[jira] [Commented] (NIFI-7900) Add AWS session token to AWSCredentialsProvider

Wed, 23 Feb 2022 05:53:05 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-7900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17496779#comment-17496779
 ] 

Peter Turcsanyi commented on NIFI-7900:
---------------------------------------

[~jmaaks] "Session Token" property can be added to 
AWSCredentialsProviderControllerService but how would you configure it?

Using a static values would not make sense as the token is temporary. So if I 
understand it correctly, the token value would come from a FlowFile attribute 
in practice.

The FlowFile attribute approach could work for PutS3Object which has incoming 
FlowFiles but not for ListS3 which has no incoming connection (currently, so it 
would be a bigger change to add the FlowFile attribute solution here).

Another question: how do you acquire the Session Token that would be passed to 
AWSCredentialsProviderControllerService in the new property? In the NiFi flow 
using a custom processor?

> Add AWS session token to AWSCredentialsProvider
> -----------------------------------------------
>
>                 Key: NIFI-7900
>                 URL: https://issues.apache.org/jira/browse/NIFI-7900
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.9.2, 1.12.1
>            Reporter: Jody
>            Assignee: Peter Turcsanyi
>            Priority: Major
>
> As a NiFi user, I want to use AWS processors, e.g. PutS3Object processor, 
> with temporary credentials to allow connecting to secure AWS environments 
> that make use of the AWS Security Token Service. 
>  
> The NiFi AWSCredentialsProviderControllerService is giving an option to add 
> the required fields for using temporary credentials. While access key id and 
> secret access key properties can be configured, the property "session token" 
> is not available. The session token property must be provided when temporary 
> credentials are used. If the session token is not presented, an error will be 
> thrown: "The AWS Access Key Id you provided does not exist in our records. 
> (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId"



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to