aws.transfer.Server
Explore with Pulumi AI
Provides a AWS Transfer Server resource.
NOTE on AWS IAM permissions: If the
endpoint_type
is set toVPC
, theec2:DescribeVpcEndpoints
andec2:ModifyVpcEndpoint
actions are used.
NOTE: Use the
aws.transfer.Tag
resource to manage the system tags used for custom hostnames.
Example Usage
Basic
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {tags: {
Name: "Example",
}});
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example", tags={
"Name": "Example",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
Tags: pulumi.StringMap{
"Name": pulumi.String("Example"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
Tags =
{
{ "Name", "Example" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.tags(Map.of("Name", "Example"))
.build());
}
}
resources:
example:
type: aws:transfer:Server
properties:
tags:
Name: Example
Security Policy Name
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {securityPolicyName: "TransferSecurityPolicy-2020-06"});
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example", security_policy_name="TransferSecurityPolicy-2020-06")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
SecurityPolicyName: pulumi.String("TransferSecurityPolicy-2020-06"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
SecurityPolicyName = "TransferSecurityPolicy-2020-06",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.securityPolicyName("TransferSecurityPolicy-2020-06")
.build());
}
}
resources:
example:
type: aws:transfer:Server
properties:
securityPolicyName: TransferSecurityPolicy-2020-06
VPC Endpoint
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {
endpointType: "VPC",
endpointDetails: {
addressAllocationIds: [exampleAwsEip.id],
subnetIds: [exampleAwsSubnet.id],
vpcId: exampleAwsVpc.id,
},
});
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example",
endpoint_type="VPC",
endpoint_details={
"address_allocation_ids": [example_aws_eip["id"]],
"subnet_ids": [example_aws_subnet["id"]],
"vpc_id": example_aws_vpc["id"],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
EndpointType: pulumi.String("VPC"),
EndpointDetails: &transfer.ServerEndpointDetailsArgs{
AddressAllocationIds: pulumi.StringArray{
exampleAwsEip.Id,
},
SubnetIds: pulumi.StringArray{
exampleAwsSubnet.Id,
},
VpcId: pulumi.Any(exampleAwsVpc.Id),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
EndpointType = "VPC",
EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
{
AddressAllocationIds = new[]
{
exampleAwsEip.Id,
},
SubnetIds = new[]
{
exampleAwsSubnet.Id,
},
VpcId = exampleAwsVpc.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.endpointType("VPC")
.endpointDetails(ServerEndpointDetailsArgs.builder()
.addressAllocationIds(exampleAwsEip.id())
.subnetIds(exampleAwsSubnet.id())
.vpcId(exampleAwsVpc.id())
.build())
.build());
}
}
resources:
example:
type: aws:transfer:Server
properties:
endpointType: VPC
endpointDetails:
addressAllocationIds:
- ${exampleAwsEip.id}
subnetIds:
- ${exampleAwsSubnet.id}
vpcId: ${exampleAwsVpc.id}
AWS Directory authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {
identityProviderType: "AWS_DIRECTORY_SERVICE",
directoryId: exampleAwsDirectoryServiceDirectory.id,
});
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example",
identity_provider_type="AWS_DIRECTORY_SERVICE",
directory_id=example_aws_directory_service_directory["id"])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
IdentityProviderType: pulumi.String("AWS_DIRECTORY_SERVICE"),
DirectoryId: pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
IdentityProviderType = "AWS_DIRECTORY_SERVICE",
DirectoryId = exampleAwsDirectoryServiceDirectory.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.identityProviderType("AWS_DIRECTORY_SERVICE")
.directoryId(exampleAwsDirectoryServiceDirectory.id())
.build());
}
}
resources:
example:
type: aws:transfer:Server
properties:
identityProviderType: AWS_DIRECTORY_SERVICE
directoryId: ${exampleAwsDirectoryServiceDirectory.id}
AWS Lambda authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {
identityProviderType: "AWS_LAMBDA",
"function": exampleAwsLambdaIdentityProvider.arn,
});
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example",
identity_provider_type="AWS_LAMBDA",
function=example_aws_lambda_identity_provider["arn"])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
IdentityProviderType: pulumi.String("AWS_LAMBDA"),
Function: pulumi.Any(exampleAwsLambdaIdentityProvider.Arn),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
IdentityProviderType = "AWS_LAMBDA",
