diff --git a/.changelog/45314.txt b/.changelog/45314.txt
new file mode 100644
index 000000000000..ae1ab24f29f3
--- /dev/null
+++ b/.changelog/45314.txt
@@ -0,0 +1,11 @@
+```release-note:enhancement
+resource/aws_transfer_connector: Add `egress_config` argument to support VPC Lattice connectivity for SFTP connectors
+```
+
+```release-note:enhancement
+resource/aws_transfer_connector: Make `url` argument optional to support VPC Lattice connectors
+```
+
+```release-note:enhancement
+data-source/aws_transfer_connector: Add `egress_config` attribute to expose VPC Lattice connectivity configuration
+```
diff --git a/internal/service/transfer/connector.go b/internal/service/transfer/connector.go
index 6d7292bc0948..7f84bf504c08 100644
--- a/internal/service/transfer/connector.go
+++ b/internal/service/transfer/connector.go
@@ -5,7 +5,9 @@ package transfer
 
 import (
 	"context"
+	"fmt"
 	"log"
+	"time"
 
 	"github.com/YakDriver/regexache"
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -38,6 +40,12 @@ func resourceConnector() *schema.Resource {
 			StateContext: schema.ImportStatePassthroughContext,
 		},
 
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(10 * time.Minute),
+			Update: schema.DefaultTimeout(10 * time.Minute),
+			Delete: schema.DefaultTimeout(10 * time.Minute),
+		},
+
 		Schema: map[string]*schema.Schema{
 			"access_role": {
 				Type:     schema.TypeString,
@@ -134,11 +142,39 @@ func resourceConnector() *schema.Resource {
 					},
 				},
 			},
+			"egress_config": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"vpc_lattice": {
+							Type:     schema.TypeList,
+							Optional: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"resource_configuration_arn": {
+										Type:         schema.TypeString,
+										Required:     true,
+										ValidateFunc: validation.StringLenBetween(1, 2048),
+									},
+									"port_number": {
+										Type:         schema.TypeInt,
+										Optional:     true,
+										ValidateFunc: validation.IntBetween(1, 65535),
+									},
+								},
+							},
+						},
+					},
+				},
+			},
 			names.AttrTags:    tftags.TagsSchema(),
 			names.AttrTagsAll: tftags.TagsSchemaComputed(),
 			names.AttrURL: {
 				Type:     schema.TypeString,
-				Required: true,
+				Optional: true,
 			},
 		},
 	}
@@ -151,13 +187,20 @@ func resourceConnectorCreate(ctx context.Context, d *schema.ResourceData, meta a
 	input := &transfer.CreateConnectorInput{
 		AccessRole: aws.String(d.Get("access_role").(string)),
 		Tags:       getTagsIn(ctx),
-		Url:        aws.String(d.Get(names.AttrURL).(string)),
+	}
+
+	if v, ok := d.GetOk(names.AttrURL); ok {
+		input.Url = aws.String(v.(string))
 	}
 
 	if v, ok := d.GetOk("as2_config"); ok {
 		input.As2Config = expandAs2ConnectorConfig(v.([]any))
 	}
 
+	if v, ok := d.GetOk("egress_config"); ok {
+		input.EgressConfig = expandConnectorEgressConfig(v.([]any))
+	}
+
 	if v, ok := d.GetOk("logging_role"); ok {
 		input.LoggingRole = aws.String(v.(string))
 	}
@@ -178,6 +221,10 @@ func resourceConnectorCreate(ctx context.Context, d *schema.ResourceData, meta a
 
 	d.SetId(aws.ToString(output.ConnectorId))
 
+	if _, err := waitConnectorCreated(ctx, conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil {
+		return sdkdiag.AppendErrorf(diags, "waiting for Transfer Connector (%s) create: %s", d.Id(), err)
+	}
+
 	return append(diags, resourceConnectorRead(ctx, d, meta)...)
 }
 
@@ -203,6 +250,9 @@ func resourceConnectorRead(ctx context.Context, d *schema.ResourceData, meta any
 		return sdkdiag.AppendErrorf(diags, "setting as2_config: %s", err)
 	}
 	d.Set("connector_id", output.ConnectorId)
+	if err := d.Set("egress_config", flattenConnectorEgressConfig(output.EgressConfig)); err != nil {
+		return sdkdiag.AppendErrorf(diags, "setting egress_config: %s", err)
+	}
 	d.Set("logging_role", output.LoggingRole)
 	d.Set("security_policy_name", output.SecurityPolicyName)
 	if err := d.Set("sftp_config", flattenSftpConnectorConfig(output.SftpConfig)); err != nil {
@@ -232,6 +282,10 @@ func resourceConnectorUpdate(ctx context.Context, d *schema.ResourceData, meta a
 			input.As2Config = expandAs2ConnectorConfig(d.Get("as2_config").([]any))
 		}
 
