nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Wing <>
Subject Re: Using expression language properties in AWSCredentialsProviderControllerService
Date Sun, 19 Nov 2017 18:18:18 GMT

Thanks for reporting this.  I believe you are correct that expression
language is not being applied as expected.  There is now a JIRA for this

Have you been able to work around the issue?  Hopefully, file credentials
or named profiles will work for your deployments.



On Fri, Nov 17, 2017 at 7:10 AM, Jennifer Kissinger <> wrote:

> Good morning,
> I'm developing a pipeline that uses the AWSCredentialsProviderControllerService
> to establish AWS s3 credentials that include a role ARN for cross-account
> access. When I hard-code the values of Access Key and Secret Key, I can
> successfully connect. When I use expression language in those fields to
> reference custom Nifi properties (i.e. ${my.custom.access_key}), the
> connection fails. I've confirmed that these custom properties work when
> used directly on a processor like FetchS3Object, ListS3, etc.
> I believe that the Access Key and Secret Key fields in the AWS controller
> service do not actually evaluate expression language, contrary to the
> documentation. However I would welcome any suggestions of possible user
> error.
> I am using Nifi 1.3.0 locally but will need to deploy this pipeline to
> Nifi 1.2.0. The error received when using the properties looks like this:
> The security token included in the request is invalid. (Service:
> AWSSecurityTokenService; Status Code: 403; Error Code:
> InvalidClientTokenId; Request ID: ...)
> Thanks for your assistance,
> ~Jenni

View raw message