0

我能够在此链接之后创建 sftp 服务器https://www.intelligentdiscovery.io/blogs/aws-sftp-custom-identity-provider-v2

但是,我使用 http-backend api 代替 Azure-AD 对用户进行身份验证。

使用默认 aws 时一切正常DirectoryType=PATH。但是将其更改为Logical类型以及添加HomeDirectoryDetails和删除我得到的任何冲突变量

无法解析映射 -> /bucket-name/home/user

示例 lambda 响应:

{
    "Role": "arn:aws:iam::179651610164:role/S3-Ftps-Bucket-Role",
    "HomeDirectoryType": "LOGICAL",
    "HomeDirectoryDetails": "[{\"Entry:\":\"/\",\"Target\":\"/bucket-name/home/user_a\"}]",
    "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"allowFolderList\",\"Action\":[\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:s3:::bucket-name/\"],\"Condition\":{\"StringLike\":{\"s3:prefix\":[\"home/*\"]}}},{\"Sid\":\"allowListBuckets\",\"Effect\":\"Allow\",\"Action\":[\"s3:ListAllMyBuckets\",\"s3:GetBucketLocation\"],\"Resource\":\"*\"},{\"Sid\":\"HomeDirectoryAccess\",\"Effect\":\"Allow\",\"Action\":[\"s3:PutObject\",\"s3:GetObject\",\"s3:DeleteObjectVersion\",\"s3:DeleteObject\",\"s3:GetObjectVersion\"],\"Resource\":[\"arn:aws:s3:::bucket-name/home/*\"]},{\"Sid\":\"DenyDeletionOfHomeDirectory\",\"Effect\":\"Deny\",\"Action\":[\"s3:DeleteObjectVersion\",\"s3:DeleteObject\"],\"Resource\":[\"arn:aws:s3:::bucket-name/home/\"]}]}"
}

lambda 函数的响应模型架构如下

{
    "$schema":"http://json-schema.org/draft-04/schema#",
    "title":"UserUserConfig",
    "type":"object",
    "properties":{"Role":{"type":"string"},"Policy":{"type":"string"},
    "HomeDirectory":{"type":"string"},
    "HomeDirectoryDetails": {"type":"string"},
    "HomeDirectoryType": {"type": "string"},
    "PublicKeys":{"type":"array","items":{"type":"string"}}}
}

我已经尝试了各种映射,例如在 transfer-family 服务器和 FileZilla 中。并且它们都给出了相同的错误:无法解析映射。但是状态码是 200。

 1. / -> /bucket-name 
 2. / -> /bucket-name/home
 3. / -> /bucket-name/home/
 4. / -> /home
 5. /userA -> /bucket-name/home/userA/

FileZilla 的测试给出了错误:

Status: Connecting to s-xxxxxxxx.server.transfer.us-east-1.amazonaws.com...
Status: Using username "xxxx". 
Status: Access denied 
Error:  Authentication failed.
Error:  Critical error: Could not connect to server

在 Transfer-Family 服务器的错误中测试:

{
"Response": "{}",
"StatusCode": 200,
"Message": "[Unable to parse mapping  -> /bucket-name/home/xxxx]",
"Url": "https://xxxxxx.execute-api.us-east-1.amazonaws.com/prod/servers/s-xxxxxx/users/user/config"
}
4

0 回答 0