By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Looking for ideas, How can I create a secure SFTP server with scanning?

0

Suppose I want to make a safe, easy, and accessible way to transfer files into a VPC. Ideally a user just goes to a site in a browser and uploads the file, then can log into the VPC's network and download it.

But there's a few gotchas:

  • All uploaded files must be scanned for viruses/malware (e.x. ClamAV Lambda checks the files). Infected files must be quarantined/inaccessible.

  • Users need to be able to authenticate with an Identity provider like Okta.

  • Users should only be able to see files that they have permissions to.

I wanted to use AWS managed SFTP (such as https://github.com/awslabs/web-client-for-aws-transfer-family/tree/open-source), but I can't figure out how I would implement scanning into the pipeline. I could instead use S3 buckets directly with some application interface, but that would take a lot of heavy lifting on my end to build said application (unless there's already something for this).

Any suggestions?

Topics
StorageMigration & Modernization
Tags
Amazon Simple Storage ServiceAWS Transfer for SFTPStorage
Language
English
Brandon-Ellis-AI
asked 2 years ago393 views
1 Answer
1

I suggest the workflow feature of AWS Transfer may help meet your requirements to add a scanning lambda and control the user permissions. This blog post is a good guide for some of the capabilities. There was an enhancement to workflows announced yesterday.

I have also worked with customers with very complex requirements where we used step functions

AWS
EXPERT
Peter_G
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content