in usecase-1/usecase-1-Step-2.py [0:0]
def main():
"""
#######################################
# Server side encryption on S3 #
#######################################
"""
try:
#########################################################
# creating a s3 bucket with some name randomization #
#########################################################
s3_client = boto3.client('s3')
bucket_name = 'dp-workshop-bucket' + str(random.randint(1, 100000))
# Note: if statement necessary because locationconstraint does not support all regions today
region = boto3.Session().region_name
if 'us-east-1' in region:
s3_client.create_bucket(Bucket=bucket_name)
else:
s3_client.create_bucket(
Bucket=bucket_name,
CreateBucketConfiguration={
'LocationConstraint': region
}
)
waiter = s3_client.get_waiter('bucket_exists')
waiter.wait(Bucket=bucket_name)
response = s3_client.put_bucket_tagging(
Bucket=bucket_name,
Tagging={
'TagSet': [
{
'Key': 'workshop',
'Value': 'data-protection'
},
]
}
)
################################################################
# referencing the unencrypted text file plaintext_u on disk #
################################################################
current_directory = os.path.dirname(os.path.realpath(__file__)) + '/'
plaintext_filename_path = current_directory + 'plaintext_u.txt'
###############################################################################################
# uploading the unencrypted file to S3 and telling S3 to server side encrypt it #
# you can see that the put_object S3 API is being used here #
# data flows over TLS to s3 and then S3 service encrypt it using the KMS key you provided #
###############################################################################################
encrypted_filename = 'encrypted_e.txt'
response = s3_client.put_object(
Body=open(plaintext_filename_path, 'rb'),
Bucket=bucket_name,
Key=encrypted_filename,
ServerSideEncryption='aws:kms',
SSEKMSKeyId='alias/kms_key_sse_usecase_1'
)
#####################################################################################
# Do a S3 getobject on the encrypted file encrypted_e.txt that's stored on S3 #
# The unencrypted cycled file plaintext_cycled_u.txt is stored in the filesystem #
#####################################################################################
response = s3_client.get_object(
Bucket=bucket_name,
Key=encrypted_filename
)
current_directory = os.path.dirname(os.path.realpath(__file__)) + '/'
plaintext_cycled_filename_path = current_directory + 'plaintext_cycled_u.txt'
with open(plaintext_cycled_filename_path, 'wb') as f:
f.write(response['Body'].read())
print("\nModule run was successful !!")
print("\nplaintext_u.txt was successfully uploaded to S3,server side encrypted and stored as encrypted_e.txt!!")
print("\n Step 2 completed successfully")
except:
print("Unexpected error:", sys.exc_info()[0])
raise
else:
exit(0)