SFTP Server - VPC Endpoint with multiple AZ

Question

Dear Team - I have deployed AWS SFTP server (Transfer) in a VPC for internal HR user  access. It has VPC endpoint deployed in two diff AZ in US-West region. We are going through the DR plan for every application. Specific to the SFTP deployment, Is our understanding correct that, if AZ-1 goes down, our SFTP will still be applicable from AZ2 ? or connection request will still go to AZ1 (down state) as a part of round robin fashion ?

As per below URL, AWS recommended to change VPC_endpoint to VPC type of SFTP deployment.  How this will prevent the internal request going to AZ which is in down state ?

Do i need any NLB internal facing in front of AZ endpoints ?

https://aws.amazon.com/blogs/storage/update-your-aws-transfer-family-server-endpoint-type-from-vpc_endpoint-to-vpc/

Answer

The VPC endpoint will have a DNS name of the form **vpce-abcdef12345678910-4321dcba.server.transfer.[region].vpce.amazonaws.com** which will have (in your case) two values, one for the IP of the endpoint in AZ1 and the other for AZ2.

If one of the AZs becomes unavailable, the AWS Transfer managed service will ensure traffic is directed to the healthy IP address, until the other one becomes healthy again.

You shouldn't need an NLB.

More on AWS Transfer Family resilience is here https://docs.aws.amazon.com/transfer/latest/userguide/disaster-recovery-resiliency.html

SFTP Server - VPC Endpoint with multiple AZ

Contenus pertinents