News

AWS Transfer Family Adds VPC-Based Connectivity for SFTP Connectors

• By David Ramel
• 10/30/2025

Amazon Web Services (AWS) announced that AWS Transfer Family now supports routing SFTP connector traffic through a customer's own Amazon VPC (Virtual Private Cloud). This new capability lets managed file transfers between Amazon S3 and remote SFTP servers leverage existing private network controls, endpoints, and Direct Connect or VPN links--eliminating the need to expose transfer endpoints to the public internet.

The new VPC-egress mode allows SFTP connectors to access servers that reside inside a VPC, a shared VPC, or on-premises environments connected through AWS networking services, AWS said. File transfer traffic flows into the VPC using a resource gateway created with Amazon VPC Lattice and then reaches the defined remote SFTP target. This setup enables customers to apply their own firewalls, monitoring, and egress policies directly to SFTP workflows.

The update also supports using Bring Your Own IP (BYOIP) or assigning static Elastic IP addresses to simplify partner allow-lists. Customers can route traffic through high-bandwidth paths such as NAT gateways or Direct Connect links, which is particularly useful for large-scale or latency-sensitive transfers. Configuration can be done through the AWS Management Console, CLI, or SDKs.

This feature is designed to simplify hybrid and partner transfer scenarios--such as securely connecting on-premises servers to Amazon S3 or enabling partners that rely on fixed IP-based access. Keeping traffic within private VPC routes can help organizations meet compliance requirements in regulated industries like finance and healthcare.

Administrators should ensure their VPC has at least two Availability Zones for the resource gateway and that the remote server is reachable from the configured subnets. AWS documentation provides step-by-step instructions for setting up the gateway, IAM roles, and connector resources. The enhancement is available now in supported AWS Regions. Standard SFTP connector pricing applies, with potential additional charges for NAT gateways, VPC Lattice usage, or data egress depending on the network architecture.