AWSCredentialsProviderControllerService

Description

Defines credentials for Amazon Web Services processors. Uses default credentials without configuration. Default credentials support EC2 instance profile/role, default user profile, environment variables, etc. Additional options include access key / secret key pairs, credentials file, named profile, and assume role credentials.

Tags

aws, credentials, provider

Properties

In the list below required Properties are shown with an asterisk (*). Other properties are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

Display NameAPI NameDefault ValueAllowable ValuesDescription
Access Key IDAccess Key ID
Assume Role ARNAssume Role ARNThe AWS Role ARN for cross account access. This is used in conjunction with Assume Role Session Name and other Assume Role properties.
Assume Role External IDAssume Role External IDExternal ID for cross-account access. This is used in conjunction with Assume Role ARN.
Assume Role Proxy Configuration ServiceAssume Role Proxy Configuration ServiceProxy configuration for cross-account access, if needed within your environment. This will configure a proxy to request for temporary access keys into another AWS account.
Assume Role SSL Context ServiceAssume Role SSL Context ServiceSSL Context Service used when connecting to the STS Endpoint.
Assume Role STS Endpoint OverrideAssume Role STS Endpoint OverrideThe default AWS Security Token Service (STS) endpoint (“sts.amazonaws.com”) works for all accounts that are not for China (Beijing) region or GovCloud. You only need to set this property to “sts.cn-north-1.amazonaws.com.cn” when you are requesting session credentials for services in China(Beijing) region or to “sts.us-gov-west-1.amazonaws.com” for GovCloud.
Assume Role STS RegionAssume Role STS Regionus-west-2
  • Middle East (UAE)
  • US ISOF SOUTH
  • Asia Pacific (Taipei)
  • US West (N. California)
  • US West (Oregon)
  • Africa (Cape Town)
  • Asia Pacific (Osaka)
  • Asia Pacific (Seoul)
  • Asia Pacific (Tokyo)
  • Middle East (Bahrain)
  • South America (Sao Paulo)
  • China (Beijing)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Jakarta)
  • Asia Pacific (Melbourne)
  • Asia Pacific (Malaysia)
  • US East (N. Virginia)
  • Asia Pacific (New Zealand)
  • US East (Ohio)
  • Asia Pacific (Thailand)
  • China (Ningxia)
  • Asia Pacific (Hyderabad)
  • Asia Pacific (Mumbai)
  • Europe (Milan)
  • Europe (Spain)
  • AWS GovCloud (US-East)
  • Israel (Tel Aviv)
  • Canada (Central)
  • Mexico (Central)
  • Europe (Frankfurt)
  • EU (Germany)
  • US ISO WEST
  • Europe (Zurich)
  • EU ISOE West
  • Europe (Stockholm)
  • Europe (Paris)
  • Europe (London)
  • Europe (Ireland)
  • Asia Pacific (Hong Kong)
  • Canada West (Calgary)
  • AWS GovCloud (US-West)
  • US ISO East
  • US ISOB East (Ohio)
  • US ISOF EAST
The AWS Security Token Service (STS) region
Assume Role STS Signer OverrideAssume Role STS Signer OverrideDefault Signature
  • Default Signature
  • Signature Version 4
  • Custom Signature
The AWS STS library uses Signature Version 4 by default. This property allows you to plug in your own custom signer implementation.
Assume Role Session Name *Assume Role Session NameThe AWS Role Session Name for cross account access. This is used in conjunction with Assume Role ARN.
Assume Role Session TimeAssume Role Session Time3600Session time for role based session (between 900 and 3600 seconds). This is used in conjunction with Assume Role ARN.
Credentials FileCredentials FilePath to a file containing AWS access key and secret key in properties file format.
Custom Signer Class Name *Custom Signer Class NameFully qualified class name of the custom signer class. The signer must implement com.amazonaws.auth.Signer interface.
Custom Signer Module LocationCustom Signer Module LocationComma-separated list of paths to files and/or directories which contain the custom signer’s JAR file and its dependencies (if any).
Profile NameProfile NameThe AWS profile name for credentials from the profile configuration file.
Secret Access KeySecret Access Key
Use Anonymous CredentialsUse Anonymous Credentialsfalse
  • true
  • false
If true, uses Anonymous credentials
Use Default CredentialsUse Default Credentialsfalse
  • true
  • false
If true, uses the Default Credential chain, including EC2 instance profiles or roles, environment variables, default user credentials, etc.

State management

This component does not store state.

Restricted

Restrictions

Required PermissionExplanation
access environment credentialsThe default configuration can read environment variables and system properties for credentials

System Resource Considerations

This component does not specify system resource considerations.