Building FTPS server using Transfer family

0

Hello, I was trying to build FTPS server using Transfer family, But I couldn't able to successfully build one. Could some one explain in details how to build one in detail.
I tried browsing online for guidance all I could find is for building SFTP server. I need help in building "custom identity provider" using rest API and lambda function. I couldn't find the code for the lambda function.

2 Antworten
0

If you go here, Working with custom identity providers, under Default Lambda Functions, there are some examples embedded in the CloudFormation templates.

profile pictureAWS
EXPERTE
beantwortet vor 2 Jahren
profile picture
EXPERTE
überprüft vor 2 Jahren
0

Hi fellas!! I already followed the links attached by @kentrad, but the lambda function fails: I used a template through Cloudformation:

  • aws-transfer-custom-idp-secrets-manager-lambda.template.yml

The error I get when a ftps client try to LOG IN is:

Error Talking to SecretsManager: ResourceNotFoundException, Message: An error occurred (ResourceNotFoundException) when calling the GetSecretValue operation: Secrets Manager can't find the specified secret.

The lambda function has a related Rol with the Permissions Policies: IAMFullAccess AWSLambdaBasicExecutionRole SecretsManagerReadWrite and a Customer inline:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "arn:aws:secretsmanager:eu-west-2:#NUMBER#:secret:aws/transfer/*",
            "Effect": "Allow"
        }
    ]
}

The parameter SecretId that the errored function receives (client.get_secret_value(SecretId=id)) is by concatenating "aws/transfer/" + input_serverId + "/" + input_username

The input IAM user (input_username) has the Policies:

AmazonS3FullAccess AmazonS3ObjectLambdaExecutionRolePolicy AWSLambda_FullAccess AWSLambdaBasicExecutionRole AWSLambdaExecute AWSTransferFullAccess AWSTransferLoggingAccess and a Customer inline:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ReadWriteS3",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::#S3_BUCKET_ID#"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:GetObjectTagging",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionTagging",
                "s3:GetObjectACL",
                "s3:PutObjectACL"
            ],
            "Resource": [
                "arn:aws:s3:::#S3_BUCKET_ID#/*"
            ]
        }
    ]
}

Where could be the problem?

beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen