AWS Transfer Family (SFTP)

SFTP setup

Create bucket

Buckets for POC

Create roll for tf service. (Base config from documentation)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListingOfUserFolder",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::aws-tf-poc-bucket"
            ]
        },
        {
            "Sid": "HomeDirObjectAccess",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetObjectVersion",
                "s3:GetObjectACL",
                "s3:PutObjectACL"
            ],
            "Resource": "arn:aws:s3:::aws-tf-poc-bucket/*"
        }
    ]
}

Create transfer server

Chose protocol

Chose what will manage identity

Select networking options

Selected option VPC Hosted, will allow us to use Security Groups and Network Access Control
VPC / subnet(s) / elastic IP need to be already created

Security Group

Security group needs to have port 22 (SSH) open to allow incoming connections from EIP

Choosing domain aka. Storage Backend

Logging settings

Add user to server

User can connect

Create files to test.

for x in {1..10}; do dd if=/dev/urandom of=test_$x.data bs=1024 count=10240; done

List and upload files

Each file is 10mb in size.

Creating workflow

Workflow will copy uploaded files to bucket called archive, And run lambda function.

In transfer family portal go to workflows and create one or add existing. You will see modal which will guide you, click add step and start adding workflow.

Attaching workflow

Click edit "Additional details" In Managed workflows add your workflow and IAM role which will allow in this example to run Lambda function and use different bucket.