Hi all, I need to create my SFTP service using AWS Transfer Family and Lambda as Identity Provider and S3 as Storage.
I created my Lambda function and authentication works but I can't show list of files.
My Node.js lambda is:
exports.handler = async (event) => {
return {
"Role":"arn:aws:iam::356173882118:role/sftp-access-s3"
}
};
Identity provider testing response is:
{
"Response": "{\"HomeDirectoryType\":\"PATH\",\"Role\":\"arn:aws:iam::356173882118:role/sftp-access-s3\",\"UserName\":\"dasdasd\",\"IdentityProviderType\":\"AWS_LAMBDA\"}",
"StatusCode": 200,
"Message": ""
}
My role sftp-access-s3 has a policy and a trust relationship:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::tecnoin-ftp-bucket"
],
"Effect": "Allow",
"Sid": "ReadWriteS3"
},
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObjectVersion",
"s3:GetObjectACL",
"s3:PutObjectACL"
],
"Resource": [
"arn:aws:s3:::tecnoin-ftp-bucket/*"
],
"Effect": "Allow",
"Sid": ""
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
I can connect successfully with my ftp client but then i can't see the files. I receive this error:
Permission denied.
Error code: 3
Error message from server (US-ASCII): Access denied
On cloud Watch:
luca.1e5bad7f45e09f0b CONNECTED SourceIP=165.225.202.99 User=luca HomeDir=/ Client=SSH-2.0-WinSCP_release_5.17.10 Role=arn:aws:iam::356173882118:role/sftp-access-s3 UserPolicy="{\"Version\": \"2012-10-17\",\"Statement\": [ {\"Action\": [ \"s3:ListBucket\", \"s3:GetBucketLocation\"],\"Resource\": [ \"arn:aws:s3:::tecnoin-ftp-bucket\"],\"Effect\": \"Allow\",\"Sid\": \"ReadWriteS3\" }, {\"Action\": [ \"s3:PutObject\", \"s3:GetObject\", \"s3:DeleteObject\", \"s3:DeleteObjectVersion\", \"s3:GetObjectVersion\", \"s3:GetObjectACL\", \"s3:PutObjectACL\"],\"Resource\": [ \"arn:aws:s3:::tecnoin-ftp-bucket/*\"],\"Effect\": \"Allow\",\"Sid\": \"\" }]}" Kex=ecdh-sha2-nistp256 Ciphers=aes256-ctr,aes256-ctr
luca.1e5bad7f45e09f0b ERROR Message="Access denied"
Could you please support me to solve the issue?
Thanks