SFTP Gateway 2.0 Usage Instructions - CloudFormation - Multi - Existing Network | Thorn Technologies

SFTP Gateway 2.0 Usage Instructions - CloudFormation - Multi - Existing Network

This guide walks you through launching SFTP Gateway with CloudFormation from the AWS Marketplace.

Launch this software | Usage Instructions

On this page, you only have one form field:

Choose Action

Select Launch CloudFormation, and click Launch.

This takes you to the CloudFormation Create Stack wizard, with the template pre-loaded. Click Next.

Configure CloudFormation parameters

On the Specify stack details page, you will need to configure some CloudFormation parameters.

Stack name

This is the name of your CloudFormation stack.

Default Bucket

Enter the name of your S3 bucket. You can use either a new or existing bucket.

Here are some restrictions on naming your S3 bucket:

  • Cannot contain uppercase letters
  • Can contain lowercase letters, numbers, periods (not recommended), and hyphens
  • Must be fewer than 63 characters

Bucket Access

This parameter determines whether S3 permissions are broad or restrictive.

  • open: SFTP Gateway is granted S3 Full Access. This is helpful if you plan on using a different S3 bucket for each SFTP user. We recommend locking down S3 access after your users are configured.
  • restricted: S3 access is limited to the default bucket. This improves your security posture by protecting your other S3 buckets from administrators with shell access to the SFTP Gateway instance.

EC2Type

For testing, use a t2.medium. The t2 class is cheaper, but cannot handle sustained traffic.

For production, use an m5.large or better.

Disk Volume Size

This is set to 32 GB by default. Set this to a higher value if you plan on transferring large batches of data.

For a single instance stack, you can increase the size of your instance volume later on.

Key Pair

Select a key pair of which you own the private key

EFS Encryption

EFS is used to sync shared state between multiple EC2 instances. This includes common configuration files, and uploaded files stored temporarily as they wait to be uploaded.

Leave this value as true to encrypt the EFS volume.

Desired Capacity

By default, the autoscaling group launches two instances -- one in each availability zone.

You can set the number of instances to anywhere between 1 and 4 instances.

VPC

Select an existing VPC in which to deploy SFTP Gateway.

If you created your own VPC, make sure that:

  • It has an Internet Gateway
  • Route tables are configured to direct traffic to the Internet Gateway
  • Enable DNS Hostnames is set to true

Otherwise, you can choose the default VPC which is public by default. Its IP address range is 172.31.0.0/16.

Public Subnet A

SFTP Gateway instances are deployed into an autoscaling group that spans two subnets. Make sure that this subnet is public and belongs to the VPC you selected earlier.

If you created your own subnet, make sure that Map Public IP On Launch is set to true.

If you selected the default VPC, select a subnet with the IP address range of 172.31.x.0/20.

Public Subnet B

The same rules apply for Subnet B. Just make sure it's different from Subnet A.

Input CIDR

Get your current IP address from http://checkip.dyndns.org/.

Then enter this IP address, followed by /32. For example, 1.2.3.4/32. The /32 suffix represents a network range of a single address.

Web Admin Password

Enter an admin password. You'll later use this to log into the web interface for user management.