Add transfer-ftp-s3 sample

Author: dmacvicar

transfer-ftp-s3/python/cdk/app.py

@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+"""
+Transfer FTP to S3 CDK application.
+"""
+
+from aws_cdk import (
+    App,
+    CfnOutput,
+    RemovalPolicy,
+    Stack,
+    aws_iam as iam,
+    aws_s3 as s3,
+    aws_transfer as transfer,
+)
+from constructs import Construct
+
+
+class TransferFtpS3Stack(Stack):
+    """Stack for Transfer FTP server resources."""
+
+    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
+        super().__init__(scope, construct_id, **kwargs)
+
+        bucket_name = "transfer-files"
+        username = "ftpuser"
+
+        # S3 bucket for file storage
+        bucket = s3.Bucket(
+            self,
+            "TransferBucket",
+            bucket_name=bucket_name,
+            removal_policy=RemovalPolicy.DESTROY,
+            auto_delete_objects=True,
+        )
+
+        # IAM role for Transfer service
+        transfer_role = iam.Role(
+            self,
+            "TransferRole",
+            role_name="transfer-role",
+            assumed_by=iam.ServicePrincipal("transfer.amazonaws.com"),
+        )
+
+        # Grant the role access to the bucket
+        bucket.grant_read_write(transfer_role)
+
+        # Transfer server with FTP protocol
+        server = transfer.CfnServer(
+            self,
+            "TransferServer",
+            endpoint_type="PUBLIC",
+            identity_provider_type="SERVICE_MANAGED",
+            protocols=["FTP"],
+        )
+
+        # Transfer user
+        user = transfer.CfnUser(
+            self,
+            "TransferUser",
+            server_id=server.attr_server_id,
+            user_name=username,
+            role=transfer_role.role_arn,
+            home_directory_type="PATH",
+            home_directory=f"/{bucket_name}",
+        )
+
+        # Outputs
+        CfnOutput(self, "ServerId", value=server.attr_server_id)
+        CfnOutput(self, "BucketName", value=bucket.bucket_name)
+        CfnOutput(self, "Username", value=username)
+
+
+app = App()
+TransferFtpS3Stack(app, "TransferFtpS3Stack")
+app.synth()

transfer-ftp-s3/python/cdk/cdk.json

@@ -0,0 +1,8 @@
+{
+  "app": "python3 app.py",
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": ["aws"]
+  }
+}

transfer-ftp-s3/python/cdk/deploy.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -euo pipefail
+
+# Transfer FTP to S3 CDK deployment script
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+SAMPLE_DIR="$(dirname "$SCRIPT_DIR")"
+ENV_FILE="$SAMPLE_DIR/scripts/.env"
+STACK_NAME="TransferFtpS3Stack"
+
+echo "Deploying Transfer FTP server with CDK..."
+
+cd "$SCRIPT_DIR"
+
+# Install CDK dependencies
+pip install -q -r requirements.txt
+
+# Bootstrap CDK (if needed)
+cdklocal bootstrap --quiet 2>/dev/null || true
+
+# Deploy
+cdklocal deploy "$STACK_NAME" --require-approval never --outputs-file outputs.json
+
+# Extract outputs
+SERVER_ID=$(jq -r ".\"$STACK_NAME\".ServerId" outputs.json)
+BUCKET_NAME=$(jq -r ".\"$STACK_NAME\".BucketName" outputs.json)
+USERNAME=$(jq -r ".\"$STACK_NAME\".Username" outputs.json)
+
+# Extract port from server ID (format: s-xxxNNNNN where NNNNN is the port)
+FTP_PORT=$(echo "$SERVER_ID" | sed 's/s-[a-z]*//')
+
+echo ""
+echo "Transfer FTP server deployed successfully!"
+echo "  Server ID: $SERVER_ID"
+echo "  FTP Port: $FTP_PORT"
+echo "  Bucket: $BUCKET_NAME"
+echo "  Username: $USERNAME"
+
+# Write environment variables
+mkdir -p "$(dirname "$ENV_FILE")"
+cat > "$ENV_FILE" << EOF
+SERVER_ID=$SERVER_ID
+FTP_PORT=$FTP_PORT
+BUCKET_NAME=$BUCKET_NAME
+USERNAME=$USERNAME
+FTP_PASSWORD=12345
+EOF
+
+echo ""
+echo "Environment written to $ENV_FILE"

