Skip to content

andresb39/terraform-aws-sftp

BranchesTags

Repository files navigation

terraform-aws-sftp

This module aims to create a SFTP Server on AWS with an identity provider (IdP) based on users and passwords.

  • The SFTP Server is created using the AWS Transfer Family service.
  • The IdP is created using lambda functions and API Gateway.

This module will show the DNS and EndPoint that will allow us to connect to SFTP.

Credentials stored

The credentials can be stord as AWS Secrets Manager.

References

The infrastructure code is based on the example provided (in the CF template) in the AWS Storage Blog article https://aws.amazon.com/blogs/storage/enable-password-authentication-for-aws-transfer-family-using-aws-secrets-manager-updated/

To DO

  • IAM Roles for:
    • Lambda
    • Transfer
  • Lambda functions
  • API Gateway
  • SFTP Server
  • CloudWatch Log Group

Route53 DNS record is optional and can be created if the variable zone_name is set.

Usage

module "sftp" {
 source    = "andresb39/sftp/aws"
 version   = "0.0.3"
 zone_name = "example.com" # Optional
 stage     = "dev"

 tags = {
  Environment = "dev"
  Project     = "sftp"
  Team        = "devops"
 }
}

Examples

  • Complete: With this example we are going to create a SFTP server with Identity Provider + S3 bucket + Credentials in AWS Secret Manage

Requirements

Name Version
terraform >= 1.6.0
archive >= 2.4.0
aws >= 5.38
random >= 3.5.1

Providers

Name Version
archive >= 2.4.0
aws >= 5.38
random >= 3.5.1

Modules

No modules.

Resources

Name Type
aws_api_gateway_account.api_gateway_account resource
aws_api_gateway_deployment.deployment resource
aws_api_gateway_method_settings.all resource
aws_api_gateway_rest_api.apigateway_rest resource
aws_api_gateway_stage.stage resource
aws_cloudwatch_log_group.transfer resource
aws_iam_policy.lambda_idp_policy resource
aws_iam_role.apigateway_idp_role resource
aws_iam_role.lambda_idp_role resource
aws_iam_role.sftp resource
aws_iam_role.sftp_log resource
aws_iam_role_policy_attachment.apigateway_cloudwatchlogs resource
aws_iam_role_policy_attachment.lambda_basic_execution resource
aws_iam_role_policy_attachment.lambda_idp resource
aws_kms_alias.sftp_log_group resource
aws_kms_key.sftp_log_group resource
aws_lambda_function.lambda_idp resource
aws_lambda_permission.allow_apigateway resource
aws_route53_record.this resource
aws_transfer_server.sftp resource
random_string.random_suffix resource
archive_file.sftp_idp data source
aws_caller_identity.current data source
aws_iam_policy_document.assume_role_common data source
aws_iam_policy_document.lambda_idp_policy data source
aws_region.current data source
aws_route53_zone.this data source

Inputs

Name Description Type Default Required
aws_region The AWS region to deploy to string "us-east-1" no
sftp_name The name of the SFTP server string "sftp" no
stage Stage (e.g. dev, test, prod) string "dev" no
tags Tags for the resources map(string) 
{
  "Environment": "dev",
  "ManagedBy": "Terraform",
  "Project": "sftp",
  "Team": "DevOps"
}
 no
zone_name The name of the Route53 zone string "" no

Outputs

Name Description
endpoint The endpoint of the SFTP server (e.g. s-12345678.server.transfer.us-west-2.amazonaws.com)
sftp_dns The DNS of the SFTP server (e.g. sftp.example.com)

About

Terraform AWS Transfer Family with Identity Provider

registry.terraform.io/modules/andresb39/sftp/aws/latest

Topics

aws lambda api-gateway secret-management sftp-server transfer-family

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases 4

v0.0.4 Latest
Mar 4, 2024
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages