[
https://issues.apache.org/jira/browse/NIFI-7900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17504352#comment-17504352
]
John Wise edited comment on NIFI-7900 at 7/18/22 4:30 PM:
----------------------------------------------------------
[~turcsanyip] - Although it's a bit unwieldy, the above is a viable use case
for supporting temporary AWS credentials in the
AWSCredentialsProviderControllerService. I presume that session token support
would also require updates to most/all of the AWS processors, but it should be
a minimal lift to add an additional configuration field & header.
We're prohibited from creating new user accounts to acquire static access &
secret keys; no, that doesn't make sense at all, but that's what we've been
stuck with for several years now. Without that session token support, anyone
required to use temporary credentials is essentially unable to use any AWS
services with NiFi.
was (Author: john.wise):
[~turcsanyip] - Although it's a bit unwieldy, the above is a viable use case
for supporting temporary AWS credentials in the
AWSCredentialsProviderControllerService. I presume that session token support
would also require updates to most/all of the AWS processors, but it should be
a minimal lift to add an additional configuration field & header.
Due to a draconian policy decreed by our ill-informed & stubborn security
organization, we're prohibited from creating new user accounts to acquire
static access & secret keys; no, that doesn't make sense at all, but that's
what we've been stuck with for several years now. Without that session token
support, anyone required to use temporary credentials is essentially unable to
use any AWS services with NiFi.
> Add AWS session token to AWSCredentialsProvider
> -----------------------------------------------
>
> Key: NIFI-7900
> URL: https://issues.apache.org/jira/browse/NIFI-7900
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.9.2, 1.12.1
> Reporter: Jody
> Assignee: Peter Turcsanyi
> Priority: Major
>
> As a NiFi user, I want to use AWS processors, e.g. PutS3Object processor,
> with temporary credentials to allow connecting to secure AWS environments
> that make use of the AWS Security Token Service.
>
> The NiFi AWSCredentialsProviderControllerService is giving an option to add
> the required fields for using temporary credentials. While access key id and
> secret access key properties can be configured, the property "session token"
> is not available. The session token property must be provided when temporary
> credentials are used. If the session token is not presented, an error will be
> thrown: "The AWS Access Key Id you provided does not exist in our records.
> (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId"
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
