AWS File Transfer Family Server and IAM role setup

Question

We have setup AWS file transfer server with AWS directory service (connected to Microsoft AD) authentication. As per use case, once user login to sftp, user should be able to see two directory within their own folder. {username}/folder1 {username}/folder2

I have setup below Access policy and IAM policy (attached to S3)

create-access CLI:

aws transfer create-access \
    --home-directory-type LOGICAL \
    --home-directory-mappings '[{"Entry":"/folder1","Target":"/bucket_name/${transfer:UserName}/folder1" },{ "Entry": "/folder2", "Target":"/bucket_name/${transfer:UserName}/folder2"}]' \
    --role arn:aws:iam::account_id:role/iam_role \
    --server-id s-1234567876454ert \
    --external-id S-1-2-34-56789123-12345678-1234567898-1234

access policy was created successfully.

Below IAM role is attached to S3 bucket and file-transfer server.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::bucket_name"
            ],
            "Effect": "Allow",
            "Sid": "ReadWriteS3"
        },
        {
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetObjectVersion",
                "s3:GetObjectACL",
                "s3:PutObjectACL"
            ],
            "Resource": [
                "arn:aws:s3:::bucket_name/${transfer:UserName}/*"
            ],
            "Effect": "Allow",
            "Sid": ""
        }
    ]
}

When user login to sftp, they do not see folder1 & folder2 in their own directory. Can anyone help if anything missing in IAM policy?

AWS File Transfer Family Server and IAM role setup

0 Answers0