Transfer Family web apps - AWS Transfer Family

Transfer Family web apps

You can create web apps to enable a simple interface for transferring data to and from Amazon Simple Storage Service (S3) over a web browser. This does not require you to create or provision AWS Transfer Family servers.

Before the introduction of Transfer Family web apps, end users needed to use a client, custom-built, or a third-party solution to access their data in Amazon S3. This was due to stringent security requirements for customers and partners, and because clients apps are challenging for non-technical users to operate.

With the launch of web apps, you can now extend a branded, secure, and highly available portal for your end users to browse, upload, and download data in Amazon S3. Web apps are natively integrated with AWS IAM Identity Center and Amazon S3 Access Grants. This means that only your authenticated users can view the data that they’re authorized to access. Web apps are built using Storage Browser for Amazon S3 and offer the same end user functionalities in a fully managed offering without having to write code or host your own application.

For more information about the other AWS services that you use with Transfer Family web apps, see the following documentation:

AWS Regions for web apps

The following regions currently support Transfer Family web apps.

Region name Region
US East (Ohio) us-east-2
US East (N. Virginia) us-east-1
US West (Oregon) us-west-2
Asia Pacific (Singapore) ap-southeast-1
Asia Pacific (Sydney) ap-southeast-2
Asia Pacific (Tokyo) ap-northeast-1
Europe (Frankfurt) eu-central-1
Europe (Ireland) eu-west-1
Europe (Stockholm) eu-north-1

Browser compatibility for AWS Transfer Family web apps

Transfer Family web apps support the following browsers.

Browser Version Compatibility
Microsoft Edge Latest 3 versions Compatible
Mozilla Firefox Latest 3 versions Compatible
Google Chrome Latest 3 versions Compatible
Apple Safari Latest 3 versions Compatible

How to create a Transfer Family web app

The following diagram illustrates the Transfer Family web app architecture.

Architecture diagram showing the AWS services that interact with Transfer Family web apps.

Based on the diagram, you can see that Transfer Family web apps interact with the following AWS services:

  • Amazon S3 for storage and Amazon S3 Access Grants to acquire session credentials.

  • AWS IAM Identity Center as the federated identity provider.

  • Amazon CloudFront if you configure a custom URL for your web app.

Note the following limitations when using web apps.

  • Maximum number of search results per query: 10,000

  • Maximum search breadth per query: 10,000 searched files

  • Maximum upload size per file: 160 GB (149 GiB)

  • Maximum size file for copying: 5.36 GB (5 GiB)

  • Folder names starting or ending with dots (.) are not supported

Prerequisites

In AWS Identity and Access Management, configure the necessary roles. Paste in the code blocks that we provide in the instructions. For information about configuring the necessary roles, see Configure IAM roles.

  • Create a identity bearer role.

  • Create an IAM role to be used by S3 Access Grants. S3 Access Grants assumes this IAM role to vend temporary credentials to the grantee for the registered Amazon S3 location.

To create your web app and get your end users up and running, you perform the following tasks:

  1. Configure IAM Identity Center to act as your federated identity provider. Perform the following tasks in IAM Identity Center. For more details about configuring IAM Identity Center, see Configure your identity provider.

    1. Create an IAM Identity Center instance, if you don't already have one.

    2. Determine your identity source. It can be the default IAM Identity Center directory or a third-party provider (for example Okta).

    3. Create or identify the users or groups that will be using your web app.

    4. If you are using the IAM Identity Center directory for your identity source, note the user or group IDs that you create. You need them later when you create an access grant by using S3 Access Grants.

  2. In Amazon S3, configure Amazon S3 Access Grants. For more information about S3 Access Grants, see Configure Amazon S3 Access Grants.

    • Create an S3 Access Grants instance if you don't already have one in that AWS Region.

    • Register your location using the IAM role.

    • Create the access grant.

  3. In Transfer Family, perform the following tasks.

    1. Create the Transfer Family web app. For more information about how to create the Transfer Family web app, see Configure a Transfer Family web app.

      Important

      Set up Cross-origin resource sharing (CORS) for all Amazon S3 buckets that are used by your web app. For information about setting up CORS, see Set up Cross-origin resource sharing (CORS) for your bucket.

    2. Assign users or groups to the web app. For more information about how to assign users and groups, see Assign or add users or groups to your Transfer Family web app.

    3. (Optional) Update the access endpoint for your web app with a custom URL. For information about creating a custom URL, see Update your access endpoint with a custom URL.

    4. Provide your end users with the access endpoint URL so that they can log in and interact with your web app.