diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go
index dca3640015e6..efd6ed34d462 100644
--- a/aws/resource_aws_transfer_server.go
+++ b/aws/resource_aws_transfer_server.go
@@ -41,6 +41,7 @@ func resourceAwsTransferServer() *schema.Resource {
 				Default:  transfer.EndpointTypePublic,
 				ValidateFunc: validation.StringInSlice([]string{
 					transfer.EndpointTypePublic,
+					transfer.EndpointTypeVpc,
 					transfer.EndpointTypeVpcEndpoint,
 				}, false),
 			},
@@ -53,7 +54,7 @@ func resourceAwsTransferServer() *schema.Resource {
 					Schema: map[string]*schema.Schema{
 						"vpc_endpoint_id": {
 							Type:     schema.TypeString,
-							Required: true,
+							Optional: true,
 							ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
 								value := v.(string)
 								validNamePattern := "^vpce-[0-9a-f]{17}$"
@@ -64,6 +65,28 @@ func resourceAwsTransferServer() *schema.Resource {
 								}
 								return
 							},
+							DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+								if new == "" && d.Get("endpoint_type").(string) == transfer.EndpointTypeVpc {
+									return true
+								}
+								return false
+							},
+						},
+						"vpc_id": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"subnet_ids": {
+							Type:     schema.TypeSet,
+							Optional: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+							Set:      schema.HashString,
+						},
+						"address_allocation_ids": {
+							Type:     schema.TypeSet,
+							Optional: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+							Set:      schema.HashString,
 						},
 					},
 				},
@@ -155,7 +178,7 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e
 	}
 
 	if attr, ok := d.GetOk("endpoint_details"); ok {
-		createOpts.EndpointDetails = expandTransferServerEndpointDetails(attr.([]interface{}))
+		createOpts.EndpointDetails = expandTransferServerEndpointDetails(attr.([]interface{}), false)
 	}
 
 	if attr, ok := d.GetOk("host_key"); ok {
@@ -171,6 +194,48 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e
 
 	d.SetId(*resp.ServerId)
 
+	if err := transferServerWaitForServerOnline(conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil {
+		return fmt.Errorf("error waiting for Trasfer Server (%s) creation: %s", d.Id(), err)
+	}
+
+	if attr, ok := d.GetOk("endpoint_details"); ok {
+		ed := expandTransferServerEndpointDetails(attr.([]interface{}), true)
+		if len(ed.AddressAllocationIds) > 0 {
+			if err := stopTransferServer(d, conn); err != nil {
+				return err
+			}
+			if err := transferServerWaitForServerOffline(conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil {
+				return fmt.Errorf("error waiting for Trasfer Server (%s) to stop: %s", d.Id(), err)
+			}
+			updateOpts := &transfer.UpdateServerInput{
+				ServerId: aws.String(d.Id()),
+			}
+			updateOpts.EndpointDetails = ed
+			err := resource.Retry(10*time.Minute, func() *resource.RetryError {
+				_, err := conn.UpdateServer(updateOpts)
+
+				if isAWSErr(err, transfer.ErrCodeConflictException, "VPC Endpoint state is not yet available") {
+					return nil
+				}
+
+				if err != nil {
+					return resource.NonRetryableError(err)
+				}
+
+				return resource.RetryableError(fmt.Errorf("Transfer Server (%s) in conflicted state", d.Id()))
+			})
+			if err != nil {
+				return fmt.Errorf("error updating Transfer Server (%s): %s", d.Id(), err)
+			}
+			if err := startTransferServer(d, conn); err != nil {
+				return err
+			}
+			if err := transferServerWaitForServerOnline(conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil {
+				return fmt.Errorf("error waiting for Trasfer Server (%s) to start: %s", d.Id(), err)
+			}
+		}
+	}
+
 	return resourceAwsTransferServerRead(d, meta)
 }
 
@@ -193,6 +258,7 @@ func resourceAwsTransferServerRead(d *schema.ResourceData, meta interface{}) err
 		}
 		return err
 	}
+	log.Printf("[DEBUG] Reading Transfer Server %#v", resp.Server)
 
 	endpoint := meta.(*AWSClient).RegionalHostname(fmt.Sprintf("%s.server.transfer", d.Id()))
 
