[ https://issues.apache.org/jira/browse/NIFI-2799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15555901#comment-15555901 ]
ASF GitHub Bot commented on NIFI-2799: -------------------------------------- Github user ktseytlin commented on a diff in the pull request: https://github.com/apache/nifi/pull/1112#discussion_r82446283 --- Diff: nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java --- @@ -113,16 +134,34 @@ public AWSCredentialsProvider getDerivedCredentialsProvider(Map<PropertyDescript rawMaxSessionTime = (rawMaxSessionTime != null) ? rawMaxSessionTime : MAX_SESSION_TIME.getDefaultValue(); final Integer maxSessionTime = Integer.parseInt(rawMaxSessionTime.trim()); final String assumeRoleExternalId = properties.get(ASSUME_ROLE_EXTERNAL_ID); + STSAssumeRoleSessionCredentialsProvider.Builder builder; + + // If proxy variables are set, then create Client Configuration with those values + if (proxyVariablesValidForAssumeRole(properties)) { + final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST); + final Integer assumeRoleProxyPort = Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT)); + ClientConfiguration config = new ClientConfiguration(); + config.withProxyHost(assumeRoleProxyHost); + config.withProxyPort(assumeRoleProxyPort); + AWSSecurityTokenService securityTokenService = new AWSSecurityTokenServiceClient(config); --- End diff -- That could be true, I'm not sure. I'm running another build now to test if everything will still work if I add `primaryCredentialsProvider` into the `STSAssumeRoleSessionCredentialsProvider` as well. > AWS Credentials for Assume Role Need Proxy > ------------------------------------------ > > Key: NIFI-2799 > URL: https://issues.apache.org/jira/browse/NIFI-2799 > Project: Apache NiFi > Issue Type: Bug > Affects Versions: 1.0.0 > Reporter: Keren Tseytlin > Assignee: James Wing > Priority: Minor > Fix For: 1.1.0 > > > As a user of Nifi, when I want to enable cross account fetching of S3 objects > I need the proxy variables to be set in order to generate temporary AWS > tokens for STS:AssumeRole. > Within some enterprise environments, it is necessary to set the proxy > variables prior to running AssumeRole methods. Without this being set, the > machine in VPC A times out on generating temporary keys and is unable to > assume a role as a machine in VPC B. > This ticket arose from this conversation: > http://apache-nifi-developer-list.39713.n7.nabble.com/Nifi-Cross-Account-Download-With-A-Profile-Flag-td13232.html#a13252 > Goal: There are files stored in an S3 bucket in VPC B. My Nifi machines are > in VPC A. I want Nifi to be able to get those files from VPC B. VPC A and VPC > B need to be communicating in the FetchS3Object component. -- This message was sent by Atlassian JIRA (v6.3.4#6332)