SFTP Gateway Support

1.004.4

Custom S3 Bucket

SFTP Gateway relies on a default S3 bucket. By default, SFTP users upload their files to this bucket. However, you can point each SFTP user to an S3 bucket of your choice. For more information, see "Add and Configure Users: custom s3 bucket and path".

The CloudFormation template creates this default bucket. If you're not using CloudFormation, the command sftpgatewaysetup creates the default bucket.

The default bucket name uses the convention sftpgateway-i-01234abcd, which is "sftpgateway" followed by the EC2 instance ID.

You can modify the default bucket name by changing the sftpgateway.bucketname property in the global properties file /home/ec2-user/.sftpgateway/sftpgateway.properties. This can be a new or existing bucket -- you just need to make sure that the SFTP Gateway's IAM role has access to it.

If the S3 bucket you specify does not reside in your AWS account, you will need to perform some additional steps. See "Cross account S3 access" for more information.

Version 2.0 and later

For setting a custom bucket in version 2.0, please see Configure System Settings Using UI

Version 1.003.2 and later

In version 1.003.2, you can specify the default bucket name in the CloudFormation template. For CloudFormation setup, see "Initial Setup of SFTP Gateway: CloudFormation setup".

You can also specify the default bucket name via command line:

sudo sftpgatewaysetup --bucket <your_bucket_name>

You can run this command at any time to update the default bucket name. Any user with a default s3 upload path will inherit the new default bucket name.

Note: If you have any existing users configured to use the downloads directory, you will need run the command sudo sftpgw reset username to apply the new default bucket name.

Version 1.003.1 and prior

You can modify the default bucket name, after the initial setup of SFTP Gateway, by editing the sftpgateway.bucketname property in the /home/ec2-user/.sftpgateway/sftpgateway.properties file.

  1. Open the sftpgateway.properties file for editing:

    sudo nano /home/ec2-user/.sftpgateway/sftpgateway.properties

  2. Modify the sftpgateway.bucketname property:

    sftpgateway.bucketname=my-custom-default-bucket

  3. Save and exit the sftpgateway.properties file:

    • ctrl-o and enter will save the file
    • ctrl-x will close the file

  4. Apply the changes to the server:

    sudo sftpgatewaysetup

After adjusting the default bucket and applying the changes to the server, any users that have not had their s3 location modified in the user configuration process will use the new default bucket.

Note: If you have any existing users configured to use the downloads directory, you will need to apply the new default bucket to those users by running the command sudo sftpgw reset username.

Version 1.002.1 and prior

(this feature is built into Version 1.003.0)

  1. Elevate privileges to root, since everything you're going to do requires it

    sudo su

  2. Edit the SFTP Gateway properties file to customize your bucket and uploads directory

    vi /home/ec2-user/.sftpgateway/sftpgateway.properties

    You'll see something like this:

    sftpgateway.bucketname=sftpgateway-i-abc123
sftpgateway.uploaddir=uploads
sftpgateway.region=us-east-1

    Edit it to something like this:

    sftpgateway.bucketname=rob-testing-custom-bucket-name
sftpgateway.uploaddir=customfolder
sftpgateway.region=us-east-1

  3. Create the S3 bucket

    You can do this via the AWS console. Just make sure the bucket name matches what you specified in the properties file

  4. Edit the EC2 IAM Role

    If you created the instance using the video instructions, you can skip this (because your EC2 IAM role should have access to all buckets)

    If you used CloudFormation, you need to edit the inline policy, so it looks something like this (add the additional two resource entries)

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::sftpgateway-i-00752c9106377ce24",
                "arn:aws:s3:::sftpgateway-i-00752c9106377ce24/*",
                "arn:aws:s3:::rob-testing-custom-bucket-name",
                "arn:aws:s3:::rob-testing-custom-bucket-name/*"
            ],
            "Effect": "Allow"
        }
    ]
}

  5. Reset the user in question

    sftpgw reset robtest

    This points that user to the new bucket and folder

  6. Create that custom folder

    mkdir /home/robtest/home/robtest/customfolder

    chown robtest:robtest /home/robtest/home/robtest/customfolder

    You actually have to create the folder manually. Don't forget to change permissions on it, since you're logged in as root!

  7. Restart the incrond service

    /etc/init.d/incrond restart

    This is to make sure the changes stick. Alternatively, you can reboot the box with init 6.

Configure an EC2 security groupRestrict S3 access on your IAM policy