AWS Transfer for SFTP
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Editing Your SFTP Server Configuration

In this section, you can find information about your AWS Transfer for SFTP, how to configure your server, and how to put the server online or offline.

Finding Information About Your Server

On the AWS Transfer for SFTP console, you can find a list of all the SFTP servers that are located in the AWS Region that you chose.

You can also find a list of details and properties for an individual SFTP server. Server properties include status, service endpoint, custom host name, logging role, users, and tags.

To find a list of the SFTP servers that exist in an AWS Region

  • Sign in to the AWS Management Console and open the AWS SFTP console at https://console.aws.amazon.com/transfer/.

    If you have one or more AWS SFTP servers in the current AWS Region, the console opens to show a list of your servers. If you don't see a list of servers, make sure that you are in the correct AWS Region. You can also choose Servers from the navigation pane.

    You can see an example Servers list following.

To find details on an SFTP server

  1. Open the AWS SFTP console, and navigate to the Servers page.

  2. On the Servers page, choose the SFTP server whose properties you are interested in by choosing the check box by its name.

  3. Choose the identifier in the Server ID column to see the Server Configuration page, shown following. You can change serve's properties on this page. If you want to change the Endpoint type, see Creating an SFTP Server in a Virtual Private Cloud for instructions.

Putting Your SFTP Server Online or Offline

You can bring your server online or take it offline by using the AWS SFTP console.

To bring an SFTP server online

  1. Open the AWS SFTP console, and choose Servers in the navigation pane.

  2. Choose an SFTP server that is offline by choosing the check box next to its name.

  3. For Actions, choose Start.

It can take a couple of minutes for an SFTP server to switch from offline to online.

Note

When you stop an SFTP server to take it offline, currently you are still accruing service charges for that server. To eliminate additional SFTP server-based charges, delete that server.

To take an SFTP server offline

  1. Open the AWS SFTP console, and choose Servers in the navigation pane.

  2. Choose an SFTP server that is online by choosing the check box next to its name.

  3. For Actions, choose Stop.

While an SFTP server is starting up or shutting down, SFTP servers aren't available for file operations. The console doesn't show the starting and stopping states.

If you find the error condition START_FAILED or STOP_FAILED, contact AWS Support to help resolve your issues.

Configuring Your SFTP Server

When you create a new SFTP server, you can optionally assign a custom hostname, and also enable Amazon S3 event logging using Amazon CloudWatch. You can also change an SFTP server's DNS or logging configuration later from the console.

Note

You can't change a server's identity provider type after you create the server. To change the identity provider, delete the server and create a new one with the identity provider that you want.

To edit an SFTP server's configuration

  1. Open the AWS SFTP console (https://console.aws.amazon.com/transfer/), and choose Servers in the navigation pane.

  2. On the Servers page, choose the SFTP server whose configuration you want to edit by choosing the check box next to its name.

  3. Choose Edit to open the Edit Configuration page shown following.

  4. (Optional) For Custom hostname, choose from None, Amazon Route 53 alias, or Other DNS provider.

    If you want to use a custom host name that you have registered, choose either Amazon Route 53 alias, or Other DNS provider. Doing so specifies the name resolution method to associate with your SFTP server's endpoint. An example of a custom domain is sftp.inbox.example.com.

    A custom host name uses a DNS name that you provide and a DNS service can resolve. You can use Route 53 as your DNS resolver, or use your own DNS service provider. To learn how AWS SFTP uses Route 53 so that traffic from your custom domain is routed to the SFTP endpoint, see Working with Custom Host Names. Amazon Route 53 is the DNS service that AWS SFTP natively supports. For more information, see What Is Amazon Route 53? in the Amazon Route 53 Developer Guide.

  5. (Optional) For Logging role, choose an AWS Identity and Access Management (IAM) role that enables CloudWatch logging of your SFTP user activity.

    For more information about setting up a logging role, see Monitoring Usage.

  6. Choose Save to save your configuration.

Changing the Host Key for Your AWS SFTP Server

Important

If you are not planning to migrate existing users from an existing SFTP server to a new AWS SFTP server, ignore this section. Accidentally changing a server's host key can be disruptive.

By default, AWS Transfer for SFTP provides a host key for your AWS SFTP server. You can replace the default host key with a host key from another server. Do so only if you plan to move existing users from an existing SFTP server to your new AWS SFTP server.

To prevent your users from getting notified to verify the authenticity of your SFTP server again, import the host key for your on-premises server to the AWS SFTP server. Doing this also prevents your users from getting a warning about a potential man-in-the-middle attack.

To change the host key, use the UpdateServer API operation and provide the new host key. If you create a new AWS SFTP server, you provide your host key as a parameter in the CreateServer API operation. You can also use the AWS CLI to update the host key.

The following example updates the host key the specified SFTP server.

--endpoint your-server-endpoint update-server --server-id "your-server-id" --host-key file://my-host-key { "ServerId": "server-id" }