[
https://issues.apache.org/jira/browse/NIFI-1769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15586037#comment-15586037
]
ASF GitHub Bot commented on NIFI-1769:
--------------------------------------
Github user jvwing commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1126#discussion_r83904092
--- Diff:
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/s3/PutS3Object.java
---
@@ -458,6 +471,13 @@ public void process(final InputStream rawIn) throws
IOException {
// single part upload
//----------------------------------------
final PutObjectRequest request = new
PutObjectRequest(bucket, key, in, objectMetadata);
+ if (keyId != null) {
+ if
(!context.getProperty(SIGNER_OVERRIDE).getValue().equals("AWSS3V4Signer")) {
--- End diff --
Would it be enough to check that it's not V2? I don't think we need to
make it impossible to get wrong, as long as we make a good faith attempt to
help them get it right. I'm thinking of a few things -
1. The default should now be V4, I would prefer we not force users to nail
down their signature version
1. AWS regions and SDK versions are complicated, for example we don't check
if your region supports V4
1. If or when AWS comes out with signature V5, we would have to update this
field
> Add support for SSE-KMS and S3 Signature Version 4 Authentication AWS
> ---------------------------------------------------------------------
>
> Key: NIFI-1769
> URL: https://issues.apache.org/jira/browse/NIFI-1769
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 0.5.1
> Reporter: Michiel Moonen
> Priority: Minor
> Labels: newbie, patch, security
>
> Currently there is no support for SSE-KMS S3 Signature Version 4
> Authentication. This is necessary for enhanced security features
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
