You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Neptune Salt (Jira)" <ji...@apache.org> on 2020/05/30 13:22:00 UTC
[jira] [Created] (NIFI-7497) AWS Credentials for Assume Role need
to be able to configure STS Endpoint
Neptune Salt created NIFI-7497:
----------------------------------
Summary: AWS Credentials for Assume Role need to be able to configure STS Endpoint
Key: NIFI-7497
URL: https://issues.apache.org/jira/browse/NIFI-7497
Project: Apache NiFi
Issue Type: Improvement
Reporter: Neptune Salt
As a user of NiFi, when I want to enable cross account access in certain environments, I want to be able to override the STS endpoint for the security token service.
This arises from the limitations here: [https://github.com/aws/aws-sdk-java/blob/b1b1a21fa46f8948fcf39e8b3a76f6ebe00e14b9/aws-java-sdk-sts/src/main/java/com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider.java#L291]
The relevant comment being:
{code:java}
/**
* Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved
* from. <p></p> The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com")
* works for all accounts that are not for China (Beijing) region or GovCloud. You only need to
* change the endpoint to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session
* credentials for services in China(Beijing) region or "sts.us-gov-west-1.amazonaws.com" for
* GovCloud. <p></p> Setting this invalidates existing session credentials.
*
* @deprecated This method may be removed in a future major version. Create multiple providers
* if you need to work with multiple STS endpoints.
*/
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)