In some of the cases even though the kmsClientSideEncryptionKeyId is correctly configured, if the following URL https://sts.amazonaws.com is not whitelisted on the host/cluster where Artifactory is hosted, you would observe the above error in the Artifactory logs.
Below is the example I AM permission:
Below is the example I AM permission:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor", "Effect": "Allow", "Action": "s3:*", "Resource": "XXXXXXXXX" }, { "Sid": "AllowUseOfKeyInAccountxxxxx", "Effect": "Allow", "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ], "Resource": "XXXXXXXXXX" } ] }