-
Processors
- AttributeRollingWindow
- AttributesToCSV
- AttributesToJSON
- CalculateRecordStats
- CaptureChangeMySQL
- CompressContent
- ConnectWebSocket
- ConsumeAMQP
- ConsumeAzureEventHub
- ConsumeElasticsearch
- ConsumeGCPubSub
- ConsumeIMAP
- ConsumeJMS
- ConsumeKafka
- ConsumeKinesisStream
- ConsumeMQTT
- ConsumePOP3
- ConsumeSlack
- ConsumeTwitter
- ConsumeWindowsEventLog
- ControlRate
- ConvertCharacterSet
- ConvertRecord
- CopyAzureBlobStorage_v12
- CopyS3Object
- CountText
- CryptographicHashContent
- DebugFlow
- DecryptContentAge
- DecryptContentPGP
- DeduplicateRecord
- DeleteAzureBlobStorage_v12
- DeleteAzureDataLakeStorage
- DeleteByQueryElasticsearch
- DeleteDynamoDB
- DeleteFile
- DeleteGCSObject
- DeleteGridFS
- DeleteMongo
- DeleteS3Object
- DeleteSFTP
- DeleteSQS
- DetectDuplicate
- DistributeLoad
- DuplicateFlowFile
- EncodeContent
- EncryptContentAge
- EncryptContentPGP
- EnforceOrder
- EvaluateJsonPath
- EvaluateXPath
- EvaluateXQuery
- ExecuteGroovyScript
- ExecuteProcess
- ExecuteScript
- ExecuteSQL
- ExecuteSQLRecord
- ExecuteStreamCommand
- ExtractAvroMetadata
- ExtractEmailAttachments
- ExtractEmailHeaders
- ExtractGrok
- ExtractHL7Attributes
- ExtractRecordSchema
- ExtractText
- FetchAzureBlobStorage_v12
- FetchAzureDataLakeStorage
- FetchBoxFile
- FetchDistributedMapCache
- FetchDropbox
- FetchFile
- FetchFTP
- FetchGCSObject
- FetchGoogleDrive
- FetchGridFS
- FetchS3Object
- FetchSFTP
- FetchSmb
- FilterAttribute
- FlattenJson
- ForkEnrichment
- ForkRecord
- GenerateFlowFile
- GenerateRecord
- GenerateTableFetch
- GeoEnrichIP
- GeoEnrichIPRecord
- GeohashRecord
- GetAsanaObject
- GetAwsPollyJobStatus
- GetAwsTextractJobStatus
- GetAwsTranscribeJobStatus
- GetAwsTranslateJobStatus
- GetAzureEventHub
- GetAzureQueueStorage_v12
- GetDynamoDB
- GetElasticsearch
- GetFile
- GetFTP
- GetGcpVisionAnnotateFilesOperationStatus
- GetGcpVisionAnnotateImagesOperationStatus
- GetHubSpot
- GetMongo
- GetMongoRecord
- GetS3ObjectMetadata
- GetSFTP
- GetShopify
- GetSmbFile
- GetSNMP
- GetSplunk
- GetSQS
- GetWorkdayReport
- GetZendesk
- HandleHttpRequest
- HandleHttpResponse
- IdentifyMimeType
- InvokeHTTP
- InvokeScriptedProcessor
- ISPEnrichIP
- JoinEnrichment
- JoltTransformJSON
- JoltTransformRecord
- JSLTTransformJSON
- JsonQueryElasticsearch
- ListAzureBlobStorage_v12
- ListAzureDataLakeStorage
- ListBoxFile
- ListDatabaseTables
- ListDropbox
- ListenFTP
- ListenHTTP
- ListenOTLP
- ListenSlack
- ListenSyslog
- ListenTCP
- ListenTrapSNMP
- ListenUDP
- ListenUDPRecord
- ListenWebSocket
- ListFile
- ListFTP
- ListGCSBucket
- ListGoogleDrive
- ListS3
- ListSFTP
- ListSmb
- LogAttribute
- LogMessage
- LookupAttribute
- LookupRecord
- MergeContent
- MergeRecord
- ModifyBytes
- ModifyCompression
- MonitorActivity
- MoveAzureDataLakeStorage
- Notify
- PackageFlowFile
- PaginatedJsonQueryElasticsearch
- ParseEvtx
- ParseNetflowv5
- ParseSyslog
- ParseSyslog5424
- PartitionRecord
- PublishAMQP
- PublishGCPubSub
- PublishJMS
- PublishKafka
- PublishMQTT
- PublishSlack
