[
https://issues.apache.org/jira/browse/NIFI-7900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17556793#comment-17556793
]
iain smith edited comment on NIFI-7900 at 6/21/22 12:24 PM:
------------------------------------------------------------
update - the above use case (accessing an EC2 instance's temporary AWS
credentials granted by its associated instance profile) is already supported,
as per the documentation at
[https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-aws-nar/1.15.3/org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService/index.html]
- so there is no need to try to retrieve and manually use the credentials from
the EC2 metadata.
All that is required is to set the AWSCredentialsProviderControllerService 'Use
Default Credentials' to 'true', and ensure that no other conflicting properties
are set (eg. 'Credentials File').
was (Author: JIRAUSER291337):
I've just noticed on
[https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-aws-nar/1.15.3/org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService/index.html]
"Uses default credentials without configuration. Default credentials support
EC2 instance profile/role, default user profile, environment variables, etc"
Is using the temporary credentials from an EC2 instance profile/role already
supported? (going to test this)
> Add AWS session token to AWSCredentialsProvider
> -----------------------------------------------
>
> Key: NIFI-7900
> URL: https://issues.apache.org/jira/browse/NIFI-7900
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.9.2, 1.12.1
> Reporter: Jody
> Assignee: Peter Turcsanyi
> Priority: Major
>
> As a NiFi user, I want to use AWS processors, e.g. PutS3Object processor,
> with temporary credentials to allow connecting to secure AWS environments
> that make use of the AWS Security Token Service.
>
> The NiFi AWSCredentialsProviderControllerService is giving an option to add
> the required fields for using temporary credentials. While access key id and
> secret access key properties can be configured, the property "session token"
> is not available. The session token property must be provided when temporary
> credentials are used. If the session token is not presented, an error will be
> thrown: "The AWS Access Key Id you provided does not exist in our records.
> (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId"
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