+		if d.HasChange("egress_config") {
+			input.EgressConfig = expandUpdateConnectorEgressConfig(d.Get("egress_config").([]any))
+		}
+
 		if d.HasChange("logging_role") {
 			input.LoggingRole = aws.String(d.Get("logging_role").(string))
 		}
@@ -253,6 +307,10 @@ func resourceConnectorUpdate(ctx context.Context, d *schema.ResourceData, meta a
 		if err != nil {
 			return sdkdiag.AppendErrorf(diags, "updating Transfer Connector (%s): %s", d.Id(), err)
 		}
+
+		if _, err := waitConnectorUpdated(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate)); err != nil {
+			return sdkdiag.AppendErrorf(diags, "waiting for Transfer Connector (%s) update: %s", d.Id(), err)
+		}
 	}
 
 	return append(diags, resourceConnectorRead(ctx, d, meta)...)
@@ -276,6 +334,10 @@ func resourceConnectorDelete(ctx context.Context, d *schema.ResourceData, meta a
 		return sdkdiag.AppendErrorf(diags, "deleting Transfer Connector (%s): %s", d.Id(), err)
 	}
 
+	if _, err := waitConnectorDeleted(ctx, conn, d.Id(), d.Timeout(schema.TimeoutDelete)); err != nil {
+		return sdkdiag.AppendErrorf(diags, "waiting for Transfer Connector (%s) delete: %s", d.Id(), err)
+	}
+
 	return diags
 }
 
@@ -383,3 +445,187 @@ func flattenSftpConnectorConfig(apiObject *awstypes.SftpConnectorConfig) []any {
 
