[jira] [Commented] (NIFI-7900) Add AWS session token to AWSCredentialsProvider

Tue, 08 Jun 2021 00:02:09 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-7900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17359084#comment-17359084
 ] 

Peter Turcsanyi commented on NIFI-7900:
---------------------------------------

[~j9dy], [~Svirsky] Could you please describe your use cases in more detail?

AWSCredentialsProviderControllerService supports cross-account access via 
Access Key / Secret Key plus Assume Role* properties. No explicit Session Token 
property is needed in this case because it will be retrieved from STS in the 
background along with the temporary Access Key / Secret Key. You need to 
configure the primary Access Key / Secret Key on the controller service which 
will be used to access STS.


Or do you have an external mechanism to get (and refresh) the temporary 
credentials and you wold like to pass them to controller service via FlowFile 
attributes? In this case only the Session Token property needs to be added to 
the controller service but it would be the flow designer's responsibility to 
provide the token value.

> Add AWS session token to AWSCredentialsProvider
> -----------------------------------------------
>
>                 Key: NIFI-7900
>                 URL: https://issues.apache.org/jira/browse/NIFI-7900
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.9.2, 1.12.1
>            Reporter: Jody
>            Assignee: Peter Turcsanyi
>            Priority: Major
>
> As a NiFi user, I want to use AWS processors, e.g. PutS3Object processor, 
> with temporary credentials to allow connecting to secure AWS environments 
> that make use of the AWS Security Token Service. 
>  
> The NiFi AWSCredentialsProviderControllerService is giving an option to add 
> the required fields for using temporary credentials. While access key id and 
> secret access key properties can be configured, the property "session token" 
> is not available. The session token property must be provided when temporary 
> credentials are used. If the session token is not presented, an error will be 
> thrown: "The AWS Access Key Id you provided does not exist in our records. 
> (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId"



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to