Function = exampleAwsLambdaIdentityProvider.Arn,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.identityProviderType("AWS_LAMBDA")
.function(exampleAwsLambdaIdentityProvider.arn())
.build());
}
}
resources:
example:
type: aws:transfer:Server
properties:
identityProviderType: AWS_LAMBDA
function: ${exampleAwsLambdaIdentityProvider.arn}
Protocols
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {
endpointType: "VPC",
endpointDetails: {
subnetIds: [exampleAwsSubnet.id],
vpcId: exampleAwsVpc.id,
},
protocols: [
"FTP",
"FTPS",
],
certificate: exampleAwsAcmCertificate.arn,
identityProviderType: "API_GATEWAY",
url: `${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}`,
});
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example",
endpoint_type="VPC",
endpoint_details={
"subnet_ids": [example_aws_subnet["id"]],
"vpc_id": example_aws_vpc["id"],
},
protocols=[
"FTP",
"FTPS",
],
certificate=example_aws_acm_certificate["arn"],
identity_provider_type="API_GATEWAY",
url=f"{example_aws_api_gateway_deployment['invokeUrl']}{example_aws_api_gateway_resource['path']}")
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
EndpointType: pulumi.String("VPC"),
EndpointDetails: &transfer.ServerEndpointDetailsArgs{
SubnetIds: pulumi.StringArray{
exampleAwsSubnet.Id,
},
VpcId: pulumi.Any(exampleAwsVpc.Id),
},
Protocols: pulumi.StringArray{
pulumi.String("FTP"),
pulumi.String("FTPS"),
},
Certificate: pulumi.Any(exampleAwsAcmCertificate.Arn),
IdentityProviderType: pulumi.String("API_GATEWAY"),
Url: pulumi.Sprintf("%v%v", exampleAwsApiGatewayDeployment.InvokeUrl, exampleAwsApiGatewayResource.Path),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
EndpointType = "VPC",
EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
{
SubnetIds = new[]
{
exampleAwsSubnet.Id,
},
VpcId = exampleAwsVpc.Id,
},
Protocols = new[]
{
"FTP",
"FTPS",
},
Certificate = exampleAwsAcmCertificate.Arn,
IdentityProviderType = "API_GATEWAY",
Url = $"{exampleAwsApiGatewayDeployment.InvokeUrl}{exampleAwsApiGatewayResource.Path}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.endpointType("VPC")
.endpointDetails(ServerEndpointDetailsArgs.builder()
.subnetIds(exampleAwsSubnet.id())
.vpcId(exampleAwsVpc.id())
.build())
.protocols(
"FTP",
"FTPS")
.certificate(exampleAwsAcmCertificate.arn())
.identityProviderType("API_GATEWAY")
.url(String.format("%s%s", exampleAwsApiGatewayDeployment.invokeUrl(),exampleAwsApiGatewayResource.path()))
.build());
}
}
resources:
example:
type: aws:transfer:Server
properties:
endpointType: VPC
endpointDetails:
subnetIds:
- ${exampleAwsSubnet.id}
vpcId: ${exampleAwsVpc.id}
protocols:
- FTP
- FTPS
certificate: ${exampleAwsAcmCertificate.arn}
identityProviderType: API_GATEWAY
url: ${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}
Using Structured Logging Destinations
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const transfer = new aws.cloudwatch.LogGroup("transfer", {namePrefix: "transfer_test_"});
const transferAssumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["transfer.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const iamForTransfer = new aws.iam.Role("iam_for_transfer", {
namePrefix: "iam_for_transfer_",
assumeRolePolicy: transferAssumeRole.then(transferAssumeRole => transferAssumeRole.json),
managedPolicyArns: ["arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"],
});
const transferServer = new aws.transfer.Server("transfer", {
endpointType: "PUBLIC",
loggingRole: iamForTransfer.arn,
protocols: ["SFTP"],
structuredLogDestinations: [pulumi.interpolate`${transfer.arn}:*`],
});
import pulumi
import pulumi_aws as aws
transfer = aws.cloudwatch.LogGroup("transfer", name_prefix="transfer_test_")
transfer_assume_role = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"principals": [{
"type": "Service",
"identifiers": ["transfer.amazonaws.com"],
}],
"actions": ["sts:AssumeRole"],
}])
iam_for_transfer = aws.iam.Role("iam_for_transfer",
name_prefix="iam_for_transfer_",
assume_role_policy=transfer_assume_role.json,
managed_policy_arns=["arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"])
transfer_server = aws.transfer.Server("transfer",
endpoint_type="PUBLIC",
logging_role=iam_for_transfer.arn,
protocols=["SFTP"],
structured_log_destinations=[transfer.arn.apply(lambda arn: f"{arn}:*")])
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
transfer, err := cloudwatch.NewLogGroup(ctx, "transfer", &cloudwatch.LogGroupArgs{
NamePrefix: pulumi.String("transfer_test_"),
})
if err != nil {
return err
}
transferAssumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"transfer.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil)
if err != nil {
return err
}
