In this section, you provision your SFTP Gateway instance. You can do this manually via the EC2 console, or using CloudFormation. Either way, you should end up with the following resources:
You first need to subscribe to the SFTP Gateway product. Doing so allows your AWS account to use the SFTP Gateway AMI.
Click here to open the AWS Marketplace page for SFTP Gateway.
Click the Continue to Subscribe button.
Click the Accept Terms button.
A Key Pair allows you to SSH into the EC2 instance. You can create one within the AWS console by going to EC2 > Key Pairs
CloudFormation is the recommended setup approach. Download the latest CloudFormation template.
Within the AWS console, go to CloudFormation, click Create Stack, and upload the SFTP Gateway CloudFormation template. Then specify the following parameters:
sftpgateway-i-12345abcde
).t2.micro
for testing purposes. But you can change your instance type to an m4.large
when you go live.0.0.0.0/0
to allow all IP traffic. See below for details.The InputCIDR field grants an IP address range access to your EC2 instance over port 22. This is used by a security group rule to help protect your EC2 instance from unwanted port scans.
As a security best practice, you should limit this to your own IP address (i.e. 12.34.56.78/32
). The /32
at the end represents a range containing a single IP address. To get your local machine’s public IP address, see http://checkip.dyndns.org/.
Later on, you can add a whitelist of IP address ranges to your security group to grant SFTP clients access your instance. See this article for more details.
If you need to make your SFTP Gateway accessible to the general public, you can allow port 22 traffic from all IP addresses by using 0.0.0.0/0
.
Before you launch an EC2 instance, first create an IAM role with the AmazonS3FullAccess policy. This role gives you access to S3.
Now you can launch an instance of SFTP Gateway:
Go to the SFTP Gateway Marketplace page.
Click the Continue to Subscribe button.
If you have not accepted the license agreement, click the Accept Terms button.
In the SFTP Gateway banner at the top of the page, click the Continue to Configuration button.
In the fulfillment option dropdown, select Amazon Machine Image.
Select the Region you wish to deploy the image in.
In the SFTP Gateway banner at the top of the page, click the Continue to Launch button.
In the choose action dropdown, select Launch from Website or Launch through EC2.
If you select to Launch from Website, you will stay on same page and the EC2 configuration option will be display on that page.
Note: If you choose to launch the EC2 instance from the website, there will be no identifying Name
tag associated with the instance, it will have the default 32 GB EBS volume, and you will need to assign an IAM role.
Configure the instance through the EC2 console:
t2.micro
for testing, m4.large
or better is recommended for Production. You can modify the instance class after the fact.GP2
. Use a storage size appropriate for your needs. You can increase this later using these instructions.Key = Name
and Value = Identifier
to distinguish your EC2 instances from one another.22
traffic from anywhere 0.0.0.0/0
, which is fine for an SFTP server.Finally, configure the S3 bucket using the sftpgatewaysetup
command
sudo sftpgatewaysetup
. This is creates an S3 bucket, and the appropriate properties files needed by SFTP Gateway. This command is only necessary for manual setup.Note: You can set the name of the default bucket using the --bucket
parameter: sudo sftpgatewaysetup --bucket your-s3-bucket-name
.
Once you’re done setting up your EC2 instance, refer to this article to set up an SFTP user.