• General
  • Overview
  • Getting Started
  • User Guide
  • Expression Language Guide
  • RecordPath Guide
  • Admin Guide
  • Toolkit Guide
  • Walkthroughs

• Developer
  • Developer Guide
  • Python Developer Guide
  • Apache NiFi In Depth

• Processors
  • AttributeRollingWindow
  • AttributesToCSV
  • AttributesToJSON
  • CalculateRecordStats
  • CaptureChangeMySQL
  • CompressContent
  • ConnectWebSocket
  • ConsumeAMQP
  • ConsumeAzureEventHub
  • ConsumeElasticsearch
  • ConsumeGCPubSub
  • ConsumeIMAP
  • ConsumeJMS
  • ConsumeKafka
  • ConsumeKinesisStream
  • ConsumeMQTT
  • ConsumePOP3
  • ConsumeSlack
  • ConsumeTwitter
  • ConsumeWindowsEventLog
  • ControlRate
  • ConvertCharacterSet
  • ConvertRecord
  • CopyAzureBlobStorage_v12
  • CopyS3Object
  • CountText
  • CryptographicHashContent
  • DebugFlow
  • DecryptContentAge
  • DecryptContentPGP
  • DeduplicateRecord
  • DeleteAzureBlobStorage_v12
  • DeleteAzureDataLakeStorage
  • DeleteByQueryElasticsearch
  • DeleteDynamoDB
  • DeleteFile
  • DeleteGCSObject
  • DeleteGridFS
  • DeleteMongo
  • DeleteS3Object
  • DeleteSFTP
  • DeleteSQS
  • DetectDuplicate
  • DistributeLoad
  • DuplicateFlowFile
  • EncodeContent
  • EncryptContentAge
  • EncryptContentPGP
  • EnforceOrder
  • EvaluateJsonPath
  • EvaluateXPath
  • EvaluateXQuery
  • ExecuteGroovyScript
  • ExecuteProcess
  • ExecuteScript
  • ExecuteSQL
  • ExecuteSQLRecord
  • ExecuteStreamCommand
  • ExtractAvroMetadata
  • ExtractEmailAttachments
  • ExtractEmailHeaders
  • ExtractGrok
  • ExtractHL7Attributes
  • ExtractRecordSchema
  • ExtractText
  • FetchAzureBlobStorage_v12
  • FetchAzureDataLakeStorage
  • FetchBoxFile
  • FetchDistributedMapCache
  • FetchDropbox
  • FetchFile
  • FetchFTP
  • FetchGCSObject
  • FetchGoogleDrive
  • FetchGridFS
  • FetchS3Object
  • FetchSFTP
  • FetchSmb
  • FilterAttribute
  • FlattenJson
  • ForkEnrichment
  • ForkRecord
  • GenerateFlowFile
  • GenerateRecord
  • GenerateTableFetch
  • GeoEnrichIP
  • GeoEnrichIPRecord
  • GeohashRecord
  • GetAsanaObject
  • GetAwsPollyJobStatus
  • GetAwsTextractJobStatus
  • GetAwsTranscribeJobStatus
  • GetAwsTranslateJobStatus
  • GetAzureEventHub
  • GetAzureQueueStorage_v12
  • GetDynamoDB
  • GetElasticsearch
  • GetFile
  • GetFileResource
  • GetFTP
  • GetGcpVisionAnnotateFilesOperationStatus
  • GetGcpVisionAnnotateImagesOperationStatus
  • GetHubSpot
  • GetMongo
  • GetMongoRecord
  • GetS3ObjectMetadata
  • GetSFTP
  • GetShopify
  • GetSmbFile
  • GetSNMP
  • GetSplunk
  • GetSQS
  • GetWorkdayReport
  • GetZendesk
  • HandleHttpRequest
  • HandleHttpResponse
  • IdentifyMimeType
  • InvokeHTTP
  • InvokeScriptedProcessor
  • ISPEnrichIP
  • JoinEnrichment
  • JoltTransformJSON
  • JoltTransformRecord
  • JSLTTransformJSON
  • JsonQueryElasticsearch
  • ListAzureBlobStorage_v12
  • ListAzureDataLakeStorage
  • ListBoxFile
  • ListDatabaseTables
  • ListDropbox
  • ListenFTP
  • ListenHTTP
  • ListenOTLP
  • ListenSlack
  • ListenSyslog
  • ListenTCP
  • ListenTrapSNMP
  • ListenUDP
  • ListenUDPRecord
  • ListenWebSocket
  • ListFile
  • ListFTP
  • ListGCSBucket
  • ListGoogleDrive
  • ListS3
  • ListSFTP
  • ListSmb
  • LogAttribute
  • LogMessage
  • LookupAttribute
  • LookupRecord
  • MergeContent
  • MergeRecord
  • ModifyBytes
  • ModifyCompression
  • MonitorActivity
  • MoveAzureDataLakeStorage
  • Notify
  • PackageFlowFile
  • PaginatedJsonQueryElasticsearch
  • ParseEvtx
  • ParseNetflowv5
  • ParseSyslog
  • ParseSyslog5424
  • PartitionRecord
  • PublishAMQP
  • PublishGCPubSub
  • PublishJMS
  • PublishKafka
  • PublishMQTT
  • PublishSlack
  • PutAzureBlobStorage_v12
  • PutAzureCosmosDBRecord
  • PutAzureDataExplorer
  • PutAzureDataLakeStorage
  • PutAzureEventHub
  • PutAzureQueueStorage_v12
  • PutBigQuery
  • PutBoxFile
  • PutCloudWatchMetric
  • PutDatabaseRecord
  • PutDistributedMapCache
  • PutDropbox
  • PutDynamoDB
  • PutDynamoDBRecord
  • PutElasticsearchJson
  • PutElasticsearchRecord
  • PutEmail
  • PutFile
  • PutFTP
  • PutGCSObject
  • PutGoogleDrive
  • PutGridFS
  • PutKinesisFirehose
  • PutKinesisStream
  • PutLambda
  • PutMongo
  • PutMongoBulkOperations
  • PutMongoRecord
  • PutRecord
  • PutRedisHashRecord
  • PutS3Object
  • PutSalesforceObject
  • PutSFTP
  • PutSmbFile
  • PutSNS
  • PutSplunk
  • PutSplunkHTTP
  • PutSQL
  • PutSQS
  • PutSyslog
  • PutTCP
  • PutUDP
  • PutWebSocket
  • PutZendeskTicket
  • QueryAirtableTable
  • QueryAzureDataExplorer
  • QueryDatabaseTable
  • QueryDatabaseTableRecord
  • QueryRecord
  • QuerySalesforceObject
  • QuerySplunkIndexingStatus
  • RemoveRecordField
  • RenameRecordField
  • ReplaceText
  • ReplaceTextWithMapping
  • RetryFlowFile
  • RouteHL7
  • RouteOnAttribute
  • RouteOnContent
  • RouteText
  • RunMongoAggregation
  • SampleRecord
  • ScanAttribute
  • ScanContent
  • ScriptedFilterRecord
  • ScriptedPartitionRecord
  • ScriptedTransformRecord
  • ScriptedValidateRecord
  • SearchElasticsearch
  • SegmentContent
  • SendTrapSNMP
  • SetSNMP
  • SignContentPGP
  • SplitAvro
  • SplitContent
  • SplitExcel
  • SplitJson
  • SplitPCAP
  • SplitRecord
  • SplitText
  • SplitXml
  • StartAwsPollyJob
  • StartAwsTextractJob
  • StartAwsTranscribeJob
  • StartAwsTranslateJob
  • StartGcpVisionAnnotateFilesOperation
  • StartGcpVisionAnnotateImagesOperation
  • TagS3Object
  • TailFile
  • TransformXml
  • UnpackContent
  • UpdateAttribute
  • UpdateByQueryElasticsearch
  • UpdateCounter
  • UpdateDatabaseTable
  • UpdateRecord
  • ValidateCsv
  • ValidateJson
  • ValidateRecord
  • ValidateXml
  • VerifyContentMAC
  • VerifyContentPGP
  • Wait