iamForTransfer, err := iam.NewRole(ctx, "iam_for_transfer", &iam.RoleArgs{
NamePrefix: pulumi.String("iam_for_transfer_"),
AssumeRolePolicy: pulumi.String(transferAssumeRole.Json),
ManagedPolicyArns: pulumi.StringArray{
pulumi.String("arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"),
},
})
if err != nil {
return err
}
_, err = transfer.NewServer(ctx, "transfer", &transfer.ServerArgs{
EndpointType: pulumi.String("PUBLIC"),
LoggingRole: iamForTransfer.Arn,
Protocols: pulumi.StringArray{
pulumi.String("SFTP"),
},
StructuredLogDestinations: pulumi.StringArray{
transfer.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v:*", arn), nil
}).(pulumi.StringOutput),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var transfer = new Aws.CloudWatch.LogGroup("transfer", new()
{
NamePrefix = "transfer_test_",
});
var transferAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"transfer.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var iamForTransfer = new Aws.Iam.Role("iam_for_transfer", new()
{
NamePrefix = "iam_for_transfer_",
AssumeRolePolicy = transferAssumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
ManagedPolicyArns = new[]
{
"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess",
},
});
var transferServer = new Aws.Transfer.Server("transfer", new()
{
EndpointType = "PUBLIC",
LoggingRole = iamForTransfer.Arn,
Protocols = new[]
{
"SFTP",
},
StructuredLogDestinations = new[]
{
transfer.Arn.Apply(arn => $"{arn}:*"),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var transfer = new LogGroup("transfer", LogGroupArgs.builder()
.namePrefix("transfer_test_")
.build());
final var transferAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("transfer.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var iamForTransfer = new Role("iamForTransfer", RoleArgs.builder()
.namePrefix("iam_for_transfer_")
.assumeRolePolicy(transferAssumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.managedPolicyArns("arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess")
.build());
var transferServer = new Server("transferServer", ServerArgs.builder()
.endpointType("PUBLIC")
.loggingRole(iamForTransfer.arn())
.protocols("SFTP")
.structuredLogDestinations(transfer.arn().applyValue(arn -> String.format("%s:*", arn)))
.build());
}
}
resources:
transfer:
type: aws:cloudwatch:LogGroup
properties:
namePrefix: transfer_test_
iamForTransfer:
type: aws:iam:Role
name: iam_for_transfer
properties:
namePrefix: iam_for_transfer_
assumeRolePolicy: ${transferAssumeRole.json}
managedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess
transferServer:
type: aws:transfer:Server
name: transfer
properties:
endpointType: PUBLIC
loggingRole: ${iamForTransfer.arn}
protocols:
- SFTP
structuredLogDestinations:
- ${transfer.arn}:*
variables:
transferAssumeRole:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- transfer.amazonaws.com
actions:
- sts:AssumeRole
Create Server Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Server(name: string, args?: ServerArgs, opts?: CustomResourceOptions);
@overload
def Server(resource_name: str,
args: Optional[ServerArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Server(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate: Optional[str] = None,
directory_id: Optional[str] = None,
domain: Optional[str] = None,
endpoint_details: Optional[ServerEndpointDetailsArgs] = None,
endpoint_type: Optional[str] = None,
force_destroy: Optional[bool] = None,
function: Optional[str] = None,
host_key: Optional[str] = None,
identity_provider_type: Optional[str] = None,
invocation_role: Optional[str] = None,
logging_role: Optional[str] = None,
post_authentication_login_banner: Optional[str] = None,
pre_authentication_login_banner: Optional[str] = None,
protocol_details: Optional[ServerProtocolDetailsArgs] = None,
protocols: Optional[Sequence[str]] = None,
s3_storage_options: Optional[ServerS3StorageOptionsArgs] = None,
security_policy_name: Optional[str] = None,
sftp_authentication_methods: Optional[str] = None,
structured_log_destinations: Optional[Sequence[str]] = None,
tags: Optional[Mapping[str, str]] = None,
url: Optional[str] = None,
workflow_details: Optional[ServerWorkflowDetailsArgs] = None)
func NewServer(ctx *Context, name string, args *ServerArgs, opts ...ResourceOption) (*Server, error)
public Server(string name, ServerArgs? args = null, CustomResourceOptions? opts = null)
public Server(String name, ServerArgs args)
public Server(String name, ServerArgs args, CustomResourceOptions options)
type: aws:transfer:Server
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var serverResource = new Aws.Transfer.Server("serverResource", new()
