[ https://issues.apache.org/jira/browse/NIFI-1769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15341093#comment-15341093 ]
ASF GitHub Bot commented on NIFI-1769: -------------------------------------- Github user jvwing commented on the issue: https://github.com/apache/nifi/pull/362 @miquillo , what do you think about using [ClientConfiguration::setSignerOverride()](http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#setSignerOverride(java.lang.String)) to control the signature version? One of the advantages I see to it is better isolation for the processor vs. any other NiFi AWS processors. I'm a bit worried that one PutS3Object processor using SSE-KMS would change the settings other processors running at the same time. I believe an appropriate location to do this would be in AbstractS3Processor::createClient(). That would allow the configuration code to be shared, while the configured value would remain specific to individual processors. But I'm not sure I agree with configuring the version as a true/false setting for signature version 4. I would recommend a list of values: * AWS SDK default (as the default selection) * Signature v2 * Signature v4 That leaves room for the AWS SDK default to change if/when we upgrade to a newer SDK, and it would allow for users to explicitly request either v4 or v2 to match whatever features and endpoint they are using. What do you think? > Add support for SSE-KMS and S3 Signature Version 4 Authentication AWS > --------------------------------------------------------------------- > > Key: NIFI-1769 > URL: https://issues.apache.org/jira/browse/NIFI-1769 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework > Affects Versions: 0.5.1 > Reporter: Michiel Moonen > Priority: Minor > Labels: newbie, patch, security > Fix For: 1.0.0 > > > Currently there is no support for SSE-KMS S3 Signature Version 4 > Authentication. This is necessary for enhanced security features -- This message was sent by Atlassian JIRA (v6.3.4#6332)