Assign an Elastic IP to an AWS Transfer SFTP

Question

I want to assign an elastic ip address to an AWS Transfer SFTP service because outbound SFTP connections have to be whitelisted for clients of mine. The FAQ for the "AWS Transfor for SFTP" service reads that you can assign a fixed IP address to a server:

you can enable fixed IPs by building on your SFTP server’s VPC endpoint. You can create an Network Load Balancer (NLB) with Elastic IP enabled, within your VPC, and specify your SFTP server’s VPC endpoint as its target. The associated Elastic IPs will give you one or more static IP addresses that will not change. These IPs can be used for firewall whitelisting purposes by your SFTP client users.

However, in the Network Load Balancer configuration I appear to only have the options of selecting targets that are EC2 instances or ip addresses. Is this actually possible to do?

Answer 1

To do this, I’d refer to this blog post on enabling Elastic IPs on the NLB fronting your AWS SFTP server’s VPC endpoint. Specifically, under the “IP address portability” section, refer to in Step 4, when you create the NLB, and configure routing, you will need to specify a Target type of “IP” and TCP port and register the targets for the load as the VPC endpoint’s IP addresses, which you can find in the Subnets tab for that endpoint in the VPC Console.

Answer 2

In addition to the blog post in the answer by John Kennedy, there was a more detailed guide posted in August 2019. The ip address I needed to specify was for the private ip address for the VPC endpoint's subnets. Following these instructions I was up and running.