Defines credentials for Amazon Web Services processors. Uses default credentials without configuration. Default credentials support EC2 instance profile/role, default user profile, environment variables, etc. Additional options include access key / secret key pairs, credentials file, named profile, and assume role credentials.
aws, credentials, provider
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, whether a property supports the NiFi Expression Language, and whether a property is considered "sensitive", meaning that its value will be encrypted. Before entering a value in a sensitive property, ensure that the nifi.properties file has an entry for the property nifi.sensitive.props.key.
| Name | Default Value | Allowable Values | Description |
|---|---|---|---|
| Use Default Credentials | false |
| If true, uses the Default Credential chain, including EC2 instance profiles or roles, environment variables, default user credentials, etc. |
| Access Key ID | No Description Provided. Sensitive Property: true Supports Expression Language: true (will be evaluated using variable registry only) | ||
| Secret Access Key | No Description Provided. Sensitive Property: true Supports Expression Language: true (will be evaluated using variable registry only) | ||
| Credentials File | Path to a file containing AWS access key and secret key in properties file format. This property requires exactly one file to be provided.. | ||
| Profile Name | The AWS profile name for credentials from the profile configuration file. Supports Expression Language: true (will be evaluated using variable registry only) | ||
| Use Anonymous Credentials | false |
| If true, uses Anonymous credentials |
| Assume Role ARN | The AWS Role ARN for cross account access. This is used in conjunction with role name and session timeout | ||
| Assume Role Session Name | The AWS Role Name for cross account access. This is used in conjunction with role ARN and session time out | ||
| Session Time | 3600 | Session time for role based session (between 900 and 3600 seconds). This is used in conjunction with role ARN and name | |
| Assume Role External ID | External ID for cross-account access. This is used in conjunction with role arn, role name, and optional session time out | ||
| Assume Role Proxy Host | Proxy host for cross-account access, if needed within your environment. This will configure a proxy to request for temporary access keys into another AWS account | ||
| Assume Role Proxy Port | Proxy port for cross-account access, if needed within your environment. This will configure a proxy to request for temporary access keys into another AWS account | ||
| Assume Role STS Endpoint | The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com") works for all accounts that are not for China (Beijing) region or GovCloud. You only need to set this property to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session credentials for services in China(Beijing) region or to "sts.us-gov-west-1.amazonaws.com" for GovCloud. |
| Required Permission | Explanation |
|---|---|
| access environment credentials | The default configuration can read environment variables and system properties for credentials |