entry[path=/rand.txt]
[INF] curl.cpp:HeadRequest(2708): [tpath=/rand.txt]
[INF] curl.cpp:PreHeadRequest(2657): [tpath=/rand.txt][bpath=][save=][sseckeypos=-1]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [HEAD] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:RequestPerform(2051): HTTP response code 200
[INF] cache.cpp:AddStat(356): add stat cache entry[path=/rand.txt]
[INF] fdcache.cpp:SetMtime(1019): [path=/rand.txt][fd=7][time=1517862525]
[INF] curl.cpp:GetObjectRequest(3043): [tpath=/rand.txt][start=0][size=996]
[INF] curl.cpp:PreGetObjectRequest(2983): [tpath=/rand.txt][start=0][size=996]
[INF] curl.cpp:prepare_url(4253): URL is https://s3.amazonaws.com/mazgi-s3-sse-kms-test-01-bucket-01/rand.txt
[INF] curl.cpp:prepare_url(4285): URL changed is https://mazgi-s3-sse-kms-test-01-bucket-01.s3.amazonaws.com/rand.txt
[INF] curl.cpp:insertV4Headers(2400): computing signature [GET] [/rand.txt] [] []
[INF] curl.cpp:url_to_host(101): url is https://s3.amazonaws.com
[INF] curl.cpp:GetObjectRequest(3058): downloading... [path=/rand.txt][fd=7]
[INF] curl.cpp:RequestPerform(2051): HTTP response code 206
[INF] s3fs.cpp:s3fs_getattr(841): [path=/rand.txt]
[INF] s3fs.cpp:s3fs_flush(2185): [path=/rand.txt][fd=7]
[INF] fdcache.cpp:RowFlush(1434): [tpath=][path=/rand.txt][fd=7]
[INF] s3fs.cpp:s3fs_release(2238): [path=/rand.txt][fd=7]
[INF] fdcache.cpp:GetFdEntity(1995): [path=/rand.txt][fd=7]
以上、ちょっとハマったができてみるとあっさり暗号化したS3バケットが扱えた。
で、「これをprovisioningするの時間がないなー」とか思ってたら斜め後ろのベテランエンジニアがサクッとitamaeのrecipeにしてくれた。感謝。