nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jennifer Kissinger <jennifer.kissin...@semanticbits.com>
Subject Re: Using expression language properties in AWSCredentialsProviderControllerService
Date Mon, 20 Nov 2017 15:05:34 GMT
Good morning James,

Thanks for the reply! I was going crazy trying to figure out why it wasn't
working--glad for the confirmation that it's a bug.

Yes, we are able to work around, though I'll keep an eye on the Jira issue.
It would also be ideal for other fields, particularly "Assume Role External
ID", to accept expression language as well. My understanding is that the
AWS external id should be treated as sensitive.

~Jenni

--
Jennifer Kissinger
Senior Data Engineer
SemanticBits, LLC
jennifer.kissinger@semanticbits.com
603-290-1711

On Sun, Nov 19, 2017 at 1:18 PM, James Wing <jvwing@gmail.com> wrote:

> Jenni,
>
> Thanks for reporting this.  I believe you are correct that expression
> language is not being applied as expected.  There is now a JIRA for this
> issue, https://issues.apache.org/jira/browse/NIFI-4619.
>
> Have you been able to work around the issue?  Hopefully, file credentials
> or named profiles will work for your deployments.
>
> Thanks,
>
> James
>
>
> On Fri, Nov 17, 2017 at 7:10 AM, Jennifer Kissinger <jennifer.kissinger@
> semanticbits.com> wrote:
>
>> Good morning,
>>
>> I'm developing a pipeline that uses the AWSCredentialsProviderControllerService
>> to establish AWS s3 credentials that include a role ARN for cross-account
>> access. When I hard-code the values of Access Key and Secret Key, I can
>> successfully connect. When I use expression language in those fields to
>> reference custom Nifi properties (i.e. ${my.custom.access_key}), the
>> connection fails. I've confirmed that these custom properties work when
>> used directly on a processor like FetchS3Object, ListS3, etc.
>>
>> I believe that the Access Key and Secret Key fields in the AWS controller
>> service do not actually evaluate expression language, contrary to the
>> documentation. However I would welcome any suggestions of possible user
>> error.
>>
>> I am using Nifi 1.3.0 locally but will need to deploy this pipeline to
>> Nifi 1.2.0. The error received when using the properties looks like this:
>>
>> com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException:
>> The security token included in the request is invalid. (Service:
>> AWSSecurityTokenService; Status Code: 403; Error Code:
>> InvalidClientTokenId; Request ID: ...)
>>
>> Thanks for your assistance,
>>
>> ~Jenni
>>
>
>

Mime
View raw message