1. Answers
  2. Configuring AWS Transfer Family user access to S3 buckets

How do I configure AWS Transfer Family user access to S3 buckets?

In this guide, we will configure AWS Transfer Family to allow a user to access an S3 bucket. We will create an S3 bucket, an IAM role, and a Transfer Family server. Then, we will create a user for the Transfer Family and configure their access to the S3 bucket.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an S3 bucket
const bucket = new aws.s3.Bucket("myBucket", {
    bucket: "my-transfer-bucket",
    acl: "private",
});

// Create an IAM role for the Transfer Family user
const transferRole = new aws.iam.Role("transferRole", {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "transfer.amazonaws.com" }),
});

// Attach a policy to the role to allow S3 access
const transferPolicy = new aws.iam.Policy("transferPolicy", {
    policy: pulumi.output(bucket.arn).apply(bucketArn => JSON.stringify({
        Version: "2012-10-17",
        Statement: [
            {
                Effect: "Allow",
                Action: [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:PutObject",
                    "s3:DeleteObject"
                ],
                Resource: [
                    bucketArn,
                    `${bucketArn}/*`
                ]
            }
        ]
    })),
});

new aws.iam.RolePolicyAttachment("transferRolePolicyAttachment", {
    role: transferRole.name,
    policyArn: transferPolicy.arn,
});

// Create a Transfer Family server
const transferServer = new aws.transfer.Server("transferServer", {
    endpointType: "PUBLIC",
    identityProviderType: "SERVICE_MANAGED",
});

// Create a Transfer Family user
const transferUser = new aws.transfer.User("transferUser", {
    serverId: transferServer.id,
    userName: "myUser",
    role: transferRole.arn,
    homeDirectory: `/${bucket.bucket}`,
});

export const bucketName = bucket.bucket;
export const transferServerId = transferServer.id;
export const transferUserName = transferUser.userName;

Key Points

  • S3 Bucket: We created an S3 bucket to store the files accessed by the Transfer Family user.
  • IAM Role: An IAM role was created with a policy allowing access to the S3 bucket.
  • Transfer Family Server: A Transfer Family server was created to manage file transfers.
  • Transfer Family User: A user was created for the Transfer Family server with access to the S3 bucket.

Summary

We successfully configured AWS Transfer Family to allow a user to access an S3 bucket. This involved creating an S3 bucket, an IAM role with appropriate permissions, a Transfer Family server, and a Transfer Family user.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up