 	return []any{tfMap}
 }
+
+func expandConnectorEgressConfig(tfList []any) awstypes.ConnectorEgressConfig {
+	if len(tfList) < 1 || tfList[0] == nil {
+		return nil
+	}
+
+	tfMap := tfList[0].(map[string]any)
+
+	if v, ok := tfMap["vpc_lattice"].([]any); ok && len(v) > 0 {
+		return &awstypes.ConnectorEgressConfigMemberVpcLattice{
+			Value: *expandConnectorVPCLatticeEgressConfig(v),
+		}
+	}
+
+	return nil
+}
+
+func expandUpdateConnectorEgressConfig(tfList []any) awstypes.UpdateConnectorEgressConfig {
+	if len(tfList) < 1 || tfList[0] == nil {
+		return nil
+	}
+
+	tfMap := tfList[0].(map[string]any)
+
+	if v, ok := tfMap["vpc_lattice"].([]any); ok && len(v) > 0 {
+		return &awstypes.UpdateConnectorEgressConfigMemberVpcLattice{
+			Value: *expandUpdateConnectorVPCLatticeEgressConfig(v),
+		}
+	}
+
+	return nil
+}
+
+func expandConnectorVPCLatticeEgressConfig(tfList []any) *awstypes.ConnectorVpcLatticeEgressConfig {
+	if len(tfList) < 1 || tfList[0] == nil {
+		return nil
+	}
+
+	tfMap := tfList[0].(map[string]any)
+
+	apiObject := &awstypes.ConnectorVpcLatticeEgressConfig{
+		ResourceConfigurationArn: aws.String(tfMap["resource_configuration_arn"].(string)),
+	}
+
+	if v, ok := tfMap["port_number"].(int); ok && v > 0 {
+		apiObject.PortNumber = aws.Int32(int32(v))
+	}
+
+	return apiObject
+}
+
+func expandUpdateConnectorVPCLatticeEgressConfig(tfList []any) *awstypes.UpdateConnectorVpcLatticeEgressConfig {
+	if len(tfList) < 1 || tfList[0] == nil {
+		return nil
+	}
+
+	tfMap := tfList[0].(map[string]any)
+
+	apiObject := &awstypes.UpdateConnectorVpcLatticeEgressConfig{
+		ResourceConfigurationArn: aws.String(tfMap["resource_configuration_arn"].(string)),
+	}
+
+	if v, ok := tfMap["port_number"].(int); ok && v > 0 {
+		apiObject.PortNumber = aws.Int32(int32(v))
+	}
+
+	return apiObject
+}
+
+func flattenConnectorEgressConfig(apiObject awstypes.DescribedConnectorEgressConfig) []any {
+	if apiObject == nil {
+		return nil
+	}
+
+	tfMap := map[string]any{}
+
+	switch v := apiObject.(type) {
+	case *awstypes.DescribedConnectorEgressConfigMemberVpcLattice:
+		tfMap["vpc_lattice"] = flattenDescribedConnectorVPCLatticeEgressConfig(&v.Value)
+	}
+
+	if len(tfMap) == 0 {
+		return nil
+	}
+
+	return []any{tfMap}
+}
+
+func flattenDescribedConnectorVPCLatticeEgressConfig(apiObject *awstypes.DescribedConnectorVpcLatticeEgressConfig) []any {
+	if apiObject == nil {
+		return nil
+	}
+
+	tfMap := map[string]any{}
+
+	if v := apiObject.ResourceConfigurationArn; v != nil {
+		tfMap["resource_configuration_arn"] = aws.ToString(v)
+	}
+
+	if v := apiObject.PortNumber; v != nil {
+		tfMap["port_number"] = aws.ToInt32(v)
+	}
+
+	return []any{tfMap}
+}
+
+func statusConnector(ctx context.Context, conn *transfer.Client, id string) retry.StateRefreshFunc {
+	return func() (any, string, error) {
+		output, err := findConnectorByID(ctx, conn, id)
+
+		if tfresource.NotFound(err) {
+			return nil, "", nil
+		}
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		return output, string(output.Status), nil
+	}
+}
+
+func waitConnectorCreated(ctx context.Context, conn *transfer.Client, id string, timeout time.Duration) (*awstypes.DescribedConnector, error) {
+	stateConf := &retry.StateChangeConf{
+		Pending: enum.Slice(awstypes.ConnectorStatusPending),
+		Target:  enum.Slice(awstypes.ConnectorStatusActive),
+		Refresh: statusConnector(ctx, conn, id),
+		Timeout: timeout,
+	}
+
+	outputRaw, err := stateConf.WaitForStateContext(ctx)
+
+	if output, ok := outputRaw.(*awstypes.DescribedConnector); ok {
+		if output.Status == awstypes.ConnectorStatusErrored {
+			tfresource.SetLastError(err, fmt.Errorf("%s", aws.ToString(output.ErrorMessage)))
+		}
+
+		return output, err
+	}
+
+	return nil, err
+}
+
+func waitConnectorUpdated(ctx context.Context, conn *transfer.Client, id string, timeout time.Duration) (*awstypes.DescribedConnector, error) {
+	stateConf := &retry.StateChangeConf{
+		Pending: enum.Slice(awstypes.ConnectorStatusPending),
+		Target:  enum.Slice(awstypes.ConnectorStatusActive),
+		Refresh: statusConnector(ctx, conn, id),
+		Timeout: timeout,
+	}
+
+	outputRaw, err := stateConf.WaitForStateContext(ctx)
+
+	if output, ok := outputRaw.(*awstypes.DescribedConnector); ok {
+		if output.Status == awstypes.ConnectorStatusErrored {
+			tfresource.SetLastError(err, fmt.Errorf("%s", aws.ToString(output.ErrorMessage)))
+		}
+
+		return output, err
+	}
+
+	return nil, err
+}
+
+func waitConnectorDeleted(ctx context.Context, conn *transfer.Client, id string, timeout time.Duration) (*awstypes.DescribedConnector, error) {
+	stateConf := &retry.StateChangeConf{
+		Pending: enum.Slice(awstypes.ConnectorStatusActive, awstypes.ConnectorStatusPending),
+		Target:  []string{},
+		Refresh: statusConnector(ctx, conn, id),
+		Timeout: timeout,
+	}
+
+	outputRaw, err := stateConf.WaitForStateContext(ctx)
+
+	if output, ok := outputRaw.(*awstypes.DescribedConnector); ok {
+		if output.Status == awstypes.ConnectorStatusErrored {
+			tfresource.SetLastError(err, fmt.Errorf("%s", aws.ToString(output.ErrorMessage)))
+		}
+
+		return output, err
+	}
+
+	return nil, err
+}
diff --git a/internal/service/transfer/connector_data_source.go b/internal/service/transfer/connector_data_source.go
index deec4f21e2d2..910261e543a4 100644
--- a/internal/service/transfer/connector_data_source.go
+++ b/internal/service/transfer/connector_data_source.go
@@ -8,9 +8,11 @@ import (
 
 	"github.com/YakDriver/regexache"
 	"github.com/aws/aws-sdk-go-v2/service/transfer"
+	awstypes "github.com/aws/aws-sdk-go-v2/service/transfer/types"
 	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-provider-aws/internal/create"
@@ -44,7 +46,8 @@ func (d *connectorDataSource) Schema(ctx context.Context, req datasource.SchemaR
 			names.AttrARN: schema.StringAttribute{
 				Computed: true,
 			},
-			"as2_config": framework.DataSourceComputedListOfObjectAttribute[dsAs2Config](ctx),
+			"as2_config":    framework.DataSourceComputedListOfObjectAttribute[dsAs2Config](ctx),
+			"egress_config": framework.DataSourceComputedListOfObjectAttribute[dsEgressConfig](ctx),
 			names.AttrID: schema.StringAttribute{
 				CustomType: fwtypes.RegexpType,
 				Required:   true,
@@ -98,11 +101,19 @@ func (d *connectorDataSource) Read(ctx context.Context, req datasource.ReadReque
 		return
 	}
 
