Skip to content

Latest commit

 

History

History
49 lines (44 loc) · 2.78 KB

transfer-family.md

File metadata and controls

49 lines (44 loc) · 2.78 KB

AWS Transfer Family

  • Is a product which provides managed file transfer service
  • It allows us to transfer files to/from S3 or EFS
  • It provides managed servers which provides various protocols. Allows us to upload/download data to S3 or EFS using protocols different the ones natively supported by S3 of EFS
  • Allow us to interact with both of these services using the following protocols:
    • FTP (File Transfer Protocol): unencrypted file transfer protocol
    • FTPS (File Transfer Protocol Secure): file transfer protocol with TLS encryption
    • SFTP (SSH File Transfer Protocol): file transfer over SSH
    • Applicable Statement 2 (AS2): transfer structured B2B data
  • Transfer Family supports a wide range of identities: service managed, Directory Service, custom (Lambda/APIGW)
  • Managed File Transfer Workflows (MFTW): serverless file workflow engine:
    • Can be used when file are uploaded, we can define workflows as to what happened to the file as it gets uploaded

Transfer Family Endpoint Types

  • Within Transfer Family we create servers which we can think of as the front-end accesspoint to our storage
  • They present S3 and EFS via one or more supported protocol
  • How we access these servers depends on how configure the service's endpoints:
    • Public: runs on the AWS public zone, accessible to the public internet
      • No networking components to configure
      • Only supported protocol is SFTP
      • The endpoint has a dynamic IP which can change, we should use DNS to access it
      • We can't control who will access it using features such as NACLs or security groups
    • VPC - Internet Access
      • Runs in a VPC
      • We can use SFTP/FTPS and AS2 protocols
      • Anything that has connectivity to the VPC (DX/VPN) can access it as it was running inside the VPC
      • Transfer Family provides a static IP for it
      • SG/NACLs are supported
      • It is allocated an Elastic IP for it which is static, which allows it to be accessed over the public internet
    • VPC - Internal
      • Runs inside a VPC
      • We can use SFTP/FTPS/FTP and AS2 protocols
      • Anything that has connectivity to the VPC (DX/VPN) can access it as it was running inside the VPC
      • Transfer Family provides a static IP for it
      • SG/NACLs are supported

Other Features

  • It is multi-AZ => resilient and scalable
  • Cost is based for provisioned server per hour + data transfer
  • With FTP/FTPS only Directory Service and Custom IDP is supported
  • FTP can only be used internally within a VPC
  • AS2 has to be VPC Internet/Internal only, we cannot use the public endpoint type
  • Use cases for Transfer Family:
    • In case we need access to S3/EFS but using the supported protocols
    • Integration with existing workflows
    • Using MFTW to create new workflows