|
|
Many organizations rely on SFTP (SFTP) as an industrial standard for the exchange of critical business data. Traditionally, safe connection to private SFTP servers required its own infrastructure, manual scripting or detecting endpoints to public internet.
Today, AWS Transfer Family SFTP connectors now support connecting to remote SFTP servers via the Amazon Virtual Private Cloud (Amazon VPC). You can transmit files between Amazon Simple Storage Service (Amazon S3) and private or public SFTP servers using security controls and network configurations already defined in your VPC. This ability will help you integrate data sources in the location on the spot, private servers hosted by partners or endpoints on the Internet, with the operating simplicity of the fully managed Amazon Web Services (AWS) services.
New skills with SFTP connectors
Following key improvements:
- Join SFTP private servers – SFTP connectors can now reach endpoints that are accessible only in the AWS VPC connection. These include servers hosted in your VPC or shared VPC, on-premise systems connected via AWS Direct Connect and partner hosted servers connected via VPN tunnels.
- Security and compliance with regulations – All file gears are directed through security controls already applied to your VPC, such as AWS Network Firewall or Centralized Ingress and Output Inspection. Private SFTP servers remain private and may not be exposed to the Internet. You can also present static elastic IP or bring your own IP addresses (ByoIP) to meet the requirements of the partner’s allowed sheets.
- Performance and simplicity -If custom network resources, such as NAT ,, AWS Direct Connect or VPN connection, can use the higher capacity of the bandwidth for extensive transfers. You can configure the connectors within minutes via the AWS management, the AWS (AWS CLI) or AWS SDKS commands without creating your own scripts or third -party tools.
How do SFTP connections work on VPC
SFTP connectors use Amazon VPC Lattice sources to create a safe connection via VPC. The key constructions include a Configuration of resources AA Source gateway. Source configuration is the SFTP target server that you enter using a private IP address or public name DNS. The source gate provides access to the SFTP connector to these configurations, allowing the transfer of files to flow through your VPC and its security controls.
The following architecture diagram illustrates how operation flows between Amazon S3 and SFTP Remote. 
As shown in architecture, operation flows from Amazon S3 via SFTP connector to your VPC. The source gate is an input point that processes the incoming connection from the connector to your VPC sources. Outgoing operation is directed by your configured Egress path, using Amazon VPC NAT Gateways with elastic IPS for public servers or AWS Direct Connect and VPN connection for private servers. From your VPC CIDR range, you can use existing IP addresses and simplify the partner server of the allowed sheets. The Centralized Firewall gates in VPC enforce safety principles and Natské gates owned by the customer provide a higher bandwidth for extensive gears.
When to use this feature
With this ability, IT developers and IT administrators can simplify working procedures in meeting the requirements for security and compliance with regulations in a number of scenarios:
- Hybrid -Prese files between Amazon S3 and On-Premises SFTP using AWS Direct Connect or AWS on site without issuing Internet end points.
- Partnership – Connect with SFTP Business Partners, which are accessible only through private VPN or shared VPC tunnels. This avoids creating their own scripts or managing third -party tools, which reduces the operating complexity.
- Regulated industry – Transfers on the route through centralized firewall and inspection points in the VPCS follow financial services, government or healthcare requirements.
- High -performance gears -The your own network configurations such as Nat Gateways, AWS Direct Connect or VPN Connection with elastic IP or ByoIP to handle large -scale transfers while maintaining IP addresses already on partner lists.
- A unified file transfer solution – Standard the transfer family for internal and external SFTP connections and reduce fragmentation across file transmission tools.
Start building using SFTP connectors
To start transmitting files using SFTP connectors through my VPC environment, I follow the following steps:
First I configure my VPC Lattice sources. In the Amazon VPC console, below Profitner and bars In the navigation pane, I choose Source gateschoose Create a resource gate Create one that will behave like an entrance point to my VPC. 
Another, below Profitner and bars I will choose in the navigation pane Configuration of resources and choose Create resources configuration Creating resources for my target server SFTP. Determine the private IP address or public name DNS and port (usually 22). 
Then I configure the AWS Identity and Access Management (IAM) permissions. I ensure that the role of iam is used to create a connector transfer:* the permissions and permissions of the VPC grid (vpc-lattice:CreateServiceNetworkResourceAssociation, vpc-lattice:GetResourceConfiguration, vpc-lattice:AssociateViaAWSService). I update the confidence policy in the role of IAM transfer.amazonaws.com as a trusted director. This allows the AWS transfer to take over the role in creating and managing my SFTP connectors.
Then I create a SFTP connector via the AWS Transfer family console. I choose SFTP connectors and then choose Create a SFTP connector. 
IN Configuration of the connector Sections, I will choose VPC Lattle as the type of output Configuration of resources, Access role, and Connector login data. Optionally, include a trusted host key for improved security or switch the default port if my SFTP server uses a non -standard port.
I also test the connection. On Action Menu, I will select Test connection If you want to confirm that the connector can reach the target server SFTP.
And finally, after the state of the connector is ACTIVEI can start file operations with my remote SFTP server by programmatically calling the transmission family API, such as StartDirectoryListing, StartFileTransfer, StartRemoteDeletegold StartRemoteMove. All traffic is directed via my VPC using my configured sources, such as Nat Gateways, AWS Direct Connect or VPN connection along with my IP addresses and security controls.
You can find a complete set of options and advanced work flows in the AWS Documentation Family.
Now available
SFTP connectors with VPC -based connection are now available in 21 AWS regions. Check out the AWS services by the region for the latest supported AWS regions. Now you can safely connect AWS Transfer Family SFTP connectors to private, on-premise or Internet servers using your own VPC sources, such as Nat Gateways, Elastic IPS and network gateway.
—Betty