AWS re:Invent 2025 - Private and secure web browser-based access to your data in S3 (STG220)

AWS re:Invent 2025 - Private and Secure Web Browser-Based Access to Data in S3

Overview of AWS Transfer Family Web Apps

• AWS Transfer Family is a managed service that provides file transfer capabilities, including SFTP, FTPS, and FTP.
• The key features of AWS Transfer Family Web Apps include:
  • Allows non-technical users to access data stored in Amazon S3 through a simple web browser interface.
  • Provides a customizable, white-labeled web application that can be branded with a company's logo and URL.
  • Integrates with identity providers like Active Directory, Okta, and Azure AD for secure authentication and access control.
  • Enables flexible access control, with options for read-only, read-write, and custom permissions.
  • Supports common file management operations like browsing, uploading, downloading, and moving files.
  • Allows for event-driven data workflows, where new files uploaded to S3 can trigger downstream processing.

Addressing the Need for Secure, Browser-Based Access to S3 Data

• Many customers have large amounts of data stored in Amazon S3, but need a simple way for non-technical users to access and interact with this data.
• Traditional solutions like the S3 console may not be suitable for non-technical users, and building custom web applications can be costly and time-consuming.
• AWS Transfer Family Web Apps aims to provide a secure, easy-to-use solution that allows organizations to grant browser-based access to their S3 data without the need for custom development.

Demonstration of the Web App User Experience

• The presentation includes a live demo of the AWS Transfer Family Web App interface, showcasing the following capabilities:
  • Secure login using corporate credentials integrated with an identity provider.
  • Browsing the directory structure of the S3 bucket and navigating to specific folders.
  • Uploading, downloading, and moving files directly within the web interface.
  • Searching for files based on keywords.
  • Creating new folders within the S3 bucket.
  • Customizing the branding and appearance of the web app.

New Feature: VPC Endpoint for Web Apps

• AWS has recently launched a new feature that allows customers to deploy the Transfer Family Web App within a Virtual Private Cloud (VPC).
• This VPC endpoint option provides an additional layer of security, allowing organizations to restrict access to the web app to only users within their internal network (e.g., connected via VPN or Direct Connect).
• The VPC endpoint option maintains the same end-user experience as the publicly accessible web app, but with the added security of keeping the application isolated within the customer's VPC.

Getting Started and Additional Resources

• AWS provides a workshop and getting started videos to help customers set up and configure the Transfer Family Web App.
• Integration with popular identity providers like Okta is also covered in dedicated resources.
• Customers can find additional information, including customer references and documentation, on the main AWS Transfer Family webpage.

Key Takeaways

• AWS Transfer Family Web Apps provide a simple, secure, and customizable solution for granting non-technical users browser-based access to data stored in Amazon S3.
• The service integrates with identity providers for authentication and access control, enabling flexible permissions management.
• The new VPC endpoint feature allows organizations to further restrict access to the web app, keeping it isolated within their own private network.
• AWS provides a range of resources to help customers get started and integrate the Transfer Family Web App into their workflows.