FIPS, Security Group and Security policy for AWS Transfer Family

[blackwhiser]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I have been looking for documentation on how to enable FIPS on AWS Transfer. This is a feature that is required. Even more I need to be able to select a security policy. I am not sure if it is already available, but that is not described in the documentation. I have tried to use endpoints in the Provider block, without any success.

Even more, there should be a way to choose the security policy. With FIPS enable, there is no a lot of choice, but otherwise there should be an option available as it is in the AWS Console.

It would be nice if we could choose the Security Group to attach to the VPC Endpoint instead of having the default as AWS does. The default security group is not useful when you already pre-create the security group.

Please let me know if this is already implemented in some ways. I really need this in order to use Terraform. Otherwise, I might have to look at other options.

Thanks!

New or Affected Resource(s)

• aws_transfer_server

[philnichol]

@blackwhiser appears that there's already an open PR for adding support for security policy here #15375, once merged that should cover your FIPS requirements (since setting the security policy to the FIPS policy appears will appear in the web console as "FIPS enabled".
For the security groups, looks like that's available in the SDK but not yet implemented in this terraform provider. I'll see if that's something I can contribute

[blackwhiser]

Hi @philnichol,
I would like to know if it has been added. I have not seen it in the tag releases. I can't manage SFTP without some of these feature.
Thanks!

[philnichol]

Hey @blackwhiser, looks like the FIPS/security policy PR (#15375) is still open, so worth posting a question in there to check progress.
WRT the security groups appears there's an issue (#15788) to track that but no PR submitted yet

[ewbankkit]

@blackwhiser Thanks for raising this issue.
It has already been noticed in #14694. I'm going to close this one as a duplicate so that we can concentrate discussion in the linked issue.
Please add any additional comments there.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!