AWSCredentialsProviderControllerService

Description

Defines credentials for Amazon Web Services processors. Uses default credentials without configuration. Default credentials support EC2 instance profile/role, default user profile, environment variables, etc. Additional options include access key / secret key pairs, credentials file, named profile, and assume role credentials.

Tags

aws, credentials, provider

Properties

In the list below required Properties are shown with an asterisk (*). Other properties are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

Display Name	API Name	Default Value	Allowable Values	Description
Use Default Credentials	default-credentials	false	true false	If true, uses the Default Credential chain, including EC2 instance profiles or roles, environment variables, default user credentials, etc.
Access Key ID	Access Key			Supports Expression Language, using Environment variables.
Secret Access Key	Secret Key			Supports Expression Language, using Environment variables.
Credentials File	Credentials File			Path to a file containing AWS access key and secret key in properties file format.
Profile Name	profile-name			The AWS profile name for credentials from the profile configuration file. Supports Expression Language, using Environment variables.
Use Anonymous Credentials	anonymous-credentials	false	true false	If true, uses Anonymous credentials
Assume Role ARN	Assume Role ARN			The AWS Role ARN for cross account access. This is used in conjunction with Assume Role Session Name and other Assume Role properties.
Assume Role Session Name *	Assume Role Session Name			The AWS Role Session Name for cross account access. This is used in conjunction with Assume Role ARN. This property is only considered if: the property Assume Role ARN has a value specified
Assume Role Session Time	Session Time	3600		Session time for role based session (between 900 and 3600 seconds). This is used in conjunction with Assume Role ARN. This property is only considered if: the property Assume Role ARN has a value specified
Assume Role External ID	assume-role-external-id			External ID for cross-account access. This is used in conjunction with Assume Role ARN. This property is only considered if: the property Assume Role ARN has a value specified
Assume Role SSL Context Service	assume-role-ssl-context-service		Controller Service: SSLContextService Implementations: StandardRestrictedSSLContextService StandardSSLContextService	SSL Context Service used when connecting to the STS Endpoint. This property is only considered if: the property Assume Role ARN has a value specified
Assume Role Proxy Configuration Service	assume-role-proxy-configuration-service		Controller Service: ProxyConfigurationService Implementations: StandardProxyConfigurationService	Proxy configuration for cross-account access, if needed within your environment. This will configure a proxy to request for temporary access keys into another AWS account. This property is only considered if: the property Assume Role ARN has a value specified
Assume Role STS Region	assume-role-sts-region	US West (Oregon)	Asia Pacific (Hyderabad) Asia Pacific (Mumbai) Europe (Milan) Europe (Spain) AWS GovCloud (US-East) Middle East (UAE) Israel (Tel Aviv) Canada (Central) Europe (Frankfurt) US ISO WEST Europe (Zurich) EU ISOE West US West (N. California) US West (Oregon) Africa (Cape Town) Europe (Stockholm) Europe (Paris) Europe (London) Europe (Ireland) Asia Pacific (Osaka) Asia Pacific (Seoul) Asia Pacific (Tokyo) Middle East (Bahrain) South America (Sao Paulo) Asia Pacific (Hong Kong) China (Beijing) Canada West (Calgary) AWS GovCloud (US-West) Asia Pacific (Singapore) Asia Pacific (Sydney) US ISO East Asia Pacific (Jakarta) Asia Pacific (Melbourne) Asia Pacific (Malaysia) US East (N. Virginia) US East (Ohio) China (Ningxia) US ISOB East (Ohio)	The AWS Security Token Service (STS) region This property is only considered if: the property Assume Role ARN has a value specified
Assume Role STS Endpoint Override	assume-role-sts-endpoint			The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com") works for all accounts that are not for China (Beijing) region or GovCloud. You only need to set this property to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session credentials for services in China(Beijing) region or to "sts.us-gov-west-1.amazonaws.com" for GovCloud. This property is only considered if: the property Assume Role ARN has a value specified
Assume Role STS Signer Override	assume-role-sts-signer-override	Default Signature	Default Signature Signature Version 4 Custom Signature	The AWS STS library uses Signature Version 4 by default. This property allows you to plug in your own custom signer implementation. This property is only considered if: the property Assume Role ARN has a value specified
Custom Signer Class Name *	custom-signer-class-name			Fully qualified class name of the custom signer class. The signer must implement com.amazonaws.auth.Signer interface. Supports Expression Language, using Environment variables. This property is only considered if: the property Assume Role STS Signer Override has a value of CustomSignerType
Custom Signer Module Location	custom-signer-module-location			Comma-separated list of paths to files and/or directories which contain the custom signer's JAR file and its dependencies (if any). Supports Expression Language, using Environment variables. This property is only considered if: the property Assume Role STS Signer Override has a value of CustomSignerType

State Management

This component does not store state.

Restricted

Required Permission	Explanation
access environment credentials	The default configuration can read environment variables and system properties for credentials

System Resource Considerations

This component does not specify system resource considerations.

See Also