Other custom identity provider options

This topic describes alternatives to the AWS Transfer Family Custom IdP solution described in Custom identity provider solution.

To authenticate your users, you can use your existing identity provider with AWS Transfer Family. You integrate your identity provider using an AWS Lambda function, which authenticates and authorizes your users for access to Amazon S3 or Amazon Elastic File System (Amazon EFS). For details, see Using AWS Lambda to integrate your identity provider. You can also access CloudWatch graphs for metrics such as number of files and bytes transferred in the AWS Transfer Family Management Console, giving you a single pane of glass to monitor file transfers using a centralized dashboard.

Alternatively, you can provide a RESTful interface with a single Amazon API Gateway method. Transfer Family calls this method to connect to your identity provider, which authenticates and authorizes your users for access to Amazon S3 or Amazon EFS. Use this option if you need a RESTful API to integrate your identity provider or if you want to use AWS WAF to leverage its capabilities for geo-blocking or rate-limiting requests. For details, see Using Amazon API Gateway to integrate your identity provider.

In either case, you can create a new server using the AWS Transfer Family console or the CreateServer API operation.

Note

For custom identity providers, the username must be a minimum of 3 and a maximum of 100 characters. You can use the following characters in the username: a–z, A-Z, 0–9, underscore '_', hyphen '-', period '.' and at sign '@'. The username can't start with a hyphen '-', period '.' or at sign '@'.

Transfer Family provides a blog post and a workshop that walk you through building a file transfer solution. This solution leverages AWS Transfer Family for managed SFTP/FTPS endpoints and Amazon Cognito and DynamoDB for user management.

The blog post is available at Using Amazon Cognito as an identity provider with AWS Transfer Family and Amazon S3. You can view the details for the workshop here.

AWS Transfer Family provides the following options for working with custom identity providers.

Use AWS Lambda to connect your identity provider – You can use an existing identity provider, backed by a Lambda function. You provide the name of the Lambda function. For more information, see Using AWS Lambda to integrate your identity provider.
Use Amazon API Gateway to connect your identity provider – You can create an API Gateway method backed by a Lambda function for use as an identity provider. You provide an Amazon API Gateway URL and an invocation role. For more information, see Using Amazon API Gateway to integrate your identity provider.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Multiple auth for custom IdP

Lambda as an identity provider