AWS Certified Solutions Architect – Associate (SAA-C03) — Question 792

A company has an on-premises SFTP file transfer solution. The company is migrating to the AWS Cloud to scale the file transfer solution and to optimize costs by using Amazon S3. The company's employees will use their credentials for the on-premises Microsoft Active Directory (AD) to access the new solution. The company wants to keep the current authentication and file access mechanisms.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Configure an S3 File Gateway. Create SMB file shares on the file gateway that use the existing Active Directory to authenticate.
• B. Configure an Auto Scaling group with Amazon EC2 instances to run an SFTP solution. Configure the group to scale up at 60% CPU utilization.
• C. Create an AWS Transfer Family server with SFTP endpoints. Choose the AWS Directory Service option as the identity provider. Use AD Connector to connect the on-premises Active Directory.
• D. Create an AWS Transfer Family SFTP endpoint. Configure the endpoint to use the AWS Directory Service option as the identity provider to connect to the existing Active Directory.

Correct answer: C

Explanation

AWS Transfer Family is a fully managed service that allows for seamless SFTP transfers directly into Amazon S3 with minimal operational overhead. To authenticate users using an on-premises Microsoft Active Directory, AWS Transfer Family utilizes AWS Directory Service integrated with an AD Connector, which securely proxies authentication requests to the on-premises domain controllers. Option D is incorrect because AWS Directory Service cannot natively connect to an on-premises Active Directory without a directory gateway like AD Connector.