Hosting an SFTP server in AWS (AWS Transfer Family)
You can host an SFTP server in AWS to import or export data on the InfoSum Platform using the SFTP data connector.
This article describes step-by-step how to host an SFTP server in AWS, which can be used to import or export data on the InfoSum Platform using the InfoSum SFTP data connector or the InfoSum SFTP push connector.
First, create an SFTP-enabled server in AWS and add a user to the server. For the steps to do this, see:
Note: For detailed steps of how to create an SFTP server within AWS Transfer Family, please refer to the AWS Tutorial: Getting started with AWS Transfer Family.
Once you have created the SFTP server in AWS, you will need to authenticate the server and assign it the correct access for import to InfoSum Platform to work. For the steps to do this, see:
- Creating a SSH key to authenticate with the AWS Amazon Transfer Family SFTP server
- Adjusting AWS IAM Policy to allow access
Creating an SFTP server in AWS
Sign in to the AWS Transfer Family console.
Click Create Server on the main page of the AWS console. You are taken to the Choose Protocols page.
Ensure the SFTP option is selected and Click Next. You are taken to the Choose an identity provider page.
Ensure that the Service managed option is selected and click Next. You are taken to the Choose an endpoint page.
Ensure the Publicly accessible option is selected and click Next. You are taken to the Choose a domain page.
Ensure that the Amazon S3 option is selected and click Next. You are taken to the Configure additional details page.
In the CloudWatch logging section, ensure the Create a new role option is selected.
Leave the Security policy and all other fields as is and scroll to the bottom of the page.
Click Next. You are taken to the Review and create page.
Click Create server. Your newly created SFTP server appears in the list of servers on the main Servers page.
Next, you will need to add a user to the server (see the next section).
Adding a user to the SFTP server in AWS
On the main Servers page, double-click the Server ID for your newly-created SFTP server. You are taken to the set-up page for the selected server.
Click Add user. You are taken to the Add user page.
Complete these fields as follows:
- Username - Type a name for the new user.
- Role - Select AWSTransferLoggingAccess from the drop-down list
Leave all other fields as is and scroll to the bottom of the page.
Click Add. You are taken to the main server page which now shows the newly-added user. The next section includes the steps to find details of the SSH public key for a user.
Creating an SSH key to authenticate with the AWS Amazon Transfer Family SFTP server
On your local machine (and machines where you will be accessing the SFTP server from), at the command prompt type in:
ssh-keygen -P "" -f <filename>
This generates two keys:
- a private key, and
- a public key
The private key will have the name you specified using the -f flag. The public key will have the same name suffixed with .pub.
To share your details with the transfer server, copy the public key details found in the previous step using the less command:
less <filename>.pub
Alternatively, open the public key file in a text editor of your choice. Copy the contents and paste this into the SSH Public Keys field of the SFTP user that you created in AWS Transfer Family.
Adjusting AWS IAM Policy to allow access
You may encounter an issue whereby you have created the SFTP server, but cannot perform any actions on it (such as running the list directory contents command). This is usually because, by default, the SFTP server has no access to the attached S3 bucket. We recommend that you create a specific IAM policy for AWS Transfer Family that allows access to both S3 and Transfer Family commands, alongside a policy that allows full control of both the attached S3 bucket and SFTP server.