Organizations needing secure file transfer can now skip managing SFTP servers. A new AWS architecture uses AWS Transfer Family as a managed SFTP endpoint, with Amazon Cognito handling user authentication. A custom AWS Lambda function acts as an identity provider, supporting both password and SSH key methods, while Amazon S3 stores data and public keys securely.

The solution automates the entire user lifecycle. Amazon EventBridge triggers Lambda functions based on Cognito events like AdminCreateUser, automatically provisioning user directories in S3 buckets. Security follows a least-privilege model, granting each session a temporary IAM role limited to its own S3 prefix, ensuring strong user isolation without manual key management.

This approach eliminates traditional SFTP server administration. Teams gain a fully managed, scalable file transfer service with built-in audit trails via CloudTrail. The architecture demonstrates how AWS's native serverless services can combine to deliver a production-ready SFTP solution that prioritizes security and operational simplicity over infrastructure overhead.