Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
0.6.2
-
None
-
EMR
Description
Hi,
I am trying to setup Zeppelin to store encrypted notebooks in S3 with KMS in us-west-2. I have KMS key in us-west-2 as well.
However when I tried to add ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID pointing to that key, I got the following error in logs
WARN [2016-12-22 11:48:53,275] ({main} NotebookRepoSync.java[<init>]:95) - Failed to sync with secondary storage on start {} java.io.IOException: Unable to store note in S3: com.amazonaws.services.kms.model.NotFoundException: Key 'arn:aws:kms:us-east-1:174485552022:key/a0d06e55-efdd-4f5a-aec6-03a64b08278b' does not exist (Service: AWSKMS; Status Code: 400; Error Code: NotFoundException; Request ID: 9c919bac-c83c-11e6-9b8a-250e451234bf) at org.apache.zeppelin.notebook.repo.S3NotebookRepo.save(S3NotebookRepo.java:223) at org.apache.zeppelin.notebook.repo.NotebookRepoSync.pushNotes(NotebookRepoSync.java:215) at org.apache.zeppelin.notebook.repo.NotebookRepoSync.sync(NotebookRepoSync.java:200) at org.apache.zeppelin.notebook.repo.NotebookRepoSync.<init>(NotebookRepoSync.java:93) at org.apache.zeppelin.server.ZeppelinServer.<init>(ZeppelinServer.java:83) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ... truncated
Notice that it tries to look up key in us-east-1 (default region) instead of us-west-2.
I believe it is about that code https://github.com/apache/zeppelin/blob/master/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/S3NotebookRepo.java#L100 and the patch will look more or less like here http://stackoverflow.com/a/27173676/484050
I think this can be solved by introducing additional environment variable like ZEPPELIN_NOTEBOOK_S3_KMS_KEY_REGION.
Sorry, can't fix that myself.
Thanks,
Mikhail
Attachments
Issue Links
- relates to
-
ZEPPELIN-848 Add support for encrypted data stored in S3
- Open
- links to