hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Federico Czerwinski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13075) Add support for SSE-KMS and SSE-C in s3a filesystem
Date Tue, 12 Jul 2016 13:08:20 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15372849#comment-15372849
] 

Federico Czerwinski commented on HADOOP-13075:
----------------------------------------------

thanks Steve for taking the time to review it. I've replied your comments in the PR, hopefully
will clarify some things.
I'll work on the comments and update the PR.

I've tested against ap-southeast-2, Sydney.

I haven't been using this patch in particular yet. I've used one based in hadoop 2.7 in a
spark cluster but that patch doesn't have support for SSE-C. 
I don't have any performance statistics I'm afraid. What is that _GET-with-range_ request
that you mention? I don't remember seeing that in the code.

> Add support for SSE-KMS and SSE-C in s3a filesystem
> ---------------------------------------------------
>
>                 Key: HADOOP-13075
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13075
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>            Reporter: Andrew Olson
>            Assignee: Federico Czerwinski
>
> S3 provides 3 types of server-side encryption [1],
> * SSE-S3 (Amazon S3-Managed Keys) [2]
> * SSE-KMS (AWS KMS-Managed Keys) [3]
> * SSE-C (Customer-Provided Keys) [4]
> Of which the S3AFileSystem in hadoop-aws only supports opting into SSE-S3 (HADOOP-10568)
-- the underlying aws-java-sdk makes that very simple [5]. With native support in aws-java-sdk
already available it should be fairly straightforward [6],[7] to support the other two types
of SSE with some additional fs.s3a configuration properties.
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
> [2] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
> [3] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
> [4] http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
> [5] http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html
> [6] http://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html#kms-using-sdks-java
> [7] http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message