EMR創建集群失敗：安全配置使用S3客戶端加密自定義密鑰提供者-有解無憂

大家好，請問有人用S3客戶端加密的安全配置創建過EMR集群嗎？
我們按照 https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-gs.html創建集群，安全配置設定自定義密鑰提供者的S3客戶端加密，創建失敗，錯誤資訊：On the master instance (i-051a9d3744f2ae645), Failed to execute custom EncryptionMaterialProvider: Algorithm AES is not supported.

自定義密鑰提供者的java類比較簡單，如下：
public class MyEncryptionMaterialsProviders extends EncryptionMaterialsProvider {
private EncryptionMaterials encryptionMaterials;
private byte[] keyBytes = {
(byte)0x5D,(byte)0xD1,(byte)0xDE,(byte)0x34,(byte)0x08,(byte)0x89,(byte)0x7E,(byte)0xA9,
(byte)0x9A,(byte)0xBF,(byte)0x61,(byte)0xE7,(byte)0x76,(byte)0x32,(byte)0x2F,(byte)0xAA,
(byte)0xD7,(byte)0x4F,(byte)0x4D,(byte)0xBF,(byte)0x26,(byte)0x62,(byte)0x95,(byte)0xB9,
(byte)0xEF,(byte)0x44,(byte)0x8F,(byte)0x8E,(byte)0xC9,(byte)0x45,(byte)0x91,(byte)0xF7};

@Override
public EncryptionMaterials getEncryptionMaterials(Map<String, String> materialsDescription) {
this.encryptionMaterials = new EncryptionMaterials(new SecretKeySpec(keyBytes, "AES"));
return this.encryptionMaterials;
}

@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext arg0) {
this.encryptionMaterials = new EncryptionMaterials(new SecretKeySpec(keyBytes, "AES"));
return this.encryptionMaterials;
}
}

EMR日志資訊如下：
The log message in "elasticmapreduce/j-1BVHYT1N9BKJR/node/i-051a9d3744f2ae645/setup-devices/DiskEncryptor.log.gz" :
2018-09-11 01:07:42,457 INFO main: Encrypted passphrase files does not exist.
2018-09-11 01:07:42,462 ERROR main: Custom LUKS passphrase provider failed
aws157.instancecontroller.encryptor.EMRDiskEncryptorException: Failed to execute custom EncryptionMaterialProvider: Algorithm AES is not supported
at aws157.instancecontroller.encryptor.provider.CustomLUKSPassphraseProvider.fetchSecretKeyByEncryptionContext(CustomLUKSPassphraseProvider.java:193)
at aws157.instancecontroller.encryptor.provider.CustomLUKSPassphraseProvider.getPassphrase(CustomLUKSPassphraseProvider.java:136)
at aws157.instancecontroller.encryptor.LUKSDiskEncryptor.getLUKSPassphrase(LUKSDiskEncryptor.java:74)
at aws157.instancecontroller.encryptor.LUKSDiskEncryptor.encryptOrOpen(LUKSDiskEncryptor.java:52)
at aws157.instancecontroller.encryptor.DiskEncryptorMain.main(DiskEncryptorMain.java:43)
Caused by: aws157.instancecontroller.encryptor.EMRDiskEncryptorException: Algorithm AES is not supported
at aws157.instancecontroller.encryptor.provider.CustomLUKSPassphraseProvider.validateEncryptionMaterials(CustomLUKSPassphraseProvider.java:208)
at aws157.instancecontroller.encryptor.provider.CustomLUKSPassphraseProvider.fetchSecretKeyByEncryptionContext(CustomLUKSPassphraseProvider.java:188)
... 4 more

轉載請註明出處，本文鏈接：https://www.uj5u.com/qita/47544.html

標籤：AWS

上一篇：tarjan演算法有向圖求強連通分量模板

下一篇：docker拉取nodejs和以centos為基礎樁nodjs有什么區別