- 최신
- 최다 투표
- 가장 많은 댓글
@luk3tt0 Difficult to diagnose with the information provided, but this error message would suggest you sent a PASS command with the password before sending a USER <user id> command.
How can I do a complete troubleshooting? I changed VPC configuration. Now I can connect but I can't show files. Probably there is a permission issue
This is policy attached to role.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::*"
],
"Effect": "Allow",
"Sid": "ReadWriteS3"
},
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObjectVersion",
"s3:GetObjectACL",
"s3:PutObjectACL"
],
"Resource": [
"arn:aws:s3:::*"
],
"Effect": "Allow",
"Sid": ""
}
]
}
@luk3tt0,
As per the FTP client log that you shared, it seems there might be an issue in Security Groups not allowing traffic through required DataChannel ports. User is able to login to the server implies that Security Group allows ControlChannel traffic. However, a subsequent timeout for an ls might indicate that Data Channel traffic is blocked.
AWS Transfer Family uses Port 21 for Control Channel and Port Range [8192-8200] for Data Channel for FTP/FTPS protocols. Would you be able to update your Security Group associated to the server endpoint and allow inbound traffic through these ports and retry ?
Also, the permissions you shared above for accessing S3 seem correct and grant defined permissions to all S3 buckets. However, do note that if your HomeDirectory is explicitly set to / and you are not using Logical Directories for your User, you are basically at the root of S3 - implying that an ls operation at this level would return all S3 buckets in your account. If you intend to do that, you would require additional permissions for s3:ListAllMyBuckets for the Resource: *.
Let me know if you have further questions.
-- Sagar
관련 콘텐츠
AWS 공식업데이트됨 일 년 전- AWS 공식업데이트됨 3달 전
