s3ftp is an opinionated distribution of SFTPGo that combines the security and prevalence of sftp with the low maintenance and low cost of AWS S3 storage.


  • industry standard sftp service
  • pre-configured for usage in your own AWS account
  • highly available
  • static IP addresses
  • customisable domain
  • easy to use web admin interface
  • provision in minutes
  • acts as a reverse proxy in front of S3; no syncing of files

To get started with s3ftp, you will firstly need to subscribe to either the AMI or the Cloudformation product in the AWS Marketplace. Both products are the same and both must be deployed using the supplied Cloudformation template. The AMI product is defined to allow us to more readily provide updates to the service. All documentation describes how to deploy and configure using supplied Cloudformation only.

Once up and running, the s3ftp web administration console will be accessible, allowing you to create your first user s3ftp user.

Users can then upload files via command-line or SFTP client such as PuTTY or Filezilla. Uploaded files are automatically synchronised to the configured S3 bucket and viewable directly in S3. Files are not stored on the s3ftp server, but will appear as though they are.

What’s in the box?

The Cloudformation template will deploy the s3ftp service which comprises the following AWS resources:

  • a dedicated VPC and subnets spanning two availability zones
  • one or more s3ftp server instances which provides
    • a performant, secure sftp proxy to S3 storage
    • a web interface to manage sftp users
    • TLS certificate termination for web interface at the instance
  • an AutoScalingGroup to provide High Availability for the s3ftp EC2 instance(s)
  • an ElasticFileSystem volume to persist user data and config
  • a dedicated S3 bucket providing
    • unlimited sftp file storage
    • s3 file versioning (recover deleted files if needed)
    • file encryption at rest
  • two Elastic IPs to provide static IP addresses for sftp clients
  • security Groups to support IP whitelisting of trusted sftp clients and admins.
  • a Network Load Balancer to provide
    • a publicly trusted TLS certificate for the web admin interface
    • binding of static IPs to allow s3ftp instances to scale up and down without downtime

Follow the Subscribe, Install and Customise chapters to get up and running quickly.