Localstack Update KMS key encryption for the S3 object

Hi Folks,
I am trying update the KMS key for one object and following this command with the Localstack but I am getting failure. This is my scenario
creating 2 kms keys
aws kms --endpoint-url=http://localhost:61000 create-key --description "My KMS Key” // dbc1c394-f063-428c-98c0-1edb99839429

aws kms --endpoint-url=http://localhost:61000 create-key --description "My New Key” // b9b6ad03-529d-4eea-80d8-4d69eae41d7a

and then uploading one file via first KMS key
aws s3api --endpoint-url=http://localhost:61000 put-object --bucket test --key v2/ekm/test1 \ --body snapshot.blob \ --server-side-encryption aws:kms \ --ssekms-key-id "dbc1c394-f063-428c-98c0-1edb99839429"

and then updating the kmskey with the new one
aws s3api --endpoint-url=http://localhost:61000 copy-object --bucket test --key v2/ekm/test1 --copy-source test/v2/ekm/test1 --metadata-directive REPLACE --server-side-encryption "aws:kms" --ssekms-key-id "b9b6ad03-529d-4eea-80d8-4d69eae41d7a"

however, once I replace the file I can not access the file anymore and getting following error while downloading it

aws s3api --endpoint-url=http://localhost:61000 get-object --bucket test --key v2/ekm/test1 asd
0 read, but total bytes expected is 13.

This looks to me bug but before opening issue on the github I would like to get your opinions. I am using latest version of the localstack (3.2.0)

Hello @umut and thanks for the report.

This issue is a regression in S3, could you try pulling localstack/locastack:latest and see if that fixes the issue?

Please note that when using KMS Keys with S3, if you’d like LocalStack to validate that the key exists, you can see the following configuration flag: S3_SKIP_KMS_KEY_VALIDATION=0

Just to confirm this is indeed the issue I’m thinking about, are you using a versioned bucket?

See Configuration | Docs

Sorry again for the inconvenience.

1 Like

hi @bentsku thank you for the quick respond. I just tried the latest version and it solved my problem :D.

Do you know when will be a new release for localstack?

Nice, I’m glad the issue is now fixed!

We are planning a new tagged release next week, I believe on the 27th.

1 Like