nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Wing <jvw...@gmail.com>
Subject Re: Using expression language properties in AWSCredentialsProviderControllerService
Date Sun, 19 Nov 2017 18:18:18 GMT
Jenni,

Thanks for reporting this.  I believe you are correct that expression
language is not being applied as expected.  There is now a JIRA for this
issue, https://issues.apache.org/jira/browse/NIFI-4619.

Have you been able to work around the issue?  Hopefully, file credentials
or named profiles will work for your deployments.

Thanks,

James

On Fri, Nov 17, 2017 at 7:10 AM, Jennifer Kissinger <
jennifer.kissinger@semanticbits.com> wrote:

> Good morning,
>
> I'm developing a pipeline that uses the AWSCredentialsProviderControllerService
> to establish AWS s3 credentials that include a role ARN for cross-account
> access. When I hard-code the values of Access Key and Secret Key, I can
> successfully connect. When I use expression language in those fields to
> reference custom Nifi properties (i.e. ${my.custom.access_key}), the
> connection fails. I've confirmed that these custom properties work when
> used directly on a processor like FetchS3Object, ListS3, etc.
>
> I believe that the Access Key and Secret Key fields in the AWS controller
> service do not actually evaluate expression language, contrary to the
> documentation. However I would welcome any suggestions of possible user
> error.
>
> I am using Nifi 1.3.0 locally but will need to deploy this pipeline to
> Nifi 1.2.0. The error received when using the properties looks like this:
>
> com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException:
> The security token included in the request is invalid. (Service:
> AWSSecurityTokenService; Status Code: 403; Error Code:
> InvalidClientTokenId; Request ID: ...)
>
> Thanks for your assistance,
>
> ~Jenni
>

Mime
View raw message