I've customized my identity provider using the template and instructions available here:
https://docs.aws.amazon.com/transfer/latest/userguide/authenticating-users.html
I'm able to get a correct response from my API and successfully log while testing in AWS Transfer and with FileZilla. However, it's not actually allowing a user to view existing files or upload new files. Here is the response from the identity provider API:
{
"Policy": "<policy granting full access to bucket>",
"Role": "<role with full access to S3>",
"HomeDirectory": "/<my bucket>/test"
}
I'm assuming this is acceptable based off the information on these pages:
https://aws.amazon.com/blogs/storage/simplify-your-aws-sftp-structure-with-chroot-and-logical-directories/
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-user.html
However, FileZilla gives me the following log:
Status: Connecting to sftp.mydomain.com...
Status: Using username "test".
Status: Connected to 123456.server.transfer.us-east-1.amazonaws.com
Status: Retrieving directory listing...
Status: Listing directory /<my bucket>/test
Error: Unknown eventType 37
Error: Failed to retrieve directory listing
So I tried using logical directories instead using the information in the previous links. This is an example response from the API:
{
"Policy": "<policy granting full access to bucket>",
"Role": "<role with full access to S3>",
"HomeDirectoryType": "LOGICAL",
"HomeDirectoryDetails": [
{
"Entry": "/",
"Target": "/<my bucket>/test"
}
]
}
I updated my UserConfigResponseModel in the API Gateway to this:
{
"$schema":"http://json-schema.org/draft-04/schema#",
"title":"UserUserConfig",
"type":"object",
"properties":
{
"Role":{"type":"string"},
"Policy":{"type":"string"},
"HomeDirectory":{"type":"string"},
"HomeDirectoryType":{"type":"string"},
"HomeDirectoryDetails":
{
"type":"array",
"items":
{
"type":"object",
"properties":
{
"Entry":{"type":"string"},
"Target":{"type":"string"}
}
}
},
"PublicKeys":
{
"type":"array",
"items":{"type":"string"}
}
}
}
When I test this in AWS Transfer, I get the following response:
Unable to call identity provider: Unable to unmarshall response (We expected a VALUE token but got: START_ARRAY). Response Code: 200, Response Text: OK
All of this is very frustrating because the responses I am getting do not match what I would expect to see after reading the documentation. My question is this: how do I specify a bucket when using a custom identity provider in AWS Transfer.
Edited by: paul_hatcher on May 19, 2020 9:26 AM