-	resp.Diagnostics.Append(flex.Flatten(ctx, description.Connector, &data)...)
+	resp.Diagnostics.Append(flex.Flatten(ctx, description.Connector, &data, flex.WithIgnoredFieldNamesAppend("EgressConfig"))...)
 	if resp.Diagnostics.HasError() {
 		return
 	}
 
+	// Manually flatten EgressConfig since it's a union type
+	egressConfig, diags := flattenDataSourceEgressConfig(ctx, description.Connector.EgressConfig)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	data.EgressConfig = egressConfig
+
 	tags := keyValueTags(ctx, description.Connector.Tags).IgnoreAWS().IgnoreConfig(d.Meta().IgnoreTagsConfig(ctx))
 	data.Tags = tftags.FlattenStringValueMap(ctx, tags.Map())
 
@@ -111,16 +122,17 @@ func (d *connectorDataSource) Read(ctx context.Context, req datasource.ReadReque
 
 type connectorDataSourceModel struct {
 	framework.WithRegionModel
-	ARN                             types.String                                  `tfsdk:"arn"`
-	AccessRole                      types.String                                  `tfsdk:"access_role"`
-	As2Config                       fwtypes.ListNestedObjectValueOf[dsAs2Config]  `tfsdk:"as2_config"`
-	ConnectorId                     fwtypes.Regexp                                `tfsdk:"id"`
-	LoggingRole                     types.String                                  `tfsdk:"logging_role"`
-	SecurityPolicyName              types.String                                  `tfsdk:"security_policy_name"`
-	ServiceManagedEgressIpAddresses fwtypes.ListOfString                          `tfsdk:"service_managed_egress_ip_addresses"`
-	SftpConfig                      fwtypes.ListNestedObjectValueOf[dsSftpConfig] `tfsdk:"sftp_config"`
-	Tags                            tftags.Map                                    `tfsdk:"tags"`
-	Url                             types.String                                  `tfsdk:"url"`
+	ARN                             types.String                                    `tfsdk:"arn"`
+	AccessRole                      types.String                                    `tfsdk:"access_role"`
+	As2Config                       fwtypes.ListNestedObjectValueOf[dsAs2Config]    `tfsdk:"as2_config"`
+	ConnectorId                     fwtypes.Regexp                                  `tfsdk:"id"`
+	EgressConfig                    fwtypes.ListNestedObjectValueOf[dsEgressConfig] `tfsdk:"egress_config"`
+	LoggingRole                     types.String                                    `tfsdk:"logging_role"`
+	SecurityPolicyName              types.String                                    `tfsdk:"security_policy_name"`
+	ServiceManagedEgressIpAddresses fwtypes.ListOfString                            `tfsdk:"service_managed_egress_ip_addresses"`
+	SftpConfig                      fwtypes.ListNestedObjectValueOf[dsSftpConfig]   `tfsdk:"sftp_config"`
+	Tags                            tftags.Map                                      `tfsdk:"tags"`
+	Url                             types.String                                    `tfsdk:"url"`
 }
 
 type dsAs2Config struct {
@@ -139,3 +151,67 @@ type dsSftpConfig struct {
 	TrustedHostKeys fwtypes.ListValueOf[types.String] `tfsdk:"trusted_host_keys"`
 	UserSecretId    types.String                      `tfsdk:"user_secret_id"`
 }
+
+type dsEgressConfig struct {
+	VpcLattice fwtypes.ListNestedObjectValueOf[dsVpcLatticeEgressConfig] `tfsdk:"vpc_lattice"`
+}
+
+type dsVpcLatticeEgressConfig struct {
+	ResourceConfigurationArn types.String `tfsdk:"resource_configuration_arn"`
+	PortNumber               types.Int64  `tfsdk:"port_number"`
+}
+
+// flattenDataSourceEgressConfig manually flattens the union type DescribedConnectorEgressConfig.
+// AutoFlex cannot handle union types (interfaces), so manual flattening with type switching is required.
+// nosemgrep:ci.semgrep.framework.manual-flattener-functions
+func flattenDataSourceEgressConfig(ctx context.Context, apiObject awstypes.DescribedConnectorEgressConfig) (fwtypes.ListNestedObjectValueOf[dsEgressConfig], diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	if apiObject == nil {
+		return fwtypes.NewListNestedObjectValueOfNull[dsEgressConfig](ctx), diags
+	}
+
+	var egressConfig dsEgressConfig
+
+	switch v := apiObject.(type) {
+	case *awstypes.DescribedConnectorEgressConfigMemberVpcLattice:
+		vpcLattice, d := flattenDataSourceVPCLatticeEgressConfig(ctx, &v.Value)
+		diags.Append(d...)
+		egressConfig.VpcLattice = vpcLattice
+	}
+
+	listValue, d := fwtypes.NewListNestedObjectValueOfPtr(ctx, &egressConfig)
+	diags.Append(d...)
+
+	return listValue, diags
+}
+
+// flattenDataSourceVPCLatticeEgressConfig manually flattens VPC Lattice egress configuration.
+// This is called by flattenDataSourceEgressConfig which handles the union type.
+// nosemgrep:ci.semgrep.framework.manual-flattener-functions
+func flattenDataSourceVPCLatticeEgressConfig(ctx context.Context, apiObject *awstypes.DescribedConnectorVpcLatticeEgressConfig) (fwtypes.ListNestedObjectValueOf[dsVpcLatticeEgressConfig], diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	if apiObject == nil {
+		return fwtypes.NewListNestedObjectValueOfNull[dsVpcLatticeEgressConfig](ctx), diags
+	}
+
+	var vpcLatticeConfig dsVpcLatticeEgressConfig
+
+	if v := apiObject.ResourceConfigurationArn; v != nil {
+		vpcLatticeConfig.ResourceConfigurationArn = types.StringValue(*v)
+	} else {
+		vpcLatticeConfig.ResourceConfigurationArn = types.StringNull()
+	}
+
+	if v := apiObject.PortNumber; v != nil {
+		vpcLatticeConfig.PortNumber = types.Int64Value(int64(*v))
+	} else {
+		vpcLatticeConfig.PortNumber = types.Int64Null()
+	}
+
+	listValue, d := fwtypes.NewListNestedObjectValueOfPtr(ctx, &vpcLatticeConfig)
+	diags.Append(d...)
+
+	return listValue, diags
+}
diff --git a/internal/service/transfer/connector_data_source_test.go b/internal/service/transfer/connector_data_source_test.go
index 64c3be006053..d9bec8714cc9 100644
--- a/internal/service/transfer/connector_data_source_test.go
+++ b/internal/service/transfer/connector_data_source_test.go
@@ -51,6 +51,45 @@ func TestAccTransferConnectorDataSource_basic(t *testing.T) {
 	})
 }
 
