Create an SFTP-enabled server - AWS Transfer Family

Create an SFTP-enabled server

AWS SFTP stands for Secure Shell (SSH) File Transfer Protocol, a network protocol used for secure transfer of data over the internet. The protocol supports the full security and authentication functionality of SSH. It is widely used to exchange data, including sensitive information between business partners in a variety of industries such as financial services, healthcare, retail, and advertising.

To create an SFTP-enabled server

  1. Open the AWS Transfer Family console at https://console.aws.amazon.com/transfer/.

  2. Choose Create server.

  3. In Step 1 Choose protocols, select the SFTP check box, and then choose Next.

  4. In Step 2 Choose an identity provider, choose Service managed to store user identities and keys in AWS Transfer Family, and then choose Next.

    For a Custom identity provider, you provide an API Gateway endpoint and an AWS Identity and Access Management (IAM) role to access the endpoint. By doing so, you can integrate your directory service to authenticate and authorize your users. To learn more about working with custom identity providers, see Working with identity providers.

  5. In Step 3 Choose an endpoint, for Endpoint type choose the Public endpoint type. For a VPC endpoint, see Creating a server in a virtual private cloud.

    For Custom hostname, choose None.

    You get a server hostname provided by AWS Transfer Family. The server hostname takes the form serverId.server.transfer.regionId.amazonaws.com.

    For a custom hostname, you specify a custom alias for your server endpoint. To learn more about working with custom hostnames, see Working with custom hostnames.

    Choose Next.

  6. (Optional) In Step 4 Configure additional details, for CloudWatch logging, choose an IAM role that enables Amazon CloudWatch logging of your user activity.

    For more information about setting up a CloudWatch logging role, see Monitoring server usage.

    Note

    You can't view end user activity in CloudWatch if you don't specify a logging role.

  7. (Optional) For Server Host Key, enter an RSA private key that will be used to identify your server when clients connect to it over SFTP.

    Note

    This section is only for migrating users from an existing SFTP-enabled server.

  8. (Optional) For Tags, for Key and Value, enter one or more tags as key-value pairs, and then choose Add tag.

    Choose Next.

  9. In Step 5 Review and create, review your choices. If you want to edit any of them, choose Edit next to the step.

    Note

    You will need to review each step after the step you chose to edit.

  10. If you have no changes, choose Create server to create your server. You are taken to the Servers page, shown following, where your new server is listed.

It can take a couple of minutes before the status for your new server changes to Online. At that point, your server can perform file operations for your users.

Next Step

Add a user