AWS Transfer for SFTP is a fully managed service that enables the transfer of files directly into and out of Amazon S3 using the Secure File Transfer Protocol (SFTP)—also known as Secure Shell (SSH) File Transfer Protocol


S3 Bucket – BucketName (For ex: expertbrainssftpwd )

You will have to create your own bucket and use that name in the instructions

SFTP Client

Preferably a linux machine as sftp client is available by default.

If you are using Windows, then you can use WinSCP

IAM Role for SFTP Users

  • Permissions – AmazonS3FullAccess
  • Updated Trust Relationship (see below)

Setup IAM Role for Users

Create a IAM Role with AmazonS3FullAccess (You can restrict this to particular bucket/user) with the following trust relationships.

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Principal": {
        "Service": ""
      "Action": "sts:AssumeRole",
      "Condition": {}

You can basically have have your custom endpoint with your domain name or can use the default endpoint create

SFTP Server

Set up Users

You will need a SSH Key pair, and upload the public key that the user will use when connecting to the SFTP server,

Create SSH Keypair

Generate key on linux server or you can generate kyes on windows machine through puttygen.

Copy the public key to the user configuration & save. Note : The public key should not be multiline (or) have any special characters like enter

Create SFTP Server

Open AWS console and select AWS Transfer for SFTP or you can search it from the search box.

It will open AWS Transfer for SFTP home page.

Click on create server

Create Server

DNS Configuration   : If you have very customized domain name then you can use Amazon Route53 DNS alias or if you have your own DNS you can point that. For now keep it None.
Identity Provider: Select Service managed
Click on create server, takes couple of minutes.

Click on server id and it will open Server configuration

  1. under the user click on Add User who will be accessing sftp server.
    Type username
    Select the User’s IAM role for Amzon s3 access
    Select the home directory with s3 bucket name
    Paste the public key which you generated under SSH Public key field
    Click on Add.
    Check the server and it should be online.

Now connect the server with username and private key.