Sending AS2 messages between two AWS Transfer Family servers

1

I've set up AWS Transfer Family servers in two different regions to test the sending functionality. However, even though the VPC is created, sending messages fail with either UNABLE_TO_CONNECT_TO_REMOTE_HOST_OR_IP or "File path not found". I'm using S3 for the document to send.

I've checked the IP address with a different program (Mendelson AS2) and it's able to connect fine. It even was able to send a test document. Despite that, when sending through a lambda function, it fails.

A few things tried:

  • Checking permissions: I'm able to connect and describe the server, the connectors, etc with no problem so it's not that
  • Connector with the wrong URL: I used the same URL as the URL in Mendelson with the port attached at the end (http:/s-xxx:5080 in the format specified in [1] with the region). I also tried the URL without the port specified and that didn't work either
  • Region issue: I thought the mismatch between the region could be an issue since the lambda was set in us-west-1 while the as2 server I was sending to is in us-east2 so I created a different connector and had it send to itself in the same region. Still the same error with being unable to connect
  • Checked the cloudwatch logs: It actually reports that everything sent successfully with a 200 code

Weird things noticed:

  • After the lambda is triggered, it creates the expected failed and processing folder but after the first few times, it no longer saves the results. I get a .cms file and a .json file sometimes but not every time, even though the cloudwatch logs are correctly created every time.
  • The failed and processed folders somehow got created a folder above rather than the folder the file was uploaded to. (e.g. the folder structure is bucket/folder 1/folder2/folder 3 and the uploaded file was in folder3. However, the failed and processing folders were created in folder2 instead of the expected folder3. This happened just once though.

Additional question: I can upload this as a different question if needed but since it's related to my issue, I figured I'd put it here as well

  • What's the transfer id for? Is that supposed to be the execution id? There doesn't seem to be an option to view the results of the transfer in the documentation [2].

References:

[1] https://docs.aws.amazon.com/transfer/latest/userguide/as2-end-to-end-example.html#as2-create-connector-example

[2] https://docs.aws.amazon.com/transfer/latest/userguide/API_StartFileTransfer.html

1 Answer
1
Accepted Answer

Hi, as far as the first question, you could try using the VPC Reachability Analyzer to find out if there's a permissions or networking issue. You can search for that tool in the console, then click Create and analyze path. In the form that follows choose Source type as Internet Gateways and choose your internet gateway, Destination type VPC Endpoints and choose your VPC Endpoint that corresponds to your AS2 server, and finally set the destination port as 5080.Enter image description here

Another place I would look at is the Security Group permissions of your VPC.

Finally for Transfer Id, this is an identifier that is associated with a file transfer. All requests that are part of a StartFileTransfer call share a transfer-id.

lydakis
answered 2 months ago
  • Thank you. The VPC Reachability analyzer helped with figuring out my problem. I ended up figuring out that while the first server set up had the correct permissions for its subnets and components, the second one didn't. Fixing that and a few other things I found got the two servers up and running.

    It also answered another question I had about two servers in different regions sending to each other. Yes, it works.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions