AWS Transfer for SFTP
User Guide

Editing Users

You can edit a user's properties in the AWS SFTP Management Console. On the console's Server Configuration page, you can edit the user's role, policy, and home directory. You can also add and delete Secure Shell (SSH) public keys and tags.

To edit a user's properties, see the following procedure. To learn about creating IAM policies for AWS SFTP, see Creating IAM Policies for AWS SFTP.


You can't edit a user name after you add the user. To change a user's user name, add a new user with the new user name and delete the user that you no longer need.

To edit a user's properties

  1. Sign in to the AWS Management Console and open the AWS SFTP console at

  2. On the navigation pane, choose Servers.

  3. On the Server Configuration page, choose the user name in the Users section to view the User Configuration page, shown following.

  4. Choose Add SSH public key to add a new SSH public key to a user. Alternatively, choose an SSH public key that is already assigned in the list, and choose Delete to remove that key from the user's definition.

    SSH keys are used only on an SFTP server that uses the Amazon API Gateway authentication method, also known as the custom authentication method. For information on how to generate an SSH key pair, see Generating SSH Keys.

  5. Choose Manage tags to add, remove, or modify an existing tag that is associated with this user.

  6. Choose Edit to view the Edit Configuration page, shown following.

  7. (Optional) Modify the currently assigned AWS Identity and Access Management (IAM) role for the user by choosing an IAM role for Access Info.

    For information on how to create the required IAM role for AWS SFTP, see Requirements for IAM Policies and Roles. The IAM role for AWS SFTP includes an IAM policy that provides access to your Amazon S3 bucket. It also includes another IAM policy that creates a trust relationship (defined in a permission policy) with AWS SFTP.

  8. (Optional) Modify Policy Info by choosing a new policy option.


    If you changed the scope-down policy in the IAM console, re-add the modified policy under Policy Info to enable the changes to propagate. For more information, see Creating a Scope-Down Policy.

  9. (Optional) Modify Home Directory by choosing the new Amazon S3 bucket that you want to use to store data transferred by AWS SFTP. Enter the path to the directory where your user should be placed when they log in using their SFTP client.


    We recommend that you choose a directory path that contains the user name of the user.

    If you keep this parameter empty, then the root directory of your Amazon S3 bucket is used. Make sure that your role provides access to the root of the bucket.

  10. Choose Save to save your changes.