This document describes data we retain while performing transfers for Storage Transfer Service and Transfer service for on-premises data. This data is necessary to complete transfers on your behalf, but isn't directly related to the data you're transferring.
To complete a transfer job, you'll supply us with user credentials that we use
to complete transfer jobs on your behalf. We encrypt and retain the user
credentials for as long as a
exists. We delete the user credentials provided when the associated
TransferJob is deleted.
The following account types are examples of user credentials we'll retain for
the duration of a
TransferJob to complete work on your behalf:
- Amazon S3
- Microsoft Azure Storage
When using federated identity to authenticate to Amazon S3, AWS provides temporary credentials to Storage Transfer Service. Temporary credentials expire after a set period of time, after which they can not be used to access your S3 resources. See Temporary security credentials in IAM for more details.