Introducing the web apps for the AWS Transfer Family, which offer fully managed file transfer S3.
AWS Transfer Family web apps
A straightforward online interface that lets your end users move data into and out of Amazon S3
Why Use Web Apps for Transfer Family?
File transfer to S3
Secure file transfers to and from Amazon S3 are made possible by AWS Transfer Family web apps, which provide a fully managed, no-code browser-based experience. While preserving security, dependability, and compliance, AWS Transfer Family web apps let your authorized users carry out necessary file actions, such as listing, uploading, downloading, and deleting.
Advantages
No code, easy-to-use interface
With just a few clicks, you can launch your AWS Transfer Family web application and create a shared link to an intuitive web interface that enables workforce users who are not technically inclined or familiar with AWS to move data in Amazon S3.
Compliance and security
Maintain data integrity and achieve compliance goals by obtaining the necessary certifications, such as PCI and HIPAA eligibility.
Adaptable
Make changes to the default experience so that your web application represents your business.
Pay-per-use pricing
There are no upfront fees; you only pay for the web app units.
Use cases
Increase data access in Amazon S3
Increase the number of business users who may access your mission-critical data in order to maximize its value.
Centralized administration of data access
Using AWS IAM Identity Centre, securely exchange Amazon S3 data with partner and workforce identities that are managed in your business directory.
Engage with Access Grants for Amazon S3
Quickly launch a managed web application on AWS that lets you see your S3 access grants.
Introduction of AWS Transfer Family web apps for controlled Amazon file transfer S3
AWS is introduced the newest AWS Transfer Family resource: AWS Transfer Family web apps. Authenticated users can list, upload, download, copy, and remove files in designated Amazon Simple Storage Service (Amazon S3) buckets using a fully managed, no-code web application. Without the need for desktop clients, scripts, fading instructions on sticky notes, or local IT assistance, non-developer, line-of-business users both within and outside of your company can effortlessly share file data.
You have complete control over permissions, access, and authentication as the web app administrator. You can even add a favicon and a page title to personalize the application.
You are able to sort by clicking columns, download files by clicking files, and open folders by clicking folders. Other choices are available through the vertical ellipses menu:
Each web application uses multipart uploads for large files and allows files up to 160 GiB in size to be uploaded and downloaded. TLS-protected HTTPS connections are used to transfer files, and a CRC32 end-to-end integrity check and automated retries are used.
Everything about the AWS Transfer Family web app
Security: Because AWS Transfer Family web apps make use of AWS IAM Identity Centre, you can use the integrated Identity Store or your current SAML or OIDC identity provider. In either case, you have complete, fine-grained control over who may see, download, upload, and remove files as well as create folders using S3 Access Grants. AWS Transfer Family’s compliance with SOC, PCI DSS, FedRAMP, HIPAA, and other regulations can also help your company.
Customization: You can add a favicon and a page title to each Transfer Family web application. The web application can also be hosted at a custom domain name with HTTPS access and a public certificate by placing an Amazon CloudFront distribution in front of it.
Web apps from the Transfer Family are hosted on AWS, which makes them extremely available and scalable. Every file is kept in a specific S3 bucket, which is incredibly durable (99.999999999%). S3 capabilities like S3 Versioning, S3 server access logging, S3 Event Notifications, and more are available for you to utilize. Amazon EventBridge can also be used to plan intricate post-upload processes.
Making a Transfer Family web app
Let’s walk over how to make a web application for Transfer Family. Since every web application is located in a distinct AWS Region, you may launch the AWS Transfer Family console, pick the Region you want to use (in this case, us-east-2), and then click on Web apps on the left:
Then select “Create web app” to continue:
Create or select an IAM service role (details) that permits the Transfer Family web application to use S3 and S3 use Grants after logging in to my IAM Identity Centre if required:
After setting the maximum number of concurrent web app users and adding a Name tag, click Next:
Now create your web application, selecting the optional logo and page title before clicking Next:
You check your preferences on the following page and click Create to proceed:
And although you still need to configure users and permissions, your web application is finished and nearly ready for use:
Copy and preserve the Access endpoint. You will use it in the CORS policy created for the bucket connected to the web application.
Configuring Users and Permissions
You build an IAM custom trust policy that grants the required read and write permissions to the S3 bucket or buckets that the web application will be able to access (details). You will be creating an S3 Access Grant in a moment that will refer to this policy:
In IAM Identity Centre, immediately create the first set of users and groups (you can add more later):
Next construct an S3 Access Grant and an S3 bucket in the same region as the web application. A specified scope (a bucket or a prefixed portion of a bucket) can be read and/or written to by a certain IAM Identity Centre identity (a person or a group) with each S3 Access Grant:
For the web app to be able to access the bucket from the browser, you also need to add a CORS policy (details) to it:
Assigning users to the new web application is the last phase. You go back to your app on the AWS Transfer Family Web apps page, then select Assign users and groups:
You can choose current users or add new ones to your directory.
you will begin by adding yourself.
After being assigned, You can give the user access to the Access endpoint (as seen above), and they (in this example, myself) may log in to the web application:
By default, the Access endpoint and the Web application endpoint are identical. The URL of the endpoint will be reflected in the Access endpoint if you have configured a CloudFront distribution for your web application.
There are numerous methods to manage read and write access at both the individual and group levels, as you have already noticed. Before you set up your production web application, make sure you thoroughly examine and comprehend each of these options!
Important Information
A few things regarding S3 Transfer Family web apps are as follows:
Regions: AWS has nine regions in which web apps can be developed.
Cost: The cost is per web application per hour.
API and CLI: Construct-web-app, describe-web-app, and other AWS Transfer Family operations allow you to programmatically construct and maintain web applications.
Storage Browser for Amazon S3 is used in the development of Transfer Family web apps, which provide the same end-user features in a fully managed package.
Getting Started: The Transfer Family console is where you can begin using Transfer Family web apps.
