Help Center> FunctionGraph> Best Practices> Function + DEW: Encrypting/Decrypting Files> Preparation
Updated on 2023-12-15 GMT+08:00
View PDF

Preparation

Create two OBS buckets to store uploaded and encrypted/decrypted files, respectively.

Create an agency to delegate FunctionGraph to access OBS resources.

Creating OBS Buckets

  • The function and the source and destination buckets for storing files must be in the same region.
  • Use two different OBS buckets. If only one bucket is used, the function will be executed infinitely. (When a file is uploaded to the bucket, the function is triggered to process the file and store the processed file into the bucket again. In this way, the function executes endlessly.)

Procedure

  1. Log in to the OBS console, and click Create Bucket.
  2. On the Create Bucket page, set the bucket information.

    • For Region, select a region.
    • For Data Redundancy Policy, select Single-AZ storage.
    • For Bucket Name, enter dew-bucket-input.
    • For Default Storage Class, select Standard.
    • For Bucket Policies, select Private.
    • For Direct Reading, select Disable.

    Click Create Now.

  3. Repeat Step 2 to create the destination bucket.

    Name the destination bucket dew-bucket-output, and select the same region and storage class as those of the source bucket.

  4. View dew-bucket-input and dew-bucket-output in the bucket list.

Creating a DEW Key

  • The DEW key and function must be in the same region.

Procedure

  1. In the left navigation pane of the management console, choose Security & Compliance > Data Encryption Workshop to go to the DEW console. Then click Create Key.
  2. On the Create Key page, click OK.
  3. Record the master key ID.

Creating an Agency

  1. In the left navigation pane of the management console, choose Management & Governance > Identity and Access Management to go to the IAM console. Then choose Agencies in the navigation pane.
  2. On the Agencies page, click Create Agency.
  3. Set the agency information.

    • For Agency Name, enter serverless_trust.
    • For Agency Type, select Cloud service.
    • For Cloud Service, select FunctionGraph.
    • For Validity Period, select Unlimited.
    • For Description, enter a description.

  4. Click Next. On the Select Policy/Role page, select Tenant Administrator and click Next.

    Users with the Tenant Administrator permission can perform any operations on all cloud resources of the enterprise.

  5. Click OK.