• Controller Services
  • ADLSCredentialsControllerService
  • ADLSCredentialsControllerServiceLookup
  • AmazonGlueSchemaRegistry
  • ApicurioSchemaRegistry
  • AvroReader
  • AvroRecordSetWriter
  • AvroSchemaRegistry
  • AWSCredentialsProviderControllerService
  • AzureBlobStorageFileResourceService
  • AzureCosmosDBClientService
  • AzureDataLakeStorageFileResourceService
  • AzureEventHubRecordSink
  • AzureStorageCredentialsControllerService_v12
  • AzureStorageCredentialsControllerServiceLookup_v12
  • CEFReader
  • ConfluentEncodedSchemaReferenceReader
  • ConfluentEncodedSchemaReferenceWriter
  • ConfluentSchemaRegistry
  • CSVReader
  • CSVRecordLookupService
  • CSVRecordSetWriter
  • DatabaseRecordLookupService
  • DatabaseRecordSink
  • DatabaseTableSchemaRegistry
  • DBCPConnectionPool
  • DBCPConnectionPoolLookup
  • DistributedMapCacheLookupService
  • ElasticSearchClientServiceImpl
  • ElasticSearchLookupService
  • ElasticSearchStringLookupService
  • EmailRecordSink
  • EmbeddedHazelcastCacheManager
  • ExcelReader
  • ExternalHazelcastCacheManager
  • FreeFormTextRecordSetWriter
  • GCPCredentialsControllerService
  • GCSFileResourceService
  • GrokReader
  • HazelcastMapCacheClient
  • HikariCPConnectionPool
  • HttpRecordSink
  • IPLookupService
  • JettyWebSocketClient
  • JettyWebSocketServer
  • JMSConnectionFactoryProvider
  • JndiJmsConnectionFactoryProvider
  • JsonConfigBasedBoxClientService
  • JsonPathReader
  • JsonRecordSetWriter
  • JsonTreeReader
  • Kafka3ConnectionService
  • KerberosKeytabUserService
  • KerberosPasswordUserService
  • KerberosTicketCacheUserService
  • LoggingRecordSink
  • MapCacheClientService
  • MapCacheServer
  • MongoDBControllerService
  • MongoDBLookupService
  • PEMEncodedSSLContextProvider
  • PropertiesFileLookupService
  • ProtobufReader
  • ReaderLookup
  • RecordSetWriterLookup
  • RecordSinkServiceLookup
  • RedisConnectionPoolService
  • RedisDistributedMapCacheClientService
  • RestLookupService
  • S3FileResourceService
  • ScriptedLookupService
  • ScriptedReader
  • ScriptedRecordSetWriter
  • ScriptedRecordSink
  • SetCacheClientService
  • SetCacheServer
  • SimpleCsvFileLookupService
  • SimpleDatabaseLookupService
  • SimpleKeyValueLookupService
  • SimpleRedisDistributedMapCacheClientService
  • SimpleScriptedLookupService
  • SiteToSiteReportingRecordSink
  • SlackRecordSink
  • SmbjClientProviderService
  • StandardAsanaClientProviderService
  • StandardAzureCredentialsControllerService
  • StandardDropboxCredentialService
  • StandardFileResourceService
  • StandardHashiCorpVaultClientService
  • StandardHttpContextMap
  • StandardJsonSchemaRegistry
  • StandardKustoIngestService
  • StandardKustoQueryService
  • StandardOauth2AccessTokenProvider
  • StandardPGPPrivateKeyService
  • StandardPGPPublicKeyService
  • StandardPrivateKeyService
  • StandardProxyConfigurationService
  • StandardRestrictedSSLContextService
  • StandardS3EncryptionService
  • StandardSSLContextService
  • StandardWebClientServiceProvider
  • Syslog5424Reader
  • SyslogReader
  • UDPEventRecordSink
  • VolatileSchemaCache
  • WindowsEventLogReader
  • XMLFileLookupService
  • XMLReader
  • XMLRecordSetWriter
  • YamlTreeReader
  • ZendeskRecordSink

