I need to connect to SFTP from lambda function in node.js.
const Client = require('ssh2-sftp-client');
const config = {
host: 'host',
port: 22,
username: 'user',
privateKey: 'location of privatekey file',
password: 'passphrase'
};
I will access the passphrase from SecretsManager. My first thought was to store the ppk file (encrypted) in an AWS S3 bucket. I have looked to see if there is a best practice for storing and retrieving ppk files from AWS, but couldn't find anything. Any suggestions would be appreciated. Thanks!
the idea sounds good.
But instead you could encrypt the s3 files with kms and give the lambda functions the permission to decrypt the files. Sounds less a hussle to me than encrypting the files manually and storing the password somewhere.
See the official documentation for more informations: https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html