Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Key auth with custom identity provider for SFTP

0

Hi,
We have an FTP(s) and SFTP set up on AWS Transfer Family, in our own VPC with Cognito as the custom identity provider (APIGW + lambda). We have configured it to accept usernames and passwords and are successfully using it in production.

We want to enable SSH key for the SFTP where clients access and send data with the private key. We have the client's public key but are unclear on how the connection and data transfer flow is for our scenario.

Right now, we are totally in the dark on how to do this. How do we allow clients access via a private key without a username/password configured using our custom identity provider for AWS Transfer Family?

When the client tries to connect to the server, I'm guessing it will go through the custom identity provider (APIGW+Lambda), but we're unsure how to allow the client to proceed to AWS Transfer Family, and where we should be storing and sending the Public Key?

Any help or pointing us in the right direction would help. Thank you!

Themen
Migration und Modernisierung
Tags
AWS Transfer Family
Sprache
English
pomsense
gefragt vor 3 Jahren524 Aufrufe
1 Antwort
0

Figured it out.

In Cognito, add an attribute for pub rsa keys. You can either validate in custom identity provider the sourceIp or whether user exists in cognito, and then include in the response, along with Role and Policy, an array of PublicKeys:
PublicKeys: stringArrayWithPubKey

pomsense
beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt