Edit a user's details - AWS Transfer Family

Edit a user's details

After you create a user, you can modify the role, policy, and home directory.

To edit a user's configuration

  1. Open the AWS Transfer Family console at https://console.aws.amazon.com/transfer/.

  2. In the navigation pane, chooseServers.

  3. Choose the identifier in the Server ID column to see the Server details page.

  4. Under Users, choose a user name to see the User details page, shown following.

    You can change the user's properties on this page by choosing Edit:

Edit the user role, policy, and home directory

On the AWS Transfer Family console, you can edit the user's role, policy, and home directory.

To edit the user details

  1. Open the AWS Transfer Family console at https://console.aws.amazon.com/transfer/.

  2. Navigate to the Servers page.

  3. Choose the identifier in the Server ID column to see the Server details page.

  4. Under Users, choose a user name to see the User details page.

  5. On the Users details page, choose Edit next to User configuration.

  6. On the Edit configuration page, for Access, choose the IAM role that you previously created that provides access to your Amazon S3 bucket.

    You created this IAM role using the procedure in Create an IAM role and policy. That IAM role includes an IAM policy that provides access to your Amazon S3 bucket. It also includes a trust relationship with the AWS Transfer Family service, defined in another IAM policy.

  7. (Optional) For Policy, choose one of the following:

    • None

    • Existing policy

    • Select a policy from IAM to choose an existing policy. Choose View to see a JSON object containing the details of the policy.

    To learn more about scope-down policy, see Create an IAM role and policy. To learn more about creating a scope-down policy, see Create a scope-down policy.

  8. For Home directory, choose the Amazon S3 bucket to store the data to transfer using AWS Transfer Family. Enter the path to the home directory where your user lands when they log in using their client.

    If you leave this parameter blank, the root directory of your Amazon S3 bucket is used. In this case, make sure that your IAM role provides access to this root directory.

    Note

    We recommend that you choose a directory path that contains the user name of the user, which enables you to effectively use a scope-down policy. The scope-down policy limits user access in the Amazon S3 bucket to that user's home directory.

  9. (Optional) For Restricted, select the check box so that your users can't access anything outside of that folder and can't see the Amazon S3 bucket or folder name.

    Note

    When assigning the user a home directory and restricting the user to that home directory, this should be sufficient enough to lock down the user's access to the designated folder. Use a scope-down policy when you need to apply further controls.

  10. Choose Save to save your changes.

Edit an SSH public key

On the AWS Transfer Family console, you can add or delete an SSH public key.

To add an SSH public key

  1. Choose Add SSH public key to add a new SSH public key to a user.

    Note

    SSH keys are used only on an SFTP-enabled server. For information about how to generate an SSH key-pair, see Generate SSH keys.

  2. For SSH public key, enter the SSH public key portion of the SSH key pair.

    Your key is validated by the service before you can add your new user. The format of the SSH key is ssh-rsa <string>. To generate an SSH key pair, see Generate SSH keys.

  3. Choose Add key.

To delete an SSH public key

  1. Select the SSH key check box.

  2. Choose Delete.