{
Certificate = "string",
DirectoryId = "string",
Domain = "string",
EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
{
AddressAllocationIds = new[]
{
"string",
},
SecurityGroupIds = new[]
{
"string",
},
SubnetIds = new[]
{
"string",
},
VpcEndpointId = "string",
VpcId = "string",
},
EndpointType = "string",
ForceDestroy = false,
Function = "string",
HostKey = "string",
IdentityProviderType = "string",
InvocationRole = "string",
LoggingRole = "string",
PostAuthenticationLoginBanner = "string",
PreAuthenticationLoginBanner = "string",
ProtocolDetails = new Aws.Transfer.Inputs.ServerProtocolDetailsArgs
{
As2Transports = new[]
{
"string",
},
PassiveIp = "string",
SetStatOption = "string",
TlsSessionResumptionMode = "string",
},
Protocols = new[]
{
"string",
},
S3StorageOptions = new Aws.Transfer.Inputs.ServerS3StorageOptionsArgs
{
DirectoryListingOptimization = "string",
},
SecurityPolicyName = "string",
SftpAuthenticationMethods = "string",
StructuredLogDestinations = new[]
{
"string",
},
Tags =
{
{ "string", "string" },
},
Url = "string",
WorkflowDetails = new Aws.Transfer.Inputs.ServerWorkflowDetailsArgs
{
OnPartialUpload = new Aws.Transfer.Inputs.ServerWorkflowDetailsOnPartialUploadArgs
{
ExecutionRole = "string",
WorkflowId = "string",
},
OnUpload = new Aws.Transfer.Inputs.ServerWorkflowDetailsOnUploadArgs
{
ExecutionRole = "string",
WorkflowId = "string",
},
},
});
example, err := transfer.NewServer(ctx, "serverResource", &transfer.ServerArgs{
Certificate: pulumi.String("string"),
DirectoryId: pulumi.String("string"),
Domain: pulumi.String("string"),
EndpointDetails: &transfer.ServerEndpointDetailsArgs{
AddressAllocationIds: pulumi.StringArray{
pulumi.String("string"),
},
SecurityGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
SubnetIds: pulumi.StringArray{
pulumi.String("string"),
},
VpcEndpointId: pulumi.String("string"),
VpcId: pulumi.String("string"),
},
EndpointType: pulumi.String("string"),
ForceDestroy: pulumi.Bool(false),
Function: pulumi.String("string"),
HostKey: pulumi.String("string"),
IdentityProviderType: pulumi.String("string"),
InvocationRole: pulumi.String("string"),
LoggingRole: pulumi.String("string"),
PostAuthenticationLoginBanner: pulumi.String("string"),
PreAuthenticationLoginBanner: pulumi.String("string"),
ProtocolDetails: &transfer.ServerProtocolDetailsArgs{
As2Transports: pulumi.StringArray{
pulumi.String("string"),
},
PassiveIp: pulumi.String("string"),
SetStatOption: pulumi.String("string"),
TlsSessionResumptionMode: pulumi.String("string"),
},
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
S3StorageOptions: &transfer.ServerS3StorageOptionsArgs{
DirectoryListingOptimization: pulumi.String("string"),
},
SecurityPolicyName: pulumi.String("string"),
SftpAuthenticationMethods: pulumi.String("string"),
StructuredLogDestinations: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Url: pulumi.String("string"),
WorkflowDetails: &transfer.ServerWorkflowDetailsArgs{
OnPartialUpload: &transfer.ServerWorkflowDetailsOnPartialUploadArgs{
ExecutionRole: pulumi.String("string"),
WorkflowId: pulumi.String("string"),
},
OnUpload: &transfer.ServerWorkflowDetailsOnUploadArgs{
ExecutionRole: pulumi.String("string"),
WorkflowId: pulumi.String("string"),
},
},
})
var serverResource = new Server("serverResource", ServerArgs.builder()
.certificate("string")
.directoryId("string")
.domain("string")
.endpointDetails(ServerEndpointDetailsArgs.builder()
.addressAllocationIds("string")
.securityGroupIds("string")
.subnetIds("string")
.vpcEndpointId("string")
.vpcId("string")
.build())
.endpointType("string")
.forceDestroy(false)
.function("string")
.hostKey("string")
.identityProviderType("string")
.invocationRole("string")
.loggingRole("string")
.postAuthenticationLoginBanner("string")
.preAuthenticationLoginBanner("string")
.protocolDetails(ServerProtocolDetailsArgs.builder()
.as2Transports("string")
.passiveIp("string")
.setStatOption("string")
.tlsSessionResumptionMode("string")
.build())
.protocols("string")
.s3StorageOptions(ServerS3StorageOptionsArgs.builder()
.directoryListingOptimization("string")
.build())
.securityPolicyName("string")
.sftpAuthenticationMethods("string")
.structuredLogDestinations("string")
.tags(Map.of("string", "string"))
.url("string")
.workflowDetails(ServerWorkflowDetailsArgs.builder()
.onPartialUpload(ServerWorkflowDetailsOnPartialUploadArgs.builder()
.executionRole("string")
.workflowId("string")
.build())
.onUpload(ServerWorkflowDetailsOnUploadArgs.builder()
.executionRole("string")
.workflowId("string")
.build())
.build())
.build());
