[
https://issues.apache.org/jira/browse/NIFI-7900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17556874#comment-17556874
]
iain smith edited comment on NIFI-7900 at 6/21/22 12:39 PM:
------------------------------------------------------------
[~john.wise] - Assuming your use case above is not running on an EC2 instance,
could you also use default credentials, by setting 'Use Default Credentials' to
'true' then configuring your periodic STS-endpoint credentials retrieving flow
to write the access key id, secret access key and session token into the AWS
default credentials file $HOME/.aws/credentials (in the format shown below)?
[default]
aws_access_key_id = XXXX
aws_secret_access_key = XXXX
aws_session_token = XXXXX
or set them as environment variables with the correct names maybe? That should
also be picked up as long as 'Use Default Credentials' is 'true'
was (Author: JIRAUSER291337):
[~john.wise] - Could this be used in your use case above, by setting 'Use
Default Credentials' to 'true' then configuring your periodic STS-endpoint
credentials retrieving flow to write the access key id, secret access key and
session token into the AWS default credentials file $HOME/.aws/credentials (in
the format shown below)?
[default]
aws_access_key_id = XXXX
aws_secret_access_key = XXXX
aws_session_token = XXXXX
or set them as environment variables with the correct names maybe? That should
also be picked up as long as 'Use Default Credentials' is 'true'
> Add AWS session token to AWSCredentialsProvider
> -----------------------------------------------
>
> Key: NIFI-7900
> URL: https://issues.apache.org/jira/browse/NIFI-7900
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.9.2, 1.12.1
> Reporter: Jody
> Assignee: Peter Turcsanyi
> Priority: Major
>
> As a NiFi user, I want to use AWS processors, e.g. PutS3Object processor,
> with temporary credentials to allow connecting to secure AWS environments
> that make use of the AWS Security Token Service.
>
> The NiFi AWSCredentialsProviderControllerService is giving an option to add
> the required fields for using temporary credentials. While access key id and
> secret access key properties can be configured, the property "session token"
> is not available. The session token property must be provided when temporary
> credentials are used. If the session token is not presented, an error will be
> thrown: "The AWS Access Key Id you provided does not exist in our records.
> (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId"
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
