CloudFormation Templates for AWS Transfer sftp server
There are two parts to this:
- Create the AWS Transfer SFTP Service in the account
- Create S3 bucket and transfer user
Apply the template sftp-server.yaml in your account. It creates an AWS Transfer sftp server instance and an IAM role for logging that uses the AWSTransferLoggingAccess and CloudWatchFullAccess aws-managed policies.
Apply the template sftp-user.yaml in your account. It creates an S3 bucket, an sftp bucket user role, and an AWS Transfer user with a proper scope down policy limiting the user's access to the new bucket. To create the SFTP user, you will need the user's public key.
- sftp-server.yaml works and is tested.
- sftp-user.yaml works and is tested.
Add S3 Bucket Creation exampleAdd Transfer::User creation exampleAdd exports to the stack so that users and buckets can be split from server
createScopeDownPolicy.sh and TransferUserScopeDownPolicy.json are used to create an AWS IAM scope down policy as recommended for optimal user security.
edit _createScopeDownPolicy.sh and set your region, then execute the script passing the account profile for the account you are using.