Guide

How to upload files to S3 via SFTP

Amazon S3 has no native SFTP, so you need a gateway in front of it. Here's how to set that up and then upload to your S3 bucket with the sftp CLI, WinSCP, or lftp.

You can’t point an SFTP client straight at Amazon S3: S3 speaks its own HTTP API, not SFTP. To upload to a bucket over SFTP you put a gateway in front of it that translates SFTP operations into S3 calls. Once that endpoint exists, uploading is exactly like any other SFTP target. Here’s the whole path.

Step 1, put an SFTP endpoint in front of your bucket

You have two routes:

  • A managed gateway (such as Firepipe): connect your existing S3 bucket with a scoped cross-account role, create a user, and you get a hostname plus credentials. Files land straight in your own bucket. See SFTP to S3.
  • Self-host an SFTP server with an S3 backend (for example SFTPGo) if you’d rather run the server yourself.

Either way you end up with a host, a username, and an SSH key or password.

Step 2, upload with the sftp CLI

The OpenSSH sftp client is on every Mac and Linux box (and Windows via OpenSSH):

sftp -i ~/.ssh/id_ed25519 [email protected]
# then, interactively:
put report.csv /incoming/report.csv
put -r ./exports /incoming/
bye

For a non-interactive one-liner, use a batch file with -b:

# upload.batch
put report.csv /incoming/report.csv
bye
sftp -i ~/.ssh/id_ed25519 -b upload.batch [email protected]

Step 3, or use a GUI / other clients

  • WinSCP (Windows): new session, file protocol SFTP, enter host/user, load your private key under Advanced → SSH → Authentication, then drag files across.
  • FileZilla: Site Manager → SFTP, host/user/key, drag to upload.
  • lftp (scriptable, parallel transfers):
lftp -u alice, -e "put report.csv -o /incoming/report.csv; bye" sftp://sftp.example.com

Where the files actually go

With a bring-your-own-bucket gateway, every put streams straight into your S3 bucket as an object at the matching key. There’s no second copy on the gateway, and the file is in your AWS account the moment the upload completes. A path-jailed user can only write inside its own prefix.

Good habits

  • Use SSH keys, not passwords, for anything automated.
  • Verify the host key on first connect (compare the fingerprint your provider gives you) so you’re not trusting a man-in-the-middle.
  • One credential per client or job, so you can revoke one without breaking the others.

To automate uploads on a schedule, see automate SFTP uploads with cron; to do it from code, see connect to SFTP using Python.

Try it on your own bucket

Connect a bucket you already own, Amazon S3, Azure Blob, Google Cloud Storage, or an S3-compatible store, and hand out a clean SFTP endpoint in minutes. Your files stay in your cloud.

Start free

← All guides