- Set up a user with AWS Access to create a key and S3 bucket.
- Create a kms key for S3S2 to use.
- Assign permissions to use the key appropriately.
- Create an S3 bucket for S3S2 to use.
- Run
s3s2 configto build the default config file - Run
s3s2 share --bucket s3s2-demo --directory ~/Desktop/s3s2/(Fails because no encryption - neither gpg or s3-kms) - Run
s3s2 share --bucket s3s2-demo --directory ~/Desktop/s3s2/ --awskey <kms-key-we-have-permissions-on> --region us-east-1(Succeed) - Pull file from console to show encryption
s3s2 genkey --keydir ./test/s3s2/s3s2-keys/ --keyprefix test1- Generates keys to use. Note these keynames need to match the scripts.preptest.sh- Cleans up the directories and S3 buckets used.sanity.sh- Shows where the current files are.share.sh- Shares the data up to S3 encrypted with the pgp files.decrypt.sh <filename>- Pulls the files back down from S3 based on the manifest and decrypts.
- Generate keys to use:
s3s2 genkey --keydir ./test/s3s2/s3s2-keys/ --keyprefix test - Set up data to use. For the purpose of this demo, we'll put the data we want to process in test/s3s2/s3s2-up/
- Share the directory:
aws-vault exec <role>s3s2 share --debug true --bucket <your-bucket> --region <your-region> --directory test/s3s2/s3s2-up/ --org YourOrg --prefix <optional-prefix> --receiver-public-key test/s3s2/s3s2-keys/test.pubkey(Keys and directories per setup) - Check your bucket for the files:
aws-vault exec <role> -- aws s3 ls <your-bucket> - Download and decrypt the files:
aws-vault exec <role> -- s3s2 decrypt --debug true --bucket <your-bucket> --region <your-region> --destination ./test/s3s2/s3s2-down/ --my-private-key ./test/s3s2/s3s2-keys/test.privkey --my-public-key ./test/s3s2/s3s2-keys/test1.pubkey --file <the manifest.json file from the share step> - Check the local files:
ls -al test/s3s2/s3s2-down/
aws-vault exec <role> -- aws s3 rm s3://<your-test-bucket>/ --recursive- Cleanup directories with s3s2-down and s3s2-up.