tag:blogger.com,1999:blog-8449039.post3368199874377476162..comments2024-03-28T05:59:36.577-04:00Comments on Scott Spendolini's Blog: BLOBs in the Cloud with APEX and AWS S3Scotthttp://www.blogger.com/profile/01187435106015051061noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-8449039.post-8361795382922370552017-07-16T13:00:49.490-04:002017-07-16T13:00:49.490-04:00This is regarding an earlier (unpublished) post wh...This is regarding an earlier (unpublished) post where I asked for help with troubleshooting the issue of not getting rows returned from the sample select that you provided. I found the problem was because of an edit I had made to your AWS S3 package that allows support of HTTPS. I had thought one of the constant values was specific to your environment and I changed it. Wrong. So, thanks again for the article and I will now take the next step of trying to get it to work with APEX.Brad Peekhttps://www.blogger.com/profile/15817125526394590143noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-44078203127963894912017-07-15T16:04:24.948-04:002017-07-15T16:04:24.948-04:00To get around the AWS4-HMAC-SHA256 issue, I create...To get around the AWS4-HMAC-SHA256 issue, I created an AWS bucket in the US East (N. Virginia) region, which I think should support the older cypher that your package uses. I get to the point of running "SELECT * FROM table (amazon_aws_s3_pkg.get_object_tab(p_bucket_name => 'my-bucket-name'));" but zero rows are returned. I don't get any error messages, which I think means I am authenticating and also specifying the correct bucket name. For example, if I put in a bogus bucket name I get an error message to that effect. Any idea why that select would not find the documents in that bucket? I tried making the files "public" just to see if it was a permissions issue and have also tried a couple of different IAM users with no luck.<br /><br />I installed the AWS CLI onto my laptop and can list the document using the same IAM user and bucket name. I would LOVE to get this working, so any help would be appreciated.<br />Brad Peekhttps://www.blogger.com/profile/15817125526394590143noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-27819561894284368722017-07-15T10:39:13.155-04:002017-07-15T10:39:13.155-04:00Brad,
Upgrading to 12c is likely the best approac...Brad,<br /><br />Upgrading to 12c is likely the best approach. There is a patch that will add the new cyphers to 11g as well, but it took quite a while for us to get that to work on another instance. You are welcome to pursue that path as well, but you'll have to work with Oracle Support to get the patch applied.<br /><br />- Scott -Scotthttps://www.blogger.com/profile/01187435106015051061noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-63211058792571471252017-07-09T15:45:57.810-04:002017-07-09T15:45:57.810-04:00Scott -- I ran into "The authorization mechan...Scott -- I ran into "The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256", which is discussed here: https://github.com/mortenbra/alexandria-plsql-utils/issues/24?_pjax=%23js-repo-pjax-container <br /><br />My APEX instance is hosted at Enciva.com and is currently Oracle 11. The GitHub issue comments mentions that the Oracle 12c dbms_crypto package has added HMAC_SH256 support. I can ask Enciva to upgrade my instance to Oracle 12c, but was wondering what else I would need to do to make this work? Not sure I have the skills or patience for a major change to the packages that Morten and you have so generously provided.<br /><br />Did you also run into this issue? Find a solution?Brad Peekhttps://www.blogger.com/profile/15817125526394590143noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-82869824591429328922017-07-05T21:39:16.309-04:002017-07-05T21:39:16.309-04:00Same difference; anything to load a page on that d...Same difference; anything to load a page on that domain will do it.<br /><br />- Scott -Scotthttps://www.blogger.com/profile/01187435106015051061noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-91652391386817482042017-07-05T21:24:42.374-04:002017-07-05T21:24:42.374-04:00Thanks. That probably would have worked. What I...Thanks. That probably would have worked. What I did was "open" a text file from the S3 console and exported the certs from the resulting URL. It appears to have worked, although I won't know for sure until I get further along. Brad Peekhttps://www.blogger.com/profile/15817125526394590143noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-18127668056283028982017-07-05T19:56:49.575-04:002017-07-05T19:56:49.575-04:00Brad,
Use this URL: https://s3.amazonaws.com/buck...Brad,<br /><br />Use this URL: https://s3.amazonaws.com/bucket_name/foo<br /><br />Even though the access is blocked, you should be able to get the certificate from that page.<br /><br />Thanks,<br /><br />- Scott -<br />Scotthttps://www.blogger.com/profile/01187435106015051061noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-761480132604813412017-07-05T19:52:41.310-04:002017-07-05T19:52:41.310-04:00I'm going to give this a try, and really appre...I'm going to give this a try, and really appreciate the article. You mention that in order to create a wallet with the correct certificates I would need to get them from s3.amazonaws.com. Has this changed since you originally wrote the article? I get a redirect to https://aws.amazon.com/s3/ when I try it and I'm not sure if that is correct (don't want to assume).Brad Peekhttps://www.blogger.com/profile/15817125526394590143noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-43158832486517012542015-09-30T04:25:05.135-04:002015-09-30T04:25:05.135-04:00Hi,
I set this up and it's working fine, with ...Hi,<br />I set this up and it's working fine, with one problem.<br />I've created a folder in the bucket using Greek characters and when retrieving the list those characters are garbage.<br /><br />I'm using Oracle XE 10g with NLS_CHARACTERSET = AL32UTF8. Any ideas how this could work?<br />Theodoros Emmanuelhttps://www.blogger.com/profile/06895502281059416788noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-40809693367912472022014-05-19T06:15:04.949-04:002014-05-19T06:15:04.949-04:00Trent,
Thanks for your feedback; I've updated...Trent,<br /><br />Thanks for your feedback; I've updated the post to reflect the accurate pricing information. <br /><br />Your other suggestions touch on some additional capabilities of S3; encryption and redundancy. Both of these should be considered for sensitive production data, as they offer additional protection, especially when used together.<br /><br />Thanks,<br /><br />- Scott -<br />Scotthttps://www.blogger.com/profile/01187435106015051061noreply@blogger.comtag:blogger.com,1999:blog-8449039.post-61447322806889235832014-05-17T18:43:57.975-04:002014-05-17T18:43:57.975-04:00Nice Guide Scott.
Just a quick comment - in your ...Nice Guide Scott.<br /><br />Just a quick comment - in your overview, you mentioned to store 1TB of data it is 3 cents/month. I understood this to be 3 cents per GB up to the first TB.<br /><br />Some adjustments I made to the package(s).<br /><br />- Rather than using the g_gmt_offset variable, I adjusted the function (get_date_string) that returns the current date to return it in UTC format without the dependency of g_gmt_offset being accurate: to_char(sys_extract_utc(systimestamp), 'Dy, DD Mon YYYY HH24:MI:SS', 'NLS_DATE_LANGUAGE = AMERICAN') || ' GMT'. <br /><br />- Enabling server side encryption. In the assignment of l_auth_string in the new_object procedure, pass in the header: x-amz-server-side-encryption: AES256 and extend l_header_names and l_header_values arrays to pass in x-amz-server-side-encryption and AES256 respectively. <br /><br />- Enabling reduced redundancy storage - for non prod systems it's probably not necessary to use the standard storage class. In the assignment of l_auth_string in the new_object procedure, pass in the header: x-amz-storage-class: STANDARD or REDUCED_REDUNDANCY and extend l_header_names and l_header values arrays to pass in x-amz-storage-class and STANDARD or REDUCED_REDUNDANCY respectively.trenthttps://www.blogger.com/profile/01464403245553283344noreply@blogger.com