< All Topics

Hosted~FTP~ vs. AWS Transfer Family


The new SFTP/FTPS service from AWS is a point solution and there is really no comparison to Hosted~FTP~’s Sync-S3 feature. It provides customers with access to the SFTP protocol to upload/download files directly to/from an S3 bucket. They offer this as a managed service so you don’t have to stand up or configure servers, but you do have to create and manage IAM roles to control access to the service. AWS access and expertise is required to use this service. The service does not offer anything additional. Below is a list of features/capabilities that Hosted~FTP~ provides that you cannot get directly from AWS:

Category Hosted~FTP~ AWS Transfer Family
Authentication Authentication options include:
– Native password
– SSH key
– LDAP/Active Directory
– OpenID Connect
The service supports two modes of authentication: Service Managed, where you store user identities within the service, and, Custom (BYO), which enables you to integrate an identity provider of your choice. Service Managed authentication is supported for server endpoints that are enabled for SFTP only.

Storing passwords within the service for authentication is currently not supported. This is a critical gap for customers that cannot integrate with an existing identity provider such as Active Directory.

File Operations All standard create, read, update, and delete operations are supported for files and directories.

Use of symbolic and hard links are currently not supported.

Basic functions such as uploading, downloading and deleting a file are available. Files are stored as individual objects in your Amazon S3 bucket. Directories are managed as folder objects in S3, using the same syntax as the S3 console.

Directory rename operations, append operations, changing ownerships, permissions and timestamps, and use of symbolic and hard links are not supported.

Folder sharing Web based administration console makes it simple for users to share folders with other users or contacts You need to create and maintain AWS IAM Roles to control user access to S3 buckets. This requires AWS expertise and requires changing your AWS IAM and/or S3 Bucket Policies each time which would be prevented by many corporate IT Security policies. Making a simple mistake in these policies could easily block (or open) access to unintended users.
Protocols Supports FTPS, SFTP, HTTPS, and FTP protocols Supports FTPS and SFTP protocols. FTP protocol is only supported within the VPC and not over public internet. AWS does not support HTTPS.
Anonymous Access Hosted~FTP~ provides anonymous access to files via the FTP, FTPS, and HTTPS protocols. Anonymous users are currently not supported for any of the protocols.
Static IP addresses Every FTP server is assigned a static IP address that can be published to customers. You can enable fixed IPs for your server endpoint by selecting the VPC hosted endpoint for your server and choosing the internet-facing option. This will allow you to attach Elastic IPs (including BYO IPs) directly to the endpoint, which is assigned as the endpoint’s IP address. Requires AWS expertise.
IP whitelisting Ability to specify IP whitelist per account and per FTP username for fine grained access control. You can attach Security Groups to your server’s VPC endpoint which will control inbound traffic to your server. This requires AWS expertise and applies to the entire server rather than per user.
Security and Privacy 200% Cloud is installed on servers dedicated to a single customer. This allows for enhanced security configurations by using Network ACLs and VPC Security Groups to lock down access to authorized parties. It also allows for a dedicated AES 256-bit encryption key that is not used by any other customer. No guarantees that servers behind the AWS Transfer Family endpoints are not shared between multiple customer endpoints.
Support / Ease of Use Hosted~FTP~ provides hands-on support for initial account set up and ongoing use. No AWS experience or expertise is required. Customers can always call, chat, or email to get assistance. Use case documentation is provided. Support is provided for customers that subscribe to an AWS Support Plan at extra cost. Support is less hands-on and typically results only in a follow-up email referencing AWS document guides.
Multi Region Hosted~FTP~ can configure a global network of speed relay servers so that customers can get the fastest connections regardless of where they are located or who they are transferring files with. AWS Transfer Family service is bound to a specific AWS region (e.g. Virginia, California, Ireland, etc.) Customers that are located far away from the selected AWS region will experience slower file transfer speeds.
Event Logs Access to real-time and daily automated reports You can use Amazon CloudWatch to monitor your end users’ activity and use AWS CloudTrail to access a record of all S3 API operations invoked by your server to service your end users’ data requests. This requires AWS expertise to configure, and then additional software tools to analyze the CloudTrail data.
Customization Hosted~FTP~ has the ability to create custom solutions for 200% customers. Previous customizations include end-user license agreement acceptance, custom folder timestamps, and branding. We listen to feature requests from current and prospective customers and can quickly build custom solutions to meet their needs. AWS does not create custom solutions for individual customers.
Multi-Cloud Ability to back up customer files to other clouds such as Microsoft Azure and Google Cloud. This allows for enhanced high availability and disaster recovery configurations. Not available
Table of Contents