- 新しい順
- 投票が多い順
- コメントが多い順
Hello srinathaws@,
To answer your question, Yes, Custom IDP with EFS is supported by AWS Transfer Family.
In regards to your question for setting up custom IDP with EFS, you can use the following parameters for your User configuration: (Adding Key:Value pairs)
Password: <password>
Role: arn:aws:iam::<account-id>:role/sftp-efs-full-access
HomeDirectoryType: LOGICAL
HomeDirectoryDetails: [{"Entry": "/abc", "Target": "/<fs-id>/abc"}]
PosixProfile: {"Uid": 123, "Gid": 456,"SecondaryGids": []}
Further, the default Lambda code doesn't include PosixProfile in its response to API Gateway. And therefore, you would have to update it such that it fetches PosixProfile from Secrets Manager and forwards it. Following are 2 lines you can add within the Lambda code. Typically, you would want to add them at the same place where you fetch the Role details from the Secret.
Example:
if 'Role' in resp_dict:
resp_data['Role'] = resp_dict['Role']
else:
print("No field match for role - Set empty string in response")
resp_data['Role'] = ''
if 'PosixProfile' in resp_dict:
resp_data['PosixProfile'] = json.loads(resp_dict['PosixProfile'])
Let me know if you have questions.
- Sagar
Hello,
I have stored the "PosixProfile" in the Lambda code, but it only works with this syntax: if PosixProfile: posixprofile = lookup(secret_dict, "PosixProfile", input_protocol) if posixprofile: response_data["PosixProfile"] = json.loads(posixprofile)
Unfortunately, I can't connect to the EFS using FileZila: Error message in the log: AUTH_FAILURE Method=password User=-efs Message="HomeDirectory must be an absolute path starting with '/'" SourceIP=
I have the assumption that something has changed with these keys: HomeDirectoryType: LOGICAL HomeDirectoryDetails: [{"Entry": "/abc", "Target": "/<fs-id>/abc"}]
I followed this guide: https://aws.amazon.com/en/blogs/storage/enable-password-authentication-for-aws-transfer-family-using-aws-secrets-manager-updated/
BR
