Encrypted S3 bucket usage

[freyjadomville]

Hi,

I work for a consultancy where company policy generally forbids the use of unencrypted items in S3 buckets.

Is there a supported way of making Artillery write to S3 using server-side encryption when using run-fargate? If not, is there a timeline for such a feature in the future so we can lock down permissions on S3 without having to temporarily widen them during load testing?

Kind Regards,

Freyja

[anthony-nhs]

I am not sure if this is officially supported, but have tried it with lambda and it seems to work.

Before running artillery, I created a bucket called "artilleryio-test-data-${AWS::AccountId}-${AWS::Region}" with SSE enabled - see https://github.com/artilleryio/artillery/blob/main/packages/artillery/lib/platform/aws/aws-ensure-s3-bucket-exists.js#L42 for the name as its slightly different if you are using global.
I then created a role with policies to access the bucket and KMS key used for encryption and other things needed for running - see https://github.com/artilleryio/artillery/blob/main/packages/artillery/lib/platform/aws-lambda/index.js#L661 for lambda (https://github.com/artilleryio/artillery/blob/main/packages/artillery/lib/platform/aws-ecs/ecs.js#L121 seems to be the corresponding code for fargate)
Then when running artillery I passed the role created above using --lambda-role-arn parameter

[murcialito]

Same problem here, the company policy does not allow PutObject without specifying the server side encryption even if it is set in the bucket itself. I have tried @anthony-nhs approach but still getting rejected as no server side encryption param is defined in the PutObject operation. As it is a global policy and I cannot disable it for load testing we are unable to use the run-fargate functionality at all. I can help with the implementation if required.