AWS Transfer Family now supports VPC endpoint policies and FIPS VPC endpoints

AWS Transfer Family Updates

AWS Transfer Family now supports Virtual Private Cloud (VPC) endpoint policies for your VPC endpoints. This feature allows administrators to attach an endpoint policy to an interface VPC endpoint, enabling granular access control over Transfer Family APIs for improved data protection and security posture. Additionally, Transfer Family now supports Federal Information Processing Standards (FIPS) 140-3 enabled VPC endpoints.

Previously, customers had full access to Transfer Family APIs through an interface VPC endpoint, powered by AWS PrivateLink. With this launch, you can now manage which Transfer Family API actions (CreateServer, StartServer, DeleteServer, etc) can be performed, which principals can perform them, and which resources they can act upon. These policies work with existing IAM user and role policies and organizational service control policies.

What to do

• Attach an endpoint policy to your interface VPC endpoint for granular access control over Transfer Family APIs.
• Manage which Transfer Family API actions can be performed, which principals can perform them, and which resources they can act upon.
• Ensure your policies work with existing IAM user and role policies and organizational service control policies.

Source: AWS release notes