Simon, I'm afraid NiFi does not yet support server-side encryption with a specific KMS key ID, only the more basic SSE. This has certainly come up before, you are definitely not alone in wishing for this feature. There is a JIRA:
NIFI-4256 Add support for all AWS S3 Encryption Options https://issues.apache.org/jira/browse/NIFI-4256 On Wed, Apr 18, 2018 at 10:37 AM, Simon Tack <[email protected]> wrote: > Hi. > > > > I am trying to use the PutS3Object Processor in NiFi 1.0.0 to write a file > to S3. I am getting a 403 Access Denied error. My bucket requires SSE > encryption with a certain key. I would expect that I need to specify the > ARN to that key for PutS3Object to work, but I can’t seem to tell how or > where I would specify it. Is what I am trying to do possible with the NiFi > 1.0.0 PutS3Object processor? If not, is it possible with any newer version > of NiFi? > > > > I can upload files to the S3 bucket fine using the AWS CLI tools, but I > have to specify --sse as aws:kms and -sse-kms-key-id, i.e.: > > > > aws s3 cp <file> <s3 uri> --sse aws:kms --sse-kms-key-id <arn to my key> > > > > Thanks, > > Simon >
