[ https://issues.apache.org/jira/browse/NIFI-7900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17503064#comment-17503064 ]
John Wise edited comment on NIFI-7900 at 3/8/22, 5:03 PM: ---------------------------------------------------------- FWIW, I've created a flow which queries the AWS API at the STS endpoint every 4 hours for temporary credentials, grabs the access key, secret key, session token, and expiration into attributes, updates an AWSCredentialsProviderControllerService with the keys, then restarts it. Unfortunately, without the ability to pass in & use the session token, none of the attached AWS processors can authenticate, even though the access & secret keys are current at the time the flow runs. was (Author: john.wise): FWIW, I've created a flow which queries the AWS API every 4 hours for temporary credentials, grabs the access key, secret key, session token, and expiration into attributes, updates an AWSCredentialsProviderControllerService with the keys, then restarts it. Unfortunately, without the ability to pass in & use the session token, none of the attached AWS processors can authenticate, even though the access & secret keys are current at the time the flow runs. > Add AWS session token to AWSCredentialsProvider > ----------------------------------------------- > > Key: NIFI-7900 > URL: https://issues.apache.org/jira/browse/NIFI-7900 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions > Affects Versions: 1.9.2, 1.12.1 > Reporter: Jody > Assignee: Peter Turcsanyi > Priority: Major > > As a NiFi user, I want to use AWS processors, e.g. PutS3Object processor, > with temporary credentials to allow connecting to secure AWS environments > that make use of the AWS Security Token Service. > > The NiFi AWSCredentialsProviderControllerService is giving an option to add > the required fields for using temporary credentials. While access key id and > secret access key properties can be configured, the property "session token" > is not available. The session token property must be provided when temporary > credentials are used. If the session token is not presented, an error will be > thrown: "The AWS Access Key Id you provided does not exist in our records. > (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId" -- This message was sent by Atlassian Jira (v8.20.1#820001)