How to Upload Files Using Amazon S3

This feature is only available on FileZilla Pro, if you didn’t buy it yet you can buy FileZilla Pro from our Store.

Below you find a step by step guide, if you prefer you can watch our How to Upload Files Using Amazon S3 video tutorial.

What you’ll need to upload files to Amazon S3.

Create a user and get a secret access key for FileZilla Pro

  1. Go to the IAM dashboard at
  2. Select Users from the menu on the left.
  3. Click on Add User.
  4. Enter a user name.
  5. Tick the Programmatic access checkbox.
  6. Click on Next: Permissions.
  7. Click on Attach existing policies directly.
  8. Enter S3 in the policy search field and press ENTER on your keyboard.
  9. Tick the AmazonS3FullAccess policy.
  10. Click on Next: Tags.
  11. Click on Next: Review
  12. Check that you’ve assigned the AmazonS3FullAccess policy
  13. Click on Create User.

  14. Without closing this browser window – you’ll need the access key information – open FileZilla Pro.

How to Configure FileZilla Pro to connect to S3:

  1. In the menu bar, click on File > Site Manager….
  2. Click on New Site.
  3. Select S3 – Amazon Simple Storage Service from the Protocol drop-down list.
  4. In the Host field enter the initial region endpoint. If unsure leave it as is.
  5. Leave port as-is.
  6. Copy the Access Key ID from the browser window you just left and paste it into the
    Access key ID field in the Site Manager.
  7. In the browser window again, click on Show.
  8. Copy the Secret access key and paste it into the Secret Access Key field in the Site Manager.
  9. Credentials that do not have permission to list available bucket need to directly specify
    the target bucket as default remote directory in the Advanced tab.
  10. Click on Connect.

Your file storage buckets will be displayed in the Remote directories section of the FileZilla Pro window.

Server-Side Encryption

With Server-Side Encryption Amazon S3 encrypts your files as they are uploaded and decrypts
on download.

To configure FileZilla Pro to use Amazon S3 Server-Side Encryption:

  1. In Site Manager edit your S3 entry.
  2. In the S3 tab select the encryption type:
    • No encryption
    • AWS S3 encryption: use Amazon S3 managed keys.
    • AWS KMS encrytion: use Amazon S3 keys stored in AWS Key Management
      Service (KMS). Select the master key:
      • Default (AWS/S3): for the AWS managed key.
      • Custom KMS ARN: for a customer managed key. Enter the ARN (Amazon
        Resource Name) for the key in the Custom KMS ARN box.

    • Customer encryption: use the key specified in the Custom key box. You can specify a Base64 encoded key by prefixing it with base64:

Amazon STS

You can access S3 resources that belong to another user by using temporary credentials provided by the AWS Security Token Service. This is done by assuming a role created by the granting user.

  1. In Site Manager edit your S3 entry.
  2. In the S3 tab enter:
    • Role ARN (Amazon Resource Name): this identifies the role created by the granting
      user. Your user will assume this role.
    • MFA Device Serial: your MFA (Multi-factor authentication) device identification if the
      role trust policy requires multi-factor authentication. This can be either a serial for a
      physical device or a registered ARN for a virtual device (eg an authentication app in your smartphone).

    When connecting and if the MFA device serial is configured you will be asked to provide
    the token code generated by the MFA device:

Connecting with AWS IAM Identity Center (formerly AWS Single Sign-On)

AWS Identity Center provides access to resources without the need for access keys or secret keys.

To connect using the IAM Identity Center:

  1. Create a new site in the Site Manager.
  2. Select S3 via IAM Identity Center from the Protocol drop-down list.
  3. In the Logon type drop down list, choose either Interactive or Profile
  4. With Interactive type:
    Enter the AWS account ID in the Account ID field.

    In the S3 tab, S3 via IAM Identity Center section, enter:

    • Region: the AWS Region that contains the AWS access portal host. This field can be different from the Region field in the same tab.
    • Role name: the role or permission set name.
    • Start URL: the URL for the AWS access portal

  5. With Profile, enter a configured profile name. See How to use AWS config and credentials files to connect. The required profile fields are:sso_account_id,sso_region,sso_role_name and sso_start_url
  6. Click on Connect.
  7. FileZilla Pro shows the AWS Identity Center window, with a unique session code:

    and launches the default browser.

  8. In the browser, IAM prompts you to login using your IAM credentials. You may need to enter the session code presented in the AWS Identity Center window.
  9. Upon logging in, it is necessary to authorize the request.

  10. Click Allow to grant access to FileZilla Pro.
  11. Upon successful completion, the AWS Identity Center window will automatically close.

For more information, visit

The video tutorial below shows how to upload files to Amazon S3 with FileZilla Pro.

Video tutorial: FileZilla Pro Connect to Amazon S3 Cloud Storage

Tags: , , , , ,