Skip to content

trussworks/terraform-aws-sftp-user

BranchesTags

Repository files navigation

Creates a user for an AWS Transfer for SFTP endpoint.

Creates the following resources:

  • AWS Transfer user
  • IAM policy for the user to access S3.
  • SSH Keys attached to the Transfer user.

Usage

module "sftp_user_alice" {
  source                = "trussworks/sftp-user/aws"
  version               = "~> 1.0.0"

  sftp_server_id            = aws_transfer_server.my_app_sftp.id
  ssh_public_keys           = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 example@example.com"]
  user_name                 = "alice"
  role_name                 = "alice-sftp-role"
  home_directory_bucket     = "myapp_sftp_bucket"
  home_directory_key_prefix = "alice/"
  allowed_actions = [
    "s3:GetObject",
    "s3:GetObjectACL",
    "s3:PutObject",
    "s3:PutObjectACL",
  ]
  tags = {
    Application = "my_app"
    Environment = "prod"
  }
}

Requirements

Name Version
terraform >= 1.0
aws >= 2.70

Providers

Name Version
aws >= 2.70

Modules

No modules.

Resources

Name Type
aws_iam_role.main resource
aws_iam_role_policy.main resource
aws_transfer_ssh_key.main resource
aws_transfer_user.main resource
aws_iam_policy_document.assume_role_policy_doc data source
aws_iam_policy_document.role_policy_doc data source

Inputs

Name Description Type Default Required
allowed_actions A list of allowed actions for objects in the backend bucket. list(string) 
[
  "s3:GetObject",
  "s3:GetObjectACL",
  "s3:GetObjectVersion",
  "s3:PutObject",
  "s3:PutObjectACL",
  "s3:DeleteObject",
  "s3:DeleteObjectVersion"
]
 no
home_directory_bucket The S3 Bucket to use as the home directory 
object({
    arn = string
    id  = string
  })
 n/a yes
home_directory_key_prefix The home directory key prefix string "" no
role_arn The name of the IAM role for the SFTP user. Either role_name or role_arn must be provided, not both. string "" no
role_name The name of the IAM role for the SFTP user. Either role_name or role_arn must be provided, not both. string "" no
sftp_server_id Server ID of the AWS Transfer Server (aka SFTP Server) string n/a yes
ssh_public_keys Public SSH key for the user. If list is empty, then no SSH Keys are setup to authenticate as the user. list(string) [] no
tags A mapping of tags to assign to all resources map(string) {} no
user_name The name of the user string n/a yes

Outputs

No outputs.

About

SFTP User for AWS Transfer Server

registry.terraform.io/modules/trussworks/sftp-user/aws

Resources

Readme

License

BSD-3-Clause license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

3 stars

Watchers

9 watching

Forks

12 forks
Report repository

Releases 2

Deprecate using Terraform versions before 1.0 Latest Latest
Jun 8, 2023
+ 1 release

Packages

No packages published

Contributors 10

Languages