You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/07/10 13:22:00 UTC

[jira] [Commented] (NIFI-7497) AWS Credentials for Assume Role need to be able to configure STS Endpoint

    [ https://issues.apache.org/jira/browse/NIFI-7497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17155468#comment-17155468 ] 

ASF subversion and git services commented on NIFI-7497:
-------------------------------------------------------

Commit ee91341ec3ce6009b6632d624defe00bd9b082ea in nifi's branch refs/heads/main from neptunesalt
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=ee91341 ]

NIFI-7497 Adding support for AWS Credentials Assume Role to be able to set the STS Endpoint
NIFI-7497 Updating property description per comment

This closes #4309

Signed-off-by: Mike Thomsen <mt...@apache.org>


> AWS Credentials for Assume Role need to be able to configure STS Endpoint
> -------------------------------------------------------------------------
>
>                 Key: NIFI-7497
>                 URL: https://issues.apache.org/jira/browse/NIFI-7497
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Neptune Salt
>            Priority: Minor
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> As a user of NiFi, when I want to enable cross account access in certain environments, I want to be able to override the STS endpoint for the security token service.
> This arises from the limitations here: [https://github.com/aws/aws-sdk-java/blob/b1b1a21fa46f8948fcf39e8b3a76f6ebe00e14b9/aws-java-sdk-sts/src/main/java/com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider.java#L291]
> The relevant comment being:
>  
> {code:java}
> /**
>      * Sets the AWS Security Token Service (STS) endpoint where session credentials are retrieved
>      * from. <p></p> The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com")
>      * works for all accounts that are not for China (Beijing) region or GovCloud. You only need to
>      * change the endpoint to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session
>      * credentials for services in China(Beijing) region or "sts.us-gov-west-1.amazonaws.com" for
>      * GovCloud. <p></p> Setting this invalidates existing session credentials.
>      *
>      * @deprecated This method may be removed in a future major version. Create multiple providers
>      * if you need to work with multiple STS endpoints.
>      */
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)