- PutAzureBlobStorage_v12
- PutAzureCosmosDBRecord
- PutAzureDataExplorer
- PutAzureDataLakeStorage
- PutAzureEventHub
- PutAzureQueueStorage_v12
- PutBigQuery
- PutBoxFile
- PutCloudWatchMetric
- PutDatabaseRecord
- PutDistributedMapCache
- PutDropbox
- PutDynamoDB
- PutDynamoDBRecord
- PutElasticsearchJson
- PutElasticsearchRecord
- PutEmail
- PutFile
- PutFTP
- PutGCSObject
- PutGoogleDrive
- PutGridFS
- PutKinesisFirehose
- PutKinesisStream
- PutLambda
- PutMongo
- PutMongoBulkOperations
- PutMongoRecord
- PutRecord
- PutRedisHashRecord
- PutS3Object
- PutSalesforceObject
- PutSFTP
- PutSmbFile
- PutSNS
- PutSplunk
- PutSplunkHTTP
- PutSQL
- PutSQS
- PutSyslog
- PutTCP
- PutUDP
- PutWebSocket
- PutZendeskTicket
- QueryAirtableTable
- QueryAzureDataExplorer
- QueryDatabaseTable
- QueryDatabaseTableRecord
- QueryRecord
- QuerySalesforceObject
- QuerySplunkIndexingStatus
- RemoveRecordField
- RenameRecordField
- ReplaceText
- ReplaceTextWithMapping
- RetryFlowFile
- RouteHL7
- RouteOnAttribute
- RouteOnContent
- RouteText
- RunMongoAggregation
- SampleRecord
- ScanAttribute
- ScanContent
- ScriptedFilterRecord
- ScriptedPartitionRecord
- ScriptedTransformRecord
- ScriptedValidateRecord
- SearchElasticsearch
- SegmentContent
- SendTrapSNMP
- SetSNMP
- SignContentPGP
- SplitAvro
- SplitContent
- SplitExcel
- SplitJson
- SplitPCAP
- SplitRecord
- SplitText
- SplitXml
- StartAwsPollyJob
- StartAwsTextractJob
- StartAwsTranscribeJob
- StartAwsTranslateJob
- StartGcpVisionAnnotateFilesOperation
- StartGcpVisionAnnotateImagesOperation
- TagS3Object
- TailFile
- TransformXml
- UnpackContent
- UpdateAttribute
- UpdateByQueryElasticsearch
- UpdateCounter
- UpdateDatabaseTable
- UpdateRecord
- ValidateCsv
- ValidateJson
- ValidateRecord
- ValidateXml
- VerifyContentMAC
- VerifyContentPGP
- Wait
-
Controller Services
- ADLSCredentialsControllerService
- ADLSCredentialsControllerServiceLookup
- AmazonGlueSchemaRegistry
- ApicurioSchemaRegistry
- AvroReader
- AvroRecordSetWriter
- AvroSchemaRegistry
- AWSCredentialsProviderControllerService
- AzureBlobStorageFileResourceService
- AzureCosmosDBClientService
- AzureDataLakeStorageFileResourceService
- AzureEventHubRecordSink
- AzureStorageCredentialsControllerService_v12
- AzureStorageCredentialsControllerServiceLookup_v12
- CEFReader
- ConfluentEncodedSchemaReferenceReader
- ConfluentEncodedSchemaReferenceWriter
- ConfluentSchemaRegistry
- CSVReader
- CSVRecordLookupService
- CSVRecordSetWriter
- DatabaseRecordLookupService
- DatabaseRecordSink
- DatabaseTableSchemaRegistry
- DBCPConnectionPool
- DBCPConnectionPoolLookup
- DistributedMapCacheLookupService
- ElasticSearchClientServiceImpl
- ElasticSearchLookupService
- ElasticSearchStringLookupService
- EmailRecordSink
- EmbeddedHazelcastCacheManager
- ExcelReader
- ExternalHazelcastCacheManager
- FreeFormTextRecordSetWriter
- GCPCredentialsControllerService
- GCSFileResourceService
- GrokReader
- HazelcastMapCacheClient
- HikariCPConnectionPool
- HttpRecordSink
- IPLookupService
