如何允许使用 lambda 作为身份提供者从 SFTP 访问 EFS?
[英]How to allow access to EFS from SFTP using lambda as Identity Provider?
问题描述
I'm trying to build an SFTP server for an EFS that uses a lambda function to check username and password provided against a Secret in AWS.
我正在尝试为 EFS 构建一个 SFTP 服务器,该服务器使用 lambda function 检查针对 AWS 中的 Secret 提供的用户名和密码。
I followed this article but changed it a bit, I'm not using an API Gateway, I use the lambda function directly as identity provider which fetches the following data from secret Manager:我遵循了这篇文章,但对其进行了一些更改,我没有使用 API 网关,我直接使用 lambda function 作为身份提供者,它从秘密管理器中获取以下数据:
"Role" : "arn:aws:iam::xxxxxxxxxxx:role/my-transfer-role",
"PosixProfile": {
"Uid": 1001,
"Gid": 1001,
"SecondaryGids": []
},
"HomeDirectory": "/"
so far I can only connect to the SFTP server, but can't read or write what's on the EFS Message="Unable to list directory: permission denied for /"到目前为止,我只能连接到 SFTP 服务器,但无法读取或写入 EFS Message="Unable to list directory: permission denied for /"
I created a role and a policy attached to Transfer with permissions on my EFS as explained in this guide如本指南中所述,我创建了一个角色和一个附加到 Transfer 的策略,并具有对我的 EFS 的权限
Is there something I'm missing in this configuration please?请问我在这个配置中缺少什么吗? Thanks谢谢
1 个解决方案
解决方案1
0 已采纳 2022-11-30 09:47:46
it turned out I was missing the file system id on HomeDirectory, so I changed it to: homeDirectory=/fs-xxxxxxx原来我缺少 HomeDirectory 上的文件系统 ID,所以我将其更改为: homeDirectory=/fs-xxxxxxx
and it worked, thanks to Sagar from AWS for his answer here https://repost.aws/questions/QUlDjDeMI7TD6C6pN0tdc4gw/how-to-allow-access-to-efs-from-sftp-using-lambda-as-identity-provider它奏效了,感谢来自 AWS 的 Sagar 在这里的回答https://repost.aws/questions/QUlDjDeMI7TD6C6pN0tdc4gw/how-to-allow-access-to-efs-from-sftp-using-lambda-as-identity-provider
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.