[jira] [Updated] (NIFI-14927) Allow standard/consistent auth parameters for AmazonMSKConnectionService

Tue, 02 Sep 2025 02:37:03 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-14927?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick updated NIFI-14927:
------------------------
    Description: 
Currently, the AmazonMSKConnectionService lacks the authentication settings 
that are available on the other AWS providers which allow Assume Role.

!image-2025-09-01-21-50-48-663.png!

Currently this means we need to set permissions on the AWS IAM Role that is 
mapped to the PodIdentity. Instead, we would rather configure each provider 
with the applicable IAM Role to be assumed from the PodIdentity Role.

The S3 and Secrets Manager providers allow a more versatile (and expected) 
configuration:

!image-2025-09-01-21-52-34-971.png!

 

Can the same be applied to AmazonMSKConnectionService?

 

  was:
Currently, the AmazonMSKConnectionService lacks the authentication settings 
that are available on the other AWS providers which allow Assume Role.

!image-2025-09-01-21-50-48-663.png!

Currently this means we need to set permissions on the AWS IAM Role that is 
mapped to the PodIdentity. Instead, we would rather configure each provider 
with the applicable IAM Role to be assumed from the PodIdentity Role.

The S3 and Secrets Manager providers allow a more versatile (and expected) 
configuration:

!image-2025-09-01-21-52-34-971.png!

 

 

Can the same be applied to AmazonMSKConnectionService?

 


> Allow standard/consistent auth parameters for AmazonMSKConnectionService
> ------------------------------------------------------------------------
>
>                 Key: NIFI-14927
>                 URL: https://issues.apache.org/jira/browse/NIFI-14927
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Nick
>            Priority: Major
>         Attachments: image-2025-09-01-21-50-48-663.png, 
> image-2025-09-01-21-52-34-971.png, image-2025-09-01-21-53-25-560.png
>
>
> Currently, the AmazonMSKConnectionService lacks the authentication settings 
> that are available on the other AWS providers which allow Assume Role.
> !image-2025-09-01-21-50-48-663.png!
> Currently this means we need to set permissions on the AWS IAM Role that is 
> mapped to the PodIdentity. Instead, we would rather configure each provider 
> with the applicable IAM Role to be assumed from the PodIdentity Role.
> The S3 and Secrets Manager providers allow a more versatile (and expected) 
> configuration:
> !image-2025-09-01-21-52-34-971.png!
>  
> Can the same be applied to AmazonMSKConnectionService?
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to