Deploying a Secure SFTP-to-S3 Pipeline Using AWS CDK

Infrastructure as Code using AWS CDK to deploy an SFTP server on EC2 integrated with S3 — combining automation, security, and scalability in a DevOps-friendly stack.

🧱 What It Does

This project provisions the following resources using AWS CDK (in Python):

• A VPC with public/private subnets
• An S3 bucket for file storage
• An IAM Role with access to S3
• An EC2 instance to run the SFTP server (SimpleSFTP)
• All necessary networking and security group settings

The goal is to demonstrate AWS CDK in a practical portfolio use case, combining two existing components:

• SimpleSFTP
• sftp2s3

📌 Also See: EKS + DNS + React + CDK Demo

🔗 eks-ec2-cdk-react-dns-demo:
A more advanced CDK portfolio demo — provisions an EKS cluster with EC2 nodes, deploys containerized apps, and configures DNS via Route 53.
Ideal for showcasing full-stack infrastructure skills alongside this SFTP pipeline.

🐳 Docker Image

The SFTP server used in this project is available as a public Docker image:

🔗 daviguides/simple-sftp on Docker Hub

This image is automatically pulled and started on the EC2 instance during provisioning via user_data.

🚀 Getting Started

Prerequisites

• Python 3.11+
• uv for dependency management (or use pip if preferred)
• AWS CLI configured and credentials available

Install dependencies

uv venv
source .venv/bin/activate
uv pip install -e .

Bootstrap and Deploy

cdk bootstrap
cdk deploy

🧩 Structure

.
├── README.md
├── pyproject.toml
├── app.py
├── cdk.json
└── sftp_stack/
    ├── __init__.py
    └── sftp_stack.py

📄 License

MIT License

🔗 Check out my full portfolio

📂 Explore more repositories on GitHub

📜 Read the Zero Trust Manifesto for Local Development

👨‍💼 Author

Built with ❤️ by Davi Luiz Guides