This document describes data we retain while performing transfers for Storage Transfer Service and Transfer service for on-premises data. This data is necessary to complete transfers on your behalf, but isn't directly related to the data you're transferring.
User credentials
To complete a transfer job, you'll supply us with user credentials that we use
to complete transfer jobs on your behalf. We encrypt and retain the user
credentials for as long as a
TransferJob
exists. We delete the user credentials provided when the associated
TransferJob
is deleted.
The following account types are examples of user credentials we'll retain for
the duration of a TransferJob
to complete work on your behalf:
- Amazon S3
- Microsoft Azure Storage
When using federated identity to authenticate to Amazon S3, AWS provides temporary credentials to Storage Transfer Service. Temporary credentials expire after a set period of time, after which they can not be used to access your S3 resources. See Temporary security credentials in IAM for more details.