• Reporting Tasks
  • AzureLogAnalyticsProvenanceReportingTask
  • AzureLogAnalyticsReportingTask
  • ControllerStatusReportingTask
  • MonitorDiskUsage
  • MonitorMemory
  • ScriptedReportingTask
  • SiteToSiteBulletinReportingTask
  • SiteToSiteMetricsReportingTask
  • SiteToSiteProvenanceReportingTask
  • SiteToSiteStatusReportingTask

• Parameter Providers
  • AwsSecretsManagerParameterProvider
  • AzureKeyVaultSecretsParameterProvider
  • DatabaseParameterProvider
  • EnvironmentVariableParameterProvider
  • GcpSecretManagerParameterProvider
  • HashiCorpVaultParameterProvider
  • KubernetesSecretParameterProvider
  • OnePasswordParameterProvider

• Flow Analysis Rules
  • DisallowComponentType

StandardS3EncryptionService 2.1.0

Bundle

org.apache.nifi | nifi-aws-nar

Description

Adds configurable encryption to S3 Put and S3 Fetch operations.

Tags

aws, decrypt, decryption, encrypt, encryption, key, s3, service

Input Requirement

Supports Sensitive Dynamic Properties

false

• Additional Details for StandardS3EncryptionService 2.1.0

  S3EncryptionService

  Description

  The StandardS3EncryptionService manages an encryption strategy and applies that strategy to various S3 operations.
  Note: This service has no effect when a processor has the Server Side Encryption property set. To use this service with processors so configured, first create a service instance, set the Encryption Strategy to Server-side S3, disable the Server Side Encryption processor setting, and finally, associate the processor with the service.

  Configuration Details

  Encryption Strategy

  The name of the specific encryption strategy for this service to use when encrypting and decrypting S3 operations.

  • None - no encryption is configured or applied.
  • Server-side S3 - encryption and decryption is managed by S3; no keys are required.
  • Server-side KMS - encryption and decryption are performed by S3 using the configured KMS key.
  • Server-side Customer Key - encryption and decryption are performed by S3 using the supplied customer key.
  • Client-side KMS - like the Server-side KMS strategy, with the encryption and decryption performed by the client.
  • Client-side Customer Key - like the Server-side Customer Key strategy, with the encryption and decryption performed by the client.

  Key ID or Key Material

  When configured for either the Server-side or Client-side KMS strategies, this field should contain the KMS Key ID.

  When configured for either the Server-side or Client-side Customer Key strategies, this field should contain the key material, and that material must be base64 encoded.

  All other encryption strategies ignore this field.

  KMS Region

  KMS key region, if any. This value must match the actual region of the KMS key if supplied.