AWS managedservices documentation change
Summary
Updated SFTP role descriptions and added specific S3 bucket naming requirement
Security assessment
Changes include minor grammatical fixes ('Users' to 'users') and a new requirement for S3 bucket names to contain 'transfer'. While the bucket name requirement could help with resource organization, there's no explicit security justification provided in the diff.
Diff
diff --git a/managedservices/latest/onboardingguide/transfer-sftp.md b/managedservices/latest/onboardingguide/transfer-sftp.md index 174b78add..0fdde6462 100644 --- a//managedservices/latest/onboardingguide/transfer-sftp.md +++ b//managedservices/latest/onboardingguide/transfer-sftp.md @@ -25 +25 @@ Request access to AWS Transfer for SFTP by submitting an RFC with the Management - * `customer_transfer_sftp_user_role`. This role is designed to be attached on the SFTP users. It allows the SFTP Users to interact with the S3 bucket. + * `customer_transfer_sftp_user_role`. This role is designed to be attached on the SFTP users. It allows the SFTP users to interact with the S3 bucket. @@ -29 +29 @@ Request access to AWS Transfer for SFTP by submitting an RFC with the Management - * `customer_transfer_sftp_efs_user_role`. This role is designed to be attached on the SFTP users. It allows the SFTP Users to interact with the EFS file system. + * `customer_transfer_sftp_efs_user_role`. This role is designed to be attached on the SFTP users. It allows the SFTP users to interact with the EFS file system. @@ -42 +42 @@ AWS Transfer for SFTP configuration is limited to resources without "AMS-" or "M - * You must have an S3 bucket before creating the AWS Transfer for SFTP server and users. + * You must have an Amazon S3 bucket with a name that contains the keyword "transfer" before creating the AWS Transfer for SFTP server and users. @@ -44 +44 @@ AWS Transfer for SFTP configuration is limited to resources without "AMS-" or "M - * To use a "Customer Identify Provider," you must deploy the API Gateway, Lambda function, and your user repository (AD, Secrets Manager, and so on). For more information, see [ Enable password authentication for AWS Transfer for SFTP using AWS Secrets Manager](https://aws.amazon.com/blogs/storage/enable-password-authentication-for-aws-transfer-for-sftp-using-aws-secrets-manager/) and [Working with Identity Providers](https://docs.aws.amazon.com/transfer/latest/userguide/authenticating-users.html) + * To use a "Customer Identify Provider," you must deploy the API Gateway, Lambda function, and your user repository (AD, Secrets Manager, and so on). For more information, see [ Enable password authentication for AWS Transfer for SFTP using AWS Secrets Manager](https://aws.amazon.com/blogs/storage/enable-password-authentication-for-aws-transfer-for-sftp-using-aws-secrets-manager/) and [Working with Identity Providers](https://docs.aws.amazon.com/transfer/latest/userguide/authenticating-users.html).