How to allow access to EFS from SFTP using lambda as Identity Provider?

393 Views Asked by Hicham Zouarhi At 21 October 2024 at 02:05

I'm trying to build an SFTP server for an EFS that uses a lambda function to check username and password provided against a Secret in AWS.

I followed this article but changed it a bit, I'm not using an API Gateway, I use the lambda function directly as identity provider which fetches the following data from secret Manager :

"Role" : "arn:aws:iam::xxxxxxxxxxx:role/my-transfer-role",
"PosixProfile": {
    "Uid": 1001,
    "Gid": 1001,
    "SecondaryGids": []
 },
 "HomeDirectory": "/"

so far I can only connect to the SFTP server, but can't read or write what's on the EFS Message="Unable to list directory: permission denied for /"

I created a role and a policy attached to Transfer with permissions on my EFS as explained in this guide

Is there something I'm missing in this configuration please? Thanks

Original Q&A

There are 1 best solutions below

Hicham Zouarhi On 30 November 2022 at 09:47 BEST ANSWER

it turned out I was missing the file system id on HomeDirectory, so I changed it to : homeDirectory=/fs-xxxxxxx

and it worked, thanks to Sagar from AWS for his answer here https://repost.aws/questions/QUlDjDeMI7TD6C6pN0tdc4gw/how-to-allow-access-to-efs-from-sftp-using-lambda-as-identity-provider

How to allow access to EFS from SFTP using lambda as Identity Provider?

There are 1 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AWS-LAMBDA

Related Questions in AMAZON-EFS

Related Questions in AWS-TRANSFER-FAMILY

Trending Questions

Popular # Hahtags

Popular Questions