The Lambda function will contain the actual logic needed to authenticate the user. This API will be called by AWS Transfer Family to check the credentials of the user that made an FTP request to the service.
To configure self-managed user authentication in AWS Transfer Family, we’ll need to specify an API Gateway endpoint and a role to invoke it.ĪPI Gateway (configuration steps can be found here) must expose an API backed by an AWS Lambda. As we’ll see in the following part, the adoption of S3, for example, can give space to a significant number of interesting business cases. Meanwhile, the usage of this service allows you to bring your data into a durable and highly available storage service.
It must be pointed out that the migration of similar workloads to AWS Transfer Family doesn’t affect the user experience, allowing them to use the FTP clients that they are accustomed to, such as Cyberduck, FileZilla, WinSCP, etc. The provisioning of the infrastructure needed to maintain an architecture enabling FTP, SFTP, or FTPS file transfer can be very burdensome in both economic and maintenance terms, AWS Transfer Family allows you to configure new environments or migrate existing ones limiting these concerns. It’s important to note that the usage of FTP is not supported for internet-facing workloads, in fact, simple FTP connections are considered insecure due to the plain text transfer of credentials, allowing only VPC mode. For example it is possible to use LDAP or Microsoft Active Directory as IdP, or set up custom Auth systems backed by ad-hoc lambda functions.Īs said before, AWS Transfer Family allows access to remote files stored on S3 or EFS by employing FTP, SFTP, and FTPS protocols. The second option instead, gives you “carte blanche” when you need to integrate an existing identity provider.
The first option, however, while allowing a very quick configuration of the service using Aws generated SSH RSA keys for SFTP Authentication, does not support the integration with existing authentication mechanisms or even plain old username password authentication. In fact, AWS Transfer Family takes care of scaling the underlying EC2 servers granting the right capabilities, keeping the whole service highly available.įor user authentication, AWS Transfer Family allows you to choose between service-managed and custom solutions. This AWS service allows you to avoid the maintenance hurdles of self-managed FTP servers. This service allows the exposure of a convenient interface to manage objects on Amazon S3 and Amazon EFS using well-known file transfer protocols like FTP, SFTP, and FTPS. The managed AWS service, AWS Transfer Family, provides a fully managed set of resources to support an additional way to transfer files in and out of AWS.
Most importantly, SFTP and FTPS have been developed to supplant the historical protocol by establishing secure data streams. Over the years, FTP has been upgraded to provide several advantages.
Developed by an MIT student in the early 1970s, FTP has become the standard for remote file transfer and management for decades. FTP (exactly, File Transfer Protocol) is one of the fundamental building blocks of the internet. Protocols for file transfer to remote servers have been around since the dawn of computer networking.