nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (Jira)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-7497) AWS Credentials for Assume Role need to be able to configure STS Endpoint
Date Mon, 13 Jul 2020 13:35:00 GMT

    [ https://issues.apache.org/jira/browse/NIFI-7497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17156714#comment-17156714
] 

ASF subversion and git services commented on NIFI-7497:
-------------------------------------------------------

Commit bb5e9fb00b21c6cbf782c9ce4ddf818789b92084 in nifi's branch refs/heads/main from Mike
Thomsen
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=bb5e9fb ]

NIFI-7497 Removed a few style check bugs that crept up in the last commit. (#4402)



> AWS Credentials for Assume Role need to be able to configure STS Endpoint
> -------------------------------------------------------------------------
>
>                 Key: NIFI-7497
>                 URL: https://issues.apache.org/jira/browse/NIFI-7497
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Neptune Salt
>            Priority: Minor
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> As a user of NiFi, when I want to enable cross account access in certain environments,
I want to be able to override the STS endpoint for the security token service.
> This arises from the limitations here: [https://github.com/aws/aws-sdk-java/blob/b1b1a21fa46f8948fcf39e8b3a76f6ebe00e14b9/aws-java-sdk-sts/src/main/java/com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider.java#L291]
> The relevant comment being:
>  
> {code:java}
> /**
>      * Sets the AWS Security Token Service (STS) endpoint where session credentials are
retrieved
>      * from. <p></p> The default AWS Security Token Service (STS) endpoint
("sts.amazonaws.com")
>      * works for all accounts that are not for China (Beijing) region or GovCloud. You
only need to
>      * change the endpoint to "sts.cn-north-1.amazonaws.com.cn" when you are requesting
session
>      * credentials for services in China(Beijing) region or "sts.us-gov-west-1.amazonaws.com"
for
>      * GovCloud. <p></p> Setting this invalidates existing session credentials.
>      *
>      * @deprecated This method may be removed in a future major version. Create multiple
providers
>      * if you need to work with multiple STS endpoints.
>      */
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message