AWS KET

awsket.ket.check_alias(alias_name, region)[source]

Check for AWS KMS alias

Checks if an alias for kms key with specified name already exists in a region.

Parameters:

  • alias_name (str) – Alias for the kms key. For this project it is set as alias/aws-ket

  • region (str) – Region where the KMS key is be created. e.g. us-east-2. (Note: S3 and KMS must be in same region)

Returns:

Name of the alias or None

Return type:

str

Raises:

  • UnrecognizedClientException – Incorrect name for alias is provided

  • AccessDeniedException – If user does not have permisions to check for kms key alias name

awsket.ket.create_kms_alias(key_id, alias_name, region)[source]

Create an Alias for KMS Key in AWS

Creates an alias for kms key in AWS in the specified region. The user must have create kms alias permission.

Parameters:

  • key_id (str) – ID of the kms key

  • alias_name (str) – Alias for the kms key. Prefer a simple name that can be used. For this project it is set as alias/aws-ket

  • region (str) – Region where the KMS key will be created. e.g. us-east-2. (Note: S3 and KMS must be in same region)

Returns:

name of the alias

Return type:

str

Raises:

  • ValidationException – If the alias name does not follow AWS guidelines or convention

  • AlreadyExistsException – If an alias with same name already exists in the same region

awsket.ket.create_kms_key(region)[source]

Create KMS Key in AWS

Creates a KMS key in AWS in the specified region. The user must have create bucket permission.

Parameters:

region (str) – Region where the KMS key will be created. e.g. us-east-2. (Note: S3 and KMS must be in same region)

Returns:

ID of the KMS key

Return type:

str

Raises:

  • UnrecognizedClientException – If AWS Access key does not exists

  • AccessDeniedException – If the user does not have suffiecient permission to create a KMS key

awsket.ket.create_s3_bucket(bucket_name, region)[source]

Create S3 Bucket

Creates an s3 bucket in AWS with the provided name and specified region. The user must have create bucket permission.

Parameters:

  • bucket_name (str) – Name of the bucket to be created

  • region (str) – Region where the bucket will be created. e.g. us-east-2. (Note: S3 and KMS must be in same region)

awsket.ket.decrypt_text(bucket_name, remote_file_name, kms_key_id, region)[source]

Decrypt file from S3 using KMS

Decrypts file from S3 using KMS key.

Parameters:

  • bucket_name (str) – Bucket where the enrypted file is stored

  • remote_file_name (str) – Object name or path to an object in S3 that needs to be decrypted

  • kms_key_id (str) – This can be either kms key id, kms arn, alias or alias arn

  • region (str) – Region where the KMS key is located. e.g. us-east-2. (Note: S3 and KMS must be in same region)

Returns:

Plaintext

Return type:

str

Raises:

  • NoSuchBucket – Incorrect bucket name provided

  • NoSuchKey – Incorret object name or object does not exist in S3

  • IncorrectKeyException – The key does not match with what was used to encrypt the file

  • ParamValidationError – Incorrect parameter passed to the function

awsket.ket.encrypt_file(kms_key, file_name, region)[source]

Encrypt file using KMS

Encrypts the content of a specified file using a KMS key.

Parameters:

  • kms_key (str) – This can be either kms key id, kms arn, alias or alias arn

  • file_name (str) – File name or path to a file that needs to be encrypted

  • region (str) – Region where the KMS key is located. e.g. us-east-2. (Note: S3 and KMS must be in same region)

Returns:

CiphertextBlob

Return type:

dict

Raises:

  • NotFoundException – Incorrect name of file or file does not exist

  • ValidationException – The file must contain more than 0 characters text

  • AccessDeniedException – If user does not have permisions to check for kms key alias name

  • ParamValidationError – Incorrect parameter passed to the function

awsket.ket.encrypt_text(kms_key, text, region)[source]

Encrypt text using KMS

Encrypts plaintext of up to 4,096 bytes using a KMS key from the specified region.

Parameters:

  • kms_key (str) – This can be either kms key id, kms arn, alias or alias arn

  • text (str) – Either plain text or any type of content that needs to be encrypted

  • region (str) – Region where the KMS key is located. e.g. us-east-2. (Note: S3 and KMS must be in same region)

Returns:

CiphertextBlob

Return type:

dict

Raises:

  • UnrecognizedClientException – Incorrect name for alias is provided

  • AccessDeniedException – If user does not have permisions to encrypt using kms key or alias name

awsket.ket.get_iam_user()[source]

Retrieves information about the specified IAM user, including the user creation date, path, unique ID, and ARN. It uses the AWS Access Key and Secret Key to retrieve the user information

Returns:

A dictioary scontaining details about the IAM user.

Return type:

dict

awsket.ket.push_to_s3(bucket_name, remote_file_name, content, region)[source]

Push files or texts to S3

Creates an s3 bucket in AWS with the provided name and specified region. The user must have create bucket permission.

Parameters:

  • bucket_name (str) – Name of the bucket to be created

  • remote_file_name (str) – File or object name with which it will be stored as in the remote S3 bucket

  • content (str) – Text, object or file that will be pushed to S3. Often referred as the body of the request.

  • region (str) – Region where the bucket is located. e.g. us-east-2. (Note: S3 and KMS must be in same region)

Raises:

  • NoSuchBucket Exception – If trying to push to a bucket that does nnot exists. Can be casued by typing an incorrect bucket name.

  • AllAccessDisabled Exception – Usually raised if no filename provided in the parameter

awsket.ket.save_to_file(file_name, decrypted_string)[source]

Save file

Saves the derypted text to a local file

Parameters:

  • file_name (str) – Local file name where the decrypted output will be sotred

  • decrypted_string (str) – Decrypted utput in string format.

awsket.cleanup.cleanup_s3(bucket_name, region_name)[source]

Clean up S3

Deletes an entire bucket

Parameters:

  • bucket_name (str) – Bucket where the enrypted file is stored

  • region_name (str) – Object name or path to an object in S3 that needs to be decrypted

Raises:

NoSuchBucket – The bucket name provided was incorrect or does not exist

awsket.cleanup.get_iam_user()[source]

Get IAM User

Get current IAM user based onn the Access/Sewcret Keys setup in CLI

Returns:

user_id

Return type:

str

Raises:

  • UnrecognizedClientException – Error with the boto3 client

  • AccessDeniedException – Invalid Accesss Key and Secret key used. Unable to get the IAM user

awsket.cleanup.permanently_delete_object(bucket_name, region_name, object_key=None)[source]

Permanently delete objects Permanently deletes a versioned object by deleting all of its versions.

Parameters:

  • bucket_name (str) – The bucket that contains the object.

  • region_name (str) – The region S3 was created in.

  • object_key (str) – The object to delete.

Raises:

ClientErrorException – Error while trying to delete objects in a S3 bucket