AWS Security ChangesHomeSearch

AWS managedservices documentation change

Service: managedservices · 2025-07-04 · Documentation low

File: managedservices/latest/onboardingguide/transfer-sftp.md

Summary

Updated SFTP role descriptions and added specific S3 bucket naming requirement

Security assessment

Changes include minor grammatical fixes ('Users' to 'users') and a new requirement for S3 bucket names to contain 'transfer'. While the bucket name requirement could help with resource organization, there's no explicit security justification provided in the diff.

Diff

diff --git a/managedservices/latest/onboardingguide/transfer-sftp.md b/managedservices/latest/onboardingguide/transfer-sftp.md
index 174b78add..0fdde6462 100644
--- a//managedservices/latest/onboardingguide/transfer-sftp.md
+++ b//managedservices/latest/onboardingguide/transfer-sftp.md
@@ -25 +25 @@ Request access to AWS Transfer for SFTP by submitting an RFC with the Management
-  * `customer_transfer_sftp_user_role`. This role is designed to be attached on the SFTP users. It allows the SFTP Users to interact with the S3 bucket.
+  * `customer_transfer_sftp_user_role`. This role is designed to be attached on the SFTP users. It allows the SFTP users to interact with the S3 bucket.
@@ -29 +29 @@ Request access to AWS Transfer for SFTP by submitting an RFC with the Management
-  * `customer_transfer_sftp_efs_user_role`. This role is designed to be attached on the SFTP users. It allows the SFTP Users to interact with the EFS file system.
+  * `customer_transfer_sftp_efs_user_role`. This role is designed to be attached on the SFTP users. It allows the SFTP users to interact with the EFS file system.
@@ -42 +42 @@ AWS Transfer for SFTP configuration is limited to resources without "AMS-" or "M
-  * You must have an S3 bucket before creating the AWS Transfer for SFTP server and users.
+  * You must have an Amazon S3 bucket with a name that contains the keyword "transfer" before creating the AWS Transfer for SFTP server and users.
@@ -44 +44 @@ AWS Transfer for SFTP configuration is limited to resources without "AMS-" or "M
-  * To use a "Customer Identify Provider," you must deploy the API Gateway, Lambda function, and your user repository (AD, Secrets Manager, and so on). For more information, see [ Enable password authentication for AWS Transfer for SFTP using AWS Secrets Manager](https://aws.amazon.com/blogs/storage/enable-password-authentication-for-aws-transfer-for-sftp-using-aws-secrets-manager/) and [Working with Identity Providers](https://docs.aws.amazon.com/transfer/latest/userguide/authenticating-users.html)
+  * To use a "Customer Identify Provider," you must deploy the API Gateway, Lambda function, and your user repository (AD, Secrets Manager, and so on). For more information, see [ Enable password authentication for AWS Transfer for SFTP using AWS Secrets Manager](https://aws.amazon.com/blogs/storage/enable-password-authentication-for-aws-transfer-for-sftp-using-aws-secrets-manager/) and [Working with Identity Providers](https://docs.aws.amazon.com/transfer/latest/userguide/authenticating-users.html).