Create a server - AWS Transfer Family

Create a server

Following, you can find how to create a file transfer protocol enabled server using the AWS Transfer Family service. The following protocols are available:

  • Secure Shell (SSH) File Transfer Protocol (SFTP) – file transfer over SSH

  • File Transfer Protocol Secure (FTPS) – file transfer with TLS encryption

  • File Transfer Protocol (FTP) – unencrypted file transfer

You can create a server with multiple protocols.


If you have multiple protocols enabled for the same server endpoint and want to provide access using the same user name over multiple protocols, you can do so as long as the credentials specific to the protocol have been set up in your identity provider. For FTP, we recommend maintaining separate credentials from SFTP and FTPS. This is because, unlike SFTP and FTPS, FTP transmits credentials in cleartext. By isolating FTP credentials from SFTP or FTPS, if inadvertently FTP credentials are shared or exposed, your workloads using SFTP or FTPS will remain secure.

When you create a server, you choose a specific AWS Region to perform the file operation requests of users who are assigned to that server. Along with assigning the server one or more protocols, you also assign an identity provider type, either service managed using SSH keys or a custom method. The custom identity provider method uses Amazon API Gateway and enables you to integrate your directory service to authenticate and authorize your users. The service automatically assigns an identifier that uniquely identifies your server.

You also assign the server an endpoint type (publicly accessible or VPC hosted) and a hostname using the default server endpoint, or a custom hostname using the Amazon Route 53 service or by using a Domain Name System (DNS) service of your choice. A server hostname must be unique in the AWS Region where it's created.

Additionally, you can assign an Amazon CloudWatch logging role to push events to your CloudWatch Logs, choose a security policy that contains the cryptographic algorithms enabled for use by your server, and add metadata to the server in the form of tags that are key-value pairs.


You incur costs for instantiated servers and for data transfer. For information about pricing and to use AWS Pricing Calculator to get an estimate of the cost to use Transfer Family, see AWS Transfer Family pricing.

In the following procedures, you can create an SFTP-enabled server, FTPS-enabled server, or FTP-enabled server.

Next step