@@ -219,6 +285,7 @@ func resourceAwsTransferServerRead(d *schema.ResourceData, meta interface{}) err
 func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).transferconn
 	updateFlag := false
+	stopFlag := false
 	updateOpts := &transfer.UpdateServerInput{
 		ServerId: aws.String(d.Id()),
 	}
@@ -251,7 +318,10 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e
 	if d.HasChange("endpoint_details") {
 		updateFlag = true
 		if attr, ok := d.GetOk("endpoint_details"); ok {
-			updateOpts.EndpointDetails = expandTransferServerEndpointDetails(attr.([]interface{}))
+			if d.HasChange("endpoint_details.0.address_allocation_ids") {
+				stopFlag = true
+			}
+			updateOpts.EndpointDetails = expandTransferServerEndpointDetails(attr.([]interface{}), updateFlag)
 		}
 	}
 
@@ -263,6 +333,15 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e
 	}
 
 	if updateFlag {
+		if stopFlag {
+			if err := stopTransferServer(d, conn); err != nil {
+				return err
+			}
+			if err := transferServerWaitForServerOffline(conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil {
+				return fmt.Errorf("error waiting for Trasfer Server (%s) to stop: %s", d.Id(), err)
+			}
+		}
+		log.Printf("[DEBUG] Updating Transfer Server %#v", updateOpts)
 		_, err := conn.UpdateServer(updateOpts)
 		if err != nil {
 			if isAWSErr(err, transfer.ErrCodeResourceNotFoundException, "") {
@@ -272,6 +351,14 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e
 			}
 			return fmt.Errorf("error updating Transfer Server (%s): %s", d.Id(), err)
 		}
+		if stopFlag {
+			if err := startTransferServer(d, conn); err != nil {
+				return err
+			}
+			if err := transferServerWaitForServerOnline(conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil {
+				return fmt.Errorf("error waiting for Trasfer Server (%s) to start: %s", d.Id(), err)
+			}
+		}
 	}
 
 	if d.HasChange("tags") {
@@ -386,15 +473,30 @@ func deleteTransferUsers(conn *transfer.Transfer, serverID string, nextToken *st
 	return nil
 }
 
-func expandTransferServerEndpointDetails(l []interface{}) *transfer.EndpointDetails {
+func expandTransferServerEndpointDetails(l []interface{}, isUpdate bool) *transfer.EndpointDetails {
 	if len(l) == 0 || l[0] == nil {
 		return nil
 	}
 	e := l[0].(map[string]interface{})
+	ed := &transfer.EndpointDetails{}
+
+	if v, ok := e["vpc_endpoint_id"].(string); ok && v != "" {
+		ed.VpcEndpointId = aws.String(v)
+	}
 
-	return &transfer.EndpointDetails{
-		VpcEndpointId: aws.String(e["vpc_endpoint_id"].(string)),
+	if v, ok := e["vpc_id"].(string); ok && v != "" {
+		ed.VpcId = aws.String(v)
 	}
+
+	if v, ok := e["subnet_ids"].(*schema.Set); ok && v.Len() > 0 {
+		ed.SubnetIds = expandStringSet(v)
+	}
+
+	if v, ok := e["address_allocation_ids"].(*schema.Set); ok && v.Len() > 0 && isUpdate {
+		ed.AddressAllocationIds = expandStringSet(v)
+	}
+
+	return ed
 }
 
 func flattenTransferServerEndpointDetails(endpointDetails *transfer.EndpointDetails) []interface{} {
@@ -403,8 +505,88 @@ func flattenTransferServerEndpointDetails(endpointDetails *transfer.EndpointDeta
 	}
 
 	e := map[string]interface{}{
-		"vpc_endpoint_id": aws.StringValue(endpointDetails.VpcEndpointId),
+		"vpc_endpoint_id":        aws.StringValue(endpointDetails.VpcEndpointId),
+		"vpc_id":                 aws.StringValue(endpointDetails.VpcId),
+		"subnet_ids":             flattenStringSet(endpointDetails.SubnetIds),
+		"address_allocation_ids": flattenStringSet(endpointDetails.AddressAllocationIds),
 	}
 
