用AWS加密EC2快照
用AWS加密EC2快照
提问于 2022-05-10 06:43:00
我试图使用AWS加密未加密的EC2快照。下面是它的工作原理:
1. we need to copy the unencrypted EC2 snapshot because we can't make a change in already existing snapshot.
2. while copying, we need to set encryption as encrypted and create it.
3. After creating the encrypted snapshot, delete the unencrypted snapshot.这是我如何使用实现的:
public static void encryptSnapshots(Ec2Client ec2, String snapshotId, String region, KmsClient kms){
DescribeSnapshotsRequest describeSnapshotsRequest = DescribeSnapshotsRequest.builder().snapshotIds(snapshotId).build();
DescribeSnapshotsResponse describeSnapshotsResponse = ec2.describeSnapshots(describeSnapshotsRequest);
KeyUsageType keyUsageType = KeyUsageType.ENCRYPT_DECRYPT;
CustomerMasterKeySpec customerMasterKeySpec = CustomerMasterKeySpec.SYMMETRIC_DEFAULT;
OriginType originType = OriginType.AWS_KMS;
CreateKeyRequest createKeyRequest = CreateKeyRequest.builder().keyUsage(keyUsageType).customerMasterKeySpec(customerMasterKeySpec).origin(originType).build();
CreateKeyResponse createKeyResponse = kms.createKey(createKeyRequest);
String kmsId = createKeyResponse.keyMetadata().keyId();
for(Snapshot snapshot: describeSnapshotsResponse.snapshots()){
if(!snapshot.encrypted()){
try{
CopySnapshotRequest copySnapshotRequest = CopySnapshotRequest.builder().sourceSnapshotId(snapshot.snapshotId()).sourceRegion(region).destinationRegion(region).kmsKeyId(kmsId).encrypted(true).copy().build();
CopySnapshotResponse copySnapshotResponse = ec2.copySnapshot(copySnapshotRequest);
TimeUnit.MINUTES.sleep(5);
DeleteSnapshotRequest deleteSnapshotRequest = DeleteSnapshotRequest.builder().snapshotId(snapshotId).build();
DeleteSnapshotResponse deleteSnapshotResponse = ec2.deleteSnapshot(deleteSnapshotRequest);
}
catch(InterruptedException e){
continue;
}
}
}
}以上代码的问题在于,新加密的快照将状态设置为unavailable。
回答 1
Stack Overflow用户
发布于 2022-05-10 07:28:35
我在复制快照时删除了keyID,这样它就可以工作了。修改后的代码:
public static void encryptSnapshots(Ec2Client ec2, String snapshotId, String region, KmsClient kms){
DescribeSnapshotsRequest describeSnapshotsRequest = DescribeSnapshotsRequest.builder().snapshotIds(snapshotId).build();
DescribeSnapshotsResponse describeSnapshotsResponse = ec2.describeSnapshots(describeSnapshotsRequest);
KeyUsageType keyUsageType = KeyUsageType.ENCRYPT_DECRYPT;
CustomerMasterKeySpec customerMasterKeySpec = CustomerMasterKeySpec.SYMMETRIC_DEFAULT;
OriginType originType = OriginType.AWS_KMS;
CreateKeyRequest createKeyRequest = CreateKeyRequest.builder().keyUsage(keyUsageType).customerMasterKeySpec(customerMasterKeySpec).origin(originType).build();
CreateKeyResponse createKeyResponse = kms.createKey(createKeyRequest);
String kmsId = createKeyResponse.keyMetadata().keyId();
for(Snapshot snapshot: describeSnapshotsResponse.snapshots()){
if(!snapshot.encrypted()){
try{
CopySnapshotRequest copySnapshotRequest = CopySnapshotRequest.builder().sourceSnapshotId(snapshot.snapshotId()).sourceRegion(region).destinationRegion(region).encrypted(true).copy().build();
CopySnapshotResponse copySnapshotResponse = ec2.copySnapshot(copySnapshotRequest);
TimeUnit.MINUTES.sleep(5);
DeleteSnapshotRequest deleteSnapshotRequest = DeleteSnapshotRequest.builder().snapshotId(snapshotId).build();
DeleteSnapshotResponse deleteSnapshotResponse = ec2.deleteSnapshot(deleteSnapshotRequest);
}
catch(InterruptedException e){
continue;
}
}
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/72181734
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号