Skip to main content
Announcements
UPGRADE ADVISORY for Qlik Replicate 2024.5: Read More
cancel
Showing results for 
Search instead for 
Did you mean: 
xavier_quintana
Contributor
Contributor

Choosing KMS Key when using S3 as target

Hi,

When downloading files dumped on S3, path (s3://<buket>/<qlik_objects_path>/) we get a Forbidden 403 error.

We are using a role that has access to read and download objects from <bucket> (located in AWS "sandbox" account)

The configuration is like following:
- Qlik EM and RS ec2 machines are located in aws "prod" account, and are using IAM role “role1”
- "role1" has permission on two KMS keys which are located in aws "sandbox" account, named: “KM1” and “KM2"
- "role1" has permission to use "KMS1", but not “KMS2”

So we tried using key "KMS1" in S3 endpoint configuration, under "Data Encryption" and selecting "Server-Side encryption with AWS KMS-Managed Keys (SSE-KMS)".

But it seems we can only set the KEY ID and not the full ARN, which means it must be under the same AWS account.

Would like to know:

1. if that's indeed the reason it cannot upload a test file (KMS keys are looked up in the same AWS account EC2 are)

2. if there's any option to change this and be able to provide the full ARN.

 

Thank you

Labels (2)
1 Reply
OritA
Support
Support

Hi,

KMS key was not supported till Replicate V 6.1 - need to verify its status now. Please open a case for this question to confirm whether KMS keys are supported or not. 

Thanks
Orit