我能够在此链接之后创建 sftp 服务器https://www.intelligentdiscovery.io/blogs/aws-sftp-custom-identity-provider-v2。
但是,我使用 http-backend api 代替 Azure-AD 对用户进行身份验证。
使用默认 aws 时一切正常DirectoryType=PATH。但是将其更改为Logical类型以及添加HomeDirectoryDetails和删除我得到的任何冲突变量
无法解析映射 -> /bucket-name/home/user
示例 lambda 响应:
{
"Role": "arn:aws:iam::179651610164:role/S3-Ftps-Bucket-Role",
"HomeDirectoryType": "LOGICAL",
"HomeDirectoryDetails": "[{\"Entry:\":\"/\",\"Target\":\"/bucket-name/home/user_a\"}]",
"Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"allowFolderList\",\"Action\":[\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::bucket-name/\"],\"Condition\":{\"StringLike\":{\"s3:prefix\":[\"home/*\"]}}},{\"Sid\":\"allowListBuckets\",\"Effect\":\"Allow\",\"Action\":[\"s3:ListAllMyBuckets\",\"s3:GetBucketLocation\"],\"Resource\":\"*\"},{\"Sid\":\"HomeDirectoryAccess\",\"Effect\":\"Allow\",\"Action\":[\"s3:PutObject\",\"s3:GetObject\",\"s3:DeleteObjectVersion\",\"s3:DeleteObject\",\"s3:GetObjectVersion\"],\"Resource\":[\"arn:aws:s3:::bucket-name/home/*\"]},{\"Sid\":\"DenyDeletionOfHomeDirectory\",\"Effect\":\"Deny\",\"Action\":[\"s3:DeleteObjectVersion\",\"s3:DeleteObject\"],\"Resource\":[\"arn:aws:s3:::bucket-name/home/\"]}]}"
}
lambda 函数的响应模型架构如下
{
"$schema":"http://json-schema.org/draft-04/schema#",
"title":"UserUserConfig",
"type":"object",
"properties":{"Role":{"type":"string"},"Policy":{"type":"string"},
"HomeDirectory":{"type":"string"},
"HomeDirectoryDetails": {"type":"string"},
"HomeDirectoryType": {"type": "string"},
"PublicKeys":{"type":"array","items":{"type":"string"}}}
}
我已经尝试了各种映射,例如在 transfer-family 服务器和 FileZilla 中。并且它们都给出了相同的错误:无法解析映射。但是状态码是 200。
1. / -> /bucket-name
2. / -> /bucket-name/home
3. / -> /bucket-name/home/
4. / -> /home
5. /userA -> /bucket-name/home/userA/
FileZilla 的测试给出了错误:
Status: Connecting to s-xxxxxxxx.server.transfer.us-east-1.amazonaws.com...
Status: Using username "xxxx".
Status: Access denied
Error: Authentication failed.
Error: Critical error: Could not connect to server
在 Transfer-Family 服务器的错误中测试:
{
"Response": "{}",
"StatusCode": 200,
"Message": "[Unable to parse mapping -> /bucket-name/home/xxxx]",
"Url": "https://xxxxxx.execute-api.us-east-1.amazonaws.com/prod/servers/s-xxxxxx/users/user/config"
}