Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lumivero/aws-infra-sftp-service
https://github.com/lumivero/aws-infra-sftp-service
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/lumivero/aws-infra-sftp-service
- Owner: LUMIVERO
- Created: 2023-03-23T07:48:17.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-11-07T23:21:00.000Z (over 1 year ago)
- Last Synced: 2024-11-06T10:16:09.442Z (3 months ago)
- Size: 15.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
Cloud formation stack name
---
xcftp-credentials
Automation Steps:
---
* Use aws-transfer-custom-idp-secrets-manager-apig.template.yml cloud formation yaml to spin up/tear down all the resources for the sftp server
* Provisioned resources
* API Gateway
* AWS Transfer Family
* Lambda Application
* Secrets Manager
* A bunch of roles, policies and cloudwatch resources
Manual steps
---
* Create an S3 bucket - xcftp.lumivero.com
* Create a user role
* Create a user policy
* Create an sftp user
* Create Create an sftp user within Secrets Manager service
* User record must be of format aws/transfer/s-62e9213fc1384fea9/xcftp where the the username will be xcftp
Existing users
---
* xcftp
* aws/transfer/s-62e9213fc1384fea9/xcftp
* xcftp-access-role
* xcftp-access-policy
* xcftp-reader
* aws/transfer/s-62e9213fc1384fea9/xcftp-reader
* xcftp-access-role-read
* xcftp-access-policy-read
* xcftp-uploader (only allow uploads into the upload folder in the S3 bucket)
* aws/transfer/s-62e9213fc1384fea9/xcftp-uploader
* xcftp-access-role-upload
* xcftp-access-policy-upload
User setup
---
Each user created under aws/transfer/s-62e9213fc1384fea9/[username] must have the following secrets setup
* Password
* Role (e.g. xcftp-access-role-upload ARN)
* HomeDirectory (/xcftp.lumivero.com/contents)
* PublicKey (key generated for the user using ssh-keygen -t ed25519 -f xcftp-reader -C "username as comment". Store the public key here and private key in onepass)
Connecting to the sftp server
---
```
# use keys from onepass
sftp -i xcftp-reader [email protected]
sftp -i xcftp-uploader [email protected]
# use password from onepass
sftp [email protected]
sftp [email protected]
```
Confluence page
---
https://qsrinternational.atlassian.net/wiki/spaces/DEVOPS/pages/2601418790/SFTP+Service+Architecture+Diagram