I'm trying to build an SFTP server for an EFS that uses a lambda function to check username and password provided against a Secret in AWS.
I followed this article but changed it a bit, I'm not using an API Gateway, I use the lambda function directly as identity provider which fetches the following data from secret Manager :
"Role" : "arn:aws:iam::xxxxxxxxxxx:role/my-transfer-role",
"PosixProfile": {
"Uid": 1001,
"Gid": 1001,
"SecondaryGids": []
},
"HomeDirectory": "/"
so far I can only connect to the SFTP server, but can't read or write what's on the EFS Message="Unable to list directory: permission denied for /"
I created a role and a policy attached to Transfer with permissions on my EFS as explained in this guide
Is there something I'm missing in this configuration please? Thanks
it turned out I was missing the file system id on HomeDirectory, so I changed it to : homeDirectory=/fs-xxxxxxx
and it worked, thanks to Sagar from AWS for his answer here https://repost.aws/questions/QUlDjDeMI7TD6C6pN0tdc4gw/how-to-allow-access-to-efs-from-sftp-using-lambda-as-identity-provider