Applicability Statement 2 (AS2) is an RFC-defined file-transmission specification that includes strong message protection and verification mechanisms. The AS2 protocol is critical to workflows with compliance requirements that rely on having data protection and security features built into the protocol.
Note
AS2 for Transfer Family is Drummond certified
Customers in industries such as retail, life sciences, manufacturing, financial services, and utilities that rely on AS2 for supply chain, logistics, and payments workflows can use AWS Transfer Family AS2 endpoints to securely transact with their business partners. The transacted data is natively accessible in AWS for processing, analysis, and machine learning. This data is also available for integrations with enterprise resource planning (ERP) and customer relationship management (CRM) systems that run on AWS. With AS2, customers can run their business-to-business (B2B) transactions at scale in AWS while maintaining existing business partner integrations and compliance.
If you are a Transfer Family customer who wants to exchange files with a partner who has an AS2-enabled server, the setup involves generating one public-private key pair for encryption and another for signing and exchanging the public keys with the partner.
Transfer Family provides a workshop that you can attend, in which you can
configure a Transfer Family endpoint with AS2 enabled, and a Transfer Family AS2 connector.
You can view the details for this workshop
here
Protecting an AS2 payload in transit typically involves the use of Cryptographic Message Syntax (CMS) and commonly uses encryption and a digital signature to provide data protection and peer authentication. A signed Message Disposition Notice (MDN) response payload provides verification (non-repudiation) that a message was received and successfully decrypted.
Transport of these CMS payloads and MDN responses occurs over HTTP.
Note
HTTPS AS2 server endpoints are not currently supported. TLS termination is currently the responsibility of the customer.
For a detailed, step-by-step walkthrough of setting up an Applicability Statement 2 (AS2) configuration, see the tutorial, Setting up an AS2 configuration.
The user guide provides instructions for each step in the process of configuring AS2 in Transfer Family.
AS2 use cases
If you are an AWS Transfer Family customer who wants to exchange files with a partner who has an AS2-enabled server, the most complex part of the setup involves generating one public-private key pair for encryption and another for signing and exchanging the public keys with the partner.

Consider the following variations for using AWS Transfer Family with AS2.
Note
Trading partner is the partner associated with that partner profile.
All mentions of MDN in the following table assume signed MDNs.
Inbound-only use cases
|
Outbound-only use cases
|
Inbound and outbound use cases
|