[ https://issues.apache.org/jira/browse/NIFI-7900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17556874#comment-17556874 ]
iain smith commented on NIFI-7900: ---------------------------------- [~john.wise] - Could this be used in your use case above, by setting 'Use Default Credentials' to 'true' then configuring your periodic STS-endpoint credentials retrieving flow to write the access key id, secret access key and session token into the AWS default credentials file $HOME/.aws/credentials (in the format shown below)? [default] aws_access_key_id = XXXX aws_secret_access_key = XXXX aws_session_token = XXXXX or set them as environment variables with the correct names maybe? That should also be picked up as long as 'Use Default Credentials' is 'true' > Add AWS session token to AWSCredentialsProvider > ----------------------------------------------- > > Key: NIFI-7900 > URL: https://issues.apache.org/jira/browse/NIFI-7900 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions > Affects Versions: 1.9.2, 1.12.1 > Reporter: Jody > Assignee: Peter Turcsanyi > Priority: Major > > As a NiFi user, I want to use AWS processors, e.g. PutS3Object processor, > with temporary credentials to allow connecting to secure AWS environments > that make use of the AWS Security Token Service. > > The NiFi AWSCredentialsProviderControllerService is giving an option to add > the required fields for using temporary credentials. While access key id and > secret access key properties can be configured, the property "session token" > is not available. The session token property must be provided when temporary > credentials are used. If the session token is not presented, an error will be > thrown: "The AWS Access Key Id you provided does not exist in our records. > (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId" -- This message was sent by Atlassian Jira (v8.20.7#820007)