[
https://issues.apache.org/jira/browse/NIFI-5456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16592904#comment-16592904
]
ASF GitHub Bot commented on NIFI-5456:
--------------------------------------
GitHub user zenfenan opened a pull request:
https://github.com/apache/nifi/pull/2968
NIFI-5456: AWS clients now work with private link endpoints (VPC)
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [x] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number
you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [x] Has your PR been rebased against the latest commit within the target
branch (typically master)?
- [x] Is your initial contribution a single, squashed commit?
### For code changes:
- [x] Have you ensured that the full suite of tests is executed via mvn
-Pcontrib-check clean install at the root nifi folder?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file, including the main
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to
.name (programmatic access) for each of the new properties?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in
which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build
issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/zenfenan/nifi NIFI-5456
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/2968.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2968
----
commit 7b390a9d0b003301f22a89cecf07a622bbc78f5e
Author: zenfenan <sivaprasanna246@...>
Date: 2018-08-26T13:36:45Z
NIFI-5456: AWS clients now work with private link endpoints (VPC)
----
> PutKinesisStream - Fails to work with AWS Private Link endpoint
> ---------------------------------------------------------------
>
> Key: NIFI-5456
> URL: https://issues.apache.org/jira/browse/NIFI-5456
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.6.0, 1.7.1
> Environment: RedHat 6
> Reporter: Ariel Godinez
> Assignee: Sivaprasanna Sethuraman
> Priority: Major
> Labels: easyfix
> Attachments:
> 0001-NIFI-5456-AWS-clients-now-work-with-private-link-end.patch
>
>
> NiFi version: 1.6.0
> PutKinesisStream fails to put due to invalid signing information when using
> an AWS Private Link as the endpoint override URL. The endpoint override URL
> pattern for private links is like below along with the error that NiFi
> outputs when we attempt to use this type of URL as the 'Endpoint Override
> URL' property value.
> Endpoint Override URL:
> [https://vpce-|https://vpce-/]<AWS_GENERATED_ALPHA_NUMERIC>.kinesis.us-east-2.vpce.amazonaws.com
> ERROR [Timer-Driven Process Thread-11] "o.a.n.p.a.k.stream.PutKinesisStream"
> PutKinesisStream[id=4c314e25-0164-1000-ffff-ffff9bd79c77] Failed to publish
> due to exception com.amazonaws.services.kinesis.model.AmazonKinesisException:
> Credential should be scoped to a valid region, not 'vpce'. (Service:
> AmazonKinesis; Status Code: 400; Error Code: InvalidSignatureException;
> Request ID: 6330b83c-a64e-4acf-b892-a505621cf78e) flowfiles
> [StandardFlowFileRecord[uuid=ba299cec-7cbf-4750-a766-c348b5cd9c73,claim=StandardContentClaim
> [resourceClaim=StandardResourceClaim[id=1532469012962-1,
> container=content002, section=1], offset=2159750,
> length=534625],offset=0,name=900966573101260,size=534625]]
>
> It looks like 'vpce' is being extracted from the url as the region name when
> it should be getting 'us-east-2'. We were able to get this processor to work
> correctly by explicitly passing in the region and service using
> 'setEndpoint(String endpoint, String serviceName, String regionId)' instead
> of 'setEndpoint(String endpoint)' in
> 'nifi/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java'
> line 289
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
