AWS Notes - Network - TransferFamily(Transfer) connect with EFS

1. AWS EC2 connects to EFS

create EFS and create EC2

EFS's DNS:fs-XXXXXXX.efs.ap-northeast-1.amazonaws.com

add security group

add nfs port(2049) to EFS inbound rules (IP: EC2's local IP)

use the command below to mound the EFS to EC2

a. install efs tools
sudo yum install amazon-efs-utils

b.mount the EFS
sudo mount -t efs -o tls fs-XXXXX:/ ~/efs-mount

2. Create Transfer

Create transferFamily's Endpoint

Protocols: SFTP
Identity Provider: Service Managed
Endpoint : s-XXXXXXXXX.server.transfer.ap-northeast-1.amazonaws.com
Endpoint Type: Public

3. Create User to connect Transfer to EFS
Create a role to connect transfer to EFS
a.Create Policies

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantTransferRoleAccess",
"Effect": "Allow",
"Action": [
"elasticfilesystem:ClientRootAccess",
"elasticfilesystem:ClientWrite",
"elasticfilesystem:ClientMount"
],
"Resource": "arn:aws:elasticfilesystem:ap-northeast-1:<AWSAccountID>:file-system/<fs-XXXXXX>"
},
{
"Sid": "NFSClientReadWriteViaFsmt",
"Effect": "Allow",
"Action": [
"elasticfilesystem:ClientRootAccess",
"elasticfilesystem:ClientWrite",
"elasticfilesystem:ClientMount"
],
"Resource": "arn:aws:elasticfilesystem:ap-northeast-1:<AWSAccountID>:file-system/<fs-XXXXXXX>",
"Condition": {
"Bool": {
"elasticfilesystem:AccessedViaMountTarget": "true"
}
}
}
]
}

b. Create Roles
Trust Relationships:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}

c. Create Server in AWS TransferFamily

d. Create User in AWS TransferFamily

d1. need the SSH public key to log in
you can create one by command SSH-KEYGEN
d2. user id and group id set 9999

4. Connect to SFTP
In Ubuntu I used SFTP command to connect

sftp -i pubkey.pem sftpuser@s-XXXXXXXX.server.transfer.ap-northeast-1.amazonaws.com