+func TestAccTransferConnectorDataSource_egressConfig(t *testing.T) {
+	ctx := acctest.Context(t)
+	if testing.Short() {
+		t.Skip("skipping long-running test in short mode")
+	}
+
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	dataSourceName := "data.aws_transfer_connector.test"
+	resourceName := "aws_transfer_connector.test"
+	publicKey := "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNt3kA/dBkS6ZyU/sVDiGMuWJQaRPmLNbs/25K/e/fIl07ZWUgqqsFkcycLLMNFGD30Cmgp6XCXfNlIjzFWhNam+4cBb4DPpvieUw44VgsHK5JQy3JKlUfglmH5rs4G5pLiVfZpFU6jqvTsu4mE1CHCP0sXJlJhGxMG3QbsqYWNKiqGFEhuzGMs6fQlMkNiXsFoDmh33HAcXCbaFSC7V7xIqT1hlKu0iOL+GNjMj4R3xy0o3jafhO4MG2s3TwCQQCyaa5oyjL8iP8p3L9yp6cbIcXaS72SIgbCSGCyrcQPIKP2lJJHvE1oVWzLVBhR4eSzrlFDv7K4IErzaJmHqdiz" // nosemgrep:ci.ssh-key
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.TransferEndpointID)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.TransferServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckConnectorDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConnectorDataSourceConfig_egressConfig(rName, publicKey),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "access_role", resourceName, "access_role"),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrARN, resourceName, names.AttrARN),
+					resource.TestCheckResourceAttrPair(dataSourceName, "egress_config.#", resourceName, "egress_config.#"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "egress_config.0.vpc_lattice.#", resourceName, "egress_config.0.vpc_lattice.#"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "egress_config.0.vpc_lattice.0.resource_configuration_arn", resourceName, "egress_config.0.vpc_lattice.0.resource_configuration_arn"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "egress_config.0.vpc_lattice.0.port_number", resourceName, "egress_config.0.vpc_lattice.0.port_number"),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrID, resourceName, names.AttrID),
+					resource.TestCheckResourceAttrPair(dataSourceName, "sftp_config.#", resourceName, "sftp_config.#"),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrTags, resourceName, names.AttrTags),
+				),
+			},
+		},
+	})
+}
+
 func testAccConnectorDataSourceConfig_basic(rName, url string) string {
 	return fmt.Sprintf(`
 resource "aws_iam_role" "test" {
@@ -120,3 +159,106 @@ data "aws_transfer_connector" "test" {
 
