How to Connect to S3 Bucket using SFTP

Introduction:

One of the challenges companies found when moving to the cloud is data migration, especially when you’re dealing with a huge amount of legacy data, S3 is cloud favorite tool to store such data, however, you can not connect into using SFTP, or SCP as each has its own different protocol for data transfer. until we have the s3 SCP data transfer.

 

S3  SFTP Transfer:

AWS SFTP managed service gives you the ability to transfer files directly into and out of Amazon S3 using the / SCP protocol. with the simple setup, you can easily migrate your file transfer processes —by integrating with existing authentication systems, and providing DNS routing with Amazon Route 53—so nothing changes for your customers and partners, or their applications. With your data in S3, you can use it with AWS services for processing, analytics, machine learning, and archiving.

 

S3 SFTP Transfer Cases:

 

Sharing files with third-parties

Nearly every business has to exchange files with external firms securely, whether they are large technical documents for customers, media files for a marketing agency, or invoices from suppliers. Many of these file exchanges have used SFTP for decades. AWS SFTP makes it easy to support recurring data sharing processes, as well as one-off secure file transfers where setting up access to internal systems for external teams is difficult or impractical.

 

 

Get Started:

• Under Migration & Transfer Select “AWS Transfer for SFTP”, then create a new service.
• on the creation wizard, you will be asked to provide some details about the service:

1. End Point Type:

• Public means you can access the sftp externally
• VPC means sftp service is accessible only through.

     2. Hostname setup:

• if you want to use the default endpoint provided by aws click “Default”.
• if you want to select a custom endpoint and your domain is managed under route53, click Route53.
• if you want to have a custom domain select Custom and enter your custom endpoint, in this case, the default endpoint will be mapped with your custom endpoint.

     2. Identity Management:

You can either define users manually in the service or use a custom identity provided for authentication.

 

• after that, your managed service provisioned, select it and add a new user like below

 

You need to have a public key created for this user already and a role that specifies its privilege. you can generate a key using this tutorial and for example if you want to create an IAM role that gives full access on subfolder click on this tutorial 

 

That’s it, you should be now connecting to