AWS Transfer for SFTP
User Guide

Data Encryption at Rest in Amazon S3

For encryption at rest AWS Transfer for SFTP uses the default encryption options you have set for your S3 bucket. Therse can be either Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).

To encrypt your objects at rest, follow the setup instructions found in Amazon S3 Default Encryption for S3 Buckets in the Amazon Simple Storage Service Developer Guide.