Jenni, Thanks for reporting this. I believe you are correct that expression language is not being applied as expected. There is now a JIRA for this issue, https://issues.apache.org/jira/browse/NIFI-4619.
Have you been able to work around the issue? Hopefully, file credentials or named profiles will work for your deployments. Thanks, James On Fri, Nov 17, 2017 at 7:10 AM, Jennifer Kissinger < [email protected]> wrote: > Good morning, > > I'm developing a pipeline that uses the > AWSCredentialsProviderControllerService > to establish AWS s3 credentials that include a role ARN for cross-account > access. When I hard-code the values of Access Key and Secret Key, I can > successfully connect. When I use expression language in those fields to > reference custom Nifi properties (i.e. ${my.custom.access_key}), the > connection fails. I've confirmed that these custom properties work when > used directly on a processor like FetchS3Object, ListS3, etc. > > I believe that the Access Key and Secret Key fields in the AWS controller > service do not actually evaluate expression language, contrary to the > documentation. However I would welcome any suggestions of possible user > error. > > I am using Nifi 1.3.0 locally but will need to deploy this pipeline to > Nifi 1.2.0. The error received when using the properties looks like this: > > com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: > The security token included in the request is invalid. (Service: > AWSSecurityTokenService; Status Code: 403; Error Code: > InvalidClientTokenId; Request ID: ...) > > Thanks for your assistance, > > ~Jenni >
