Step By Step Guide to Create SFTP Service on AWS

SFTP stands for Secure file transfer protocol. It helps to provide a secure network for accessing, transferring and managing files on remote systems. It also called SSH File Transfer Protocol. It provide a secure connection between a sender & receiver so we can easily send/receive the data in encryption format.


  • S3 bucket.
  • SSH key credentials and a IAM role with permission to access the bucket.

There are few points to create SFTP service on aws:

  • Log into Aws console.
  •  Click on Services & Click on Migration & Transfer.
  •  Select AWS Transfer Family.

  • Click on Create Server.

  •  In Choose protocols, select SFTP, and then choose Next.

  •  In Choose an identity provider, choose Service managed to store user identities and keys in AWS Transfer Family, and then choose Next.

  • In Choose an endpoint,choose the Publicly accessible endpoint type and let the Custom hostname remain None. And click on Next.

  • On the Choose domain page, we would be provided with 2 AWS Storage Services Amazon S3 & Amazon EFS. Here we would be using S3, So select it and click on Next.

  • On the Configure additional details ,select a role to enable Amazon CloudWatch logging of user activity.
  • And For Cryptographic algorithm options, choose a security policy that contains the cryptographic algorithms enabled for use by server, here we would be using TransferSecurityPolicy-2020-06.

  • Provide a tag name & click on Next.

  •  In Review and create, review the choices.

  • Click on Create Server.

  • Now after a few minutes,Server is Ready.

How to Add User on SFTP service.

  • Click on Add user.

  • Provide a USername.
  • Select a IAM role for amazon s3 access.

  • In the Home directory ,we could restrict the accessibility of the user to the certain S3 bucket or even certain folder in the bucket by checking on Restricted menu and providing the info in Home directory section.
  • And in the SSH public keys section, we could provide own ssh public key, by which the user would be able to connect .
  • Now click on Add to create the user.

  • After sometimes,User is successfully Added.

  • After the user is created we can connect to this service by using any SFTP client software like FileZilla or WinSCP.

Leave a Reply