AWS Transfer for SFTP
User Guide

Add a User

If you are using a Service Managed identity type, you will need to add users to your SFTP server. A user name must be unique on a server. This tutorial uses the Service Managed authentication method which requires that you store a user's SSH Public key as part of a user's properties. The SSH Private key should be supplied along with the user name that an SFTP client uses when a user sends an authentication request to the SFTP server.

You will also need to specify a user's home directory that is the landing directory and assign an IAM role and an optional scope down policy to provide access to the home directory portion of your S3 bucket.

To add a user to an SFTP server

  1. On the Servers page, enable the check box next to the SFTP server that you want to add a user to.

  2. Choose Add user to open the Add user screen.

  3. For Username, enter the user name.

  4. Select the role you created for the AWS SFTP service that provides access to the Amazon S3 bucket from Roles.

    The procedure used to create the required SFTP role was described in the IAM Policies and a Roles Requirements. That role includes a policy that provides access to your Amazon S3 bucket and a trust relationship (defined in a permission policy) with the AWS SFTP service.

  5. Optionally add a scope-down policy as is described in IAM Policies and a Roles Requirements. To learn more about scope-down policies see Creating a Scope-Down Policy

  6. In Home Directory select the S3 bucket you want to use to store the data that will be transferred using the AWS Transfer for SFTP service. Enter the directory path that will be used to land your user when they login using their SFTP client.

    If you leave this parameter blank then the root directory of the your Amazon S3 bucket is used. You will need to make sure that your role provides access to the root of the bucket.


    We recommend that you select a directory path that contains the username of the user.

  7. Paste the SSH public key portion of the SSH key pair into the SSH public key text box.

    Your key is validated by the service before you can add your new user. The format of the SSH key is ssh-rsa <string>. For instructions on how to generate an SSH key pair, see Generating SSH Keys.

  8. Optionally, enter a key and value for a tag into the Key and Value text boxes, if desired

  9. Choose Add to add your new user to the server you selected.

    The newly added user appears in the Users section of the Servers page, as shown following.