Good morning,
I'm developing a pipeline that uses the AWSCredentialsProviderControllerService
to establish AWS s3 credentials that include a role ARN for cross-account
access. When I hard-code the values of Access Key and Secret Key, I can
successfully connect. When I use expression language in those fields to
reference custom Nifi properties (i.e. ${my.custom.access_key}), the
connection fails. I've confirmed that these custom properties work when
used directly on a processor like FetchS3Object, ListS3, etc.
I believe that the Access Key and Secret Key fields in the AWS controller
service do not actually evaluate expression language, contrary to the
documentation. However I would welcome any suggestions of possible user
error.
I am using Nifi 1.3.0 locally but will need to deploy this pipeline to Nifi
1.2.0. The error received when using the properties looks like this:
com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException:
The security token included in the request is invalid. (Service:
AWSSecurityTokenService; Status Code: 403; Error Code:
InvalidClientTokenId; Request ID: ...)
Thanks for your assistance,
~Jenni
