AWS Transfer for SFTP supports VPC Security Groups and Elastic IP addresses

AWS SFTP enables the movement of Secure Shell File Transfer Protocol (SFTP) based workloads to AWS, without needing to modify applications, or manage any servers. When creating or updating an SFTP server, you can choose to host the endpoint within your VPC, associate Elastic IP addresses (including Bring Your Own IPs), and attach VPC Security Groups with rules to filter incoming traffic to your endpoint. This ensures that access is restricted to authenticated users whose requests originate from whitelisted IP addresses only. 

Additionally, you can use VPC Flow Logs for capturing your endpoint’s traffic information, and view your end users’ source IP addresses in Amazon CloudWatch.