Setting Up an SFTP-Enabled Server on AWS: A Step-by-Step Guide

by

Introduction to AWS Transfer Family

AWS Transfer Family provides a seamless service for secure file transfers using protocols like Secure File Transfer Protocol (SFTP), File Transfer Protocol over SSL (FTPS), and File Transfer Protocol (FTP). These protocols enable the transfer of files to and from AWS services such as S3 and AWS EFS (Elastic File System). This service integrates with Amazon Route 53 for DNS routing and eliminates the need for managing personal FTP infrastructure by automating capacity scaling and ensuring high availability.

Being a fully managed service offered by AWS, Transfer Family dynamically adjusts to usage requirements without manual intervention.

Supported Protocols

  1. SFTP Protocol: Known for its secure data transfer capabilities across networks, SFTP leverages SSH for authentication and encryption.
  2. FTP Protocol: Used for data transfers, FTP operates across separate channels for control and data streams.
  3. FTPS Protocol: This protocol extends FTP using SSL/TLS to secure data in transit.

AWS Transfer Family allows for the creation of public or VPC-based servers and can restrict server access through AWS IAM policies assigned to IAM roles. The service follows a pay-per-use pricing model, with details available on the official AWS Transfer Family pricing page.

Setting Up an SFTP Server

This guide assumes familiarity with IAM Roles, EC2 instances, and S3 Buckets. Follow these steps to create a publicly accessible SFTP server.

Pre-requisites

  1. AWS Account (Sign up here if needed).
  2. Ubuntu EC2 Instance (Tutorial available here).
  3. IAM Role with full S3 access (Learn to create here).
  4. S3 Bucket (Guide available here).

Steps to Follow

  1. Login to AWS
  2. Create an SFTP Server
  3. Modify Trust Relationships in IAM Policy
  4. Create a Folder in S3 Bucket
  5. Generate a Key-Pair on EC2 Instance
  6. Create a User on the SFTP Server
  7. Test the SFTP Server Connection
  8. Delete the SFTP Server

Login to AWS

Access the AWS management console by clicking here and logging in using your credentials. Once logged in, you can select your desired region for creating an SFTP server.

Login Page

AWS Management Console

Create an SFTP Server

In AWS, type “Transfer Family” in the search bar and access the dashboard. Click “Create server” to initiate a new SFTP server.

Search Transfer Family

AWS Transfer Family Dashboard

Select the SFTP protocol and proceed by choosing endpoint visibility and storage options. Review your settings and confirm by clicking “Create Server”.

Choose a Protocol

Endpoint configuration

Choose a domain

Logging role

Review and create a server

Modify Trust Relationships of the IAM Policy

Adjust the IAM policy by navigating to “IAM role” then “Trust relationships”, changing the Service to “transfer.amazonaws.com”.

IAM Role for SFTP

Edit Trust Relationship

Create a Folder in the S3 Bucket

Ensure you have an S3 bucket in place for data storage from the SFTP server.

Create a folder in the S3 Bucket

Generate a Key-Pair on EC2 Instance

Use the following command on your Linux server to generate a key-pair, which will be used for SFTP server authentication:

ssh-keygen
cat ~/.ssh/id_rsa.pub

Retrieve the public key, which you will need shortly.

Generate a key-pair

Create a User on the SFTP Server

Navigate to your SFTP server and click “Add user” to create a user profile for data transfer. Add the necessary details such as username, IAM role, S3 bucket, home directory, and the public SSH key.

After configuring, click “Add” to finalize the user creation process.

SFTP Server

Add the user

Test the Connection to the SFTP Server

On the Linux server, use the command below to connect to your SFTP server. Ensure you replace the endpoint with your own:

sftp -i ~/.ssh/id_rsa rahul-sftp-user@s-922b406852024d85a.server.transfer.eu-west-3.amazonaws.com

To upload files, use the command:

put /home/ubuntu/test-file

This action will transfer the specified file to your SFTP server. Verify the upload in the S3 bucket via the AWS console.

Upload a file

Check the S3 Bucket

Delete the SFTP Server

If the server is no longer needed, delete it by selecting “Actions” and then “Delete”. Confirm your decision by clicking “Delete”. Once deleted, recovery is not possible, so ensure deletion is intentional.

Delete the SFTP Server

Confirm deletion

Conclusion

This guide walked you through the setup of an SFTP server using AWS Transfer Family with S3 as storage. We demonstrated user setup and necessary IAM role alterations to grant access effectively.

Frequently Asked Questions

What is AWS Transfer Family?

AWS Transfer Family is a managed service that facilitates secure file transfer to AWS storage services using SFTP, FTPS, and FTP protocols.

Is there an upfront payment for using AWS Transfer Family?

No, AWS Transfer Family operates based on a pay-as-you-use billing model.

Can I use multiple protocols simultaneously in AWS Transfer Family?

Yes, AWS Transfer Family supports enabling multiple protocols per server endpoint.

How can I ensure data security with the SFTP server?

Data security is ensured through SSH-based encryption and authentication required by the SFTP protocol.

What should I do if I need assistance during setup?

If you encounter issues, refer to AWS’s documentation or reach out to AWS support for assistance.