Closed
Description
Describe the bug
When using KMS encrypted objects, S3 requires the use of sigv4 credential signing
To reproduce, upload an object using a customer managed kms key
aws s3 cp foo.txt s3://bucket/foo.txt --sse aws:kms --sse-kms-key-id <key_id>
and try to download it using a file source
file(
name="s3_file",
source=http_source(
url="s3://bucket/foo.txt",
len=123,
sha256="sha",
)
)
run_shell_command(
name="list_files",
command="ls -lah {chroot}",
execution_dependencies=[":s3_file"],
)
pants run :list_files
Produces an error like
IntrinsicError: Client error (400) downloading file foo.txt from https://bucket.s3.amazonaws.com/foo.txt
Pants version
2.24.1
OS
Both
Additional info
toml to enable the backend
[GLOBAL]
pants_version = "2.24.1"
backend_packages = [
"pants.backend.shell",
"pants.backend.url_handlers.s3",
]
plugins = [
'botocore==1.34.135'
]