![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2018\/11\/AWS-Logo.png\"){kind=logo}
<\/p>\n<\/p>\n
AWS Transfer<\/strong> supports 3 protocols: SFTP<\/strong>, FTP<\/strong>, and FTPS<\/strong>. And only SFTP<\/strong> can have a public endpoint, FTP<\/strong>\/FTPS<\/strong> can only be run inside a VPC<\/strong>. Also for login<\/strong>\/password<\/strong> authorization, you must use a custom provider, you can find more information about this here<\/a>.<\/p>\n Create an AWS Transfer<\/strong> server for the FTP<\/strong> protocol, the service must be public and authorization must also be by login \/ password.<\/p>\n FTP<\/strong> is insecure and AWS<\/strong> does not recommend using it on public networks.<\/p><\/blockquote>\n <\/p>\n The first thing you need is the AWS SAM CLI<\/a> installed.<\/p>\n Create a directory where we will download the template, go to it and download:<\/p>\n <\/p>\n Unzip and run the following command:<\/p>\n <\/p>\n Where, "aws-transfer-ftp"<\/strong> is the name of the created CloudFormation<\/strong> stack, if you specify the name of an existing one, it will update it.<\/p><\/blockquote>\n <\/p>\n Then the interactive installation will start, where you will be prompted to specify the following parameters:<\/p>\n <\/p>\n <\/p>\n Let’s create a SecurityGroup<\/strong> for the FTP<\/strong> service in the required VPC<\/strong>. And we will allow incoming traffic to TCP<\/strong> ports 21<\/strong> and 8192<\/strong>—8200<\/strong> from any address. While we save the created SG<\/strong>, we will attach it in the future.<\/p>\n Then go to the AWS<\/strong> Console — "AWS Transfer Family<\/strong>", find the server created by AWS Transfer<\/strong> and edit its protocol, uncheck the "SFTP<\/strong>" protocol and select "FTP<\/strong>" protocol, and save the changes.<\/p>\n Now we need to add access to FTP<\/strong> from the world, for this we will use NLB<\/strong>. First, let’s find out the private IP<\/strong> addresses of VPC<\/strong> endpoint for AWS Transfer<\/strong>, for this in the "Endpoint details<\/strong>" block, click on the link to the VPC<\/strong> endpoint.<\/p>\n <\/p>\n Go to the "Subnets<\/strong>" tab and copy all the IP<\/strong> addresses, they will be needed to create target groups.<\/p>\n <\/p>\n Go to the "Security Groups<\/strong>" tab and change the default security group to the one created earlier.<\/p>\n Now let’s create a target group, for this in the AWS console go to "EC2<\/strong>" -> "Load Balancing<\/strong>" -> "Target Groups<\/strong>" and create the first target group for TCP<\/strong> port 21<\/strong>.<\/p>\n It is better to indicate the port number in the name of the target group at the end, since there will be 10 of them and you can easily get confused.<\/p><\/blockquote>\n We will also indicate the VPC<\/strong> in which the AWS Transfer<\/strong> service was created. In the next tab, one by one, we will indicate the IP<\/strong> addresses of the VPC<\/strong> endpoint, which we looked at earlier. We save the target group.<\/p>\n Now you need to create 9 more target groups for the port range: TCP<\/strong> 8192<\/strong>—8200<\/strong>. The procedure is the same as for the target group for port 21<\/strong>, except that you need to specify port 21<\/strong> for HeathCheck<\/strong>. To do this, in the "Health checks<\/strong>" block, open the "Advanced health check setting<\/strong>" tab, select "Overrive<\/strong>" and specify the port number — 21<\/strong>.<\/p>\n After we are done with target groups, we need to create an "internet-facing<\/strong>" Network Load Balancer<\/strong> and place it on public networks of the same VPC<\/strong> where the AWS Transfer<\/strong> service is. We also create 10<\/strong> listeners, for TCP<\/strong> ports 21<\/strong>, and for the range 8192<\/strong>—8200<\/strong>, and for each listener we point the desired target group corresponding to the port number. After which the FTP service must be accessible from outside.<\/p>\n In order to add an FTP<\/strong> user, go to the "Secrets Manager<\/strong>" in the AWS<\/strong> console and create a secret with the "Other type of secrets<\/strong>" type.<\/p>\n <\/p>\n Create 3 "key\/value<\/strong>" pairs:<\/p>\n Where "s3-bucket<\/strong>" is the name of the S3<\/strong> bucket, "user-name<\/strong>" is the name of the directory that the user will go to when connecting to the FTP<\/strong> server (the directory name does not have to match the username, and may also be located outside the root of the bucket)<\/p><\/blockquote>\n <\/p>\n We must save the secret with a name in the format: "server_id\/user_name<\/strong>", where "server_id<\/strong>" is the AWS Transfer<\/strong> server ID<\/strong>, "user_name<\/strong>" is the username that will be used to connect to the FTP<\/strong> server.<\/p>\n For convenience, you can also create a DNS CNAME<\/strong> record for the NLB<\/strong> record.<\/p>\n","protected":false},"excerpt":{"rendered":" AWS Transfer supports 3 protocols: SFTP, FTP, and FTPS. And only SFTP can have a public endpoint, FTP\/FTPS can only be run inside a VPC. Also for login\/password authorization, you must use a custom provider, you can find more information about this here. Goal: Create an AWS Transfer server for the FTP protocol, the service … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "AWS Transfer — Public FTP"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[599],"tags":[543,1723,1725,1727,1729,1731],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2086"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2086"}],"version-history":[{"count":3,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2086\/revisions"}],"predecessor-version":[{"id":2091,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2086\/revisions\/2091"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Goal:<\/h3>\n
\r\nwget https:\/\/s3.amazonaws.com\/aws-transfer-resources\/custom-idp-templates\/aws-transfer-custom-idp-secrets-manager-sourceip-protocol-support-apig.zip\r\n<\/pre>\n
\r\nsam deploy --guided --stack-name aws-transfer-ftp\r\n<\/pre>\n
\n
![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2020\/11\/Screenshot-2020-11-20-at-12.34.34.png\")
<\/p>\n![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2020\/11\/Screenshot-2020-11-20-at-19.03.48.png\")
<\/p>\n![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2020\/11\/Screenshot-2020-11-20-at-19.05.00.png\")
<\/p>\n![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2020\/11\/Screenshot-2020-11-20-at-19.10.41.png\")
<\/p>\n\n
![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2020\/11\/Screenshot-2020-11-20-at-19.34.10.png\")
<\/p>\n![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2020\/11\/Screenshot-2020-11-20-at-12.13.35.png\")
<\/p>\n\n