 `, rName, url)
 }
+
+func testAccConnectorDataSourceConfig_egressConfig(rName, publickey string) string {
+	return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
+resource "aws_iam_role" "test" {
+  name               = %[1]q
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Effect": "Allow",
+    "Principal": {
+      "Service": "transfer.amazonaws.com"
+    },
+    "Action": "sts:AssumeRole"
+  }]
+ }
+EOF
+}
+
+resource "aws_iam_role_policy" "test" {
+  name = %[1]q
+  role = aws_iam_role.test.id
+
+  policy = <<POLICY
+{
+  "Version":"2012-10-17",
+  "Statement":[{
+    "Sid":"AllowFullAccesstoS3",
+    "Effect":"Allow",
+    "Action":[
+      "s3:*"
+    ],
+    "Resource":"*"
+  }]
+}
+POLICY
+}
+
+resource "aws_secretsmanager_secret" "test" {
+  name = %[1]q
+}
+
+resource "aws_vpc" "test" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_subnet" "test" {
+  availability_zone = data.aws_availability_zones.available.names[0]
+  vpc_id            = aws_vpc.test.id
+  cidr_block        = "10.0.1.0/24"
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_vpclattice_resource_gateway" "test" {
+  name       = %[1]q
+  vpc_id     = aws_vpc.test.id
+  subnet_ids = [aws_subnet.test.id]
+}
+
+resource "aws_vpclattice_resource_configuration" "test" {
+  name = %[1]q
+
+  resource_gateway_identifier = aws_vpclattice_resource_gateway.test.id
+
+  port_ranges = ["22"]
+  protocol    = "TCP"
+
+  resource_configuration_definition {
+    dns_resource {
+      domain_name     = "sftp.example.com"
+      ip_address_type = "IPV4"
+    }
+  }
+}
+
+resource "aws_transfer_connector" "test" {
+  access_role = aws_iam_role.test.arn
+
+  sftp_config {
+    trusted_host_keys = [%[2]q]
+    user_secret_id    = aws_secretsmanager_secret.test.id
+  }
+
+  egress_config {
+    vpc_lattice {
+      resource_configuration_arn = aws_vpclattice_resource_configuration.test.arn
+      port_number                = 22
+    }
+  }
+}
+
+data "aws_transfer_connector" "test" {
+  id = aws_transfer_connector.test.id
+}
+`, rName, publickey))
+}
diff --git a/internal/service/transfer/connector_test.go b/internal/service/transfer/connector_test.go
index 2f4f4b85740c..5e89da822e2f 100644
--- a/internal/service/transfer/connector_test.go
+++ b/internal/service/transfer/connector_test.go
@@ -160,6 +160,81 @@ func TestAccTransferConnector_disappears(t *testing.T) {
 	})
 }
 