 	return []interface{}{e}
 }
+
+func stopTransferServer(d *schema.ResourceData, conn *transfer.Transfer) error {
+	stopReq := &transfer.StopServerInput{
+		ServerId: aws.String(d.Id()),
+	}
+	if _, err := conn.StopServer(stopReq); err != nil {
+		return fmt.Errorf("error stopping Transfer Server (%s): %s", d.Id(), err)
+	}
+	return nil
+}
+
+func startTransferServer(d *schema.ResourceData, conn *transfer.Transfer) error {
+	stopReq := &transfer.StartServerInput{
+		ServerId: aws.String(d.Id()),
+	}
+	if _, err := conn.StartServer(stopReq); err != nil {
+		return fmt.Errorf("error starting Transfer Server (%s): %s", d.Id(), err)
+	}
+	return nil
+}
+
+func transferServerWaitForServerOnline(conn *transfer.Transfer, serverId string, timeout time.Duration) error {
+	stateChangeConf := &resource.StateChangeConf{
+		Pending: []string{transfer.StateStarting, transfer.StateOffline, transfer.StateStopping},
+		Target:  []string{transfer.StateOnline},
+		Refresh: transferRefreshServerStatus(conn, serverId),
+		Timeout: timeout,
+		Delay:   10 * time.Second,
+	}
+
+	_, err := stateChangeConf.WaitForState()
+
+	return err
+}
+
+func transferServerWaitForServerOffline(conn *transfer.Transfer, serverId string, timeout time.Duration) error {
+	stateChangeConf := &resource.StateChangeConf{
+		Pending: []string{transfer.StateStarting, transfer.StateOnline, transfer.StateStopping},
+		Target:  []string{transfer.StateOffline},
+		Refresh: transferRefreshServerStatus(conn, serverId),
+		Timeout: timeout,
+		Delay:   10 * time.Second,
+	}
+
+	_, err := stateChangeConf.WaitForState()
+
+	return err
+}
+
+func transferRefreshServerStatus(conn *transfer.Transfer, serverId string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		server, err := describeTransferServer(conn, serverId)
+
+		if server == nil {
+			return 42, "destroyed", nil
+		}
+
+		if server.State != nil {
+			log.Printf("[DEBUG] Transfer Server status (%s): %s", serverId, *server.State)
+		}
+
+		return server, aws.StringValue(server.State), err
+	}
+}
+
+func describeTransferServer(conn *transfer.Transfer, serverId string) (*transfer.DescribedServer, error) {
+	params := &transfer.DescribeServerInput{
+		ServerId: aws.String(serverId),
+	}
+
+	resp, err := conn.DescribeServer(params)
+	if err != nil {
+		log.Printf("[WARN] Error on descibing Transfer Server: %s", err)
+		return nil, err
+	}
+	return resp.Server, err
+}
diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go
index bfa5eb18c4e8..8744a0cc39eb 100644
--- a/aws/resource_aws_transfer_server_test.go
+++ b/aws/resource_aws_transfer_server_test.go
@@ -68,27 +68,26 @@ func testSweepTransferServers(region string) error {
 func TestAccAWSTransferServer_basic(t *testing.T) {
 	var conf transfer.DescribedServer
 	rName := acctest.RandString(5)
+	resourceName := "aws_transfer_server.test"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:      func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) },
-		IDRefreshName: "aws_transfer_server.foo",
+		IDRefreshName: resourceName,
 		Providers:     testAccProviders,
 		CheckDestroy:  testAccCheckAWSTransferServerDestroy,
 		Steps: []resource.TestStep{
 			{
 				Config: testAccAWSTransferServerConfig_basic,
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSTransferServerExists("aws_transfer_server.foo", &conf),
-					testAccMatchResourceAttrRegionalARN("aws_transfer_server.foo", "arn", "transfer", regexp.MustCompile(`server/.+`)),
-					resource.TestMatchResourceAttr(
-						"aws_transfer_server.foo", "endpoint", regexp.MustCompile(fmt.Sprintf("^s-[a-z0-9]+.server.transfer.%s.amazonaws.com$", testAccGetRegion()))),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "identity_provider_type", "SERVICE_MANAGED"),
-					resource.TestCheckResourceAttr("aws_transfer_server.foo", "tags.%", "0"),
+					testAccCheckAWSTransferServerExists(resourceName, &conf),
+					testAccMatchResourceAttrRegionalARN(resourceName, "arn", "transfer", regexp.MustCompile(`server/.+`)),
+					resource.TestMatchResourceAttr(resourceName, "endpoint", regexp.MustCompile(fmt.Sprintf("^s-[a-z0-9]+.server.transfer.%s.amazonaws.com$", testAccGetRegion()))),
+					resource.TestCheckResourceAttr(resourceName, "identity_provider_type", "SERVICE_MANAGED"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
 				),
 			},
 			{
-				ResourceName:            "aws_transfer_server.foo",
+				ResourceName:            resourceName,
 				ImportState:             true,
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"force_destroy"},
@@ -96,15 +95,11 @@ func TestAccAWSTransferServer_basic(t *testing.T) {
 			{
 				Config: testAccAWSTransferServerConfig_basicUpdate(rName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSTransferServerExists("aws_transfer_server.foo", &conf),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "tags.%", "2"),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "tags.NAME", "tf-acc-test-transfer-server"),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "tags.ENV", "test"),
-					resource.TestCheckResourceAttrPair(
-						"aws_transfer_server.foo", "logging_role", "aws_iam_role.foo", "arn"),
+					testAccCheckAWSTransferServerExists(resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "2"),
+					resource.TestCheckResourceAttr(resourceName, "tags.NAME", "tf-acc-test-transfer-server"),
+					resource.TestCheckResourceAttr(resourceName, "tags.ENV", "test"),
+					resource.TestCheckResourceAttrPair(resourceName, "logging_role", "aws_iam_role.test", "arn"),
 				),
 			},
 		},
@@ -114,27 +109,23 @@ func TestAccAWSTransferServer_basic(t *testing.T) {
 func TestAccAWSTransferServer_apigateway(t *testing.T) {
 	var conf transfer.DescribedServer
 	rName := acctest.RandString(5)
+	resourceName := "aws_transfer_server.test"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:      func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) },
-		IDRefreshName: "aws_transfer_server.foo",
+		IDRefreshName: resourceName,
 		Providers:     testAccProviders,
 		CheckDestroy:  testAccCheckAWSTransferServerDestroy,
 		Steps: []resource.TestStep{
 			{
 				Config: testAccAWSTransferServerConfig_apigateway(rName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSTransferServerExists("aws_transfer_server.foo", &conf),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "identity_provider_type", "API_GATEWAY"),
-					resource.TestCheckResourceAttrSet(
-						"aws_transfer_server.foo", "invocation_role"),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "tags.%", "2"),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "tags.NAME", "tf-acc-test-transfer-server"),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "tags.TYPE", "apigateway"),
+					testAccCheckAWSTransferServerExists(resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "identity_provider_type", "API_GATEWAY"),
+					resource.TestCheckResourceAttrSet(resourceName, "invocation_role"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "2"),
+					resource.TestCheckResourceAttr(resourceName, "tags.NAME", "tf-acc-test-transfer-server"),
+					resource.TestCheckResourceAttr(resourceName, "tags.TYPE", "apigateway"),
 				),
 			},
 		},
@@ -143,6 +134,7 @@ func TestAccAWSTransferServer_apigateway(t *testing.T) {
 
