Posted On: Jan 10, 2020
AWS Transfer for SFTP (AWS SFTP) customers can now whitelist client IP addresses using Amazon Virtual Private Cloud (VPC) Security Groups, providing an additional layer of security to their SFTP servers. Customers can also associate Elastic IP addresses with their server’s endpoint, enabling end users behind firewalls to whitelist access to the endpoint.
AWS SFTP enables the movement of Secure Shell File Transfer Protocol (SFTP) based workloads to AWS, without needing to modify applications, or manage any servers. When creating or updating an SFTP server, you can choose to host the endpoint within your VPC, associate Elastic IP addresses (including Bring Your Own IPs), and attach VPC Security Groups with rules to filter incoming traffic to your endpoint. This ensures that access is restricted to authenticated users whose requests originate from whitelisted IP addresses only.
Additionally, you can use VPC Flow Logs for capturing your endpoint’s traffic information, and view your end users’ source IP addresses in Amazon CloudWatch.