How do I configure AWS Transfer Family user access to S3 buckets?
In this guide, we will configure AWS Transfer Family to allow a user to access an S3 bucket. We will create an S3 bucket, an IAM role, and a Transfer Family server. Then, we will create a user for the Transfer Family and configure their access to the S3 bucket.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create an S3 bucket
const bucket = new aws.s3.Bucket("myBucket", {
bucket: "my-transfer-bucket",
acl: "private",
});
// Create an IAM role for the Transfer Family user
const transferRole = new aws.iam.Role("transferRole", {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "transfer.amazonaws.com" }),
});
// Attach a policy to the role to allow S3 access
const transferPolicy = new aws.iam.Policy("transferPolicy", {
policy: pulumi.output(bucket.arn).apply(bucketArn => JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
Resource: [
bucketArn,
`${bucketArn}/*`
]
}
]
})),
});
new aws.iam.RolePolicyAttachment("transferRolePolicyAttachment", {
role: transferRole.name,
policyArn: transferPolicy.arn,
});
// Create a Transfer Family server
const transferServer = new aws.transfer.Server("transferServer", {
endpointType: "PUBLIC",
identityProviderType: "SERVICE_MANAGED",
});
// Create a Transfer Family user
const transferUser = new aws.transfer.User("transferUser", {
serverId: transferServer.id,
userName: "myUser",
role: transferRole.arn,
homeDirectory: `/${bucket.bucket}`,
});
export const bucketName = bucket.bucket;
export const transferServerId = transferServer.id;
export const transferUserName = transferUser.userName;
Key Points
- S3 Bucket: We created an S3 bucket to store the files accessed by the Transfer Family user.
- IAM Role: An IAM role was created with a policy allowing access to the S3 bucket.
- Transfer Family Server: A Transfer Family server was created to manage file transfers.
- Transfer Family User: A user was created for the Transfer Family server with access to the S3 bucket.
Summary
We successfully configured AWS Transfer Family to allow a user to access an S3 bucket. This involved creating an S3 bucket, an IAM role with appropriate permissions, a Transfer Family server, and a Transfer Family user.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.