I have created a SFTP server, gave it a logging role and created a user. As a result can neither log into the server with my private key neither see any log messages.
Following are the exact steps:
- Created the xxxxxxxxxx-dev-import S3 bucket and created a test-user folder in it.
- Created a DevImportSFTPReadWriteAccess RW access policy to access the target bucket.
- Created a DevImportSFTPRole role and attached the aforementioned ImportSFTPReadWriteAccess policy to it.
- Created a role called AWSTransferLoggingRole and attached the AWS-managed AWSTransferLoggingAccess policy to it. Checked the trust relationship - transfer.amazonaws.com is trusted.
- Created a public SFTP server with service managed identity provider and assigned the aforementioned AWSTransferLoggingRole as the logging role. Waited until the server started.
NOTE After server was started the logs were not visible in CloudWatch.
- After the server was started created a test-user user with the public key, assigned the xxxxxxxxxx-dev-import as the bucket and test-user as home folder.
Following is the result I'm ending up with:
mymacbook:.ssh UXXXXXX$ telnet s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com 22
Trying XXX.XXX.XXX.XXX...
Connected to s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com.
Escape character is '^]'.
SSH-2.0-AWS_SFTP_1.0
^C
Connection closed by foreign host.
mymacbook:.ssh UXXXXXX$ ssh -i ~/.ssh/id_rsa_test_user test-user@s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com
The authenticity of host 's-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com (XXX.XXX.XXX.XXX)' can't be established.
RSA key fingerprint is SHA256:u0HCsILNN4vTm367Wgyeh2ToHLbuZayQzbzt9GbF+v8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 's-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com,XXX.XXX.XXX.XXX' (RSA) to the list of known hosts.
Enter passphrase for key '/Users/UXXXXXX/.ssh/id_rsa_test_user':
Connection to s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com closed by remote host.
Connection to s-xxxxxxxxxxxxxxxx.server.transfer.eu-central-1.amazonaws.com closed.
mymacbook:.ssh UXXXXXX$
And again - no logs in CloudWatch.
AWS 官方已更新 2 年前