[
https://issues.apache.org/jira/browse/NIFI-7900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17556760#comment-17556760
]
iain smith commented on NIFI-7900:
----------------------------------
Another similar use case is when Nifi is running on an ec2 instance, or in a
container hosted on an ec2 instance. If the instance has an associated IAM role
('instance profile') granting permissions to AWS services, the role's temporary
credentials (Access Key / Secret Key / Session Token) are available to a nifi
flow via a http query to the instance's metadata at the 'special url' (only
accessible locally on the ec2 and hosted containers)
http://169.254.169.254/latest/meta-data/iam/security-credentials/<instance_profile_name>
> Add AWS session token to AWSCredentialsProvider
> -----------------------------------------------
>
> Key: NIFI-7900
> URL: https://issues.apache.org/jira/browse/NIFI-7900
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.9.2, 1.12.1
> Reporter: Jody
> Assignee: Peter Turcsanyi
> Priority: Major
>
> As a NiFi user, I want to use AWS processors, e.g. PutS3Object processor,
> with temporary credentials to allow connecting to secure AWS environments
> that make use of the AWS Security Token Service.
>
> The NiFi AWSCredentialsProviderControllerService is giving an option to add
> the required fields for using temporary credentials. While access key id and
> secret access key properties can be configured, the property "session token"
> is not available. The session token property must be provided when temporary
> credentials are used. If the session token is not presented, an error will be
> thrown: "The AWS Access Key Id you provided does not exist in our records.
> (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId"
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
