Sometimes you just need a quick and secure solution to share some files between multiple users.
In AWS, there is a service called the AWS Transfer Family that works with Amazon S3 to help users securely move and store files in the cloud. There are several transfer protocol options available, namely FTP, FTPS, and SFTP. In this article, we will explore how to deploy and use a serverless SFTP solution in the AWS cloud.
To deploy our SFTP server, we will be creating the following resources:
An S3 bucket
An IAM role
A Transfer Server (using SFTP)
Manual Deployment Steps
First, create an encrypted S3 bucket with a deletion policy set to Retain (if you deploy it using CloudFormation) and all public access disabled. This will be the filesystem for our SFTP server, and we will be pointing our users here later. Next, create an IAM role with the policies below:
Now that the resources are deployed, it’s time to add users to the SFTP server. Select the server you just created in the AWS Transfer Family console and click on the “Add User” button. You should see something like the images below:
Enter the username you want to add, and select the role you created earlier as the access role. Leave the policy as “None”, and choose the S3 bucket you created earlier as the home directory. Generate an SSH key for your user and paste the public key into the SSH public key field. Tag appropriately, then click “Add”.
Congratulations, you’ve just added a user to your SFTP server! You can now connect to the server via your SFTP access method of choice with the user you created, your SSH key, and the server endpoint. Happy transferring.