+func TestAccTransferConnector_egressConfig(t *testing.T) {
+	ctx := acctest.Context(t)
+	var conf awstypes.DescribedConnector
+	resourceName := "aws_transfer_connector.test"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	publicKey := "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNt3kA/dBkS6ZyU/sVDiGMuWJQaRPmLNbs/25K/e/fIl07ZWUgqqsFkcycLLMNFGD30Cmgp6XCXfNlIjzFWhNam+4cBb4DPpvieUw44VgsHK5JQy3JKlUfglmH5rs4G5pLiVfZpFU6jqvTsu4mE1CHCP0sXJlJhGxMG3QbsqYWNKiqGFEhuzGMs6fQlMkNiXsFoDmh33HAcXCbaFSC7V7xIqT1hlKu0iOL+GNjMj4R3xy0o3jafhO4MG2s3TwCQQCyaa5oyjL8iP8p3L9yp6cbIcXaS72SIgbCSGCyrcQPIKP2lJJHvE1oVWzLVBhR4eSzrlFDv7K4IErzaJmHqdiz" // nosemgrep:ci.ssh-key
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.TransferEndpointID)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.TransferServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckConnectorDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConnectorConfig_egressConfig(rName, publicKey),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckConnectorExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "egress_config.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "egress_config.0.vpc_lattice.#", "1"),
+					resource.TestCheckResourceAttrSet(resourceName, "egress_config.0.vpc_lattice.0.resource_configuration_arn"),
+					resource.TestCheckResourceAttr(resourceName, "egress_config.0.vpc_lattice.0.port_number", "22"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccTransferConnector_egressConfigUpdate(t *testing.T) {
+	ctx := acctest.Context(t)
+	var conf awstypes.DescribedConnector
+	resourceName := "aws_transfer_connector.test"
+	resourceConfigName := "aws_vpclattice_resource_configuration.test"
+	resourceConfigName2 := "aws_vpclattice_resource_configuration.test2"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	publicKey := "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNt3kA/dBkS6ZyU/sVDiGMuWJQaRPmLNbs/25K/e/fIl07ZWUgqqsFkcycLLMNFGD30Cmgp6XCXfNlIjzFWhNam+4cBb4DPpvieUw44VgsHK5JQy3JKlUfglmH5rs4G5pLiVfZpFU6jqvTsu4mE1CHCP0sXJlJhGxMG3QbsqYWNKiqGFEhuzGMs6fQlMkNiXsFoDmh33HAcXCbaFSC7V7xIqT1hlKu0iOL+GNjMj4R3xy0o3jafhO4MG2s3TwCQQCyaa5oyjL8iP8p3L9yp6cbIcXaS72SIgbCSGCyrcQPIKP2lJJHvE1oVWzLVBhR4eSzrlFDv7K4IErzaJmHqdiz" // nosemgrep:ci.ssh-key
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.TransferEndpointID)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.TransferServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckConnectorDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConnectorConfig_egressConfig(rName, publicKey),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckConnectorExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttrPair(resourceName, "egress_config.0.vpc_lattice.0.resource_configuration_arn", resourceConfigName, names.AttrARN),
+					resource.TestCheckResourceAttr(resourceName, "egress_config.0.vpc_lattice.0.port_number", "22"),
+				),
+			},
+			{
+				Config: testAccConnectorConfig_egressConfigUpdated(rName, publicKey),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckConnectorExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttrPair(resourceName, "egress_config.0.vpc_lattice.0.resource_configuration_arn", resourceConfigName2, names.AttrARN),
+					resource.TestCheckResourceAttr(resourceName, "egress_config.0.vpc_lattice.0.port_number", "2222"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccTransferConnector_tags(t *testing.T) {
 	ctx := acctest.Context(t)
 	var conf awstypes.DescribedConnector
@@ -420,3 +495,142 @@ resource "aws_transfer_connector" "test" {
 }
 `, rName, url, tagKey1, tagValue1, tagKey2, tagValue2))
 }
+
+func testAccConnectorConfig_egressConfigBase(rName string) string {
+	return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
+resource "aws_iam_role" "test" {
+  name               = %[1]q
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Effect": "Allow",
+    "Principal": {
+      "Service": "transfer.amazonaws.com"
+    },
+    "Action": "sts:AssumeRole"
+  }]
+ }
+EOF
+}
+
+resource "aws_iam_role_policy" "test" {
+  name = %[1]q
+  role = aws_iam_role.test.id
+
+  policy = <<POLICY
+{
+  "Version":"2012-10-17",
+  "Statement":[{
+    "Sid":"AllowFullAccesstoS3",
+    "Effect":"Allow",
+    "Action":[
+      "s3:*"
+    ],
+    "Resource":"*"
+  }]
+}
+POLICY
+}
+
+resource "aws_secretsmanager_secret" "test" {
+  name = %[1]q
+}
+
+resource "aws_vpc" "test" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_subnet" "test" {
+  availability_zone = data.aws_availability_zones.available.names[0]
+  vpc_id            = aws_vpc.test.id
+  cidr_block        = "10.0.1.0/24"
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_vpclattice_resource_gateway" "test" {
+  name       = %[1]q
+  vpc_id     = aws_vpc.test.id
+  subnet_ids = [aws_subnet.test.id]
+}
+
+resource "aws_vpclattice_resource_configuration" "test" {
+  name = %[1]q
+
+  resource_gateway_identifier = aws_vpclattice_resource_gateway.test.id
+
+  port_ranges = ["22"]
+  protocol    = "TCP"
+
+  resource_configuration_definition {
+    dns_resource {
+      domain_name     = "sftp.example.com"
+      ip_address_type = "IPV4"
+    }
+  }
+}
+`, rName))
+}
+
+func testAccConnectorConfig_egressConfig(rName, publickey string) string {
+	return acctest.ConfigCompose(testAccConnectorConfig_egressConfigBase(rName), fmt.Sprintf(`
+resource "aws_transfer_connector" "test" {
+  access_role = aws_iam_role.test.arn
+
+  sftp_config {
+    trusted_host_keys = [%[2]q]
+    user_secret_id    = aws_secretsmanager_secret.test.id
+  }
+
+  egress_config {
+    vpc_lattice {
+      resource_configuration_arn = aws_vpclattice_resource_configuration.test.arn
+      port_number                = 22
+    }
+  }
+}
+`, rName, publickey))
+}
+
+func testAccConnectorConfig_egressConfigUpdated(rName, publickey string) string {
