nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jennifer Kissinger <>
Subject Using expression language properties in AWSCredentialsProviderControllerService
Date Fri, 17 Nov 2017 15:10:10 GMT
Good morning,

I'm developing a pipeline that uses the AWSCredentialsProviderControllerService
to establish AWS s3 credentials that include a role ARN for cross-account
access. When I hard-code the values of Access Key and Secret Key, I can
successfully connect. When I use expression language in those fields to
reference custom Nifi properties (i.e. ${my.custom.access_key}), the
connection fails. I've confirmed that these custom properties work when
used directly on a processor like FetchS3Object, ListS3, etc.

I believe that the Access Key and Secret Key fields in the AWS controller
service do not actually evaluate expression language, contrary to the
documentation. However I would welcome any suggestions of possible user

I am using Nifi 1.3.0 locally but will need to deploy this pipeline to Nifi
1.2.0. The error received when using the properties looks like this:
The security token included in the request is invalid. (Service:
AWSSecurityTokenService; Status Code: 403; Error Code:
InvalidClientTokenId; Request ID: ...)

Thanks for your assistance,


View raw message