Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[export-neptune-to-elasticsearch] Encrypted databases not supported #228

Open
xentripetal opened this issue Jun 29, 2022 · 0 comments
Open

[export-neptune-to-elasticsearch] Encrypted databases not supported #228

xentripetal opened this issue Jun 29, 2022 · 0 comments

Comments

@xentripetal
Copy link

xentripetal commented Jun 29, 2022
edited
Loading

The export batch job will fail when triggered with the following error for encrypted databases:

com.amazonaws.services.neptune.model.KMSKeyNotAccessibleException: The specified KMS key [arn:aws:kms:...YOUR_KEY_ARN...] does not exist, is not enabled or you do not have permissions to access it. (Service: AmazonNeptune; Status Code: 400; Error Code: KMSKeyNotAccessibleFault; Request ID: ...; Proxy: null)

To resolve this you have to manually add a policy to the generated BatchExecutionRole and BatchJobRole.

    Version   = "2012-10-17"
    Statement = [
      {
        Effect = "Allow",
        Action = [
          "kms:Encrypt",
          "kms:Decrypt",
          "kms:GenerateDataKey",
          "kms:ReEncryptTo",
          "kms:GenerateDataKeyWithoutPlaintext",
          "kms:CreateGrant",
          "kms:ReEncryptFrom",
          "kms:DescribeKey"
        ],
        Resource = "YOUR_KMS_ARN"
      }

It would be helpful if there was a KMS arn parameter in the template that will automatically add these permissions to the roles if specified.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xentripetal