 func TestAccAWSTransferServer_disappears(t *testing.T) {
 	var conf transfer.DescribedServer
+	resourceName := "aws_transfer_server.test"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) },
@@ -152,7 +144,7 @@ func TestAccAWSTransferServer_disappears(t *testing.T) {
 			{
 				Config: testAccAWSTransferServerConfig_basic,
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSTransferServerExists("aws_transfer_server.foo", &conf),
+					testAccCheckAWSTransferServerExists(resourceName, &conf),
 					testAccCheckAWSTransferServerDisappears(&conf),
 				),
 				ExpectNonEmptyPlan: true,
@@ -165,28 +157,27 @@ func TestAccAWSTransferServer_forcedestroy(t *testing.T) {
 	var conf transfer.DescribedServer
 	var roleConf iam.GetRoleOutput
 	rName := acctest.RandString(5)
+	resourceName := "aws_transfer_server.test"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:      func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) },
-		IDRefreshName: "aws_transfer_server.foo",
+		IDRefreshName: resourceName,
 		Providers:     testAccProviders,
 		CheckDestroy:  testAccCheckAWSTransferServerDestroy,
 		Steps: []resource.TestStep{
 			{
 				Config: testAccAWSTransferServerConfig_forcedestroy(rName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSTransferServerExists("aws_transfer_server.foo", &conf),
-					testAccCheckAWSRoleExists("aws_iam_role.foo", &roleConf),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "identity_provider_type", "SERVICE_MANAGED"),
-					resource.TestCheckResourceAttr(
-						"aws_transfer_server.foo", "force_destroy", "true"),
+					testAccCheckAWSTransferServerExists(resourceName, &conf),
+					testAccCheckAWSRoleExists("aws_iam_role.test", &roleConf),
+					resource.TestCheckResourceAttr(resourceName, "identity_provider_type", "SERVICE_MANAGED"),
+					resource.TestCheckResourceAttr(resourceName, "force_destroy", "true"),
 					testAccCheckAWSTransferCreateUser(&conf, &roleConf, rName),
 					testAccCheckAWSTransferCreateSshKey(&conf, rName),
 				),
 			},
 			{
-				ResourceName:            "aws_transfer_server.foo",
+				ResourceName:            resourceName,
 				ImportState:             true,
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"force_destroy", "host_key"},
@@ -197,7 +188,7 @@ func TestAccAWSTransferServer_forcedestroy(t *testing.T) {
 
