Questions tagged with AWS Transfer Family

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

AWS File Transfer Family Server and IAM role setup

Hi All, We have setup AWS file transfer server with AWS directory service (connected to Microsoft AD) authentication. As per use case, once user login to sftp, user should be able to see two directory within their own folder. {username}/folder1 {username}/folder2 I have setup below Access policy and IAM policy (attached to S3) create-access CLI: ``` aws transfer create-access \ --home-directory-type LOGICAL \ --home-directory-mappings '[{"Entry":"/folder1","Target":"/bucket_name/${transfer:UserName}/folder1" },{ "Entry": "/folder2", "Target":"/bucket_name/${transfer:UserName}/folder2"}]' \ --role arn:aws:iam::account_id:role/iam_role \ --server-id s-1234567876454ert \ --external-id S-1-2-34-56789123-12345678-1234567898-1234 ``` access policy was created successfully. Below IAM role is attached to S3 bucket and file-transfer server. ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::bucket_name" ], "Effect": "Allow", "Sid": "ReadWriteS3" }, { "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObjectVersion", "s3:GetObjectACL", "s3:PutObjectACL" ], "Resource": [ "arn:aws:s3:::bucket_name/${transfer:UserName}/*" ], "Effect": "Allow", "Sid": "" } ] } ``` When user login to sftp, they do not see folder1 & folder2 in their own directory. Can anyone help if anything missing in IAM policy? Thank You
3
answers
0
votes
80
views
profile picture
asked a month ago

Sending AS2 messages between two AWS Transfer Family servers

I've set up AWS Transfer Family servers in two different regions to test the sending functionality. However, even though the VPC is created, sending messages fail with either UNABLE_TO_CONNECT_TO_REMOTE_HOST_OR_IP or "File path not found". I'm using S3 for the document to send. I've checked the IP address with a different program (Mendelson AS2) and it's able to connect fine. It even was able to send a test document. Despite that, when sending through a lambda function, it fails. A few things tried: * Checking permissions: I'm able to connect and describe the server, the connectors, etc with no problem so it's not that * Connector with the wrong URL: I used the same URL as the URL in Mendelson with the port attached at the end (http:/s-xxx:5080 in the format specified in [1] with the region). I also tried the URL without the port specified and that didn't work either * Region issue: I thought the mismatch between the region could be an issue since the lambda was set in us-west-1 while the as2 server I was sending to is in us-east2 so I created a different connector and had it send to itself in the same region. Still the same error with being unable to connect * Checked the cloudwatch logs: It actually reports that everything sent successfully with a 200 code Weird things noticed: * After the lambda is triggered, it creates the expected failed and processing folder but after the first few times, it no longer saves the results. I get a .cms file and a .json file sometimes but not every time, even though the cloudwatch logs are correctly created every time. * The failed and processed folders somehow got created a folder above rather than the folder the file was uploaded to. (e.g. the folder structure is bucket/folder 1/folder2/folder 3 and the uploaded file was in folder3. However, the failed and processing folders were created in folder2 instead of the expected folder3. This happened just once though. Additional question: I can upload this as a different question if needed but since it's related to my issue, I figured I'd put it here as well * What's the transfer id for? Is that supposed to be the execution id? There doesn't seem to be an option to view the results of the transfer in the documentation [2]. References: [1] https://docs.aws.amazon.com/transfer/latest/userguide/as2-end-to-end-example.html#as2-create-connector-example [2] https://docs.aws.amazon.com/transfer/latest/userguide/API_StartFileTransfer.html
1
answers
1
votes
58
views
asked 2 months ago