SFTP Gateway for AWS can help you build and maintain software systems that adhere to the AWS Well-Architected Framework. 

AWS’ Well-Architected Framework provides an excellent guideline of how software products and systems should be built on AWS. It provides the key aspects that every AWS-powered software solution should adhere to pertaining these five key pillars:

  1. Operational Excellence
  2. Security
  3. Reliability
  4. Performance Efficiency
  5. Cost Optimization

SFTP Gateway for AWS was built with the Well-Architected Framework in mind. But more importantly, we built the product and supporting processes to help your software systems adhere to the framework while allowing you to easily transfer files to S3. 

Let’s take a look at each of these framework pillars and see how SFTP Gateway for AWS can help your systems become or continue to be well architected. 

Operational Excellence

The first pillar, Operational Excellence, focuses on the ability to create, run, and monitor systems that deliver business value to your customer. 

This not only includes the quality of your software product, but also excellence in your operational processes and continuous improvement of these processes. 

Your customers’ needs, the business landscape, priorities, and many other factors change frequently. Having flexible, agile processes that can adapt to changing environments is extremely important for success. 

SFTP Gateway for AWS includes features that help you easily launch and maintain an SFTP server and integrate it into your systems to provide value to your customer. 

You can quickly spin up an instance using our AMI or CloudFormation template. The CloudFormation template provisions the necessary AWS resources and can be customized to your specific needs. 

The web admin interface lets you easily create and manage users without using the command line. You can create users, configure their SSH key, encryption options, and S3 upload location. 

The web admin interface allows you to create and manage users easily.

SFTP Gateway for AWS also has a RESTful API and command line interfaces for easier scripting. These APIs give you more control over the user creation process and are designed to fit into your existing processes while implementing best security practices.

The product also supports audit logging, which lets you track user activity, such as authentication, directory access, and file upload. These logs are streamed to CloudWatch for enhanced querying capabilities.

SFTP Gateway for AWS was built to easily fit into your existing systems, especially those that you want to move to the cloud, so you can more easily maintain operational excellence to best serve your customers. 

Security

SFTP stands for “Secure File Transfer Protocol”. So security is absolutely at the center of SFTP Gateway for AWS!

The Security pillar of the AWS Well-Architected Framework calls for the ability to protect information, systems, and assets by applying security at all layers, enabling traceability, and preparing for security events. 

SFTP Gateway for AWS was designed with the security of your systems top of mind. 

SFTP Gateway for AWS uses OpenSSH for secure file transfer and encryption. Users are assigned a unique 2084-bit private key for SSH public key authentication by default (though password authentication is available). 

The product can also be configured to encrypt data in transit and at rest if your company’s security policies make this necessary. 

In transit, user traffic to the server is encrypted via OpenSSH. File upload traffic to S3 is encrypted with HTTPS. And in highly available setups, communication between servers is encrypted using TLS 1.2.

You can also configure SFTP Gateway for AWS to encrypt data at rest on S3 and EFS. You can use SSE-S3 or SSE-KMS to encrypt data on S3 on a per-user basis. And with EFS encryption, files are encrypted while stored on the server. These encryption methods are transparent to the end user, as files are automatically decrypted when accessed.

And as mentioned earlier, SFTP Gateway for AWS supports audit logging, allowing you to monitor product usage for any possible insecure behavior. 

If any security issues arise, our customer support team can help you identify the source of the issue using data from log files. Then we work hand-in-hand with you to resolve the issue as quickly as possible. 

Reliability

The third pillar is Reliability, which includes the ability for your software products and systems to react and recover from unforeseen operational disruptions.

To ensure your systems are reliable, SFTP Gateway for AWS has to have maximum reliability itself. 

First, the product allows you to create backups and recover them in the case of cloud outages, accidental instance deletion, or other unforeseen events. You can install a Python script on your SFTP Gateway for AWS instance that backs up the following data to a single, flat YAML file (and later gets compressed as a tar.gz file):

  • User properties
  • User passwords/keys
  • Global SFTP Gateway properties

You can also configure the product for high availability. 

The product’s CloudFormation template enables HA by automatically deploying the necessary resources in one cohesive stack, making it easy to see all the resources involved and remove these from your account if necessary. 

The core HA resources include:

  1. EC2 instances that are provisioned in an Autoscaling Group that spans two Availability Zones. 
  2. A Network Load Balancer that provides a single endpoint and routes SFTP traffic to all of the EC2 instances. 
  3. A common Elastic File System that is configured and mounted to the servers to ensure data is not lost if a server fails. 

The CloudFormation template is freely available and can be customized for your needs.

SFTP Gateway for AWS’ High Availability Architecture

You can also easily set up disk utilization monitoring to ensure your EC2 instance has enough disk space for SFTP Gateway for AWS to function properly. This process allows you to install the Amazon CloudWatch Monitoring Scripts for Linux and send disk utilization metrics to CloudWatch. From here, you can create a dashboard to track your storage patterns or create an alarm to send an SNS text message if you start running out of space.

Or you can use Elastic File System (EFS), which automatically expands to fit however much data you upload, instead of EC2.

Performance Efficiency

The Performance Efficiency pillar focuses on the efficient utilization of resources to meet system requirements, and the maintenance of this efficiency as demand and technologies change.

SFTP Gateway for AWS was designed to be as efficient as possible so your systems don’t use more resources than necessary. There are specific features that highlight this. 

First, you can enable multi-threaded capabilities for your instance. You can configure the number of worker threads you need to maintain the highest and most efficient level of performance. 

The product includes a task spooler that queues upload actions in memory so your instance can better handle bursts of traffic. 

You can also create a swap partition that gives you a soft memory ceiling so Linux doesn’t start terminating processes when you run out of RAM. 

We’re also working to increase efficiency by finding ways to remove the AWS CLI from the product. While the AWS CLI helps to reliably transfer files to S3, it uses several hundred megabytes of RAM. So we’re exploring solutions that limit the number of AWS CLIs that are executed simultaneously yet can transfer many files reliably.

Cost Optimization

The final pillar of the AWS Well-Architected Framework is cost optimization, which highlights the ability to avoid or eliminate unnecessary costs and resources. 

As a small business, we understand the importance of keeping costs down, and we’ve built SFTP Gateway for AWS with this in mind. 

First of all, the pricing of SFTP Gateway for AWS reflects our desire to cut costs for you so you can do the same for your customers. 

The hourly cost of using SFTP Gateway for AWS is only $0.06. Also, you can turn your server on and off as needed while still maintaining your data and aren’t charged when it’s off. We also have an annual payment plan that allows you to save 9% per year over the hourly option.

Hourly or annual pricing options give you flexibility to keep costs down.

You can also further reduce the cost of using SFTP Gateway for AWS. Recommendations include purchasing a reserved EC2 instance, utilizing S3 lifecycle policies, turning on Instance Scheduler, and more. 

As we continue to improve our product, we’ll always look for ways to save you money so your customers can save as well.

Conclusion

We strive to build software that conforms to the pillars of the AWS Well-Architected Framework.

More importantly, we build software that helps you adhere to the framework so you can best serve your customers.

Our goal with SFTP Gateway for AWS is for you to easily launch and integrate the product into your existing systems with minimal disruption. This allows you to focus on meeting your customers’ needs with maximum operational excellence, reliability, security, and efficiency at an optimal cost.

Like this post? It likes you too. 🙂 Please share it using the share buttons to the left. Then join our mailing list below, follow us on Twitter @thorntech, and join our Facebook page for future updates.