Posted On: May 25, 2021

AWS Transfer Family customers can now use AWS Managed Microsoft Active Directory (AD), on-premises and self-managed AD in AWS to authenticate their file transfer end users, enabling seamless migration of file transfer workflows that rely on AD, without changing end users’ credentials or needing a custom authorizer.

AWS Transfer Family provides fully managed file transfers over SFTP, FTPS, and FTP for Amazon S3 and Amazon EFS. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft Active Directory (AD), enables directory-aware workloads and AWS resources to use managed Active Directory (AD) in AWS.

With this launch, customers have three options for managing identities - Service managed, Custom (“BYO Auth”), and Microsoft AD. Customers can select an existing directory in AWS Managed Microsoft AD or self-managed AD (on-premises or Amazon EC2 based using AD connector) and specify which AD groups can access files stored in their S3 buckets or EFS file systems. Once access information for the specified AD groups has been configured, users of the AD Groups can authenticate using their AD credentials and securely transfer files over the enabled protocols. 

AWS Transfer Family support for Microsoft AD through AWS Directory Service is available in all regions where both services are available. To learn more, visit the AWS transfer Family FAQs, usage guide, or get started using the AWS Transfer Family Console.