AWS Transfer AD Authentication with Domain Trust

0

I have an AWS Transfer server running using an AWS Hosted Active Directory for authentication. I have a two way transitive domain trust in place with an on-premise Active Directory domain.

Is it possible to use security groups form the trusted domain to grant access? I have tried to add Group SID's from the trusted domain but this results the following error:

Failed to add access (1 validation error detected: Value ' <SID> at 'externalId' failed to satisfy constraint: Member must satisfy regular expression pattern: ^S-1-[\d-]+$)

Setting up Access with a SID from the AWS Directory Service is working as expected.

2 Answers
0
Accepted Answer

Yes, You can use trusted domains with AWS Transfer and AWS Directory Service as the identity provider. As you mention a 2 way trust there wouldn't be anything extra to configure. (If you had a 1 way trust and were using a child domain instead of forest root domain, then you'd also need a 1 way external trust per child domain.) Also something to keep in mind, when authenticating with a user from a trusted domain your client would need to specify the domain of the user. ex: username@fqdn or username@netbios

Regarding the error you are seeing. This is failing on the regex validation for the SID provided, a common cause for this can be an extra space before or after the SID that was carried over from a copy/paste.

Can you try again and double check the field for any extra spaces? Please let us know if you run into the error again.

AWS
Brian C
answered 2 years ago
0

Thankyou Brain C you were correct the issue was a space at the start of the SID.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions