AWS Transfer Family supports integration with AD Connector (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_connector_app_compatibility.html). As far as I understand, connectors are deployed in vpn-linked subnets that allows them to proxy calls to an on-premise Active Directory.
What exactly happens (what resources are created/updated under the hood) when I select AD connector as the authenticator for AWS Transfer? I'm specifically curious as to what changes are made in VPC to allow this integration.
In relation to AWS Directory Service, AWS Transfer does not seem to mutate your VPC. If you create an AD and then associate it with AWS Transfer, and take a look at your VPC, there is no new networking resources of any kind. Similar to other applications (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_manage_apps_services.html), AWS Directory Services authorizes AWS Transfer to access your AD (in this case, connector) for Transfer logins.