AWS re:Invent 2025 - Modern SFTP: Deploy AWS Transfer Family, Identity, and Automation (STG419)

Modernizing Managed File Transfers with AWS Transfer Family, Malware Scanning, and Agentic AI

Overview

This presentation explored how to modernize managed file transfer (MFT) systems using a cloud-native architecture built on AWS services. The key components included:

• AWS Transfer Family for secure, scalable, and fully managed file transfer servers
• Malware scanning using Amazon GuardDuty to automatically detect and route malicious files
• Agentic AI workflows using Amazon Bedrock and the Strand SDK to automate file processing and analysis

The presenters walked through a detailed use case for modernizing a traditional insurance claims processing system, demonstrating how this architecture can be applied across various industries.

Managed File Transfers

• Managed file transfer is the secure exchange and processing of files between business partners or internal/external systems
• It is critical to many industries, used for clearing house settlements, supply chain tracking, data ingestion, and more
• Organizations need to modernize legacy MFT systems to reduce operational overhead

AWS Transfer Family

• Fully managed file transfer servers that support industry-standard protocols like SFTP, FTPS, and AS2
• Provides SFTP connectors as a managed SFTP client service
• Offers Transfer Family Web Apps for secure, user-friendly web-based file access
• Integrates with Amazon EventBridge for event-driven architectures

Malware Scanning with Amazon GuardDuty

• Automatically scans files landing in an S3 bucket and tags them as "clean" or "malicious"
• Uses an event-driven architecture with Amazon EventBridge and SQS to route files to the appropriate S3 buckets
• Provides optional dead-letter queues and SNS notifications for monitoring and investigation

Agentic AI Workflows

• Leverages Amazon Bedrock Agent Core and the open-source Strand SDK to build flexible, modular AI agents
• Demonstrated agents for entity extraction, validation, summarization, and database integration
• Agents are orchestrated by a supervisor agent using natural language prompts
• Eliminates manual processing steps and improves accuracy and consistency

Transfer Family Web Apps

• Provides a user-friendly, browser-based interface for accessing files in S3
• Integrates with AWS Identity Center for federated authentication
• Uses S3 Access Grants to easily configure user and group permissions
• Simplifies the deployment and management of the web app and permissions using Terraform modules

Key Takeaways

• AWS Transfer Family, GuardDuty, and Agentic AI can be combined to build a modern, scalable, and automated MFT solution
• The presenters' Terraform modules simplify the deployment and configuration of these services
• The architecture is flexible and can be applied to various industries beyond insurance claims processing
• Agentic AI workflows using natural language prompts can significantly reduce manual effort and improve accuracy
• Transfer Family Web Apps provide a user-friendly interface while leveraging the security and scalability of S3 and Identity Center