When creating a scope-down policy for users in an AWS Transfer SFTP server, one can use the policy variables ${transfer:HomeFolder} and ${transfer:HomeDirectory} in that policy, according to the documentation. However, I couldn't find any description of what the difference between the two is. Can someone explain, or link to relevant documentation?
Different between transfer:HomeFolder and transfer:HomeDirectory in AWS policies
7.3k Views Asked by Björn Pollex At
1
There are 1 best solutions below
Related Questions in AMAZON-S3
- Convert JSON.gz to JSON in node js
- Downloading objects from S3 with presigned URL
- "Access Denied" - User's Permissions to S3 Bucket
- jQuery file upload to S3 (and rails) with CORS headers
- copying file from local machine to Ubuntu 12.04 returning permission denied
- AWS Flow Framework: Can we run activity worker and activity task on different EC2 instances
- Unable to access files from public s3 bucket with boto
- s3cmd not working as cron-task when echos/dates are added
- AWS S3 object listing
- React-native upload image to amazons s3
- S3 restrictions on quantity of object downloads
- How to upload a photo in Meteor to S3 and have it sync to database item?
- Limit upload size to S3 with presigned URL
- dragonfly-s3 with S3 IAM user causing a forbidden 403 response from Amazon
- Split S3 files into multiple output files
Related Questions in AWS-SFTP
- How do I Get external data into my S3 bucket securely
- AWS Transfer for SFTP using AD connector
- Unable to update security group on aws transfer server
- How to deny all actions to a specific folder inside S3 bucket?
- how to provide a file content as an aws cli option value
- Different between transfer:HomeFolder and transfer:HomeDirectory in AWS policies
- Can I create a single user with public ssh key in AWS SFTP which can be accessible from any machine?
- how to copy file from aws sftp server to s3 bucket using aws lambda
- Workaround for unsupported SETSTAT request on SFTP server with sshj
- GPG Decrypt using AWS Transfer Family and Preserve Folder Structure
- AWS SFTP VPC Internet Facing endpoint unable to connect
- AWS transfer family service for transferring files over sftp to remote sftp server(outbound traffic only!!)
- AWS SFTP Transfer Family - Session policies
- Amazon.Transfer.Model.InvalidRequestException: Cannot set HomeDirectory for LOGICAL HomeDirectoryType
- AWS Transfer for SFTP write only bucket access?
Related Questions in AWS-POLICIES
- How can I set default authorizer for all function in serverless.yml
- List S3 buckets by bucket policies
- Why does S3 CRR or SRR use Roles to perform replication instead of Bucket Policies?
- Multiple tag value in AWS
- Is there a way to delete a number of AWS IAM customer managed policies in one shot using CLI or GUI?
- How to create an IAM Policy for a specific Role and give access to s3bucket get and put operations
- AWS IAM: Adding "exeption" for identity-based policy
- Can't delete bucket object with s3:DeleteObject policy set
- How can I Restrict S3 Bucket Uploads to Specific Client IP Addresses?
- AWS Organization/IAM centralize roles and policies
- S3 Bucket Policy to grant ListBucket permission to all users of a different AWS account
- AWS Policy for all resources related to a specific Amplify project
- 'all images for the production variant AllTraffic exist, the execution role used to create the model has permissions to access them'
- AWS Account delegation does not work when account identifier is specified as NotPrincipal in a Deny statement
- Limit the type of EC2 instance in IAM policy
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The difference is kind of implied by the example on that page.
${transfer:HomeFolder}is just the key prefix (e.g.,/my-folder/sub-folder), while${transfer:HomeDirectory}also contains the bucket name (e.g.,/my-bucket/my-folder/sub-folder).AWS Transfer for SFTP recently added support for Logical Home Directories, which you can use to provide a "chroot-like" behavior and lock down your users access to a designated home folder. So if all you're trying to do is restrict a user to a single S3 folder, edit the user's profile in the AWS Transfer console and click the "Restricted" check box. Then you don't have to mess with scopedown policies at all.
If you’re using Custom IDP, follow this blog for a similar set up:
https://aws.amazon.com/blogs/storage/simplify-your-aws-sftp-structure-with-chroot-and-logical-directories/