Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Unable to specify bucket with custom identity provider

0

I've customized my identity provider using the template and instructions available here:

https://docs.aws.amazon.com/transfer/latest/userguide/authenticating-users.html

I'm able to get a correct response from my API and successfully log while testing in AWS Transfer and with FileZilla. However, it's not actually allowing a user to view existing files or upload new files. Here is the response from the identity provider API:

{
    "Policy": "<policy granting full access to bucket>",
    "Role": "<role with full access to S3>",
    "HomeDirectory": "/<my bucket>/test"
}

I'm assuming this is acceptable based off the information on these pages:

https://aws.amazon.com/blogs/storage/simplify-your-aws-sftp-structure-with-chroot-and-logical-directories/
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-user.html

However, FileZilla gives me the following log:

Status:	Connecting to sftp.mydomain.com...
Status:	Using username "test". 
Status:	Connected to 123456.server.transfer.us-east-1.amazonaws.com
Status:	Retrieving directory listing...
Status:	Listing directory /<my bucket>/test
Error:	Unknown eventType 37
Error:	Failed to retrieve directory listing

So I tried using logical directories instead using the information in the previous links. This is an example response from the API:

{
    "Policy": "<policy granting full access to bucket>",
    "Role": "<role with full access to S3>",
    "HomeDirectoryType": "LOGICAL",
    "HomeDirectoryDetails": [
        {
            "Entry": "/",
            "Target": "/<my bucket>/test"
        }
    ]
}

I updated my UserConfigResponseModel in the API Gateway to this:

{
    "$schema":"http://json-schema.org/draft-04/schema#",
    "title":"UserUserConfig",
    "type":"object",
    "properties":
    {
        "Role":{"type":"string"},
        "Policy":{"type":"string"},
        "HomeDirectory":{"type":"string"},
        "HomeDirectoryType":{"type":"string"},
        "HomeDirectoryDetails":
        {
          "type":"array",
          "items":
          {
              "type":"object",
              "properties":
              {
                  "Entry":{"type":"string"},
                  "Target":{"type":"string"}
              }
          }
        },
        "PublicKeys":
        {
            "type":"array",
            "items":{"type":"string"}
        }
    }
}

When I test this in AWS Transfer, I get the following response:

Unable to call identity provider: Unable to unmarshall response (We expected a VALUE token but got: START_ARRAY). Response Code: 200, Response Text: OK

All of this is very frustrating because the responses I am getting do not match what I would expect to see after reading the documentation. My question is this: how do I specify a bucket when using a custom identity provider in AWS Transfer.

Edited by: paul_hatcher on May 19, 2020 9:26 AM

Themen
Migration und Modernisierung
Tags
AWS Transfer Family
Sprache
English
paul_hatcher
gefragt vor 4 Jahren599 Aufrufe
1 Antwort
0

Hi paul_hatcher,

For logical directories to work, the HomeDirectoryDetails field needs to be a JSON string, not an array. The following link will give you a better idea on what the field should be.

https://aws.amazon.com/blogs/storage/using-aws-sftp-logical-directories-to-build-a-simple-data-distribution-service/

You should use the following schema for “HomeDirectoryDetails” to make it work:

“HomeDirectoryDetails”:{“type”:”string”}

If you have other issues, please let us know.

Thanks.

AWS-User-5249188
beantwortet vor 4 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt