Use Case for VPC Interface Endpoint for S3 and AWS Transfer Family for S3

Question

I have a requirement to SFTP ".csv" files from corporate on-premise linux box to S3 bucket.

The Current Setup is as follows:

1. The on-premise linux box is NOT connected to internet.
    2. Corporate Network is connected with AWS with Direct Connect.
    3. There are several VPCs for different purposes. Only One VPC has IGW and Public Subnet (to accept requests coming from Public Internet), all other VPCs do not have IGW and Public Subnets.
    4. Corporate Network and several AWS VPCs (those having no IGW) are connected with each other through Transit Gateway.

Can someone please advise whether I should use AWS Transfer or S3 VPC Interface Endpoints to transfer files to S3 bucket from on-premise (corporate network)? and why?

In which scenarion should I use AWS Transfer Family for S3 and which scenario should I use VPC Interface End Points for S3?

I appreciate your valuable advise in advance.

Accepted Answer

It sounds like AWS Transfer Family is the right choice for your use case. Transfer Family is a managed file transfer service with several supported front ends (SFTP, FTPS, FTP, AS2) and backends (S3, EFS) for storage. It sounds like you have Direct Connect from an on-premises network to a set of VPCs. You can set up Transfer Family as a managed SFTP service that is only accessible within your VPC. As long as your on-premises network can resolve the Transfer Family endpoint to a private address within the VPC and has a route to that network, you can use that to upload files to S3.

An S3 VPC endpoints would provide a private, dedicated route to S3 from a VPC. It doesn't provide any managed SFTP service - you'd need to deploy and manage an SFTP server, then connect the SFTP server to S3 your self (where that connection would route over the S3 endpoint).

Use Case for VPC Interface Endpoint for S3 and AWS Transfer Family for S3

관련 콘텐츠