[jira] [Comment Edited] (NIFI-7900) Add AWS session token to AWSCredentialsProvider

[iain smith (Jira)]

    [ 
https://issues.apache.org/jira/browse/NIFI-7900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17556793#comment-17556793
 ] 

iain smith edited comment on NIFI-7900 at 6/21/22 11:02 AM:
------------------------------------------------------------

I've just noticed on
[https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-aws-nar/1.15.3/org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService/index.html]

"Uses default credentials without configuration. Default credentials support 
EC2 instance profile/role, default user profile, environment variables, etc"

Is using the temporary credentials from an EC2 instance profile/role already 
supported? (going to test this)


was (Author: JIRAUSER291337):
I've just noticed on
[https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-aws-nar/1.15.3/org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService/index.html]

"Uses default credentials without configuration. Default credentials support 
EC2 instance profile/role, default user profile, environment variables, etc"

Is using the temporary credentials from an EC2 instance profile/role already 
supported? If so, should they be being automatically detected and used as long 
as no key id / access key is configured in nifi?

> Add AWS session token to AWSCredentialsProvider
> -----------------------------------------------
>
>                 Key: NIFI-7900
>                 URL: https://issues.apache.org/jira/browse/NIFI-7900
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.9.2, 1.12.1
>            Reporter: Jody
>            Assignee: Peter Turcsanyi
>            Priority: Major
>
> As a NiFi user, I want to use AWS processors, e.g. PutS3Object processor, 
> with temporary credentials to allow connecting to secure AWS environments 
> that make use of the AWS Security Token Service. 
>  
> The NiFi AWSCredentialsProviderControllerService is giving an option to add 
> the required fields for using temporary credentials. While access key id and 
> secret access key properties can be configured, the property "session token" 
> is not available. The session token property must be provided when temporary 
> credentials are used. If the session token is not presented, an error will be 
> thrown: "The AWS Access Key Id you provided does not exist in our records. 
> (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId"



--
This message was sent by Atlassian Jira
(v8.20.7#820007)