Ensure that your AWS Transfer for SFTP server endpoints are configured to use VPC endpoints powered by AWS PrivateLink to improve security for internal applications that need SFTP access to Amazon S3.
To eliminate the exposure of your internal applications data to the public Internet, configure your SFTP servers to use VPC endpoints built on top of AWS PrivateLink network. PrivateLink provides secure and private connectivity between VPCs and other AWS services and resources using a dedicated Amazon network.
To determine the endpoint type for your AWS Transfer for SFTP servers, perform the following actions:
Remediation / Resolution
To improve security for your internal applications that need SFTP access solely to Amazon S3, configure your SFTP servers to use VPC endpoints powered by AWS PrivateLink and make them accessible within their VPC only. To change the access endpoint from public to VPC for your existing SFTP servers, perform the following actions:
- AWS Documentation
- AWS PrivateLink
- AWS Transfer for SFTP FAQs
- Creating an SFTP Server in a Virtual Private Cloud
- Editing Servers
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Use AWS PrivateLink for Transfer for SFTP Server Endpoints
Risk level: Medium