 func TestAccAWSTransferServer_vpcEndpointId(t *testing.T) {
 	var conf transfer.DescribedServer
-	resourceName := "aws_transfer_server.default"
+	resourceName := "aws_transfer_server.test"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:      func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) },
@@ -209,8 +200,36 @@ func TestAccAWSTransferServer_vpcEndpointId(t *testing.T) {
 				Config: testAccAWSTransferServerConfig_VpcEndPoint,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSTransferServerExists(resourceName, &conf),
-					resource.TestCheckResourceAttr(
-						resourceName, "endpoint_type", "VPC_ENDPOINT"),
+					resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"force_destroy"},
+			},
+		},
+	})
+}
+
+func TestAccAWSTransferServer_vpcOnly(t *testing.T) {
+	var conf transfer.DescribedServer
+	resourceName := "aws_transfer_server.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) },
+		IDRefreshName: resourceName,
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccCheckAWSTransferServerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSTransferServerConfig_vpc,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSTransferServerExists(resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"),
+					resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "2"),
+					resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "2"),
 				),
 			},
 			{
@@ -373,14 +392,14 @@ func testAccPreCheckAWSTransfer(t *testing.T) {
 }
 
 const testAccAWSTransferServerConfig_basic = `
-resource "aws_transfer_server" "foo" {}
+resource "aws_transfer_server" "test" {}
 `
 
 func testAccAWSTransferServerConfig_basicUpdate(rName string) string {
 
 	return fmt.Sprintf(`
-resource "aws_iam_role" "foo" {
-  name = "tf-test-transfer-server-iam-role-%s"
+resource "aws_iam_role" "test" {
+  name = "tf-test-transfer-server-iam-role-%[1]s"
 
   assume_role_policy = <<EOF
 {
@@ -398,9 +417,9 @@ resource "aws_iam_role" "foo" {
 EOF
 }
 
-resource "aws_iam_role_policy" "foo" {
-  name = "tf-test-transfer-server-iam-policy-%s"
-  role = "${aws_iam_role.foo.id}"
+resource "aws_iam_role_policy" "test" {
+  name = "tf-test-transfer-server-iam-policy-%[1]s"
+  role = "${aws_iam_role.test.id}"
 
   policy = <<POLICY
 {
@@ -419,21 +438,23 @@ resource "aws_iam_role_policy" "foo" {
 POLICY
 }
 
-resource "aws_transfer_server" "foo" {
+resource "aws_transfer_server" "test" {
   identity_provider_type = "SERVICE_MANAGED"
-  logging_role           = "${aws_iam_role.foo.arn}"
+  logging_role           = "${aws_iam_role.test.arn}"
 
   tags = {
     NAME = "tf-acc-test-transfer-server"
     ENV  = "test"
   }
 }
-`, rName, rName)
+`, rName)
 }
 
 func testAccAWSTransferServerConfig_apigateway(rName string) string {
 
 	return fmt.Sprintf(`
+data "aws_region" "current" {}
+
 resource "aws_api_gateway_rest_api" "test" {
   name = "test"
 }
@@ -480,16 +501,16 @@ resource "aws_api_gateway_deployment" "test" {
 
   rest_api_id       = "${aws_api_gateway_rest_api.test.id}"
   stage_name        = "test"
-  description       = "%s"
-  stage_description = "%s"
+  description       = %[1]q
+  stage_description = %[1]q
 
   variables = {
     "a" = "2"
   }
 }
 
-resource "aws_iam_role" "foo" {
-  name = "tf-test-transfer-server-iam-role-for-apigateway-%s"
+resource "aws_iam_role" "test" {
+  name = "tf-test-transfer-server-iam-role-for-apigateway-%[1]s"
 
   assume_role_policy = <<EOF
 {
@@ -507,9 +528,9 @@ resource "aws_iam_role" "foo" {
 EOF
 }
 
-resource "aws_iam_role_policy" "foo" {
-  name = "tf-test-transfer-server-iam-policy-%s"
-  role = "${aws_iam_role.foo.id}"
+resource "aws_iam_role_policy" "test" {
+  name = "tf-test-transfer-server-iam-policy-%[1]s"
+  role = "${aws_iam_role.test.id}"
 
   policy = <<POLICY
 {
@@ -528,29 +549,29 @@ resource "aws_iam_role_policy" "foo" {
 POLICY
 }
 
-resource "aws_transfer_server" "foo" {
+resource "aws_transfer_server" "test" {
   identity_provider_type = "API_GATEWAY"
-  url                    = "https://${aws_api_gateway_rest_api.test.id}.execute-api.us-west-2.amazonaws.com${aws_api_gateway_resource.test.path}"
-  invocation_role        = "${aws_iam_role.foo.arn}"
-  logging_role           = "${aws_iam_role.foo.arn}"
+  url                    = "https://${aws_api_gateway_rest_api.test.id}.execute-api.${data.aws_region.current.name}.amazonaws.com${aws_api_gateway_resource.test.path}"
+  invocation_role        = "${aws_iam_role.test.arn}"
+  logging_role           = "${aws_iam_role.test.arn}"
 
   tags = {
     NAME = "tf-acc-test-transfer-server"
     TYPE = "apigateway"
   }
 }
-`, rName, rName, rName, rName)
+`, rName)
 
 }
 
 func testAccAWSTransferServerConfig_forcedestroy(rName string) string {
 	return fmt.Sprintf(`
-resource "aws_transfer_server" "foo" {
+resource "aws_transfer_server" "test" {
   force_destroy = true
 }
 
-resource "aws_iam_role" "foo" {
-  name = "tf-test-transfer-user-iam-role-%s"
+resource "aws_iam_role" "test" {
+  name = "tf-test-transfer-user-iam-role-%[1]s"
 
   assume_role_policy = <<EOF
 {
@@ -568,9 +589,9 @@ resource "aws_iam_role" "foo" {
 EOF
 }
 
-resource "aws_iam_role_policy" "foo" {
-  name = "tf-test-transfer-user-iam-policy-%s"
-  role = "${aws_iam_role.foo.id}"
+resource "aws_iam_role_policy" "test" {
+  name = "tf-test-transfer-user-iam-policy-%[1]s"
+  role = "${aws_iam_role.test.id}"
 
   policy = <<POLICY
 {
@@ -588,73 +609,109 @@ resource "aws_iam_role_policy" "foo" {
 }
 POLICY
 }
-`, rName, rName)
+`, rName)
 }
 
