Trying to use Lambda/Boto3 to modify an endpoint.
According to documentation:
response = client.modify_endpoint(
EndpointArn='string',
S3Settings={
'EncryptionMode': 'sse-s3'|'sse-kms',
'ServerSideEncryptionKmsKeyId': 'string',
}
However, when I set 'sse-kms' and pass my KeyID, I am getting this error back :
[ERROR] ClientError: An error occurred (InvalidParameterCombinationException) when calling the ModifyEndpoint operation: Only SSE_S3 encryption mode supported. Traceback (most recent call last): File "/var/task/main.py", line 16, in main response = client.modify_endpoint( File "/var/runtime/botocore/client.py", line 316, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/runtime/botocore/client.py", line 635, in _make_api_call raise error_class(parsed_response, operation_name)
Here's my full Lambda:
def main(event,context):
client = boto3.client('dms')
response = client.modify_endpoint(
EndpointArn = 'arn:aws:dms:us-east-1:123456789012:endpoint:xxxxxxxxxxxxxxxxxxxxxxxxxxxx',
ExtraConnectionAttributes = 'cdcPath=undefined',
S3Settings = {
'CompressionType': 'none',
'DataFormat': 'parquet',
'EncryptionMode': 'sse-kms',
'ServerSideEncryptionKmsKeyId': 'arn:aws:kms:us-east-1:772631637424:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
}
)
It looks like you have created or your existing endpoint EncryptionMode is set to SSE_S3. As per this doc it is not possible for you to change from SSE_S3 to SSE_KMS.
For the ModifyEndpoint operation, you can change the existing value of the EncryptionMode parameter from SSE_KMS to SSE_S3. But you can’t change the existing value from SSE_S3 to SSE_KMS.