Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create AWS transfer family SFTP server with disabled password #8962

Closed
1 task
Lucas3oo opened this issue Oct 9, 2024 · 3 comments
Closed
1 task

Unable to create AWS transfer family SFTP server with disabled password #8962

Lucas3oo opened this issue Oct 9, 2024 · 3 comments
Labels
bug This issue is a bug. p2 This is a standard priority issue service-api This issue is due to a problem in a service API, not the SDK implementation. transfer

Comments

@Lucas3oo
Copy link

Lucas3oo commented Oct 9, 2024

Describe the bug

Trying to create SFTP server with S3 as backend with identity provider type set to SERVICE_MANAGED and SftpAuthenticationMethods set to PUBLIC_KEY.

E.g
aws transfer create-server --identity-provider-type SERVICE_MANAGED --identity-provider-details SftpAuthenticationMethods=PUBLIC_KEY

The error is:
An error occurred (InvalidRequestException) when calling the CreateServer operation: Must specify IdentityProviderType with IdentityProviderDetails

which is clearly a bug since I do provide a type.

AWS CLI version:

 aws --version
aws-cli/2.17.57 Python/3.12.6 Linux/6.1.109-118.189.amzn2023.x86_64 exec-env/CloudShell exe/x86_64.amzn.2023

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

That the SFTP server got created with no possibility to require passwords for users.

Current Behavior

An exception

Reproduction Steps

aws transfer create-server --identity-provider-type SERVICE_MANAGED --identity-provider-details SftpAuthenticationMethods=PUBLIC_KEY

Possible Solution

No response

Additional Information/Context

Seems to be broken also when using cloudformation and AWS SDK

CLI version used

aws-cli/2.17.57 Python/3.12.6 Linux/6.1.109-118.189.amzn2023.x86_64 exec-env/CloudShell exe/x86_64.amzn.2023

Environment details (OS name and version, etc.)

AmazonLinux
@Lucas3oo Lucas3oo added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 9, 2024
@tim-finnigan tim-finnigan self-assigned this Oct 9, 2024
@tim-finnigan tim-finnigan added the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Oct 9, 2024
@tim-finnigan
Copy link
Contributor

Thanks for reporting. I could reproduce this issue. The issue here is with the error message that the underlying CreateServer API is returning.

I reached out to the Transfer team regarding this issue, and they acknowledged that the error message is wrong. It should actually be:

An error occurred (InvalidRequestException) when calling the CreateServer operation: Cannot specify IdentityProviderType with IdentityProviderDetails

The Transfer team also noted that if you're using a SERVICE_MANAGED server then you should not have to worry about passwords since they are not supported.

Also want to highlight related documentation here: https://docs.aws.amazon.com/transfer/latest/APIReference/API_IdentityProviderDetails.html

For SFTP-enabled servers, and for custom identity providers only, you can specify whether to authenticate using a password, SSH key pair, or both.

If you have any follow up questions let me know and I can check in with the service team. Otherwise we can continue tracking this issue for them to update the error message.

@tim-finnigan tim-finnigan added service-api This issue is due to a problem in a service API, not the SDK implementation. transfer p2 This is a standard priority issue and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. needs-triage This issue or PR still needs to be triaged. labels Oct 9, 2024
@tim-finnigan tim-finnigan removed their assignment Oct 9, 2024
@Lucas3oo
Copy link
Author

OK, I thought that SERVICE_MANAGED was same as "custom identity providers".

@github-actions GitHub Actions
Copy link

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. p2 This is a standard priority issue service-api This issue is due to a problem in a service API, not the SDK implementation. transfer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Lucas3oo @tim-finnigan