SFTP Gateway 2.0 Manual Setup | Thorn Technologies

SFTP Gateway 2.0 Manual Setup

Spin up the EC2 instance

Find the AMI

  1. Go to the AWS console > EC2 > AMIs
  2. Search for ami-032ee389d7590ba9b (for us-east-1).
  3. You probably won’t see any results. To the left of the search box, change Owned by me to Private images
  4. You should now see an AMI named sftpgw-ami-release-2-000...
  5. With that AMI selected, go to Actions > Launch

Spin up the AMI

  1. Accept the default network settings for the default VPC, subnet, and auto-assign public IP. This should result in getting a public IP.
  2. When specifying an IAM role, leave it as None (you’ll create the IAM role later)
  3. Leave storage at 32 GB. For storage volume type, make sure it’s General Purpose SSD (gp2)
  4. For the security group, grant yourself access on TCP ports 22, 80, and 443. For the source, use your own IP address rather than the wildcard 0.0.0.0/0
  5. Select an EC2 key pair that you have access to

Post configuration

Elastic IP address

You want to assign yourself an Elastic IP address, which is like a static IP address. Otherwise, your public IP address will change whenever you stop the EC2 instance.

  1. Go to EC2 > Elastic IPs
  2. Click Allocate new address
  3. Click Allocate
  4. Click on the newly allocated IP address
  5. Under Actions, select Associate address
  6. From the Instance drop-down, select your EC2 instance
  7. Click Associate

Reset the admin password

In order to use the web interface to manage users, you’ll have to first reset the admin password.

  1. Paste the elastic IP address into your web browser.
  2. You should see a link that says Click here to access your admin interface. Click on that link.
  3. You should see an SSL warning, which is a result of using a self-signed certificate. Bypass it by clicking Advanced > Proceed to
  4. You should see a page with instructions for resetting your admin password

You won’t be able to log into the admin interface until you’ve reset the password via the command line.

  1. SSH into your EC2 instance
  2. Reset the admin password: sudo resetadminpassword <your-password>
  3. Refresh the web browser, and you should now be able to enter in your admin password

Create IAM policy

At the moment, the EC2 instance doesn’t have any permissions to access S3. It’s also missing other permissions it needs to function normally, like listing KMS keys and writing CloudWatch logs.

  1. Go to the AWS console > IAM > Policies
  2. Click Create policy
  3. Select the JSON tab
  4. Paste in the following (make sure you replace the EC2 instance ID i-abcdefg1234567890with your own):
    {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": "s3:*",
               "Resource": [
                   "arn:aws:s3:::sftpgateway-i-abcdefg1234567890",
                   "arn:aws:s3:::sftpgateway-i-abcdefg1234567890/*"
               ]
           },
           {
               "Effect": "Allow",
               "Action": [
                   "logs:CreateLogStream",
                   "logs:PutLogEvents",
                   "logs:DescribeLogStreams",
                   "logs:CreateLogGroup",
                   "ec2:DescribeAvailabilityZones",
                   "ec2:DescribeInstances",
                   "ec2:DescribeTags",
                   "s3:ListAllMyBuckets",
                   "cloudformation:DescribeStacks",
                   "cloudformation:ListStackResources",
                   "kms:ListAliases",
                   "kms:ListKeys"
               ],
               "Resource": "*"
           }
       ]
    }
    
  5. On the Review policy page, type SFTPGateway for the Name
  6. Click Create Policy

Create the IAM role

  1. Go to the AWS console > IAM > Roles
  2. Click Create role
  3. When choosing a service for this role, click EC2 and then Next: Permissions
  4. On the attach a permissions policy page, look for Filter policies and select Customer managed
  5. Check the box next to the SFTPGateway policy you created earlier
  6. Click Next: Tags
  7. Click Next: Preview
  8. Type in SFTPGatewayRole as the Role name
  9. Click Create role

Associate the IAM role

  1. Go to the AWS console > EC2 and select your EC2 instance
  2. Go to Actions > Instance Settings > Attach/Replace IAM Role
  3. From the drop down list, select the SFTPGatewayRole you created earlier
  4. Click Apply

Where to go from here

Right now, your EC2 instance has the permissions it needs to manage users, and upload files to your default S3 bucket.

Refresh your web browser, and try creating a user.

If you need access to additional S3 buckets, check out our documentation: Restrict S3 access on your IAM policy