+	return acctest.ConfigCompose(testAccConnectorConfig_egressConfigBase(rName), fmt.Sprintf(`
+resource "aws_vpclattice_resource_configuration" "test2" {
+  name = "%[1]s-updated"
+
+  resource_gateway_identifier = aws_vpclattice_resource_gateway.test.id
+
+  port_ranges = ["2222"]
+  protocol    = "TCP"
+
+  resource_configuration_definition {
+    dns_resource {
+      domain_name     = "sftp-updated.example.com"
+      ip_address_type = "IPV4"
+    }
+  }
+}
+
+resource "aws_transfer_connector" "test" {
+  access_role = aws_iam_role.test.arn
+
+  sftp_config {
+    trusted_host_keys = [%[2]q]
+    user_secret_id    = aws_secretsmanager_secret.test.id
+  }
+
+  egress_config {
+    vpc_lattice {
+      resource_configuration_arn = aws_vpclattice_resource_configuration.test2.arn
+      port_number                = 2222
+    }
+  }
+}
+`, rName, publickey))
+}
diff --git a/website/docs/d/transfer_connector.html.markdown b/website/docs/d/transfer_connector.html.markdown
index a76361374120..da8ac4c12378 100644
--- a/website/docs/d/transfer_connector.html.markdown
+++ b/website/docs/d/transfer_connector.html.markdown
@@ -41,6 +41,10 @@ This data source exports the following attributes in addition to the arguments a
     * `message_subject` - Subject HTTP header attribute in outbound AS2 messages to the connector.
     * `partner_profile_id` - Unique identifier used by connector for partner profile.
     * `signing_algorithm` - Algorithm used for signing AS2 messages sent with the connector.
+* `egress_config` - Egress configuration for the connector. Contains the following attributes:
+    * `vpc_lattice` - VPC Lattice configuration. Contains the following attributes:
+        * `resource_configuration_arn` - ARN of the VPC Lattice Resource Configuration.
+        * `port_number` - Port number for connecting to the SFTP server through VPC Lattice.
 * `logging_role` -  ARN of the IAM role that allows a connector to turn on CLoudwatch logging for Amazon S3 events.
 * `security_policy_name` - Name of security policy.
 * `service_managed_egress_ip_addresses` - List of egress Ip addresses.
diff --git a/website/docs/r/transfer_connector.html.markdown b/website/docs/r/transfer_connector.html.markdown
index c42d739b61f7..7bce78ac3d6a 100644
--- a/website/docs/r/transfer_connector.html.markdown
+++ b/website/docs/r/transfer_connector.html.markdown
@@ -44,6 +44,24 @@ resource "aws_transfer_connector" "example" {
 }
 ```
 
+### SFTP Connector with VPC Lattice
+
+```terraform
+resource "aws_transfer_connector" "example" {
+  access_role = aws_iam_role.test.arn
+  sftp_config {
+    trusted_host_keys = ["ssh-rsa AAAAB3NYourKeysHere"]
+    user_secret_id    = aws_secretsmanager_secret.example.id
+  }
+  egress_config {
+    vpc_lattice {
+      resource_configuration_arn = "arn:aws:vpc-lattice:us-east-1:123456789012:resourceconfiguration/rcfg-12345678901234567"
+      port_number                = 22
+    }
+  }
+}
+```
+
 ## Argument Reference
 
 This resource supports the following arguments:
@@ -51,10 +69,11 @@ This resource supports the following arguments:
 * `region` - (Optional) Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the [provider configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#aws-configuration-reference).
 * `access_role` - (Required) The IAM Role which provides read and write access to the parent directory of the file location mentioned in the StartFileTransfer request.
 * `as2_config` - (Optional) Either SFTP or AS2 is configured.The parameters to configure for the connector object. Fields documented below.
+* `egress_config` - (Optional) Specifies the egress configuration for the connector. When set, enables routing through customer VPCs using VPC Lattice for private connectivity. Fields documented below.
 * `logging_role` - (Optional) The IAM Role which is required for allowing the connector to turn on CloudWatch logging for Amazon S3 events.
 * `security_policy_name` - (Optional) Name of the security policy for the connector.
 * `sftp_config` - (Optional) Either SFTP or AS2 is configured.The parameters to configure for the connector object. Fields documented below.
-* `url` - (Required) The URL of the partners AS2 endpoint or SFTP endpoint.
+* `url` - (Optional) The URL of the partners AS2 endpoint or SFTP endpoint. Required for AS2 connectors and service-managed SFTP connectors. Must be null when using VPC Lattice egress configuration.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 
 ### As2Config Details
@@ -73,6 +92,15 @@ This resource supports the following arguments:
 * `trusted_host_keys` - (Required) A list of public portion of the host key, or keys, that are used to authenticate the user to the external server to which you are connecting.(https://docs.aws.amazon.com/transfer/latest/userguide/API_SftpConnectorConfig.html)
 * `user_secret_id` - (Required) The identifier for the secret (in AWS Secrets Manager) that contains the SFTP user's private key, password, or both. The identifier can be either the Amazon Resource Name (ARN) or the name of the secret.
 
+### EgressConfig Details
+
+* `vpc_lattice` - (Optional) VPC Lattice configuration for routing connector traffic through customer VPCs. Fields documented below.
+
+### VpcLattice Details
+
+* `resource_configuration_arn` - (Required) ARN of the VPC Lattice Resource Configuration that defines the target SFTP server location. Must point to a valid Resource Configuration in a VPC with appropriate network connectivity to the SFTP server.
+* `port_number` - (Optional) Port number for connecting to the SFTP server through VPC Lattice. Defaults to 22 if not specified. Must match the port on which the target SFTP server is listening. Valid values are between 1 and 65535.
+
 ## Attribute Reference
 
 This resource exports the following attributes in addition to the arguments above: