AWS Transfer Service

We use AWS Transfer Service to receive data via SFTP. AWS Transfer Service uses both S3 and Key Management Service (KMS), which allow us to seamlessly ingest data transferred through SFTP into the Simon platform.

We store files transferred using AWS Transfer Service in your shared S3 bucket. That means:

  • You have access to all files transferred to us via SFTP.
  • The files are encrypted using the KMS key generated when creating your shared bucket.


What is AWS KMS?

AWS Key Management Service provides centralized control of encryption keys. Customer master keys (CMKs) are used to control access to data encryption keys that encrypt and decrypt data.

AWS KMS is designed so that no one, including AWS employees, can retrieve your plaintext keys from the service. The service uses FIPS 140-2 validated hardware security modules (HSMs) to protect the confidentiality and integrity of your keys. Plaintext keys are never written to disk and only ever used in volatile memory of the HSMs for the time needed to perform your requested cryptographic operation. Keys created by KMS are never transmitted outside of the AWS region in which they were created and can only be used in the region in which they were created.

File and Data Format

See S3 Data Ingestion for information on the required file and data formats and learn more about providing data via batch loads compared to incremental loads.

Initial Setup

After you request to use SFTP as an ingestion strategy, we create your SFTP user and provide:

  • The associated username
  • Our server's hostname

AWS Transfer Service uses SSH keys to authenticate users. In order to successfully connect to the server, generate a pair of SSH keys and send us the public key to associate with your user. Documentation on generating SSH keys can be found here.

  • Keys must be generated in ssh-rsa format
  • Keys must not be generated with a password
  • Generate new, unique keys for each client/customer/user


Only send us your public key.

Keep your private key in a secure location.


Once we associate your public key with your user, you can begin testing. We recommend using a client such as FileZilla to test SFTP transfers.

To connect to the server, select:

Field TypeEnter
transfer typeSSH File Transfer Protocol
usernameyour username
passwordyour private key (see initial setup)

SSH File Transfer Protocol as the transfer type, enter our hostname and your username, and upload your private key in lieu of providing a password.

Once connected, you can upload a series of test files to test the connection. Try downloading the files using your S3 credentials to confirm the files made it into S3.