I want to enable SSE-KMS encryption on AWS S3 bucket and apply an existing KMS key to the bucket and also want to set the Bucket Key to true.
AWS CLI put-bucket-encryption v2 doc: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/put-bucket-encryption.html
I followed the above mentioned aws cli documentation for put-bucket-encryption and ran following command but got the validation error for BucketKeyEnabled param.
If I remove that param then the command runs fine and sets the KMS key correctly.
However, I also want to set the Bucket Key to true.
What’s wrong with my command? I did compare the AWS CLI version v1 and v2 documentation and both looks same for put-bucket-encryption.
Is this an aws cli version
Command:
aws s3api put-bucket-encryption \
--bucket my-bucket \
--server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"aws:kms","KMSMasterKeyID":"AWS_KMS_key_ARN"},"BucketKeyEnabled":true}]}'
Error:
Parameter validation failed: Unknown parameter in
ServerSideEncryptionConfiguration.Rules[0]: "BucketKeyEnabled", must
be one of: ApplyServerSideEncryptionByDefault
Following is my aws cli version info:
$ aws --version
aws-cli/1.16.306 Python/2.7.16 Darwin/20.5.0 botocore/1.13.42
As per documentation it should, but does this version not support BucketKeyEnabled param? would updating to the latest aws cli version help?
>Solution :
Version aws-cli/1.16.306 is very old, and BucketKeyEnabled is not supported in the old version. If you want to keep using v1 of CLI, use the latest version which is 1.24.7. Otherwise change to the current version 2.7.11.