id | title | created | updated |
---|---|---|---|
Setting up |
Setting up |
1683841041000 |
1683841041000 |
{% hint style="info" %} This page was generated from content adapted from the AWS Developer Guide {% endhint %}
- Note
You don't have to use a server and Amazon S3 bucket that are in the same AWS Region, but we recommend this as a best practice. - Note
You can use Amazon S3 Object Lock to prevent objects from being overwritten for a fixed amount of time or indefinitely. This works the same way with Transfer Family as with other services. If an object exists and is protected, writing to that file or deleting it is not allowed. For more details on Amazon S3 Object Lock, see Using Amazon S3 Object Lock in the Amazon Simple Storage Service User Guide. - Note
AWS Transfer Family does not currently support Amazon S3 Multi-Region Access Points. - Note
This policy does not allow for appending to a file. That is, a user that is assigned to this policy cannot open files to add content to them, or to modify them. Also, if your use case involves issuing aHeadObject
call before uploading a file, this policy won't work for you.
- Note
When you use a Transfer Family server and an Amazon EFS file system, the server and the file system must be in the same AWS Region.
- Note
When you are creating a service-managed Transfer Family user, you can select Auto-generate policy based on home folder. This is a useful shortcut if you want to limit user access to their own folders. Also, you can view details about session policies and an example in How session policies work. You can also find more information about session policies in Session policies in the IAM User Guide. - Note
In the examples above, replace each user input placeholder with your own information. - Note
The maximum length of a session policy is 2048 characters. For more details, see the Policy request parameter for theCreateUser
action in the API reference. - Note
If your Amazon S3 bucket is encrypted using AWS Key Management Service (AWS KMS), you must specify additional permissions in your policy. For details, see Data encryption. Additionally, you can see more information about session policies in the IAM User Guide. - Note
In the preceding policy, it is assumed that users have their home directories set to include a trailing slash, to signify that it is a directory. If, on the other hand, you set a user'sHomeDirectory
without the trailing slash, then you should include it as part of your policy. - Note
If you are using Logical directories—that is, the user'shomeDirectoryType
isLOGICAL
—these policy parameters (HomeBucket
,HomeDirectory
, andHomeFolder
) are not supported. - Note
In the following example, replace bucket_name with the name of your S3 bucket.
Also, note that theGetObjectACL
andPutObjectACL
statements are only required if you are doing Cross Account Access. That is, your Transfer Family server needs to access a bucket in a different account. - Note
In addition to the policy, you must also make sure your POSIX file permissions are granting the appropriate access. For more information, see Working with users, groups, and permissions at the Network File System (NFS) Level in the Amazon Elastic File System User Guide. - Note
In the following examples, replace region with your region, account-id with the account the file is in, and file-system-id with the ID of your Amazon Elastic File System (Amazon EFS).