Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Secure File Transfer With AWS

DZone's Guide to

Secure File Transfer With AWS

Learn more about secure file transfer with AWS.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

A very common use case for enterprise applications is to make secure file transfers with external entities like customers and suppliers. These file transfers not only need to be secure but also cost-effective. Traditionally, enterprises have been using Secure-Shell File Transfer Protocol (SFTP) servers to meet such ends. But running these servers is an overhead and often not cost-effective.

Amazon Web Services have launched a new service recently, known as AWS Transfer for SFTP. Let us delve deeper into this service, see what it offers, and how is it better than running your own file transfer servers.

The Need of AWS Transfer

AWS Transfer is a fully managed service that facilitates the transfer of files to and from AWS S3 over SFTP. The need for such a managed service arose because enterprises had to invest time and money in setting up and managing an infrastructure of SFTP servers. Maintenance of these servers is not essential to core business needs and requires frequent patching, monitoring, user provisioning, and auditing. Being a managed service, AWS Transfer removes the need for overheads like server maintenance and monitoring, which you may have to do in case you use other SFTP providers like Filezilla.

More Benefits

AWS Transfer not only takes away the operational overhead of running SFTP servers but also integrates with S3. It stores the files as objects in S3. Once the files are in S3, then all benefits of S3 can be availed like global access, use of CloudFront edge locations, use files in a data lake, etc. You can also use the uploaded data for machine learning and analytics. You can use lifecycle policies of S3 and archive the data.

AWS Transfer can integrate with your Identity providers like LDAP or Active Directory. It also supports the Route53 DNS. If you have an existing SFTP infrastructure, then migrating to AWS Transfer becomes easy as you do not have to do set up authentication again and can use existing domain names. Your user's current configuration will not change when they migrate to this service.

Use Cases

Some scenarios where you may find AWS Transfer useful are:

  1. Third-party partners need to upload data to AWS in a secure way.

  2. Internal employees need file transfers in and out of AWS.

  3. Customers subscribe to data stored in AWS.

Setting Up 

Follow the steps below to quickly set up AWS Transfer:

1. Go to AWS console and navigate to Transfer console. Create an SFTP server endpoint in AWS and associate a hostname with it. You can use Route53 to create a new hostname and associate it with server endpoint. You may also use the hostname provided by AWS Transfer to access your server endpoint. If you already have a hostname, then use a DNS service to route traffic to server endpoint.

2. Set up an authentication mechanism for users. It could be your Active Directory.

3. Specify S3 buckets where files will be stored. Also, assign appropriate IAM roles.

AWS Console

Security 

 AWS Transfer works on SFTP protocol, and so, it uses a secure tunnel. It is also PCI-DSS and GDPR compliant. As it stores files in S3, you can use S3 security features like S3 Server-Side Encryption or Amazon KMS provided encryption. 

As is the case with other AWS services, you can use AWS Cloudwatch to monitor your user's activities and enable CloudWatch logging. 

AWS ensures the integrity of the files by checking file's pre and post upload MD5 checksum.

Programmatic Access

For AWS developers, Amazon Transfer providers a host of commands that can be used from CLI. These are often easy to use, like to set up SFTP server, in which the following command works:

$ aws transfer create-server --identity-provider-type SERVICE_MANAGED 

------------------------------------- 

|          CreateServer             | 

+-----------+-----------------------+

 | ServerId | s-gft546wuhd76hw4dp   | 

+-----------+-----------------------+


Other helpful commands are:  start-server, stop-server, list-server, create-user.

Comparison With Other Providers

If we search Microsoft Azure or other cloud providers, we will find that none offer a managed SFTP service. AWS is the first off the block with AWS Transfer. With this service, it has met the long-standing demand of many cloud users. If we have to transfer files into Azure storage, we will have to use third-party tools like FileZilla, which will result in various drawbacks discussed earlier in the article.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
aws ,cloud computing ,file transfer ,security ,cloud ,SFTP

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}