Home > Enterprise >  S3 bucket object put & get access dynamically
S3 bucket object put & get access dynamically

Time:10-19

We use AWS file transfer family server for our internal file transfer systems. We use sftp protocol to transfer files.

Is it possible to add tag to file while uploading files to AWS file transfer server (backend S3) via openSSH client?

All our users use openssh for sftp and tag would help user to confirm if file has sensitive data or not. Basically user should able to tell if file has sensitive data or not which trigger some approvals in third part applications.

CodePudding user response:

Confirmed with AWS support and there is no option to add tags while uploading files from sftp SSH command however tagging is possible if files are uploaded via API Gateway or CLI commands.

Simple solution to manage customer sensitive files vs non-sensitive files is to use logical directory structure. Logical file structure can be added to file transfer server as below:

aws transfer create-access --home-directory-type LOGICAL --home-directory-mappings '[{"Entry":"/folder1","Target":"/bucket_name/${transfer:Username}/folder1" },{ "Entry": "/folder2", "Target":"/bucket_name/${transfer:Username}/folder2"}]' --role arn:aws:iam::account_id:role/iam-role --server-id s-123456789ert43 --external-id S-1-2-34-123456789-1234567-123456789-1234
  • Related