Ariel Godinez created NIFI-5456:
-----------------------------------
Summary: PutKinesisStream fails to put due to invalid signing
information
Key: NIFI-5456
URL: https://issues.apache.org/jira/browse/NIFI-5456
Project: Apache NiFi
Issue Type: Bug
Environment: RedHat 6
Reporter: Ariel Godinez
NiFi version: 1.6.0
PutKinesisStream fails to put due to invalid signing information when using an
AWS Private Link as the endpoint override URL. The endpoint override URL
pattern for private links is like below along with the error that NiFi outputs
when we attempt to use this type of URL as the 'Endpoint Override URL' property
value.
Endpoint Override URL:
https://vpce-<AWS_GENERATED_ALPHA_NUMERIC>.kinesis.us-east-2.vpce.amazonaws.com
ERROR [Timer-Driven Process Thread-11] "o.a.n.p.a.k.stream.PutKinesisStream"
PutKinesisStream[id=4c314e25-0164-1000-ffff-ffff9bd79c77] Failed to publish due
to exception com.amazonaws.services.kinesis.model.AmazonKinesisException:
Credential should be scoped to a valid region, not 'vpce'. (Service:
AmazonKinesis; Status Code: 400; Error Code: InvalidSignatureException; Request
ID: 6330b83c-a64e-4acf-b892-a505621cf78e) flowfiles
[StandardFlowFileRecord[uuid=ba299cec-7cbf-4750-a766-c348b5cd9c73,claim=StandardContentClaim
[resourceClaim=StandardResourceClaim[id=1532469012962-1, container=content002,
section=1], offset=2159750,
length=534625],offset=0,name=900966573101260,size=534625]]
It looks like 'vpce' is being extracted from the url as the region name when it
should be getting 'us-east-2'. I was able to get this processor to work
correctly by explicitly passing in the region and service using
'setEndpoint(String endpoint, String serviceName, String regionId)' instead of
'setEndpoint(String endpoint)' in
'nifi/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java'
line 289
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
