AWS Transfer Family

Home » AWS » AWS Transfer Family

AWS Transfer Family

Last updated on June 23, 2023

AWS Transfer Family Cheat Sheet

  • AWS Transfer Family is a secure transfer service for moving files into and out of AWS storage services, such as Amazon S3 and Amazon EFS.
  • With Transfer Family, you do not need to run or maintain any server infrastructure of your own.
  • You can provision a Transfer Family server with multiple protocols (SFTP, FTPS, FTP).
Tutorials dojo strip

Amazon Transfer Family

 

Benefits

  1. Fully managed service and scales in real time.
  2. You don’t need to modify your applications or run any file transfer protocol infrastructure.
  3. Supports up to 3 Availability Zones and is backed by an auto scaling, redundant fleet for your connection and transfer requests.
  4. Integration with S3 and EFS lets you capitalize on their features and functionalities as well.
  5. Managed File Transfer Workflows (MFTW) is a fully managed, serverless File Transfer Workflow service to set up, run, automate, and monitor processing of files uploaded using Transfer Family.
  • Server endpoint types:
    1. Publicly accessible
      • Can be changed to a VPC hosted endpoint. Server must be stopped before making the change.
    2. VPC hosted
      • Can be optionally set as Internet Facing. Take note that only SFTP and FTPS are supported for the VPC hosted endpoint.
  • Custom Hostnames
    1. Your server host name is the hostname that your users enter in their clients when they connect to your server. You can use a custom domain for this. To redirect traffic from your registered custom domain to your server endpoint, you can use Amazon Route 53 or any DNS provider.

How to delegate access

  1. You first associate your hostname with the server endpoint, then add your users and provision them with the right level of access. A server hostname must be unique in the AWS Region where it’s created.
  2. Your users’ transfer requests are then serviced directly out of your Transfer Family server endpoint.
  3. If you have multiple protocols enabled for the same server endpoint and want to provide access using the same user name over multiple protocols, you can do so as long as the credentials specific to the protocol have been set up in your identity provider.

Managing Users

  • Supported identity provider types:
    • Service managed using SSH keys
    • AWS Managed Microsoft AD (does not support Simple AD)
    • A custom method via a RESTful interface. The custom identity provider method uses Amazon API Gateway and enables you to integrate your directory service to authenticate and authorize your users. The service automatically assigns an identifier that uniquely identifies your server.
  • For service managed identities, each user name must be unique on your server.
  • You also specify a user’s home directory, or landing directory, and assign an AWS IAM role to the user. 
    • Optionally, you can provide a session policy to limit user access only to the home directory of your Amazon S3 bucket.
    • The home directory is your S3 bucket or EFS filesystem. If no path is specified, your users are redirected to the root folder.
  • Amazon S3 vs Amazon EFS access management

Amazon S3

Amazon EFS

Supports session policies

Supports POSIX user, group, and secondary group IDs

Both support public/private keys, home directories and logical directories

 

  • Logical directories lets you construct a virtual directory structure that uses user-friendly names so that you can avoid disclosing absolute directory paths, Amazon S3 bucket names, and EFS file system names to your end users.

AWS Transfer Family Pricing

  • You are billed on an hourly basis for each of the protocols enabled, from the time you create and configure your server endpoint, until the time you delete it. 
  • You are also billed based on the amount of data uploaded and downloaded over SFTP, FTPS, or FTP.
  • There is no additional charge for using managed workflows.

AWS Transfer for SFTP

AWS Transfer for FTPS

AWS Transfer for FTP

  • SFTP or Secure Shell File Transfer Protocol is a file transfer over SSH.
  • SFTP servers for Transfer Family operate over port 22.
  • SFTP is a newer protocol and uses a single channel for commands and data, requiring fewer port openings than FTPS.
  • FTPS or File Transfer Protocol Secure is a file transfer with TLS encryption.
  • The port range that AWS Transfer Family uses to establish FTPS data connections is 8192–8200. For access connections, use port 21.
  • When creating an FTPS server, you need to provide a server certificate which needs to be uploaded to AWS Certificate Manager.
  • FTP or File Transfer Protocol is an unencrypted file transfer.
  • The port range that AWS Transfer Family uses to establish FTP data connections is 8192–8200. For access connections, use port 21.
  • Only supported for access within a VPC; cannot be public facing.

AWS Transfer Family Cheat Sheet References:

https://docs.aws.amazon.com/transfer/latest/userguide/what-is-aws-transfer-family.html
https://aws.amazon.com/aws-transfer-family/faqs/

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Admin User-1

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?