- JettyWebSocketClient
- JettyWebSocketServer
- JMSConnectionFactoryProvider
- JndiJmsConnectionFactoryProvider
- JsonConfigBasedBoxClientService
- JsonPathReader
- JsonRecordSetWriter
- JsonTreeReader
- Kafka3ConnectionService
- KerberosKeytabUserService
- KerberosPasswordUserService
- KerberosTicketCacheUserService
- LoggingRecordSink
- MapCacheClientService
- MapCacheServer
- MongoDBControllerService
- MongoDBLookupService
- PropertiesFileLookupService
- ProtobufReader
- ReaderLookup
- RecordSetWriterLookup
- RecordSinkServiceLookup
- RedisConnectionPoolService
- RedisDistributedMapCacheClientService
- RestLookupService
- S3FileResourceService
- ScriptedLookupService
- ScriptedReader
- ScriptedRecordSetWriter
- ScriptedRecordSink
- SetCacheClientService
- SetCacheServer
- SimpleCsvFileLookupService
- SimpleDatabaseLookupService
- SimpleKeyValueLookupService
- SimpleRedisDistributedMapCacheClientService
- SimpleScriptedLookupService
- SiteToSiteReportingRecordSink
- SlackRecordSink
- SmbjClientProviderService
- StandardAsanaClientProviderService
- StandardAzureCredentialsControllerService
- StandardDropboxCredentialService
- StandardFileResourceService
- StandardHashiCorpVaultClientService
- StandardHttpContextMap
- StandardJsonSchemaRegistry
- StandardKustoIngestService
- StandardKustoQueryService
- StandardOauth2AccessTokenProvider
- StandardPGPPrivateKeyService
- StandardPGPPublicKeyService
- StandardPrivateKeyService
- StandardProxyConfigurationService
- StandardRestrictedSSLContextService
- StandardS3EncryptionService
- StandardSSLContextService
- StandardWebClientServiceProvider
- Syslog5424Reader
- SyslogReader
- UDPEventRecordSink
- VolatileSchemaCache
- WindowsEventLogReader
- XMLFileLookupService
- XMLReader
- XMLRecordSetWriter
- YamlTreeReader
- ZendeskRecordSink
AWSCredentialsProviderControllerService 2.0.0
- Bundle
- org.apache.nifi | nifi-aws-nar
- Description
- Defines credentials for Amazon Web Services processors. Uses default credentials without configuration. Default credentials support EC2 instance profile/role, default user profile, environment variables, etc. Additional options include access key / secret key pairs, credentials file, named profile, and assume role credentials.
- Tags
- aws, credentials, provider
- Input Requirement
- Supports Sensitive Dynamic Properties
- false
Properties
-
Access Key ID
- Display Name
- Access Key ID
- Description
- API Name
- Access Key
- Expression Language Scope
- Environment variables defined at JVM level and system properties
- Sensitive
- true
- Required
- false
-
Use Anonymous Credentials
If true, uses Anonymous credentials
- Display Name
- Use Anonymous Credentials
- Description
- If true, uses Anonymous credentials
- API Name
- anonymous-credentials
- Default Value
- false
- Allowable Values
-
- true
- false
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
-
Assume Role ARN
The AWS Role ARN for cross account access. This is used in conjunction with Assume Role Session Name and other Assume Role properties.