server_resource = aws.transfer.Server("serverResource",
certificate="string",
directory_id="string",
domain="string",
endpoint_details={
"address_allocation_ids": ["string"],
"security_group_ids": ["string"],
"subnet_ids": ["string"],
"vpc_endpoint_id": "string",
"vpc_id": "string",
},
endpoint_type="string",
force_destroy=False,
function="string",
host_key="string",
identity_provider_type="string",
invocation_role="string",
logging_role="string",
post_authentication_login_banner="string",
pre_authentication_login_banner="string",
protocol_details={
"as2_transports": ["string"],
"passive_ip": "string",
"set_stat_option": "string",
"tls_session_resumption_mode": "string",
},
protocols=["string"],
s3_storage_options={
"directory_listing_optimization": "string",
},
security_policy_name="string",
sftp_authentication_methods="string",
structured_log_destinations=["string"],
tags={
"string": "string",
},
url="string",
workflow_details={
"on_partial_upload": {
"execution_role": "string",
"workflow_id": "string",
},
"on_upload": {
"execution_role": "string",
"workflow_id": "string",
},
})
const serverResource = new aws.transfer.Server("serverResource", {
certificate: "string",
directoryId: "string",
domain: "string",
endpointDetails: {
addressAllocationIds: ["string"],
securityGroupIds: ["string"],
subnetIds: ["string"],
vpcEndpointId: "string",
vpcId: "string",
},
endpointType: "string",
forceDestroy: false,
"function": "string",
hostKey: "string",
identityProviderType: "string",
invocationRole: "string",
loggingRole: "string",
postAuthenticationLoginBanner: "string",
preAuthenticationLoginBanner: "string",
protocolDetails: {
as2Transports: ["string"],
passiveIp: "string",
setStatOption: "string",
tlsSessionResumptionMode: "string",
},
protocols: ["string"],
s3StorageOptions: {
directoryListingOptimization: "string",
},
securityPolicyName: "string",
sftpAuthenticationMethods: "string",
structuredLogDestinations: ["string"],
tags: {
string: "string",
},
url: "string",
workflowDetails: {
onPartialUpload: {
executionRole: "string",
workflowId: "string",
},
onUpload: {
executionRole: "string",
workflowId: "string",
},
},
});
type: aws:transfer:Server
properties:
certificate: string
directoryId: string
domain: string
endpointDetails:
addressAllocationIds:
- string
securityGroupIds:
- string
subnetIds:
- string
vpcEndpointId: string
vpcId: string
endpointType: string
forceDestroy: false
function: string
hostKey: string
identityProviderType: string
invocationRole: string
loggingRole: string
postAuthenticationLoginBanner: string
preAuthenticationLoginBanner: string
protocolDetails:
as2Transports:
- string
passiveIp: string
setStatOption: string
tlsSessionResumptionMode: string
protocols:
- string
s3StorageOptions:
directoryListingOptimization: string
securityPolicyName: string
sftpAuthenticationMethods: string
structuredLogDestinations:
- string
tags:
string: string
url: string
workflowDetails:
onPartialUpload:
executionRole: string
workflowId: string
onUpload:
executionRole: string
workflowId: string
Server Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Server resource accepts the following input properties:
- Certificate string
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- Directory
Id string - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - Domain string
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - Endpoint
Details ServerEndpoint Details - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - Endpoint
Type string - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - Force
Destroy bool - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - Function string
- The ARN for a lambda function to use for the Identity provider.
- Host
Key string - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - Identity
Provider stringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - Invocation
Role string - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - Logging
Role string - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- string
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- string
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- Protocol
Details ServerProtocol Details - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - Protocols List<string>
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- S3Storage
Options ServerS3Storage Options - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - Security
Policy stringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- Sftp
Authentication stringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - Structured
