lib/logstash/outputs/s3.rb in logstash-output-s3-4.0.3 vs lib/logstash/outputs/s3.rb in logstash-output-s3-4.0.5
- old
+ new
@@ -125,13 +125,27 @@
# The S3 canned ACL to use when putting the file. Defaults to "private".
config :canned_acl, :validate => ["private", "public_read", "public_read_write", "authenticated_read"],
:default => "private"
- # Specifies wether or not to use S3's AES256 server side encryption. Defaults to false.
+ # Specifies wether or not to use S3's server side encryption. Defaults to no encryption.
config :server_side_encryption, :validate => :boolean, :default => false
+ # Specifies what type of encryption to use when SSE is enabled.
+ config :server_side_encryption_algorithm, :validate => ["AES256", "aws:kms"], :default => "AES256"
+
+ # The key to use when specified along with server_side_encryption => aws:kms.
+ # If server_side_encryption => aws:kms is set but this is not default KMS key is used.
+ # http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
+ config :ssekms_key_id, :validate => :string
+
+ # Specifies what S3 storage class to use when uploading the file.
+ # More information about the different storage classes can be found:
+ # http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
+ # Defaults to STANDARD.
+ config :storage_class, :validate => ["STANDARD", "REDUCED_REDUNDANCY", "STANDARD_IA"], :default => "STANDARD"
+
# Set the directory where logstash will store the tmp files before sending it to S3
# default to the current OS temporary directory in linux /tmp/logstash
config :temporary_directory, :validate => :string, :default => File.join(Dir.tmpdir, "logstash")
# Specify a prefix to the uploaded filename, this can simulate directories on S3. Prefix does not require leading slash.
@@ -181,11 +195,11 @@
if !WritableDirectoryValidator.valid?(@temporary_directory)
raise LogStash::ConfigurationError, "Logstash must have the permissions to write to the temporary directory: #{@temporary_directory}"
end
- if @validate_credentials_on_root_bucket && !WriteBucketPermissionValidator.valid?(bucket_resource)
+ if @validate_credentials_on_root_bucket && !WriteBucketPermissionValidator.new(@logger).valid?(bucket_resource)
raise LogStash::ConfigurationError, "Logstash must have the privileges to write to root bucket `#{@bucket}`, check you credentials or your permissions."
end
if @time_file.nil? && @size_file.nil? || @size_file == 0 && @time_file == 0
raise LogStash::ConfigurationError, "The S3 plugin must have at least one of time_file or size_file set to a value greater than 0"
@@ -263,10 +277,12 @@
end
def upload_options
{
:acl => @canned_acl,
- :server_side_encryption => @server_side_encryption ? :aes256 : nil,
+ :server_side_encryption => @server_side_encryption ? @server_side_encryption_algorithm : nil,
+ :ssekms_key_id => @server_side_encryption_algorithm == "aws:kms" ? @ssekms_key_id : nil,
+ :storage_class => @storage_class,
:content_encoding => @encoding == "gzip" ? "gzip" : nil
}
end
private