AWS KMS Python : Upload & download file in S3

Access AWS S3 bucket from another account using bucket policy
August 2, 2018
PowerShell : Export Active Directory users
September 29, 2018

AWS KMS Python : Upload & download file in S3

AWS KMS Python : Just take a simple script that downloads a file from an s3 bucket. The file is leveraging KMS encrypted keys for S3 server-side encryption. For more information on s3 encryption using KMS please see AWS documentation here

Code to download an s3 file without encryption using python boto3:

#!/usr/bin/env python
import boto3
s3_client = boto3.client('s3')
s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt')

The code snippet to download s3 file which is having KMS encryption enabled (with default KMS key):

#!/usr/bin/env python
import boto3
from botocore.client import Config
s3_client = boto3.client('s3', config=Config(signature_version='s3v4'))
s3_client.download_file('testtesttest', 'test.txt', '/tmp/test.txt')

Upload file to s3 who use AWS KMS encryption

s3_client = boto3.client('s3', config=Config(signature_version='s3v4'))
s3_client.upload_file(filename, bucketname, objectkey, ExtraArgs={"ServerSideEncryption": "aws:kms", "SSEKMSKeyId": })

Note: If you do not provide the KMS key id – then by default it uses the s3 KMS master key.

Bitnami