aws storage encrypted S3 bucket

[wlandau]

Discussed in #853

^{Originally posted by michkam89 June 13, 2022}
Hi,
I am trying to use targets and AWS storage with encrypted S3 buckets. Is there a way to anyhow provide parameters such as SSEKMSKeyId or ServerSideEncryption for eg. paws::s3$put_object() ? I went though docs and code and I couldn't find it but I don't want to miss it if it's possible :)
Thanks!

[wlandau]

@michkam89, this is currently not possible, but I am open to exposing the arguments. Presumably we would want the full set of arguments of s3$put_object(), which would need to be forwarded through https://github.com/ropensci/targets/blob/main/R/tar_resources_aws.R, https://github.com/ropensci/targets/blob/main/R/class_resources_aws.R, and https://github.com/ropensci/targets/blob/main/R/utils_aws.R. Would you be willing to help test when the time comes?

[michkam89]

great, thanks! Yes, I'd be happy to help :)

[wlandau]

Looking at the paws::s3() functions, there is an overwhelming number of arguments, all camel case. That might make targets more vulnerable to breaking when paws or the AWS API changes argument names. So I think it best to make these additional arguments informal. targets can at least provide argument checking (e.g. spelling) using the formals of paws functions (can also check that arguments like Bucket and versionID are excluded).

[wlandau]

@michkam89, as of 45c104c it is now possible to supply encryption arguments etc. to tar_resources_aws() via .... When you have a free moment, would you check if the update works for you?

[michkam89]

Hi @wlandau, tested on SSE-KMS encryption with arguments SSEKMSKeyId and ServerSideEncryption with success. Thanks for this update!