AWS Transfer Family

A fully managed file transfer service supporting SFTP, FTPS, FTP, and AS2 protocols, with S3 or EFS as backend storage

About 4 min read

Overview

AWS Transfer Family is a fully managed file transfer service supporting four protocols: SFTP, FTPS, FTP, and AS2. By replacing backend storage with S3 or EFS without changing existing file transfer workflows, it enables migration from on-premises FTP servers to the cloud. Trading partners and partner companies can continue using the protocols they are accustomed to, eliminating the need for client-side changes. Integration with custom identity providers enables access control leveraging existing authentication infrastructure, and the managed workflow feature automates post-upload processing.

Protocol Selection and Endpoint Types

Transfer Family offers four protocols to choose from based on your use case. SFTP (SSH File Transfer Protocol) provides SSH-based encrypted communication and is the most widely used, well-suited for secure file exchange with trading partners. FTPS (FTP over TLS) adds TLS encryption to traditional FTP and is chosen when compatibility with legacy systems is required. FTP transmits in plaintext without encryption and is recommended only within closed VPC networks. AS2 (Applicability Statement 2) is a standard protocol for EDI (Electronic Data Interchange), guaranteeing message encryption, signing, and receipt confirmation (MDN) at the protocol level. Three endpoint types are available: Public, VPC, and VPC_ENDPOINT. Public endpoints support internet-facing access with AWS-managed Elastic IPs. VPC endpoints place the endpoint within a VPC, enabling security group control and fixed Elastic IP assignment. When trading partners manage IP addresses through firewall whitelists, VPC endpoints with fixed Elastic IPs are essential.

Identity Provider Integration and Access Control

Transfer Family authentication offers three options: service-managed, AWS Directory Service, and custom identity providers. The service-managed option uses SSH public key authentication, registering and managing public keys per user. It is straightforward and suitable for managing a small number of users. AWS Directory Service integration uses Active Directory username/password authentication directly, ideal for enterprises with existing AD infrastructure. Custom identity providers implement authentication logic via API Gateway + Lambda or Lambda alone, offering the greatest flexibility. They can reference credentials stored in external LDAP servers, databases, or Secrets Manager for authentication decisions. The response returned on successful authentication dynamically controls per-user IAM roles, home directories, and logical directory mappings. Logical directory mapping presents a specific S3 bucket prefix as a user's root directory, preventing access to files outside their designated area. Combining session policies further narrows IAM role permissions for temporary, fine-grained access control.

Workflow-Based Post-Processing Automation

Transfer Family's managed workflow feature automatically executes a series of post-processing steps triggered by file upload completion. Workflow steps can include file copying, tagging, invoking custom Lambda functions, and file deletion. For example, you can build a pipeline that copies a CSV file received from a trading partner to a processing bucket in S3, runs validation and format conversion via a Lambda function, then moves the processed file to an archive bucket. Workflows support two tracks - a normal flow and an exception flow - so if an error occurs during a step, execution branches to the exception flow for error notification or file quarantine. Workflow execution logs are output to CloudWatch Logs, enabling tracking of each step's success or failure and processing time. In practice, common patterns include conditional branching that invokes different Lambda functions based on filename patterns, and decrypting PGP-encrypted files within the workflow. Note that workflow execution is not included in Transfer Family pricing - Lambda execution costs and S3 request charges apply separately.

共有するXB!

Related Terms

Amazon S3Amazon EFSAWS DataSyncAWS LambdaAWS Secrets Manager

Related Services

Amazon S3Amazon EFSAWS DataSyncAWS LambdaAWS Secrets Manager

Related Articles

Accelerating Data Transfer with AWS DataSync - Migration from On-Premises to S3 and EFSAutomate high-speed data transfer from on-premises to S3 and EFS. This guide covers agent deployment, task scheduling, and transfer data integrity verification.Reading AWS's Next 3 Years from re:Invent Announcements - Service Lifecycles and the Rules of DeprecationFace the reality that AWS services have lifespans, examining cases like CodeCommit's enrollment freeze and SimpleDB's de facto end, and provide a technology selection perspective for identifying services that will endure.Origins and Naming Conventions of AWS Service Names - Why S3 Has Three S'sDig into the origins of major service names like S3, EC2, Lambda, and Aurora, exploring the hidden patterns in AWS naming conventions, naming missteps, and the history of rebranding.Practicing Infrastructure as Code with AWS CloudFormation - Template Design and Stack ManagementDefine infrastructure with templates and preview impact with change sets before deployment. Detect configuration drift with drift detection and deploy across your entire organization with StackSets.Implementing Natural Language Processing with Amazon Comprehend - Sentiment Analysis and Entity ExtractionLearn about sentiment analysis, entity extraction, and building custom classification models with Comprehend.

Similar Terms and Articles

Building a Managed SFTP Server with AWS Transfer Family - S3 Integration and User ManagementLearn how to build SFTP/FTPS servers with Transfer Family, integrate with S3, and configure custom authentication.AWS Transfer FamilyA managed service providing file transfers to S3 and EFS via SFTP, FTPS, FTP, and AS2 protocolsAWS Directory ServiceA service that provides managed Active Directory on AWSData Transfer and Synchronization - Building a Fast and Secure Data Migration Platform with AWS DataSyncLearn how to use AWS DataSync for data transfer and synchronization between on-premises and AWS. This guide covers large-scale data migration with S3 integration and building continuous data synchronization pipelines.