SFTP User To Access S3 Bucket
In this scenario we are creating user in Ec2Instance and giving access to put file in s3 bucket via single folder which is sync with s3 bucket.
Step 1:
Launch ec2 instance (Linux)
Attached role to the instance which have ec2 having s3 full access policy
Navigate to that server terminal
cd /home/ec2user/
$sudo yum remove fuse fuse-s3fs
$sudo amazon-linux-extras install epel
$sudo yum install s3fs-fuse
Step 2:
Create the s3 bucket (Unique-name)
Bucket policy need to change to access the publicly
- Allow all the block public access and add the permission in the bucket policy
Step 3:
Navigate to Terminal and create a folder
$ cd /home/ec2-user/
$ mkdir foldername
Step4:
mount the folder with s3 bucket
$ s3fs -o iam_role=auto -o url=”https://s3.ap-south-1.amazonaws.com" -o endpoint=ap-south-1 -o dbglevel=info -o curldbg -o use_cache=/tmp <bucketname> <foldername>
To create a sftp user
Note : create a sftp folder inside the sftp user
sftp user creation
$sudo su
#useradd <sftpuser>
#su — <sftpuser>
#ssh-keygen -b 2048 -t rsa -f <sftpuser> -C <sftpuser>
#exit
#cd /home/<sftpuser>
#cp <sftpuser> /home/ec2-user/<sftpuser>
#su -<sftpuser>
#mkdir .ssh
#cp <sftpuser>.pub .ssh/<sftpuser>.pub
#cd .ssh
#cat >authorized_keys < <sftpuser>.pub
#chmod 0700 ~/.ssh
#chmod 0600 ~/.ssh/authorized_keys
#exit
#chown <sftpuser>:<sftpuser> /home/<sftpuser>
#chmod 0755 /home/<sftpuser>
#chmod 777 /home/ec2-user/<sftpuser>
#after creating the user (using root access )
#su <sftpuser>
#mkdir <foldername>
#chown <sftpuser>:<sftpuser> <foldername> : changing the owner of sftp folder
#s3fs -o iam_role=auto -o url=”https://s3.ap-south-1.amazonaws.com" -o endpoint=ap-south-1 -o dbglevel=info -o curldbg -o use_cache=/tmp <bucketname> <foldername>
error :
$ s3fs -o iam_role=auto -o url=”https://s3.ap-south-1.amazonaws.com" -o endpoint=ap-south-1 -o dbglevel=info -o curldbg -o use_cache=/tmp <bucketname> <foldername>
s3fs: could not allow cache directory permission, check permission of cache directories.
Remove : use_cache=/tmp from the line
s3fs -o iam_role=auto -o url=”https://s3.ap-south-1.amazonaws.com" -o endpoint=ap-south-1 -o dbglevel=info -o curldbg <bucketname> <foldername>
Note : User and there folder owner should be same chown <sftpuser>:<sftpuser> /home/<sftpuser>/<foldername>
Logging using sftp user and key
check and confirm
To Access for another sftp user add user in owner group and mount the folder
create a new user using above documentation
#su <sftpuser2>
#mkdir folder2
#chown <sftpuser2>:<sftpuser2> folder2
#s3fs -o iam_role=auto -o url=”https://s3.ap-south-1.amazonaws.com" -o endpoint=ap-south-1 -o dbglevel=info -o curldbg <bucketname> <folder2>
#Exit
#sudo usermod -a -G <sftpuser> <sftpuser2>
#
#sudo usermod -a -G groupname username
#
#Now you will able to access the bucket
You can restrict the bucket using IP based
Thank you
Any query please feel free to contact me
LinkedIn : https://www.linkedin.com/in/rohan-tiwari-40495076/