I'm looking to set up a serverless SFTP solution using AWS Transfer Family. In the past, we've managed transfers directly to S3, but our security team is now insisting that all buckets must not be public and should be shielded behind other services. However, I've read that for AWS Transfer Family to operate publicly, the associated S3 bucket also needs to be public. Is this accurate? Can I have a public SFTP endpoint without making my S3 bucket public?
3 Answers
No way! You don't have to make your S3 bucket public at all. You can restrict it as much as you want, just set up the right IAM permissions to allow access to your bucket. Plus, if you're looking for a budget-friendly option, consider using a t4g.nano instance for cheaper access instead of going all in with AWS Transfer Family.
Totally agree with the others, we've been using Transfer Family with private buckets without any issues. Just ensure you set up the right IAM role so that it can access the bucket as needed.
Thanks for backing that up! It sounds like I just need to get the IAM role sorted out.
I've used Transfer Family with a private S3 bucket and it's been working perfectly. Just set up your IAM roles correctly for user permissions, and you're golden.
I’ll definitely make sure to check the IAM settings out in detail. Thanks!
I really appreciate the insight! A t4g.nano would mean I'd have to deal with securing it and keeping it up to date, though. I'd prefer to keep management light, even if it costs a bit more.