Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
UPGRADE ADVISORY for Qlik Replicate 2024.5: Read More
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
xavier_quintana
Contributor
Contributor
‎2021-10-18 03:46 AM

Choosing KMS Key when using S3 as target

Hi,

When downloading files dumped on S3, path (s3://<buket>/<qlik_objects_path>/) we get a Forbidden 403 error.

We are using a role that has access to read and download objects from <bucket> (located in AWS "sandbox" account)

The configuration is like following:
- Qlik EM and RS ec2 machines are located in aws "prod" account, and are using IAM role “role1”
- "role1" has permission on two KMS keys which are located in aws "sandbox" account, named: “KM1” and “KM2"
- "role1" has permission to use "KMS1", but not “KMS2”

So we tried using key "KMS1" in S3 endpoint configuration, under "Data Encryption" and selecting "Server-Side encryption with AWS KMS-Managed Keys (SSE-KMS)".

But it seems we can only set the KEY ID and not the full ARN, which means it must be under the same AWS account.

Would like to know:

1. if that's indeed the reason it cannot upload a test file (KMS keys are looked up in the same AWS account EC2 are)

2. if there's any option to change this and be able to provide the full ARN.

 

Thank you

Labels (2)
Labels
518 Views
0 Likes
1 Reply
OritA
Support
Support
‎2022-05-09 02:38 AM

Hi,

KMS key was not supported till Replicate V 6.1 - need to verify its status now. Please open a case for this question to confirm whether KMS keys are supported or not. 

Thanks
Orit

398 Views
0 Likes