Public Endpoint IP addresses static or dynamic?

0

I was asked to provide the IP address of my Transfer Family SFTP ( public endpoint ) so that on their side they can make an outbound rule in their firewall.

I thought this IP address was dynamically assigned to the endpoint, since i see many mentions that for whitelisting its required a static IP (EIP).

If its dynamic is it possible to determine a IP range (that was their suggestion), without having to use a static IP (EIP)?

Thanks

Edit: whatismyipaddress.com mentions that is likely a static IP

질문됨 3년 전1211회 조회
3개 답변
1

When you create SFTP endpoint into VPC I believe you must provide EIP(s) for it. Details are shown in this blog post. https://aws.amazon.com/blogs/storage/use-ip-whitelisting-to-secure-your-aws-transfer-for-sftp-servers/

profile picture
전문가
Kallu
답변함 3년 전
  • Hi, thanks. I was trying to avoid to have to redeploy the cloudformation, since originally it seems to have been deployed as Public Endpoint type. I get 3 different addresses from nslookup, but i am afraid if i provide them with this (or even a range/subnet) they can be altered anytime in the future. So this means that for customers to be able to whitelist, the only solution seems to be with VPC if i undestood correctly.

  • You're right. Public endpoint IPs can change. Here is the summary of different endpoint types. https://aws.amazon.com/premiumsupport/knowledge-center/aws-sftp-endpoint-type/

1

Can you use a VPC endpoint with internet-facing access?

According to the above blog, if you choose a VPC endpoint with internet-facing access you can attach Elastic IP addresses to the endpoint. These can be AWS-owned IP addresses or your own IP addresses (BYOIP). Elastic IP addresses attached to the endpoint don't change.

https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#create-internet-facing-endpoint

답변함 3년 전
0

Note that as of today (January 2023) static IP addresses for AWS Transfer Family connectors are now available: https://aws.amazon.com/about-aws/whats-new/2024/01/aws-transfer-family-static-ip-sftp-connectors/

profile pictureAWS
전문가
답변함 9달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