Skip to content

Instantly share code, notes, and snippets.

@ipmb

ipmb/transfer.tf

Created December 18, 2020 23:10
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ipmb/46d54ed9ec6d9737fb69cf50e8c30127 to your computer and use it in GitHub Desktop.
Save ipmb/46d54ed9ec6d9737fb69cf50e8c30127 to your computer and use it in GitHub Desktop.
Download ZIP
AWS Transfer Server with Elastic IP in terraform
Raw
transfer.tf
variable "TRANSFER_HOST_KEY" {}
locals {
transfer = {
az_count = 2
}
}
resource "aws_eip" "transfer" {
count = local.transfer.az_count
vpc = true
tags = {
Name = "transfer-server"
}
}
resource "aws_transfer_server" "transfer" {
host_key = var.TRANSFER_HOST_KEY
endpoint_type = "VPC"
endpoint_details {
address_allocation_ids = aws_eip.transfer[*].id
subnet_ids = slice(module.vpc.public_subnets, 0, local.transfer.az_count)
vpc_id = module.vpc.vpc_id
# waiting on https://github.com/hashicorp/terraform-provider-aws/issues/15788
# set manually for now
# security_group_ids = [aws_security_group.ssh_public.id]
}
logging_role = module.transfer_logging_role.arn
}
module "transfer_logging_role" {
source = "./modules/iam_service_role"
name = "transfer-logging"
service = "transfer.amazonaws.com"
include_policy_json = false
policy_arns = ["arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"]
}
data "aws_iam_policy_document" "transfer_home_bucket" {
statement {
actions = [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
]
resources = ["arn:aws:s3:::$${transfer:HomeBucket}"]
condition {
test = "StringLike"
values = ["$${transfer:HomeFolder}/*", "$${transfer:HomeFolder}"]
variable = "s3:prefix"
}
}
statement {
actions = [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:GetObjectVersion"
]
resources = ["arn:aws:s3:::$${transfer:HomeDirectory}*"]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment