Hey, I’m trying to implement Client side field level encryption, I’m running MongoDB on a container inside my EC2 instance
I wrote a script that uses my EC2’s Programmatic access credentials and connects to the AWS KMS provider, but whenever I try to create a data key, or encrypt anything, I get an error:
EncryptionError: Error in KMS response 'The security token included in the request is invalid.'. HTTP status=400
I also tried setting the ACCESS_KEY, SECRET_KEY and SESSION_TOKEN to be environment variables and still got the error
The EC2 instance has full control over KMS,
Whenever using the normal boto3 ‘KMS’ client, I can manage to create a data_key, encrypt and decrypt data
I wanted to open a Jira Bug issue about this case but figured I might be doing something wrong
That’s the script that I used - from boto3 import Sessionfrom pymongo import MongoClientfrom pymongo.encrypt - Pastebin.com
I’d appreciate any help provided