Set Up SFTP on AWS

Helpful links:

• Amazon Documentation for AWS transfer SFTP service
• Amazon Document for working with custom host names
• This video provides a complete run through of setting up a SFTP server in AWS.  Recommended to watch at 50% of the speed.  Also, the json script for roles are in Amazon documentation so don’t need to panic if you don’t know it.
• This video also shows a run through of setting up SFTP.  It has lots of talks.  Don’t use their json script for role setting.
• Link to create Amazon SFTP server

1. Set up a S3 bucket
2. Since I’m on Windows, use puttygen to generate a public, private key pair.
   • See direction here
   • Download puttygen here
   • Don’t save a passphrase because our ultimate goal is to access s3 via script.
   • The public key must be in the PUB format, and the private key must be in the PPK format. On Windows, you can use PuTTYgen to create an SSH key pair in the appropriate formats. You can also use PuTTYgen to convert a private key generated using ssh-keygen to a PPK file. If you present WinSCP with a private key file not in PPK format, that SFTP client will offer to convert the key into PPK format for you.
3. Create IAM policies and roles for SFTP
   • See direction here
4. Create an SFTP server with the following qualification:
   • End point type:  Public (unless you are working with VPC)
   • Custom host name:  I use a domain from Amazon DNS server (route 53).  I tried using a domain registered in Bluehost, it won’t authenticate my user via private key.  I think it may have to do with blue host redirect traffic only through http, not https so it is not trusted?  May be.  Either way, by using route 53, a cname record is automatically created in the domain’s host zone.  It was very easy.  You don’t need to mess with DNS records at all or create the subdomain.  Power of spending $12.
5. Identity Provider:  Service Managed
6. Leave the rest blank, Click Create Server.  It would take a few minutes for your server to go online
7. Select the service after it’s state changed to online.  Click Add User
   • Add user name
   • Add role created in step 3
   • Use public key created in step 2
   • leave policy blank
   • Specify s3 bucket created in step 1
8. New open WinSCP on local machine
   • select SFTP as file protocol
   • enter host name used in step 4
   • enter user name created in step 7
   • click on Advanced
     • under SSH, click Authentication
     • under authentication parameters, find and enter the private key file matching the public key you used to create user in step 7
     • Press login
     • Go ahead and trust the new sftp server.  Connection should have been made successfully.