You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/07/10 13:22:00 UTC
[jira] [Commented] (NIFI-7497) AWS Credentials for Assume Role need
to be able to configure STS Endpoint
[ https://issues.apache.org/jira/browse/NIFI-7497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17155468#comment-17155468 ]
ASF subversion and git services commented on NIFI-7497:
-------------------------------------------------------
Commit ee91341ec3ce6009b6632d624defe00bd9b082ea in nifi's branch refs/heads/main from neptunesalt
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=ee91341 ]
NIFI-7497 Adding support for AWS Credentials Assume Role to be able to set the STS Endpoint
NIFI-7497 Updating property description per comment
This closes #4309
Signed-off-by: Mike Thomsen <mt...@apache.org>
> AWS Credentials for Assume Role need to be able to configure STS Endpoint
> -------------------------------------------------------------------------
>
> Key: NIFI-7497
> URL: https://issues.apache.org/jira/browse/NIFI-7497
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Neptune Salt
> Priority: Minor
> Time Spent: 50m
> Remaining Estimate: 0h
>
> As a user of NiFi, when I want to enable cross account access in certain environments, I want to be able to override the STS endpoint for the security token service.
> This arises from the limitations here: [https://github.com/aws/aws-sdk-java/blob/b1b1a21fa46f8948fcf39e8b3a76f6ebe00e14b9/aws-java-sdk-sts/src/main/java/com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider.java#L291]
> The relevant comment being:
>
> {code:java}
> /**
> * Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved
> * from. <p></p> The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com")
> * works for all accounts that are not for China (Beijing) region or GovCloud. You only need to
> * change the endpoint to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session
> * credentials for services in China(Beijing) region or "sts.us-gov-west-1.amazonaws.com" for
> * GovCloud. <p></p> Setting this invalidates existing session credentials.
> *
> * @deprecated This method may be removed in a future major version. Create multiple providers
> * if you need to work with multiple STS endpoints.
> */
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)