How to upload & download file in S3 using AWS KMS using Python

Access AWS S3 bucket from another account using bucket policy
August 2, 2018
Export Active Directory users using PowerShell
September 29, 2018

How to upload & download file in S3 using AWS KMS using Python

Just take a simple script that downloads a file from an s3 bucket. The file is leveraging KMS encrypted keys for S3 server-side encryption. For more information on s3 encryption using KMS please see AWS documentation here

Code to download an s3 file without encryption using python boto3:

#!/usr/bin/env python
import boto3
s3_client = boto3.client('s3')
s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt')

The code snippet to download s3 file which is having KMS encryption enabled (with default KMS key):

#!/usr/bin/env python
import boto3
from botocore.client import Config
s3_client = boto3.client('s3', config=Config(signature_version='s3v4'))
s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt')

Upload file to s3 who use AWS KMS encryption

s3_client = boto3.client('s3', config=Config(signature_version='s3v4'))
s3_client.upload_file(filename, bucketname, objectkey, ExtraArgs={"ServerSideEncryption": "aws:kms", "SSEKMSKeyId": })

Note: If you do not provide the KMS key id – then by default it uses the s3 KMS master key.

Bitnami