AWS Transfer AD Authentication with Domain Trust

Question

I have an AWS Transfer server running using an AWS Hosted Active Directory for authentication.  I have a two way transitive domain trust in place with an on-premise Active Directory domain.

Is it possible to use security groups form the trusted domain to grant access?  I have tried to add Group SID's from the trusted domain but this results the following error:

Failed to add access (1 validation error detected: Value '  at 'externalId' failed to satisfy constraint: Member must satisfy regular expression pattern: ^S-1-[\d-]+$)

Setting up Access with a SID from the AWS Directory Service is working as expected.

Accepted Answer

Yes, You can use trusted domains with AWS Transfer and AWS Directory Service as the identity provider. As you mention a 2 way trust there wouldn't be anything extra to configure. (If you had a 1 way trust and were using a child domain instead of forest root domain, then you'd also need a 1 way external trust per child domain.) 
Also something to keep in mind, when authenticating with a user from a trusted domain your client would need to specify the domain of the user. ex: username@fqdn or username@netbios

Regarding the error you are seeing. This is failing on the regex validation for the SID provided, a common cause for this can be an extra space before or after the SID that was carried over from a copy/paste.

Can you try again and double check the field for any extra spaces? Please let us know if you run into the error again.

Answer

Thankyou Brain C you were correct the issue was a space at the start of the SID.

AWS Transfer AD Authentication with Domain Trust

関連するコンテンツ