Sign in
Your Saved List Partners Sell in AWS Marketplace Amazon Web Services Home Help

SFTP Gateway

By: Thorn Technologies LLC Latest Version: 2.001.05

Product Overview

SFTP Gateway is a secure-by-default, pre-configured SFTP server that saves uploaded files to an Amazon S3 bucket. SFTP Gateway is a simple and affordable service that is designed to grow with your business needs. By providing a documented RESTful API, SFTP Gateway is ready to integrate into your current systems. For businesses that need more power, SFTP Gateway can scale in multiple availability zones with high availability to support thousands of SFTP users.

How it works:

SFTP Gateway uses OpenSSH for secure file transfer and encryption. SFTP users are configured with several folders, each performing a different function. The upload folder monitors file descriptors as new files are written to subdirectories. Once the file transfer is finished, SFTP Gateway pushes the entire file to an S3 bucket and clears it from the server. The download folder is periodically synced with a specific S3 location. And the local folder does not interact with S3, but operates like a standard SFTP server.

High Availability:

SFTP Gateway can be deployed as a single server, or as a highly available infrastructure. CloudFormation automatically deploys the necessary resources as one cohesive stack, making it easy to see the resources involved, and cleanly remove them from your account if necessary. EC2 instances containing the core SFTP Gateway service are provisioned in an Autoscaling Group that spans two Availability Zones. A Network Load Balancer provides a single endpoint and routes SFTP traffic to all of the instances. A common Elastic File System is configured and mounted to the servers to ensure data is not lost if a server fails. The CloudFormation template is freely available and can be customized for your business needs.

Security and Compliance:

SFTP Gateway includes features that improve security and help meet compliance. Data is encrypted in transit and at rest. SFTP users are configured with SSH public key authentication by default. Logs are centralized in CloudWatch to help with auditing.

SFTP Gateway can be configured to encrypt data at rest on S3 and EFS. S3 encryption options for SSE-S3 or SSE-KMS can be set on a per-user basis. And with EFS encryption, files are encrypted at rest while stored on the server. These encryption methods are transparent to the end user, as files are automatically decrypted when accessed.

Data is also encrypted in transit. User traffic to the server is encrypted via the SFTP protocol with OpenSSH. And file upload traffic to S3 is encrypted with HTTPS. Communication between servers in highly available setups is encrypted using TLS 1.2.

By default, SFTP users are assigned a unique 2084-bit private key for SSH public key authentication, which is more secure than passwords. Password authentication can still be enabled if necessary, however.

SFTP Gateway supports audit logging. You can track user authentication and SFTP activity such as directory traversal and file upload. These logs are streamed to a centralized log group on CloudWatch which has robust querying capabilities.

Easy User Management:

SFTP Gateway includes an admin web interface, so you can manage users without the command line. From the admin web interface, you can create SFTP users and configure their SSH key, encryption option, and S3 upload location.

For integration into your current user provisioning systems, SFTP Gateway provides a RESTful API and command line interfaces for easier scripting. These APIs provide more extensive control over the user creation process and are designed to fit into your process while implementing best security practices.

Refer to the Additional Resources section below for more information.



Operating System

Linux/Unix, Amazon Linux 2.0.20201218.1

Delivery Methods

  • CloudFormation Template
  • Amazon Machine Image

Pricing Information

Usage Information

Support Information

Customer Reviews