2 Answers
- Newest
- Most votes
- Most comments
1
When you create SFTP endpoint into VPC I believe you must provide EIP(s) for it. Details are shown in this blog post. https://aws.amazon.com/blogs/storage/use-ip-whitelisting-to-secure-your-aws-transfer-for-sftp-servers/
answered 2 years ago
1
Can you use a VPC endpoint with internet-facing access?
According to the above blog, if you choose a VPC endpoint with internet-facing access you can attach Elastic IP addresses to the endpoint. These can be AWS-owned IP addresses or your own IP addresses (BYOIP). Elastic IP addresses attached to the endpoint don't change.
answered 2 years ago
Relevant content
- Accepted Answerasked 3 years ago
- asked 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Hi, thanks. I was trying to avoid to have to redeploy the cloudformation, since originally it seems to have been deployed as Public Endpoint type. I get 3 different addresses from nslookup, but i am afraid if i provide them with this (or even a range/subnet) they can be altered anytime in the future. So this means that for customers to be able to whitelist, the only solution seems to be with VPC if i undestood correctly.
You're right. Public endpoint IPs can change. Here is the summary of different endpoint types. https://aws.amazon.com/premiumsupport/knowledge-center/aws-sftp-endpoint-type/