If you need sftp, and it looks like a lot of integrations still require this, create an S3 backed sftp instance (LaunchConfiguration/AutoScaling Group) using s3fs.

It is super simple and makes your sftp server ephemeral as all sftp data is securely stored in S3.

Install (Fn:Sub… omitted):

Configure (Fn:Sub… omitted):

Fn::Sub vs. Fn::Join

Use them adequately to keep your scripts readable. Both can do the same, most of the cases Fn::Sub will allow for much better readability and long term manageability.

