Public Endpoint IP addresses static or dynamic?


I was asked to provide the IP address of my Transfer Family SFTP ( public endpoint ) so that on their side they can make an outbound rule in their firewall.

I thought this IP address was dynamically assigned to the endpoint, since i see many mentions that for whitelisting its required a static IP (EIP).

If its dynamic is it possible to determine a IP range (that was their suggestion), without having to use a static IP (EIP)?


Edit: mentions that is likely a static IP

asked 2 years ago539 views
2 Answers

When you create SFTP endpoint into VPC I believe you must provide EIP(s) for it. Details are shown in this blog post.

profile picture
answered 2 years ago
  • Hi, thanks. I was trying to avoid to have to redeploy the cloudformation, since originally it seems to have been deployed as Public Endpoint type. I get 3 different addresses from nslookup, but i am afraid if i provide them with this (or even a range/subnet) they can be altered anytime in the future. So this means that for customers to be able to whitelist, the only solution seems to be with VPC if i undestood correctly.

  • You're right. Public endpoint IPs can change. Here is the summary of different endpoint types.


Can you use a VPC endpoint with internet-facing access?

According to the above blog, if you choose a VPC endpoint with internet-facing access you can attach Elastic IP addresses to the endpoint. These can be AWS-owned IP addresses or your own IP addresses (BYOIP). Elastic IP addresses attached to the endpoint don't change.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions