This guide walks you through launching SFTP Gateway with CloudFormation from the AWS Marketplace.
On this page, you only have one form field:
Select Launch CloudFormation, and click Launch.
This takes you to the CloudFormation Create Stack wizard, with the template pre-loaded. Click Next.
On the Specify stack details page, you will need to configure some CloudFormation parameters.
This is the name of your CloudFormation stack.
Enter the name of your S3 bucket. You can use either a new or existing bucket.
Here are some restrictions on naming your S3 bucket:
This parameter determines whether S3 permissions are broad or restrictive.
For testing, use a
t2 class is cheaper, but cannot handle sustained traffic.
For production, use an
m5.large or better.
Disk Volume Size
This is set to 32 GB by default. Set this to a higher value if you plan on transferring large batches of data.
For a single instance stack, you can increase the size of your instance volume later on.
Select a key pair of which you own the private key
EFS is used to sync shared state between multiple EC2 instances. This includes common configuration files, and uploaded files stored temporarily as they wait to be uploaded.
Leave this value as true to encrypt the EFS volume.
By default, the autoscaling group launches two instances -- one in each availability zone.
You can set the number of instances to anywhere between 1 and 4 instances.
Select an existing VPC in which to deploy SFTP Gateway.
If you created your own VPC, make sure that:
Otherwise, you can choose the default VPC which is public by default. Its IP address range is
Public Subnet A
SFTP Gateway instances are deployed into an autoscaling group that spans two subnets. Make sure that this subnet is public and belongs to the VPC you selected earlier.
If you created your own subnet, make sure that Map Public IP On Launch is set to true.
If you selected the default VPC, select a subnet with the IP address range of
Public Subnet B
The same rules apply for Subnet B. Just make sure it's different from Subnet A.
Get your current IP address from http://checkip.dyndns.org/.
Then enter this IP address, followed by
/32. For example,
/32 suffix represents a network range of a single address.
Web Admin Password
Enter an admin password. You'll later use this to log into the web interface for user management.