-const testAccAWSTransferServerConfig_VpcEndPoint = `
-
-data "aws_region" "current" {}
-
+const testAccAWSTransferServerConfigVPCBase = `
 resource "aws_vpc" "test" {
 	cidr_block = "10.0.0.0/16"
 
 	tags = {
-		Name = "terraform-testacc-default-route-table-vpc-endpoint"
+		Name = "terraform-testacc-vpc-endpoint"
 	}
 }
 
-resource "aws_internet_gateway" "igw" {
+resource "aws_internet_gateway" "test" {
 	vpc_id = "${aws_vpc.test.id}"
 
 	tags = {
-		Name = "test"
+		Name = "terraform-testacc-igw-vpc-endpoint"
 	}
 }
 
-resource "aws_security_group" "sg" {
-	name 		= "allow-transfer-server"
-	description = "Allow TLS inbound traffic"
-	vpc_id 		= "${aws_vpc.test.id}"
-	ingress {
-		from_port       = 0
-		to_port         = 0
-		protocol        = "-1"
-		self 			= true
-	}
-}
+//resource "aws_default_route_table" "test" {
+//	default_route_table_id = "${aws_vpc.test.default_route_table_id}"
+//
+//	tags = {
+//		Name = "terraform-testacc-default-route-table-vpc-endpoint"
+//	}
+//
+//	route {
+//		cidr_block = "0.0.0.0/0"
+//		gateway_id = "${aws_internet_gateway.test.id}"
+//	}
+//}
+`
 
-resource "aws_vpc_endpoint" "transfer" {
-	vpc_id = "${aws_vpc.test.id}"
-	vpc_endpoint_type = "Interface"
-	service_name = "com.amazonaws.${data.aws_region.current.name}.transfer.server"
+const testAccAWSTransferServerConfig_VpcEndPoint = testAccAWSTransferServerConfigVPCBase + `
+data "aws_region" "current" {}
 
-	security_group_ids = [
-		"${aws_security_group.sg.id}",
-	]
+resource "aws_security_group" "test" {
+  name 		  = "allow-transfer-server"
+  description = "Allow TLS inbound traffic"
+  vpc_id      = "${aws_vpc.test.id}"
+  ingress {
+  	from_port       = 0
+  	to_port         = 0
+  	protocol        = "-1"
+  	self 			= true
+  }
 }
 
-resource "aws_default_route_table" "foo" {
-	default_route_table_id = "${aws_vpc.test.default_route_table_id}"
-
-	tags = {
-		Name = "test"
-	}
+resource "aws_vpc_endpoint" "test" {
+  vpc_id = "${aws_vpc.test.id}"
+  vpc_endpoint_type = "Interface"
+  service_name = "com.amazonaws.${data.aws_region.current.name}.transfer.server"
 
-	route {
-		cidr_block = "0.0.0.0/0"
-		gateway_id = "${aws_internet_gateway.igw.id}"
-	}
+  security_group_ids = ["${aws_security_group.test.id}"]
 }
 
-
-resource "aws_transfer_server" "default" {
+resource "aws_transfer_server" "test" {
 	endpoint_type = "VPC_ENDPOINT"
 	endpoint_details {
-		vpc_endpoint_id = "${aws_vpc_endpoint.transfer.id}"
+		vpc_endpoint_id = "${aws_vpc_endpoint.test.id}"
 	}
 }
 `
 
