You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Neptune Salt (Jira)" <ji...@apache.org> on 2020/05/30 13:22:00 UTC

[jira] [Created] (NIFI-7497) AWS Credentials for Assume Role need to be able to configure STS Endpoint

Neptune Salt created NIFI-7497:
----------------------------------

             Summary: AWS Credentials for Assume Role need to be able to configure STS Endpoint
                 Key: NIFI-7497
                 URL: https://issues.apache.org/jira/browse/NIFI-7497
             Project: Apache NiFi
          Issue Type: Improvement
            Reporter: Neptune Salt


As a user of NiFi, when I want to enable cross account access in certain environments, I want to be able to override the STS endpoint for the security token service.

This arises from the limitations here: [https://github.com/aws/aws-sdk-java/blob/b1b1a21fa46f8948fcf39e8b3a76f6ebe00e14b9/aws-java-sdk-sts/src/main/java/com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider.java#L291]

The relevant comment being:

 
{code:java}
/**
     * Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved
     * from. <p></p> The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com")
     * works for all accounts that are not for China (Beijing) region or GovCloud. You only need to
     * change the endpoint to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session
     * credentials for services in China(Beijing) region or "sts.us-gov-west-1.amazonaws.com" for
     * GovCloud. <p></p> Setting this invalidates existing session credentials.
     *
     * @deprecated This method may be removed in a future major version. Create multiple providers
     * if you need to work with multiple STS endpoints.
     */
{code}
 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)