[jira] [Commented] (NIFI-2799) AWS Credentials for Assume Role Need Proxy

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-2799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15554126#comment-15554126
 ] 

ASF GitHub Bot commented on NIFI-2799:
--------------------------------------

Github user jvwing commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/1112#discussion_r82327829
  
    --- Diff: 
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
 ---
    @@ -113,16 +134,34 @@ public AWSCredentialsProvider 
getDerivedCredentialsProvider(Map<PropertyDescript
             rawMaxSessionTime = (rawMaxSessionTime != null) ? 
rawMaxSessionTime : MAX_SESSION_TIME.getDefaultValue();
             final Integer maxSessionTime = 
Integer.parseInt(rawMaxSessionTime.trim());
             final String assumeRoleExternalId = 
properties.get(ASSUME_ROLE_EXTERNAL_ID);
    +        STSAssumeRoleSessionCredentialsProvider.Builder builder;
    +
    +        // If proxy variables are set, then create Client Configuration 
with those values
    +        if (proxyVariablesValidForAssumeRole(properties)) {
    +            final String assumeRoleProxyHost = 
properties.get(ASSUME_ROLE_PROXY_HOST);
    +            final Integer assumeRoleProxyPort = 
Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT));
    +            ClientConfiguration config = new ClientConfiguration();
    +            config.withProxyHost(assumeRoleProxyHost);
    +            config.withProxyPort(assumeRoleProxyPort);
    +            AWSSecurityTokenService securityTokenService = new 
AWSSecurityTokenServiceClient(config);
    --- End diff --
    
    Do you need to pass the `primaryCredentialsProvider` to the STS client here?


> AWS Credentials for Assume Role Need Proxy
> ------------------------------------------
>
>                 Key: NIFI-2799
>                 URL: https://issues.apache.org/jira/browse/NIFI-2799
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.0.0
>            Reporter: Keren Tseytlin
>            Assignee: James Wing
>            Priority: Minor
>             Fix For: 1.1.0
>
>
> As a user of Nifi, when I want to enable cross account fetching of S3 objects 
> I need the proxy variables to be set in order to generate temporary AWS 
> tokens for STS:AssumeRole.
> Within some enterprise environments, it is necessary to set the proxy 
> variables prior to running AssumeRole methods. Without this being set, the 
> machine in VPC A times out on generating temporary keys and is unable to 
> assume a role as a machine in VPC B. 
> This ticket arose from this conversation: 
> http://apache-nifi-developer-list.39713.n7.nabble.com/Nifi-Cross-Account-Download-With-A-Profile-Flag-td13232.html#a13252
> Goal: There are files stored in an S3 bucket in VPC B. My Nifi machines are 
> in VPC A. I want Nifi to be able to get those files from VPC B. VPC A and VPC 
> B need to be communicating in the FetchS3Object component.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)