aws-ssm-session icon indicating copy to clipboard operation
aws-ssm-session copied to clipboard
verified publisher icon bertrandmartel

Add KMS support

Open fdaugan opened this issue 4 years ago • 1 comments

When SSM is protected with KMS, the payload fails to send/receive data.

See https://github.com/aws/session-manager-plugin/blob/mainline/src/datachannel/streaming.go:

// Encrypt if encryption is enabled and payload type is Output
if dataChannel.encryptionEnabled && payloadType == message.Output {
	inputData, err = dataChannel.encryption.Encrypt(log, inputData)
	if err != nil {
		return err
	}
}

case message.KMSEncryption:
	processedAction.ActionType = action.ActionType
	err := dataChannel.ProcessKMSEncryptionHandshakeAction(log, action.ActionParameters)
	if err != nil {
		processedAction.ActionStatus = message.Failed
		processedAction.Error = fmt.Sprintf("Failed to process action %s: %s",
			message.KMSEncryption, err)
		errorList = append(errorList, err)
	} else {
		processedAction.ActionStatus = message.Success
		processedAction.ActionResult = message.KMSEncryptionResponse{
			KMSCipherTextKey: dataChannel.encryption.GetEncryptedDataKey(),
		}
		dataChannel.encryptionEnabled = true
	}

fdaugan avatar Jan 07 '22 11:01 fdaugan

Got this working - here's everything I know https://github.com/bertrandmartel/aws-ssm-session/pull/14

rupertbg avatar May 17 '22 06:05 rupertbg