- Newest
- Most votes
- Most comments
AWS Transfer Family would appear to be a good fit for for your use case.
The full documentation for AWS Transfer Family is here https://docs.aws.amazon.com/transfer/latest/userguide/what-is-aws-transfer-family.html and I know is quite lengthy, so in answer to your main points:
What are the steps to create an AWS transfer family for SFTP with SSH keys and secure authentication practice ?
I reckon you would want to create a publicly-accessible endpoint, which will be accessible over the internet (including from Azure cloud).
Is port 22 being used ?
Yes.
How can we get SFTP details like host, ssh keys (public or private ?) etc of this SFTP in AWS for azure to authenticate using Azure data factory SFTP connector.
The server will be created with a hostname of the form serverId.server.transfer.regionId.amazonaws.com
You can add users directly in Transfer Family, and associate a public key with each https://docs.aws.amazon.com/transfer/latest/userguide/service-managed-users.html
Or you can integrate with a directory service such as AD https://docs.aws.amazon.com/transfer/latest/userguide/directory-services-users.html
If we use AWS Transfer family SFTP to transfer files from source azure, what service and how in AWS we should use to decrypt the files and how to copy into AWS S3 from AWS transfer family SFTP ?
The SFTP server sits in front of the S3 bucker, when you put the files on the SFTP server they are placed into the S3 bucket at the location you specify. You can create directories and navigate around the directory tree just like normal.
We need to make sure data in encrypted during transit and at rest. I understand AWS S3 is encrypted at rest by default ?
SFTP is encrypted by default, and at the back-end S3 buckets are encrypted at rest by default using Amazon-managed keys - this can be changed if you want to use a different method https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html
Also, please suggest how customer transfer files from azure to aws as the preferred/best options ? I don't think CLI commands would be a choice for us.
The customer can use any method they prefer to transfer the fiules, whether that's CLI commands (which can also be scripted), or a graphical SFTP client like Filezilla or WinSCP. API Service Calls can also be used https://docs.aws.amazon.com/transfer/latest/userguide/api_reference.html
Relevant content
- Accepted Answerasked 8 days ago
- asked 15 days ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 3 years ago
Thank for the response. I have few questions that I would like to clarify.
So when we create AWS transfer family SFTP we need to create as public in our case ? How to generate SSH keys locally and place in AWS transfer family or in AWS itself keys to be generated ?
What is SFTP encrypted by default?
If we gpg encrypt the files before sending,how can AWS decrypt the files ?
You add a user to AWS Transfer Family, and then you create a keypair (using
ssh-keygen
, or PuTTYgen, or whatever you normally use) and add the public half of the keypair to the user you just created https://docs.aws.amazon.com/transfer/latest/userguide/key-management.htmlSFTP is encrypted end-to-end using the same protocol that SSH uses. There's not much to add to that, any data that is passed using SFTP is always encrypted. You don't need any special add-on for AWS Transfer Family, nothing like that.
AWS can't decrypt them. If you encrypt the files on the source and then pass these encrypted files over SFTP, these will be securely transferred, and the encrypted files will appear in the S3 bucket. You can then retrieve the files from the S3 bucket and decrypt them.