Questions tagged with AWS Transfer for SFTP
Content language: English
Sort by most recent
AWS Transfer Family is pleased to announce the following enhancements to the managed workflows capability.
1. You can now configure your workflow steps to process either the originally uploaded file or the output file from the previous workflow step. You can also make multiple copies of a file and archive the original source file for records retention.
2. You can now utilize username as a variable in workflows copy steps, enabling you to dynamically route files to user-specific folders in Amazon S3.
3. You can now use AWS CloudFormation to configure and deploy managed workflows in a standardized and repeatable way across multiple regions and accounts.
4. Also, you now have access to AWS CloudWatch metrics such as total number of executions, successful executions and failed executions for your Workflows.
To learn more, please visit our managed Workflows documentation [1] or the blog post [2] for additional details.
[1] https://docs.aws.amazon.com/transfer/latest/userguide/transfer-workflows.html
[2] https://aws.amazon.com/blogs/architecture/building-a-cloud-native-file-transfer-platform-using-aws-transfer-family-workflows/
AWS Transfer Family servers can now display customized messages, such as organizational policies or terms and conditions to your end users, helping you achieve your legal and compliance requirements. You can also present a customized Message of The Day (MOTD), such as a greeting message, to enhance user experience.
To learn more about using login banners with AWS Transfer Family, please find details in our documentation - https://docs.aws.amazon.com/transfer/latest/userguide/create-server-sftp.html
The Endpoint is too long for the field that gets filled in for the SFTP software on customer end . Given AWS Endpoint is 59 characters long and the field only supports 55 characters. Do you know if there is a way for us to get a shorter one?
Suppose I want to make a safe, easy, and accessible way to transfer files into a VPC. Ideally a user just goes to a site in a browser and uploads the file, then can log into the VPC's network and download it.
But there's a few gotchas:
- All uploaded files must be scanned for viruses/malware (e.x. ClamAV Lambda checks the files). Infected files must be quarantined/inaccessible.
- Users need to be able to authenticate with an Identity provider like Okta.
- Users should only be able to see files that they have permissions to.
I wanted to use AWS managed SFTP (such as https://github.com/awslabs/web-client-for-aws-transfer-family/tree/open-source), but I can't figure out how I would implement scanning into the pipeline. I could instead use S3 buckets directly with some application interface, but that would take a lot of heavy lifting on my end to build said application (unless there's already something for this).
Any suggestions?
Hello All,
I have deleted my sftp server in transfer family that contain all my users. Worst i don't have any inventory for the users. How do i recover.
I have an AWS Transfer requirement where I need to provide key based authentication as you get from the Service Managed identity provider, and AWS Directory Service authentication. Is this possible from a single server?
Starting today, AWS Transfer Family is available in the Asia Pacific (Osaka) Region.
AWS Transfer Family provides fully managed file transfers for Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (EFS). With this launch, AWS Transfer Family is now available in 21 commercial AWS regions, AWS GovCloud (US) Regions, Amazon China (Beijing) Region, operated by Sinnet, and the Amazon China (Ningxia) Region, operated by NWCD.
AWS Transfer Family supports file transfers over Secure File Transfer Protocol (SFTP), File Transfer Protocol (FTP) and FTP over SSL (FTPS), simplifying and accelerating migration of file transfer workflows to AWS.
For more information, visit the AWS Transfer Family product page and see the AWS Region Table for complete regional availability information.
I have an SFTP server with a couple of users. Their roles allow for read, list, and write but not delete. Once I log into the server, is it possible to do chmod to change permissions of a specific directory? How does that work given the roles and permissions already set in a policy?
Hi,
Is it possible to build logical directories iteratively as users navigate from parent directory to child directory?
```
Ex:/
├── public
│ └── research --> s3://public-research
│ └── global
└── subscribed
├── 2018
│ ├── equities --> s3://subscriptions/historical/2018/equities
│ └── indices --> s3://subscriptions/historical/2018/indices
└── 2019
├── credit --> s3://subscriptions/historical/2019/credit
└── equities --> s3://subscriptions/historical/2019/equities
```
Initially, logical structure and mapping will be created only for "public" & "subscribed" directories.If the user navigates into the subscribed folder then build a logical directory structure dynamically for "2018" & "2019" folders.
I went through the below article and it creates the entire directory structure and mapping once during authentication.
https://aws.amazon.com/blogs/storage/using-aws-sftp-logical-directories-to-build-a-simple-data-distribution-service/
I was asked to provide the IP address of my Transfer Family SFTP ( public endpoint ) so that on their side they can make an outbound rule in their firewall.
I thought this IP address was dynamically assigned to the endpoint, since i see many mentions that for whitelisting its required a static IP (EIP).
If its dynamic is it possible to determine a IP range (that was their suggestion), without having to use a static IP (EIP)?
Thanks
Edit: whatismyipaddress.com mentions that is likely a static IP
Hello, I am receiving an error when using Amazon Transfer for SFTP. I can list and delete objects but I cannot write new objects. I receive error "open for write: Access denied." I have the below permissions policy (I have edited the last line of the policy to remove sensitive information).
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::${transfer:HomeBucket}",
"Condition": {
"StringLike": {
"s3:prefix": [
"${transfer:HomeFolder}/*",
"${transfer:HomeFolder}"
]
}
}
},
{
"Sid": "",
"Effect": "Allow",
"Action": [
"s3:PutObjectACL",
"s3:PutObject",
"s3:GetObjectVersion",
"s3:GetObjectACL",
"s3:GetObject",
"s3:DeleteObjectVersion",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::${transfer:HomeDirectory}/*",
"arn:aws:s3:::${transfer:HomeDirectory}*"
]
},
{
"Sid": "",
"Effect": "Allow",
"Action": [
"kms:GenerateDataKey",
"kms:Encrypt",
"kms:Decrypt"
],
"Resource": "arn:aws:kms:us-east-1:111111:key/111111"
}
]
}