So according to the document we used section 3.13 to generate the CiphertextBlob which we used as Env variables (kms_encrypted_secret) as below , and when we are running the python script for createendpoint (lambda_function.py)
We are getting the error when it is trying to decrypt the cipherblobtext, can you please let us know if we have to do anything different here for encrypting and decrypting or we missing anything?
STEPS as per section 3.13 of document
aws kms encrypt --key-id 76c3f803-2c13-43d4-9500-e2d5c88f8236 --plaintext "eyJ1c2VybmFtZSI6IkFQSVVzZXIiLCJwYXNzd29yZCI6IkFsaWdodEAxMjM0NTY3OEAifQ=="
{
"CiphertextBlob": "AQICAHh01sOFYldMalcHKBslP0iKaZdw29JTCq/yj/FMxORhtwE9JYHlYRzH2QDE4XL1c6pNAAAAlTCBkgYJKoZIhvcNAQcGoIGEMIGBAgEAMHwGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMIJ7XmFK0n3qeTSWeAgEQgE968Einbu3x175eJXdv3lDUR0PxT9N9V34MvrG+tp08ltb6gZBNEBeW+BYbHzUWiYCpNyUWUkwbg2HKE18JpmHpkiEnpYFZkSABvrIakBj9",
"KeyId": "arn:aws:kms:us-east-1:427130756745:key/76c3f803-2c13-43d4-9500-e2d5c88f8236",
"EncryptionAlgorithm": "SYMMETRIC_DEFAULT"
}
Environment variables set in the lambda function.
ERROR we getting when running the Python script for creating endpoint (lambda_function.py)
Test Event Name
(unsaved) test event
Response
{
"errorMessage": "Invalid base64-encoded string: number of data characters (37) cannot be 1 more than a multiple of 4",
"errorType": "Error",
"stackTrace": [
" File \"/var/task/lambda_function.py\", line 14, in lambda_handler\n data = json.loads(get_secret())\n",
" File \"/var/task/lambda_function.py\", line 106, in get_secret\n client_secret= base64.b64decode(client_secret)\n",
" File \"/var/lang/lib/python3.7/base64.py\", line 87, in b64decode\n return binascii.a2b_base64(s)\n"
]
}
Function Logs
START RequestId: ffdf2511-ef05-46da-8831-84801b132f03 Version: $LATEST
{'key1': 'value1', 'key2': 'value2', 'key3': 'value3'}
{'KeyId': 'arn:aws:kms:us-east-1:427130756745:key/76c3f803-2c13-43d4-9500-e2d5c88f8236', 'Plaintext': b'{"username":"XXXX","password":"XXXXXX"}', 'EncryptionAlgorithm': 'SYMMETRIC_DEFAULT', 'ResponseMetadata': {'RequestId': '4d63bc42-6393-442e-8f65-ad62eb3cb00c', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '4d63bc42-6393-442e-8f65-ad62eb3cb00c', 'cache-control': 'no-cache, no-store, must-revalidate, private', 'expires': '0', 'pragma': 'no-cache', 'date': 'Wed, 09 Aug 2023 16:14:30 GMT', 'content-type': 'application/x-amz-json-1.1', 'content-length': '238', 'connection': 'keep-alive'}, 'RetryAttempts': 0}}
b'{"username":"XXXX","password":"XXXX"}'
[ERROR] Error: Invalid base64-encoded string: number of data characters (37) cannot be 1 more than a multiple of 4
Traceback (most recent call last):
File "/var/task/lambda_function.py", line 14, in lambda_handler
data = json.loads(get_secret())
File "/var/task/lambda_function.py", line 106, in get_secret
client_secret= base64.b64decode(client_secret)
File "/var/lang/lib/python3.7/base64.py", line 87, in b64decode
return binascii.a2b_base64(s)
END RequestId: ffdf2511-ef05-46da-8831-84801b132f03
REPORT RequestId: ffdf2511-ef05-46da-8831-84801b132f03 Duration: 1679.24 ms Billed Duration: 1680 ms Memory Size: 128 MB Max Memory Used: 72 MB Init Duration: 311.59 ms
Request ID
ffdf2511-ef05-46da-8831-84801b132f03
