forked from caktus/aws-web-stacks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsftp.py
59 lines (53 loc) · 1.71 KB
/
sftp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
from troposphere import (
And,
Condition,
Equals,
Join,
Not,
Parameter,
Ref,
Tags,
transfer
)
from .common import use_aes256_encryption_cond, use_cmk_arn
from .template import template
use_sftp_server = template.add_parameter(
Parameter(
"UseSFTPServer",
Description="Whether or not to set up an SFTP service. If 'true', this will set up a transfer server and "
"add an S3 bucket for its use, along with a role and policies for use when adding users.",
Type="String",
AllowedValues=["true", "false"],
Default="false",
),
group="SFTP",
label="Enable SFTP Server",
)
use_sftp_condition = "UseSFTPServerCondition"
use_sftp_with_kms_condition = "UseSFTPWithKMSCondition"
use_sftp_without_kms_condition = "UseSFTPWithoutKMSCondition"
template.add_condition(use_sftp_condition, Equals(Ref(use_sftp_server), "true"))
template.add_condition(
# If this condition is true, we need to create policies and roles that give
# access to the customer KMS.
use_sftp_with_kms_condition,
And(
Equals(Ref(use_sftp_server), "true"),
Condition(use_aes256_encryption_cond),
Condition(use_cmk_arn),
),
)
template.add_condition(
# If this condition is true, we need to create policies and roles,
# but they should not give access to customer KMS.
use_sftp_without_kms_condition,
And(Equals(Ref(use_sftp_server), "true"), Not(Condition(use_cmk_arn))),
)
transfer_server = transfer.Server(
"TransferServer",
template=template,
Condition=use_sftp_condition,
IdentityProviderType="SERVICE_MANAGED",
EndpointType="PUBLIC",
Tags=Tags(Name=Join("-", [Ref("AWS::StackName"), "sftp"])),
)