I have created an AWS transfer family SFTP server which is using a lambda function for authentication. When I try to login into the SFTP. I am getting the following error:
"method": "password",
"activity-type": "AUTH_FAILURE",
"source-ip": "172.105.39.41",
"resource-arn": "arn:aws:transfer:us-east-2:123456789012:server/s-123456",
"message": "Unable to invoke Lambda function: arn:aws:lambda:us-east-2: 123456789012:function:SFTP-Lambda",
"user": "user"
The lambda has the following Invoke permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-2:123456789012:function:SFTP-Lambda",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:transfer:us-east-2:123456789012:server/s-123456"
}
}
}
]
}
Can someone please what needs to be added here so that I can use the lambda for authentication.?
I am trying to follow the following documentation, but looks like the IAM permissions provided is not working as expected: https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
You need to grant AWS Transfer Family the necessary permissions to invoke your Lambda function.
To do this, run:
aws lambda add-permission \
--function-name SFTP-Lambda --action lambda:InvokeFunction \
--statement-id transfer --principal transfer.amazonaws.com \
--output text