topic Choosing KMS Key when using S3 as target in Qlik Replicate https://community.qlik.com/t5/Qlik-Replicate/Choosing-KMS-Key-when-using-S3-as-target/m-p/1847891#M1192 <P>Hi,</P><P>When downloading files dumped on S3, path (s3://&lt;buket&gt;/&lt;qlik_objects_path&gt;/) we get a Forbidden 403 error.</P><P>We are using a role that has access to read and download objects from &lt;bucket&gt; (located in AWS "sandbox" account)</P><P>The configuration is like following:<BR />- Qlik EM and RS ec2 machines are located in aws "prod" account, and are using IAM role “role1”<BR />- "role1" has permission on two KMS keys which are located in aws "sandbox" account, named: “KM1” and “KM2"<BR />- "role1" has permission to use "KMS1", but not “KMS2”</P><P>So we tried using key "KMS1" in S3 endpoint configuration, under "Data Encryption" and selecting "Server-Side encryption with AWS KMS-Managed Keys (SSE-KMS)".</P><P>But it seems we can only set the KEY ID and not the full ARN, which means it must be under the same AWS account.</P><P>Would like to know:</P><P>1. if that's indeed the reason it cannot upload a test file (KMS keys are looked up in the same AWS account EC2 are)</P><P>2. if there's any option to change this and be able to provide the full ARN.</P><P>&nbsp;</P><P>Thank you</P> Mon, 18 Oct 2021 07:46:52 GMT xavier_quintana 2021-10-18T07:46:52Z Choosing KMS Key when using S3 as target https://community.qlik.com/t5/Qlik-Replicate/Choosing-KMS-Key-when-using-S3-as-target/m-p/1847891#M1192 <P>Hi,</P><P>When downloading files dumped on S3, path (s3://&lt;buket&gt;/&lt;qlik_objects_path&gt;/) we get a Forbidden 403 error.</P><P>We are using a role that has access to read and download objects from &lt;bucket&gt; (located in AWS "sandbox" account)</P><P>The configuration is like following:<BR />- Qlik EM and RS ec2 machines are located in aws "prod" account, and are using IAM role “role1”<BR />- "role1" has permission on two KMS keys which are located in aws "sandbox" account, named: “KM1” and “KM2"<BR />- "role1" has permission to use "KMS1", but not “KMS2”</P><P>So we tried using key "KMS1" in S3 endpoint configuration, under "Data Encryption" and selecting "Server-Side encryption with AWS KMS-Managed Keys (SSE-KMS)".</P><P>But it seems we can only set the KEY ID and not the full ARN, which means it must be under the same AWS account.</P><P>Would like to know:</P><P>1. if that's indeed the reason it cannot upload a test file (KMS keys are looked up in the same AWS account EC2 are)</P><P>2. if there's any option to change this and be able to provide the full ARN.</P><P>&nbsp;</P><P>Thank you</P> Mon, 18 Oct 2021 07:46:52 GMT https://community.qlik.com/t5/Qlik-Replicate/Choosing-KMS-Key-when-using-S3-as-target/m-p/1847891#M1192 xavier_quintana 2021-10-18T07:46:52Z Re: Choosing KMS Key when using S3 as target https://community.qlik.com/t5/Qlik-Replicate/Choosing-KMS-Key-when-using-S3-as-target/m-p/1927767#M2603 <P>Hi,</P> <P>KMS key was not supported till Replicate V 6.1 - need to verify its status now. Please open a case for this question to confirm whether KMS keys are supported or not.&nbsp;</P> <P>Thanks<BR />Orit</P> Mon, 09 May 2022 06:38:26 GMT https://community.qlik.com/t5/Qlik-Replicate/Choosing-KMS-Key-when-using-S3-as-target/m-p/1927767#M2603 OritA 2022-05-09T06:38:26Z