How to Configure FileZilla Pro to Connect to S3

41621 November 1, 2022

This feature is only available on FileZilla Pro, if you didn’t buy it yet you can buy FileZilla Pro from our Store →

Below you find a step by step guide, if you prefer you can watch our How to Configure FileZilla Pro to Connect to S3 video tutorial.

In order to connect to S3 follow the following steps.

  1. In the menu bar, click on File > Site Manager….

  2. Click on New Site.

  3. Select S3 – Amazon Simple Storage Service from the Protocol drop-down list.

  4. In the Host field enter the initial region endpoint. If unsure leave it as is.

  5. Leave port as-is.

  6. Copy the Access Key ID from the browser window you just left and paste it into the
    Access key ID field in the Site Manager.

  7. In the browser window again, click on Show.
    8. Back to Top

  8. Copy the Secret access key and paste it into the Secret Access Key field in the Site Manager.
    9. Back to Top

  9. Credentials that do not have permission to list available bucket need to directly specify
    the target bucket as default remote directory in the Advanced tab.

  10. Click on Connect.

Your file storage buckets will be displayed in the Remote directories section of the FileZilla Pro window.

Back to Top

Server-Side Encryption

With Server-Side Encryption Amazon S3 encrypts your files as they are uploaded and decrypts
on download.

To configure FileZilla Pro to use Amazon S3 Server-Side Encryption:

  1. In Site Manager edit your S3 entry.

  2. In the S3 tab select the encryption type:

    • No encryption

    • AWS S3 encryption: use Amazon S3 managed keys.

    • AWS KMS encrytion: use Amazon S3 keys stored in AWS Key Management
      Service (KMS). Select the master key:

      • Default (AWS/S3): for the AWS managed key.

      • Custom KMS ARN: for a customer managed key. Enter the ARN (Amazon
        Resource Name) for the key in the Custom KMS ARN box.

    • Customer encryption: use the key specified in the Custom key box. You can specify a Base64 encoded key by prefixing it with base64:
      • Back to Top

Back to Top

Amazon STS

You can access S3 resources that belong to another user by using temporary credentials provided by the AWS Security Token Service. This is done by assuming a role created by the granting user.

  1. In Site Manager edit your S3 entry.

  2. In the S3 tab enter:

    • Role ARN (Amazon Resource Name): this identifies the role created by the granting
      user. Your user will assume this role.

    • MFA Device Serial: your MFA (Multi-factor authentication) device identification if the
      role trust policy requires multi-factor authentication. This can be either a serial for a
      physical device or a registered ARN for a virtual device (eg an authentication app in your smartphone).
      • Back to Top

    When connecting and if the MFA device serial is configured you will be asked to provide
    the token code generated by the MFA device:

Back to Top

How to use AWS config and credentials files to connect

FileZilla Pro can also connect using the credentials and settings from the .aws/config and
.aws/credentials files.

  1. Create or edit a S3 connection.

  2. In the Logon type drop down list choose Profile.

  3. In the Profile field enter the configured profile name.
Back to Top

For the default profile enter: default
FileZilla Pro supports the following settings:

  • aws_access_key_id
  • aws_secret_access_key
  • region
  • source_profile
  • role_arn
  • role_session_name
  • mfa_serial
  • duration_seconds
  • aws_session_token

If a setting exists both in credentials and config files for the same profile the settings from the credentials file are used. If any of the settings region, role_arn and mfa_serial exist both in the Site Manager S3 tab and in the files, the settings from the files are used.

FileZilla Pro looks for the AWS_CONFIG_FILE environment variable to locate the config file. Also, it looks for the AWS_SHARED_CREDENTIALS_FILE environment variable to locate the credentials file.

If any of these environment variables are empty, FileZilla Pro looks for the file in the .aws directory in the user’s (or home) directory. On Debian and macOS the user’s directory can be found with the $HOME environment variable. On Windows the user’s directory can be found with the %USERPROFILE% environment variable.

When purchased from the macOS App Store, the app’s home directory can be found at ~/Library/
Containers/org.filezilla-project.filezilla.sandbox/Data/

In this case you may need to create a symbolic link to the ~/.aws directory in the FileZilla Pro’s container. From macOS terminal run the following command:

ln -s ~/.aws ~/Library/Containers/org.filezilla-project.filezilla.sandbox/Data/.aws

You also need to grant to FileZilla Pro access to the .aws directory through the access permissions
dialog. To learn how to do that see: Local files not displayed.

For more details about these files consult the AWS documentation.

The video tutorial below shows how to connect to Amazon S3 with FileZilla Pro.

Back to Top

Video tutorial: FileZilla Pro Connect to Amazon S3 Cloud Storage

The video tutorial below shows how to use AWS config and credentials files to connect with FileZilla Pro.

Video tutorial: How to Use AWS Config and Credentials Files with FileZilla Pro

Back to Top

Tags: , , , , , ,