Support Questions
Find answers, ask questions, and share your expertise

configuration requirement to read encrypted s3 data in hive


Hi I created external table in hive pointing to the S3 encrypted object (object is encrypted by AWS- KMS).

The table created successfully but when I run a query I get the error:

I tried unencrypted object in s3 and it works without any error.

hive> select * from btest.s3akmsmonths;
Failed with exception ORC split generation failed with exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 495F5A9FF2B2BB17)
Time taken: 0.08 seconds


AWS-KMS isn't going to work I'm afraid; the s3a support we are shipping only supports server side "SSE" encryption. Support for KMS went into Hadoop last week (HADOOP-13204), I'll expect us to be picking it up once we've done enough testing to be happy with it.