1 Answer
- Newest
- Most votes
- Most comments
1
Hello. To allow your Lambda function to authenticate using a public key, you should compare the presented public key with the one stored in AWS Secrets Manager. However, the client/user would never send their private key. Instead, the authentication process works as follows. Code snippet how you can use a key:
import boto3
import json
def lambda_handler(event, context):
# Your logic to get the username from the event
username = event['username']
# Fetch the user secret from AWS Secrets Manager
client = boto3.client('secretsmanager')
response = client.get_secret_value(SecretId='YOUR_SECRET_ID')
secret = json.loads(response['SecretString'])
# Check password if provided
if 'password' in event:
user_password = event['password']
if user_password != secret.get('password'):
# Invalid password
return {
'status': 'DENY'
}
# Check SSH public key if provided
elif 'publicKey' in event:
# In a real-world scenario, you'd probably have multiple keys and need to iterate over them.
stored_public_key = secret.get('SSHPublicKeys')
if event['publicKey'] != stored_public_key:
# Invalid public key
return {
'status': 'DENY'
}
# If neither password nor public key is provided, or any other checks you want to implement
else:
return {
'status': 'DENY'
}
return {
'status': 'OK',
'role': 'arn:aws:iam::ACCOUNT_ID:role/YOUR_SFTP_ROLE',
'policy': 'YOUR_POLICY'
}
Regards, Andrii
Relevant content
- asked 5 years ago
- asked 3 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
Hi, I have a similar problem but I can't acess this "public-key" field in my code. Am I doing something wrong in how my AWS Transfer family sftp server is configured ?