+const testAccAWSTransferServerConfig_vpc = testAccAWSTransferServerConfigVPCBase + `
+data "aws_availability_zones" "test" {}
+
+resource "aws_subnet" "test1" {
+  vpc_id            = "${aws_vpc.test.id}"
+  cidr_block        = "10.0.0.0/24"
+  availability_zone = "${data.aws_availability_zones.test.names[0]}"
+
+  tags = {
+    Name = "tf-acc-neptune-cluster-instance-name-prefix-a"
+  }
+}
+
+resource "aws_subnet" "test2" {
+  vpc_id            = "${aws_vpc.test.id}"
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "${data.aws_availability_zones.test.names[1]}"
+
+  tags = {
+    Name = "tf-acc-neptune-cluster-instance-name-prefix-b"
+  }
+}
+
+resource "aws_eip" "test" {
+  count = 2
+  vpc   = true
+}
+
+resource "aws_transfer_server" "test" {
+  endpoint_type = "VPC"
+  endpoint_details {
+      vpc_id                 = "${aws_vpc.test.id}"
+      subnet_ids             = ["${aws_subnet.test1.id}", "${aws_subnet.test2.id}"]
+      address_allocation_ids = "${aws_eip.test.*.id}"
+  }
+}
+`
+
 func testAccAWSTransferServerConfig_hostKey(hostKey string) string {
 	return fmt.Sprintf(`
 resource "aws_transfer_server" "default" {
diff --git a/website/docs/r/transfer_server.html.markdown b/website/docs/r/transfer_server.html.markdown
index 1333db786040..70305e52dc3b 100644
--- a/website/docs/r/transfer_server.html.markdown
+++ b/website/docs/r/transfer_server.html.markdown
@@ -12,7 +12,7 @@ Provides a AWS Transfer Server resource.
 
 
 ```hcl
-resource "aws_iam_role" "foo" {
+resource "aws_iam_role" "test" {
   name = "tf-test-transfer-server-iam-role"
 
   assume_role_policy = <<EOF
@@ -31,9 +31,9 @@ resource "aws_iam_role" "foo" {
 EOF
 }
 
-resource "aws_iam_role_policy" "foo" {
-  name = "tf-test-transfer-server-iam-policy-%s"
-  role = "${aws_iam_role.foo.id}"
+resource "aws_iam_role_policy" "test" {
+  name = "tf-test-transfer-server-iam-policy"
+  role = "${aws_iam_role.test.id}"
 
   policy = <<POLICY
 {
@@ -52,9 +52,9 @@ resource "aws_iam_role_policy" "foo" {
 POLICY
 }
 
-resource "aws_transfer_server" "foo" {
+resource "aws_transfer_server" "test" {
   identity_provider_type = "SERVICE_MANAGED"
-  logging_role           = "${aws_iam_role.foo.arn}"
+  logging_role           = "${aws_iam_role.test.arn}"
 
   tags = {
     NAME = "tf-acc-test-transfer-server"
@@ -68,7 +68,7 @@ resource "aws_transfer_server" "foo" {
 The following arguments are supported:
 
 * `endpoint_details` - (Optional) The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.
-* `endpoint_type` - (Optional) The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC_ENDPOINT`, your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`.  Defaults to `PUBLIC`.
+* `endpoint_type` - (Optional) The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC_ENDPOINT` or `VPC`, your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`.  Defaults to `PUBLIC`.
 * `invocation_role` - (Optional) Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identity_provider_type` of `API_GATEWAY`.
 * `host_key` - (Optional) RSA private key (e.g. as generated by the `ssh-keygen -N "" -f my-new-server-key` command).
 * `url` - (Optional) - URL of the service endpoint used to authenticate users with an `identity_provider_type` of `API_GATEWAY`.
@@ -79,7 +79,10 @@ The following arguments are supported:
 
 **endpoint_details** requires the following:
 
-* `vpc_endpoint_id` - (Required) The ID of the VPC endpoint.
+* `vpc_endpoint_id` - (Optional) The ID of the VPC endpoint.
+* `vpc_id` - (Optional) The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted.
+* `subnet_ids` - (Optional) A list of subnet IDs that are required to host your SFTP server endpoint in your VPC.
+* `address_allocation_ids` - (Optional) A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. his property can only be use when `endpoint_type` is set to `VPC`.
 
 ## Attributes Reference
 In addition to all arguments above, the following attributes are exported:
@@ -94,7 +97,7 @@ In addition to all arguments above, the following attributes are exported:
 Transfer Servers can be imported using the `server id`, e.g.
 
 ```
-$ terraform import aws_transfer_server.bar s-12345678
+$ terraform import aws_transfer_server.test s-12345678
 ```
 
 Certain resource arguments, such as `host_key`, cannot be read via the API and imported into Terraform. Terraform will display a difference for these arguments the first run after import if declared in the Terraform configuration for an imported resource.