使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款

Building FTPS server using Transfer family

0

Hello, I was trying to build FTPS server using Transfer family, But I couldn't able to successfully build one. Could some one explain in details how to build one in detail.
I tried browsing online for guidance all I could find is for building SFTP server. I need help in building "custom identity provider" using rest API and lambda function. I couldn't find the code for the lambda function.

2 個答案
0

If you go here, Working with custom identity providers, under Default Lambda Functions, there are some examples embedded in the CloudFormation templates.

profile pictureAWS
專家
已回答 2 年前
profile picture
專家
已審閱 2 年前
0

Hi fellas!! I already followed the links attached by @kentrad, but the lambda function fails: I used a template through Cloudformation:

  • aws-transfer-custom-idp-secrets-manager-lambda.template.yml

The error I get when a ftps client try to LOG IN is:

Error Talking to SecretsManager: ResourceNotFoundException, Message: An error occurred (ResourceNotFoundException) when calling the GetSecretValue operation: Secrets Manager can't find the specified secret.

The lambda function has a related Rol with the Permissions Policies: IAMFullAccess AWSLambdaBasicExecutionRole SecretsManagerReadWrite and a Customer inline:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "arn:aws:secretsmanager:eu-west-2:#NUMBER#:secret:aws/transfer/*",
            "Effect": "Allow"
        }
    ]
}

The parameter SecretId that the errored function receives (client.get_secret_value(SecretId=id)) is by concatenating "aws/transfer/" + input_serverId + "/" + input_username

The input IAM user (input_username) has the Policies:

AmazonS3FullAccess AmazonS3ObjectLambdaExecutionRolePolicy AWSLambda_FullAccess AWSLambdaBasicExecutionRole AWSLambdaExecute AWSTransferFullAccess AWSTransferLoggingAccess and a Customer inline:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ReadWriteS3",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::#S3_BUCKET_ID#"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:GetObjectTagging",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionTagging",
                "s3:GetObjectACL",
                "s3:PutObjectACL"
            ],
            "Resource": [
                "arn:aws:s3:::#S3_BUCKET_ID#/*"
            ]
        }
    ]
}

Where could be the problem?

已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南