transfer-ftp-s3/python/cdk/requirements.txt

@@ -0,0 +1,2 @@
+aws-cdk-lib>=2.100.0
+constructs>=10.0.0

transfer-ftp-s3/python/cdk/teardown.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+set -euo pipefail
+
+# Transfer FTP to S3 CDK teardown script
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+SAMPLE_DIR="$(dirname "$SCRIPT_DIR")"
+ENV_FILE="$SAMPLE_DIR/scripts/.env"
+STACK_NAME="TransferFtpS3Stack"
+
+echo "Tearing down Transfer FTP CDK resources..."
+
+cd "$SCRIPT_DIR"
+
+# Destroy stack
+cdklocal destroy "$STACK_NAME" --force 2>/dev/null || true
+
+# Clean up
+rm -f "$ENV_FILE"
+rm -f outputs.json
+rm -rf cdk.out
+
+echo "Teardown complete"

transfer-ftp-s3/python/cloudformation/deploy.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+set -euo pipefail
+
+# Transfer FTP to S3 CloudFormation deployment script
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+SAMPLE_DIR="$(dirname "$SCRIPT_DIR")"
+ENV_FILE="$SAMPLE_DIR/scripts/.env"
+STACK_NAME="transfer-ftp-s3"
+
+echo "Deploying Transfer FTP server with CloudFormation..."
+
+cd "$SCRIPT_DIR"
+
+# Deploy CloudFormation stack
+awslocal cloudformation deploy \
+    --stack-name "$STACK_NAME" \
+    --template-file template.yml \
+    --capabilities CAPABILITY_NAMED_IAM \
+    --no-fail-on-empty-changeset
+
+# Get outputs
+SERVER_ID=$(awslocal cloudformation describe-stacks \
+    --stack-name "$STACK_NAME" \
+    --query "Stacks[0].Outputs[?OutputKey=='ServerId'].OutputValue" \
+    --output text)
+
+BUCKET_NAME=$(awslocal cloudformation describe-stacks \
+    --stack-name "$STACK_NAME" \
+    --query "Stacks[0].Outputs[?OutputKey=='BucketName'].OutputValue" \
+    --output text)
+
+USERNAME=$(awslocal cloudformation describe-stacks \
+    --stack-name "$STACK_NAME" \
+    --query "Stacks[0].Outputs[?OutputKey=='Username'].OutputValue" \
+    --output text)
+
+# Extract port from server ID (format: s-xxxNNNNN where NNNNN is the port)
+FTP_PORT=$(echo "$SERVER_ID" | sed 's/s-[a-z]*//')
+
+echo ""
+echo "Transfer FTP server deployed successfully!"
+echo "  Stack: $STACK_NAME"
+echo "  Server ID: $SERVER_ID"
+echo "  FTP Port: $FTP_PORT"
+echo "  Bucket: $BUCKET_NAME"
+echo "  Username: $USERNAME"
+
+# Write environment variables
+mkdir -p "$(dirname "$ENV_FILE")"
+cat > "$ENV_FILE" << EOF
+SERVER_ID=$SERVER_ID
+FTP_PORT=$FTP_PORT
+BUCKET_NAME=$BUCKET_NAME
+USERNAME=$USERNAME
+FTP_PASSWORD=12345
+EOF
+
+echo ""
+echo "Environment written to $ENV_FILE"

transfer-ftp-s3/python/cloudformation/teardown.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -euo pipefail
+
+# Transfer FTP to S3 CloudFormation teardown script
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+SAMPLE_DIR="$(dirname "$SCRIPT_DIR")"
+ENV_FILE="$SAMPLE_DIR/scripts/.env"
+STACK_NAME="transfer-ftp-s3"
+
+echo "Tearing down Transfer FTP CloudFormation resources..."
+
+# Delete stack
+awslocal cloudformation delete-stack --stack-name "$STACK_NAME" 2>/dev/null || true
+
+# Wait for deletion
+awslocal cloudformation wait stack-delete-complete --stack-name "$STACK_NAME" 2>/dev/null || true
+
+# Clean up
+rm -f "$ENV_FILE"
+
+echo "Teardown complete"

transfer-ftp-s3/python/cloudformation/template.yml

@@ -0,0 +1,76 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Transfer FTP to S3 - CloudFormation template
+
+Parameters:
+  BucketName:
+    Type: String
+    Default: transfer-files
+  Username:
+    Type: String
+    Default: ftpuser
+
+Resources:
+  # S3 bucket for file storage
+  TransferBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: !Ref BucketName
+
+  # IAM role for Transfer service
+  TransferRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: transfer-role
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: transfer.amazonaws.com
+            Action: sts:AssumeRole
+      Policies:
+        - PolicyName: transfer-s3-access
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - s3:ListBucket
+                  - s3:GetBucketLocation
+                Resource: !GetAtt TransferBucket.Arn
+              - Effect: Allow
+                Action:
+                  - s3:PutObject
+                  - s3:GetObject
+                  - s3:DeleteObject
+                Resource: !Sub ${TransferBucket.Arn}/*
+
+  # Transfer server with FTP protocol
+  TransferServer:
+    Type: AWS::Transfer::Server
+    Properties:
+      EndpointType: PUBLIC
+      IdentityProviderType: SERVICE_MANAGED
+      Protocols:
+        - FTP
+
+  # Transfer user
+  TransferUser:
+    Type: AWS::Transfer::User
+    Properties:
+      ServerId: !GetAtt TransferServer.ServerId
+      UserName: !Ref Username
+      Role: !GetAtt TransferRole.Arn
+      HomeDirectoryType: PATH
+      HomeDirectory: !Sub /${BucketName}
+
+Outputs:
+  ServerId:
+    Description: Transfer server ID
+    Value: !GetAtt TransferServer.ServerId
+  BucketName:
+    Description: S3 bucket name
+    Value: !Ref TransferBucket
+  Username:
+    Description: Transfer username
+    Value: !Ref Username

transfer-ftp-s3/python/scripts/deploy.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+SAMPLE_DIR="$(dirname "$SCRIPT_DIR")"
+
+SUFFIX=$(date +%s)
+BUCKET_NAME="transfer-files-${SUFFIX}"
+USERNAME="user-${SUFFIX}"
+
+echo "Creating S3 bucket: $BUCKET_NAME"
+awslocal s3 mb "s3://$BUCKET_NAME"
+
+echo "Creating Transfer FTP server..."
+SERVER_RESPONSE=$(awslocal transfer create-server \
+    --endpoint-type PUBLIC \
+    --identity-provider-type SERVICE_MANAGED \
+    --protocols FTP)
+
+SERVER_ID=$(echo "$SERVER_RESPONSE" | jq -r '.ServerId')
+
+# Extract port from server ID (format: s-xxxNNNNN where NNNNN is the port)
+FTP_PORT=$(echo "$SERVER_ID" | sed 's/s-[a-z]*//')
+
+echo "Creating Transfer user: $USERNAME"
+awslocal transfer create-user \
+    --server-id "$SERVER_ID" \
+    --user-name "$USERNAME" \
+    --home-directory "$BUCKET_NAME" \
+    --home-directory-type PATH \
+    --role "arn:aws:iam::000000000000:role/transfer-role"
+
+# Save configuration for tests
+cat > "$SCRIPT_DIR/.env" << EOF
+BUCKET_NAME=$BUCKET_NAME
+SERVER_ID=$SERVER_ID
+FTP_PORT=$FTP_PORT
+USERNAME=$USERNAME
+FTP_PASSWORD=12345
+EOF
+
+echo ""
+echo "Deployment complete!"
+echo "Server ID: $SERVER_ID"
+echo "FTP Port: $FTP_PORT"
+echo "Bucket: $BUCKET_NAME"
+echo "Username: $USERNAME"

transfer-ftp-s3/python/scripts/teardown.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+if [ -f "$SCRIPT_DIR/.env" ]; then
+    source "$SCRIPT_DIR/.env"
+fi
+
+if [ -n "${SERVER_ID:-}" ] && [ -n "${USERNAME:-}" ]; then
+    echo "Deleting Transfer user: $USERNAME"
+    awslocal transfer delete-user --server-id "$SERVER_ID" --user-name "$USERNAME" 2>/dev/null || true
+fi
+
+if [ -n "${SERVER_ID:-}" ]; then
+    echo "Deleting Transfer server: $SERVER_ID"
+    awslocal transfer delete-server --server-id "$SERVER_ID" 2>/dev/null || true
+fi
+
+if [ -n "${BUCKET_NAME:-}" ]; then
+    echo "Deleting S3 bucket: $BUCKET_NAME"
+    awslocal s3 rb "s3://$BUCKET_NAME" --force 2>/dev/null || true
+fi
+
+rm -f "$SCRIPT_DIR/.env"
+echo "Teardown complete"