How To Transfer Files To S3 Buckets Using SFTP and FTP
Estimated Deployment Time: 10 Minutes
The Basics
The S3 File Transfer Server is a fast, secure, and incredibly simple appliance designed to make moving files into and out of Amazon S3 effortless. By deploying this server, you can instantly expose a standard SFTP interface to your clients, internal teams, or external services.
The best part? Files are streamed directly to S3 in real-time. They never actually persist on the appliance itself, keeping your data secure and your storage costs down.
While the server supports both SSH and SFTP (ensuring all traffic is encrypted), it technically supports legacy FTP as well, though we highly recommend against using FTP in production.
Why Use It?
- Familiar Interface: Get the limitless scalability and durability of S3 while using the standard SFTP tools your clients and applications already know how to use.
- Production-Ready: It's a turn-key solution. Just deploy it and you're ready to go.
- Built-in Security: It's built from the ground up for speed and security, keeping sensitive data encrypted while maintaining lightning-fast transfer speeds.
Deployment Guide
Setting up the S3 File Transfer Server only takes a few minutes:
- Deploy the Appliance: Head over to the AWS Marketplace and launch the S3 File Transfer Server.
- Tag Your Instance: Go to your EC2 console and add a tag to your new instance. The Key should be
Buckets, and the Value should be a comma-separated list of the S3 bucket names you want to expose for file transfers. - Create the IAM Policy:
In the IAM console, create a new policy called
S3-File-Transfer-Server-Policyand paste in this JSON:{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1473154086000", "Effect": "Allow", "Action": [ "ec2:DescribeTags" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::*/*" } ] } - Create the IAM Role: Create a new role named
S3-FileTransfer-Server-Roleand attach the policy you just created. - Attach the Role: Go back to your EC2 dashboard, right-click the S3 File Transfer Server instance, select Security > Modify IAM role, and attach the
S3-FileTransfer-Server-Role. - Reboot: Restart the appliance so the new IAM permissions take effect.
And that's it! You can now connect to your server using any standard SFTP client and start transferring files directly to S3.
Troubleshooting
Can't connect via SFTP? Double-check the security group attached to your S3 File Transfer Server. Ensure inbound traffic on port 22 (SSH/SFTP) is allowed from your IP address.
Connected, but can't see the files in your bucket? Verify that your IAM policy is correctly attached to your IAM role, and that the role is actually attached to the EC2 instance. Also, make sure you spelled the bucket names correctly in your instance tags.
Frequently Asked Questions
Does the appliance support multi-AZ or multi-region?
It's a single EC2 instance, but you can deploy it into any VPC in any region.
Should I deploy this using my root account?
No, always use a dedicated IAM user with the appropriate permissions.
Can I encrypt the server?
Yes, we strongly recommend encrypting the underlying EBS volume during deployment.
Should my S3 buckets be encrypted?
Yes, enabling Server-Side Encryption (SSE) on your S3 buckets is a security best practice.
Is my data encrypted in transit?
Yes, all communication over SSH and SFTP is encrypted in transit.
How much does it cost?
You pay standard AWS rates for EC2 and S3, plus the software licensing fee. For example, a t3.medium costs roughly $0.13 per hour total ($0.042 for compute + $0.088 for software).
How do I install updates?
You don't have to manually update it. The server automatically downloads and installs security patches daily.