Questions tagged with AWS Transfer for SFTP

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

AWS File Transfer Family Server and IAM role setup

Hi All, We have setup AWS file transfer server with AWS directory service (connected to Microsoft AD) authentication. As per use case, once user login to sftp, user should be able to see two directory within their own folder. {username}/folder1 {username}/folder2 I have setup below Access policy and IAM policy (attached to S3) create-access CLI: ``` aws transfer create-access \ --home-directory-type LOGICAL \ --home-directory-mappings '[{"Entry":"/folder1","Target":"/bucket_name/${transfer:UserName}/folder1" },{ "Entry": "/folder2", "Target":"/bucket_name/${transfer:UserName}/folder2"}]' \ --role arn:aws:iam::account_id:role/iam_role \ --server-id s-1234567876454ert \ --external-id S-1-2-34-56789123-12345678-1234567898-1234 ``` access policy was created successfully. Below IAM role is attached to S3 bucket and file-transfer server. ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::bucket_name" ], "Effect": "Allow", "Sid": "ReadWriteS3" }, { "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObjectVersion", "s3:GetObjectACL", "s3:PutObjectACL" ], "Resource": [ "arn:aws:s3:::bucket_name/${transfer:UserName}/*" ], "Effect": "Allow", "Sid": "" } ] } ``` When user login to sftp, they do not see folder1 & folder2 in their own directory. Can anyone help if anything missing in IAM policy? Thank You
3
answers
0
votes
81
views
profile picture
asked 2 months ago

Access denied using Transfer Family with Lambda Identity Provider

Hi all, I need to create my SFTP service using AWS Transfer Family and Lambda as Identity Provider and S3 as Storage. I created my Lambda function and authentication works but I can't show list of files. My Node.js lambda is: ``` exports.handler = async (event) => { return { "Role":"arn:aws:iam::356173882118:role/sftp-access-s3" } }; ``` Identity provider testing response is: ``` { "Response": "{\"HomeDirectoryType\":\"PATH\",\"Role\":\"arn:aws:iam::356173882118:role/sftp-access-s3\",\"UserName\":\"dasdasd\",\"IdentityProviderType\":\"AWS_LAMBDA\"}", "StatusCode": 200, "Message": "" } ``` My role sftp-access-s3 has a policy and a trust relationship: ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::tecnoin-ftp-bucket" ], "Effect": "Allow", "Sid": "ReadWriteS3" }, { "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObjectVersion", "s3:GetObjectACL", "s3:PutObjectACL" ], "Resource": [ "arn:aws:s3:::tecnoin-ftp-bucket/*" ], "Effect": "Allow", "Sid": "" } ] } ``` ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "transfer.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ``` I can connect successfully with my ftp client but then i can't see the files. I receive this error: ``` Permission denied. Error code: 3 Error message from server (US-ASCII): Access denied ``` On cloud Watch: ``` luca.1e5bad7f45e09f0b CONNECTED SourceIP=165.225.202.99 User=luca HomeDir=/ Client=SSH-2.0-WinSCP_release_5.17.10 Role=arn:aws:iam::356173882118:role/sftp-access-s3 UserPolicy="{\"Version\": \"2012-10-17\",\"Statement\": [ {\"Action\": [ \"s3:ListBucket\", \"s3:GetBucketLocation\"],\"Resource\": [ \"arn:aws:s3:::tecnoin-ftp-bucket\"],\"Effect\": \"Allow\",\"Sid\": \"ReadWriteS3\" }, {\"Action\": [ \"s3:PutObject\", \"s3:GetObject\", \"s3:DeleteObject\", \"s3:DeleteObjectVersion\", \"s3:GetObjectVersion\", \"s3:GetObjectACL\", \"s3:PutObjectACL\"],\"Resource\": [ \"arn:aws:s3:::tecnoin-ftp-bucket/*\"],\"Effect\": \"Allow\",\"Sid\": \"\" }]}" Kex=ecdh-sha2-nistp256 Ciphers=aes256-ctr,aes256-ctr luca.1e5bad7f45e09f0b ERROR Message="Access denied" ``` Could you please support me to solve the issue? Thanks
1
answers
0
votes
35
views
luk3tt0
asked 2 months ago