AWS Transfer Family is a fully managed service that enables the transfer of files over SFTP, FTPS, and FTP directly into and out of Amazon S3. This service allows you to seamlessly migrate your file transfer workflows to AWS by integrating with existing authentication systems and providing DNS routing with Amazon Route 53.
In this article, we will guide you through the process of transferring files from Amazon S3 to an external SFTP server using the AWS Transfer Family service.
Prerequisites
1. An AWS Account
2. A configured Amazon S3 bucket
3. Access to an external SFTP server
Procedure
Step 1: Set Up the AWS Transfer Family Service
1. Go to the AWS Transfer Family console.
2. Click on “Create server”.
3. In the “Choose protocols” section, select “SFTP” or “SFTP and FTPS” depending on your needs. For this guide, we’ll use “SFTP”.
4. In the “Identity provider” section, select “Service managed” to use AWS managed identities.
5. Leave the “Endpoint type” as “Public”.
6. Click on “Create server” at the bottom.
Your AWS Transfer Family server will now be set up. AWS will provide a Server ID, which you should note down as we will use it in the next steps.
Step 2: Add a User to the AWS Transfer Family Service
1. Click on the server ID of the server you just created.
2. Click on “Add user”.
3. In the “User name” section, enter a username.
4. In the “User’s home directory” section, select the S3 bucket from which you wish to transfer files. Note: The user will be able to access the files in this bucket.
5. Set the “Role” to an IAM role that has the necessary permissions to read from your S3 bucket. If you don’t have a suitable IAM role, you’ll need to create one.
6. Leave the “Scope down policy” field empty unless you want to further limit the access of this user.
7. Click on “Add” at the bottom.
You have now set up a user with access to your S3 bucket. AWS will provide a public key for this user. You should note it down for future use.
Step 3: Connect to the External SFTP Server and Transfer Files
You will now need to use an SFTP client that supports public key authentication. Here is an example using the command line sftp
client:
1. Save the public key provided by AWS to a file, for example, ~/aws_sftp_key.pem
.
2. Run the following command in your terminal:
sftp -i ~/aws_sftp_key.pem user_name@server_endpoint
Replace user_name with the username you created in step 2, and server_endpoint with the endpoint provided by AWS (you can find it in the details of the server you created in step 1).You should now be connected to the SFTP server.
- To transfer files from your S3 bucket to the SFTP server, use the put command:
put local_file remote_file