- Display Name
- Assume Role ARN
- Description
- The AWS Role ARN for cross account access. This is used in conjunction with Assume Role Session Name and other Assume Role properties.
- API Name
- Assume Role ARN
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
-
Assume Role Session Name
The AWS Role Session Name for cross account access. This is used in conjunction with Assume Role ARN.
- Display Name
- Assume Role Session Name
- Description
- The AWS Role Session Name for cross account access. This is used in conjunction with Assume Role ARN.
- API Name
- Assume Role Session Name
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- true
- Dependencies
-
- Assume Role ARN is set to any value specified
-
Assume Role External ID
External ID for cross-account access. This is used in conjunction with Assume Role ARN.
- Display Name
- Assume Role External ID
- Description
- External ID for cross-account access. This is used in conjunction with Assume Role ARN.
- API Name
- assume-role-external-id
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
- Dependencies
-
- Assume Role ARN is set to any value specified
-
Assume Role Proxy Configuration Service
Proxy configuration for cross-account access, if needed within your environment. This will configure a proxy to request for temporary access keys into another AWS account.
- Display Name
- Assume Role Proxy Configuration Service
- Description
- Proxy configuration for cross-account access, if needed within your environment. This will configure a proxy to request for temporary access keys into another AWS account.
- API Name
- assume-role-proxy-configuration-service
- Service Interface
- org.apache.nifi.proxy.ProxyConfigurationService
- Service Implementations
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
- Dependencies
-
- Assume Role ARN is set to any value specified
-
Assume Role SSL Context Service
SSL Context Service used when connecting to the STS Endpoint.
- Display Name
- Assume Role SSL Context Service
- Description
- SSL Context Service used when connecting to the STS Endpoint.
- API Name
- assume-role-ssl-context-service
- Service Interface
- org.apache.nifi.ssl.SSLContextService
- Service Implementations
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
- Dependencies
-
- Assume Role ARN is set to any value specified
-
Assume Role STS Endpoint Override
The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com") works for all accounts that are not for China (Beijing) region or GovCloud. You only need to set this property to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session credentials for services in China(Beijing) region or to "sts.us-gov-west-1.amazonaws.com" for GovCloud.
- Display Name
- Assume Role STS Endpoint Override
- Description
- The default AWS Security Token Service (STS) endpoint ("sts.amazonaws.com") works for all accounts that are not for China (Beijing) region or GovCloud. You only need to set this property to "sts.cn-north-1.amazonaws.com.cn" when you are requesting session credentials for services in China(Beijing) region or to "sts.us-gov-west-1.amazonaws.com" for GovCloud.
- API Name
- assume-role-sts-endpoint
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
- Dependencies
-
- Assume Role ARN is set to any value specified
-
Assume Role STS Region
The AWS Security Token Service (STS) region
- Display Name
- Assume Role STS Region
- Description
- The AWS Security Token Service (STS) region
- API Name
- assume-role-sts-region
- Default Value
- us-west-2
- Allowable Values
-
- Asia Pacific (Hyderabad)
- Asia Pacific (Mumbai)
- Europe (Milan)
- Europe (Spain)
- AWS GovCloud (US-East)
- Middle East (UAE)
- Israel (Tel Aviv)
- Canada (Central)
- Europe (Frankfurt)
- US ISO WEST
- Europe (Zurich)
- EU ISOE West
- US West (N. California)
- US West (Oregon)
- Africa (Cape Town)
- Europe (Stockholm)
- Europe (Paris)
- Europe (London)
- Europe (Ireland)
- Asia Pacific (Osaka)
- Asia Pacific (Seoul)
- Asia Pacific (Tokyo)
- Middle East (Bahrain)
- South America (Sao Paulo)
- Asia Pacific (Hong Kong)
- China (Beijing)
- Canada West (Calgary)
- AWS GovCloud (US-West)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
- US ISO East
- Asia Pacific (Jakarta)
- Asia Pacific (Melbourne)
- Asia Pacific (Malaysia)
- US East (N. Virginia)
- US East (Ohio)
- China (Ningxia)
- US ISOB East (Ohio)
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
- Dependencies
-
- Assume Role ARN is set to any value specified
-
Assume Role STS Signer Override
The AWS STS library uses Signature Version 4 by default. This property allows you to plug in your own custom signer implementation.
- Display Name
- Assume Role STS Signer Override
- Description
- The AWS STS library uses Signature Version 4 by default. This property allows you to plug in your own custom signer implementation.
- API Name
- assume-role-sts-signer-override
- Default Value
- Default Signature
- Allowable Values
-
- Default Signature
- Signature Version 4
- Custom Signature
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
- Dependencies
-
- Assume Role ARN is set to any value specified
-
Credentials File
Path to a file containing AWS access key and secret key in properties file format.
- Display Name
- Credentials File
- Description
- Path to a file containing AWS access key and secret key in properties file format.
- API Name
- Credentials File
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
-
Custom Signer Class Name
Fully qualified class name of the custom signer class. The signer must implement com.amazonaws.auth.Signer interface.
- Display Name
- Custom Signer Class Name
- Description
- Fully qualified class name of the custom signer class. The signer must implement com.amazonaws.auth.Signer interface.
- API Name
- custom-signer-class-name
- Expression Language Scope
- Environment variables defined at JVM level and system properties
- Sensitive
- false
- Required
- true
- Dependencies
-
- Assume Role STS Signer Override is set to any of [CustomSignerType]
-
Custom Signer Module Location
Comma-separated list of paths to files and/or directories which contain the custom signer's JAR file and its dependencies (if any).
- Display Name
- Custom Signer Module Location
- Description
- Comma-separated list of paths to files and/or directories which contain the custom signer's JAR file and its dependencies (if any).
- API Name
- custom-signer-module-location
- Expression Language Scope
- Environment variables defined at JVM level and system properties
- Sensitive
- false
- Required
- false
- Dependencies
-
- Assume Role STS Signer Override is set to any of [CustomSignerType]
-
Use Default Credentials
If true, uses the Default Credential chain, including EC2 instance profiles or roles, environment variables, default user credentials, etc.
- Display Name
- Use Default Credentials
- Description
- If true, uses the Default Credential chain, including EC2 instance profiles or roles, environment variables, default user credentials, etc.
- API Name
- default-credentials
- Default Value
- false
- Allowable Values
-
- true
- false
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
-
Profile Name
The AWS profile name for credentials from the profile configuration file.
- Display Name
- Profile Name
- Description
- The AWS profile name for credentials from the profile configuration file.
- API Name
- profile-name
- Expression Language Scope
- Environment variables defined at JVM level and system properties
- Sensitive
- false
- Required
- false
-
Secret Access Key
- Display Name
- Secret Access Key
- Description
- API Name
- Secret Key
- Expression Language Scope
- Environment variables defined at JVM level and system properties
- Sensitive
- true
- Required
- false
-
Assume Role Session Time
Session time for role based session (between 900 and 3600 seconds). This is used in conjunction with Assume Role ARN.
- Display Name
- Assume Role Session Time
- Description
- Session time for role based session (between 900 and 3600 seconds). This is used in conjunction with Assume Role ARN.
- API Name
- Session Time
- Default Value
- 3600
- Expression Language Scope
- Not Supported
- Sensitive
- false
- Required
- false
- Dependencies
-
- Assume Role ARN is set to any value specified
Restrictions
| Required Permission | Explanation |
|---|---|
| access environment credentials | The default configuration can read environment variables and system properties for credentials |