Sftp VPC integration

The CfHighlander SFTP component now supports placing a AWS Transfer SFTP server inside a VPC with security groups and elastic public IP’s. This means we can now have a public facing SFTP server with IP whitelisting without additional infrastructure.

To create a public facing SFTP server setup a VPC along with the sftp component

CfhighlanderTemplate do

  Component name: 'vpcv2', template: 'vpc-v2'

  Component name: 'sftp', template: 'sftp@2.2.2' do
    # either pass in a comma delimted string of Elastic IPs or leave blank to have them generated
    parameter name: 'EIPs', value: ''
    # pass in the domain to create a DNS record for the sftp server
    parameter name: 'DnsDomain', value: "example.com"
    parameter name: 'VpcId', value: cfout('vpcv2', 'VPCId')
    # if creating a public facing sftp server make sure they're in the public subnets
    parameter name: 'SubnetIds', value: cfout('vpcv2', 'PublicSubnets')
  end

end

and setup your config.yaml

# set the endpoint type to be VPC
endpoint: VPC
# enable public facing sftp server
vpc_public: true
# add your IP whitelisting for the security group
ip_whitelisting:
  - ip: 1.1.1.1/32
    desc: my office

users:
- name: john
  home: /home/john
  bucket: sftp-s3-bucket
  keys:
  - ssh-rsa AAAA....

#cfhighlander #sftp