“Secure Shell (SSH) File Transfer Protocol (SFTP) is a network protocol used for the secure transfer of data over the internet. The protocol supports the full security and authentication functionality of SSH. It is widely used to exchange data, including sensitive information between business partners in a variety of industries such as financial services, healthcare, retail, and advertising. ”
Today, we’re going to configure an AWS SFTP server using AWS S3 and AWS Transfer Family. Let’s start together!
1. On the AWS Transfer Family console, select “Create Server”.
2. Choose SFTP.
3. As an identity provider, choose “Service Managed.” For your different purposes, you can use AWS Directory Service or Custom Identity provider options.
4. SFTP server should not be publicly accessible but we need to access it from port 22. To do this, we need to set a VPC, public subnet, and Elastic IP address. Also, you can use your own hostname for the SFTP endpoint.
5. You need to define a security group. Source IP should be your VPN IP.
6. For the domain, we’re selecting AWS S3.
7. Configure additional details. (Do not need to change anything for now.)
8. Your AWS SFTP server is up and running! Now, we need to create an SFTP user for access.
9. You need to select a username, create an IAM role for your S3 access and select an AWS S3 bucket.
Your IAM role trust policy should look like this:
Your IAM policy that is attached to the role should be configured like this:
{“Version”: “2012–10–17”,“Statement”: [{“Sid”: “Test1”,“Action”: [“s3:ListBucket”,“s3:GetBucketLocation”],“Effect”: “Allow”,“Resource”: [“arn:aws:s3:::BUCKET_NAME”]},{“Sid”: “ Test2”,“Effect”: “Allow”,“Action”: [“s3:PutObject”,“s3:GetObject”,“s3:DeleteObjectVersion”,“s3:DeleteObject”,“s3:GetObjectVersion”],“Resource”: “arn:aws:s3:::BUCKET_NAME/*”}]}
10. We need to create an SSH key using ssh-keygen. Use this command to create a key:
$ ssh-keygen -P “” -m PEM -f key_name
11. Open key_name.pub file and copy the text and paste it into SSH public key.
12. Connect your SFTP server with this command:
$ sftp -i <your_private_key> <username>@<sftp_dns_host>
13. Try to list your AWS S3 Bucket with ls.
14. Upload a file:
Troubleshooting:
If You’re getting a “Permission denied” error after connecting the SFTP server, check your user permission from IAM policy and role. * You’re getting “No such host is known” and “Connection close.” errors when you want to connect to your SFTP server, you need to check your SFTP state (must be Online) and security group configurations. * If your SFTP server endpoint is not configured, check your VPC and public subnet settings. The public subnet should be routed to the Internet Gateway and VPC DNS hostnames and resolution should be enabled.
Thanks for reading! ☁️