[英]How to allow access to EFS from SFTP using lambda as Identity Provider?
I'm trying to build an SFTP server for an EFS that uses a lambda function to check username and password provided against a Secret in AWS.我正在尝试为 EFS 构建一个 SFTP 服务器,该服务器使用 lambda function 检查针对 AWS 中的 Secret 提供的用户名和密码。
I followed this article but changed it a bit, I'm not using an API Gateway, I use the lambda function directly as identity provider which fetches the following data from secret Manager:我遵循了这篇文章,但对其进行了一些更改,我没有使用 API 网关,我直接使用 lambda function 作为身份提供者,它从秘密管理器中获取以下数据:
"Role" : "arn:aws:iam::xxxxxxxxxxx:role/my-transfer-role",
"PosixProfile": {
"Uid": 1001,
"Gid": 1001,
"SecondaryGids": []
},
"HomeDirectory": "/"
so far I can only connect to the SFTP server, but can't read or write what's on the EFS Message="Unable to list directory: permission denied for /"
到目前为止,我只能连接到 SFTP 服务器,但无法读取或写入 EFS
Message="Unable to list directory: permission denied for /"
I created a role and a policy attached to Transfer with permissions on my EFS as explained in this guide如本指南中所述,我创建了一个角色和一个附加到 Transfer 的策略,并具有对我的 EFS 的权限
Is there something I'm missing in this configuration please?请问我在这个配置中缺少什么吗? Thanks
谢谢
it turned out I was missing the file system id on HomeDirectory, so I changed it to: homeDirectory=/fs-xxxxxxx
原来我缺少 HomeDirectory 上的文件系统 ID,所以我将其更改为:
homeDirectory=/fs-xxxxxxx
and it worked, thanks to Sagar from AWS for his answer here https://repost.aws/questions/QUlDjDeMI7TD6C6pN0tdc4gw/how-to-allow-access-to-efs-from-sftp-using-lambda-as-identity-provider它奏效了,感谢来自 AWS 的 Sagar 在这里的回答https://repost.aws/questions/QUlDjDeMI7TD6C6pN0tdc4gw/how-to-allow-access-to-efs-from-sftp-using-lambda-as-identity-provider
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.