Read and write files directly to S3, using the SFTP protocol
Configure folder permissions with read-only, read/write, or write-only
Map an SFTP user's chroot directory to an S3 bucket and path
Folder mapping lets you configure a common scenario where an internal SFTP user has read/write access to
external SFTP users' data, while external users cannot see each other's data
SFTP accounts
Authenticate SFTP users with passwords or SSH keys
Supports multiple SSH keys per SFTP user
Adds password complexity requirements
Adds disabled flag for SFTP users
Configures IP whitelisting at the user level
Web administration
Supports multiple web admin accounts
Simplifies first-time setup, which can be done entirely from the web admin UI (no command line required)
Imports users and settings from SFTP Gateway 2.x via a migration process
Security
Has undergone an independent third-party security audit
Separates SSH and SFTP onto different ports by default
Enables audit logging to track SFTP actions
Mirrors log files into CloudWatch
CloudFormation template encrypts EBS volumes by default, for encryption at rest
Use EC2 instance profile IAM permissions to access S3, or configure IAM user credentials for each S3 bucket cloud connection
Performance and maintenance
Improves performance and scalability through the use of the AWS SDK for Java
Uses Postgres instead of LDAP, for easier maintenance
Cost
Same pricing as SFTP Gateway 2.x, which is a software charge of 6 cents USD per EC2 instance hour