This document describes data that we retain while performing transfers for Storage Transfer Service. This data is necessary to complete transfers on your behalf, but isn't directly related to the data that you're transferring.
User credentials
To complete a transfer job, you supply us with user credentials that we use
to complete transfer jobs on your behalf. We encrypt and retain the user
credentials for as long as a
TransferJob
exists. We delete the user credentials provided when the associated
TransferJob is deleted.
The following account types are examples of user credentials that we retain
for the duration of a TransferJob to complete work on your behalf:
- Amazon S3
- Microsoft Azure Storage
When using federated identity to authenticate to Amazon S3, AWS provides temporary credentials to Storage Transfer Service. Temporary credentials expire after a set period, after which they cannot be used to access your S3 resources. See Temporary security credentials in IAM for more details.