AWS Transfer Family Endpoint


AWS Transfer Family is a secure transfer service that enables you to transfer files into and out of AWS storage services.

  • Public endpoint
  • VPC endpoint for internal access
  • VPC endpoint with internet facing access and

VPC endpoint with internet-facing access

  • Support SFTP and FTPS protocols
  • Access Over the internet
  • Static Elastic IP address
  • Security group and network ACL for inbound control in server side VPC
  • Client firewall allow list — DNS name of the server or EIP
  • The VPC endpoint subnet should be public subnet

VPC endpoint internal access from your VPC

  • Supported protocols, SFTP/FTP/ FTPS
  • From within VPC and VPC-connected environments, such as an on-premises data center over AWS Direct Connect or VPN.
  • All traffic remains in your private network and AWS backbone.
  • Static private IP address
  • Both security group and network ACL can be applied as inbound control in server side VPC/subnet
  • Client firewall allow list can be applied for outbound control

VPC endpoint internal access from customer’s VPC

VPC Endpoint in Shared VPC


We discussed internet facing and internal access pattern for AWS transfer family VPC endpoint, we also covered the VPC endpoint in shared VPC.


How to Use AWS Transfer Family to Replace and Scale SFTP Servers | AWS Partner Network (APN) Blog (



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloud Journey

Cloud Journey

All blogs are strictly personal and do not reflect the views of my employer, focus on cloud networking, cloud security and API security.