How AWS Transfer Family works - AWS Transfer Family

How AWS Transfer Family works

AWS Transfer Family is a fully managed AWS service that you can use to transfer files into and out of Amazon Simple Storage Service (Amazon S3) storage over the following protocols:

  • Secure Shell (SSH) File Transfer Protocol (SFTP) (AWS Transfer for SFTP)

  • File Transfer Protocol Secure (FTPS) (AWS Transfer for FTPS)

  • File Transfer Protocol (FTP) (AWS Transfer for FTP)

You can get started with AWS Transfer Family by creating a file transfer protocol-enabled server and then assigning users to use the server. To service your AWS Transfer Family users' transfer requests, you create an AWS Identity and Access Management (IAM) role to access your Amazon S3 bucket.

To use AWS Transfer Family, you take the following high-level steps:

  1. Create an Amazon S3 bucket, as described in Create an Amazon S3 bucket.

  2. Create an IAM role that contains two IAM policies:

    • An IAM policy that includes the permissions to enable AWS Transfer Family to access your Amazon S3 bucket. This IAM policy determines what level of access you provide your AWS Transfer Family users.

    • An IAM policy to establish a trust relationship with AWS Transfer Family.

    For more information about creating IAM policies, see Use an IAM policy to control access to AWS Transfer Family.

  3. (Optional) If you have your own registered domain, associate your registered domain with the server.

    You can route file transfer protocol traffic to your server endpoint from a domain, such as example.com, or from a subdomain, such as ftps.accounting.example.com. For more information, see Working with custom hostnames.

  4. Create a server and specify the identity provider type used by the service to authenticate your users.

    For more information about identity provider types, see Working with identity providers.

  5. If you are working with a server with a service-managed identity provider, as opposed to a custom identity provider, add one or more users.

  6. Open a file transfer protocol client and configure the connection to use the endpoint hostname for the server that you want to use. You can get this hostname from the AWS Transfer Family console.

AWS Transfer Family supports any standard file transfer protocol client. Some commonly used clients are the following:

  • OpenSSH – A Macintosh and Linux command line utility.

  • WinSCP – A Windows-only graphical client.

  • Cyberduck – A Linux, Macintosh, and Microsoft Windows graphical client.

  • FileZilla – A Linux, Macintosh, and Windows graphical client.