AWS Transfer for SFTP is a fully managed service that enables the transfer of files directly into and out of Amazon S3 using the Secure File Transfer Protocol (SFTP). For more details, please visit here.
Today, I am going to do a walk through of using this service. Couple things need to get ready before setting up SFTP.
- A S3 bucket. Since We will use SFTP to upload files to S3, so a bucket is necessary.
- An IAM role. We need to assign a role to SFTP so that it has privileges to access files in S3.
- Public and private key. We need to generate these keys, upload the public key to SFTP and use private key locally to authenticate with SFTP.
For S3 bucket, it is quite easy to create one, so I am going to skip showing it here.
Steps to create IAM role are as below. First, go to IAM page and create a role.
Select Transfer.
For demo purpose, I am going to use S3FullAccess privileges. Type s3full to filter out S3FullAccess and select it.
For production environment, please use least privileges best practice.
Give it a tag if you want to, I am going to skip it.
Give it a recognizable name and hit Create role and that’s it, your role is created.
Next, let’s create the public and private key for SFTP authentication. When I was trying out this demo, I found that the keys generated by puttygen somehow won’t work, the authentication won’t pass. So I ended up generating keys from Linux server and copy them to my windows PC. So if you don’t have the same problem as I do, you don’t have to follow my steps below. For keys creation on Windows, please refer here at the very bottom.
#command to generate public and private key named transfer-key without passphrase
ssh-keygen -P "" -f transfer-key
Key files generated. Save the private key, transfer-key, to your local PC.
Print out the public key which will be needed in SFTP setup.
Now, let’s start configuring SFTP.
click on the Server ID when is done.
Let’s add user to access SFTP.
- username: The name used to login SFTP
- Access: Choose the role created in previous step, which allows SFTP to access S3, where all the files would be stored.
- Home directory: The location/name of S3 bucket.
- SSH public keys: The public key created in the previous step. If you created key on Windows, then ssh-rsa needs to be added.
After adding the user, copy down the Endpoint, that’s the location where you need to connect to.
Open your ftp client, I use filezilla here. Key in your endpoint, username and location on your PC where you saved your private key created in previous step.
For the first time connecting, add trust to the SFTP server.
You can see that the connection is established
Now upload any file for testing.
Finally, after the file is uploaded, check the S3 bucket to verify!
