AWS Transfer for SFTP
User Guide

Creating IAM Policies for AWS SFTP

An AWS Identity and Access Management (IAM) policy is a statement, typically in JSON format, that allows a certain level of access to a resource.

You use an IAM policy to define what file operations that you want to allow your SFTP users to perform and not perform. You can also use an IAM policy to define what Amazon S3 bucket or buckets that you want to give your users access to. To specify these policies for users, you create an IAM role for AWS SFTP that has the IAM policy and trust relationship associated with it.

Each SFTP user is assigned an IAM role. When a user logs in to your SFTP server, AWS SFTP assumes the IAM role mapped to the user. To learn about creating an IAM role that provides a user access to an Amazon S3 bucket, see following. For information about how to create a role and delegate permissions, see Creating a Role to Delegate Permissions to an AWS Service in the IAM User Guide.

The type of IAM role that AWS SFTP uses is called a service role.