Good morning, I'm developing a pipeline that uses the AWSCredentialsProviderControllerService to establish AWS s3 credentials that include a role ARN for cross-account access. When I hard-code the values of Access Key and Secret Key, I can successfully connect. When I use expression language in those fields to reference custom Nifi properties (i.e. ${my.custom.access_key}), the connection fails. I've confirmed that these custom properties work when used directly on a processor like FetchS3Object, ListS3, etc.
I believe that the Access Key and Secret Key fields in the AWS controller service do not actually evaluate expression language, contrary to the documentation. However I would welcome any suggestions of possible user error. I am using Nifi 1.3.0 locally but will need to deploy this pipeline to Nifi 1.2.0. The error received when using the properties looks like this: com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: The security token included in the request is invalid. (Service: AWSSecurityTokenService; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: ...) Thanks for your assistance, ~Jenni