Log List<string>Destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Url string
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - Workflow
Details ServerWorkflow Details - Specifies the workflow details. See
workflow_details
Block below for details.
- Certificate string
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- Directory
Id string - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - Domain string
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - Endpoint
Details ServerEndpoint Details Args - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - Endpoint
Type string - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - Force
Destroy bool - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - Function string
- The ARN for a lambda function to use for the Identity provider.
- Host
Key string - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - Identity
Provider stringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - Invocation
Role string - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - Logging
Role string - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- string
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- string
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- Protocol
Details ServerProtocol Details Args - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - Protocols []string
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- S3Storage
Options ServerS3Storage Options Args - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - Security
Policy stringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- Sftp
Authentication stringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - Structured
Log []stringDestinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Url string
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - Workflow
Details ServerWorkflow Details Args - Specifies the workflow details. See
workflow_details
Block below for details.
- certificate String
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- directory
Id String - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - domain String
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - endpoint
Details ServerEndpoint Details - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - endpoint
Type String - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - force
Destroy Boolean - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - function String
- The ARN for a lambda function to use for the Identity provider.
- host
Key String - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - identity
Provider StringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - invocation
Role String - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - logging
Role String - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- String
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- String
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- protocol
Details ServerProtocol Details - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - protocols List<String>
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- s3Storage
Options ServerS3Storage Options - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - security
Policy StringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- sftp
Authentication StringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - structured
Log List<String>Destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - url String
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - workflow
Details ServerWorkflow Details - Specifies the workflow details. See
workflow_details
Block below for details.
- certificate string
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- directory
Id string - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - domain string
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - endpoint
Details ServerEndpoint Details - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - endpoint
Type string - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - force
Destroy boolean - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - function string
- The ARN for a lambda function to use for the Identity provider.
- host
Key string - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - identity
Provider stringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - invocation
Role string - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - logging
Role string - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- string
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- string
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- protocol
Details ServerProtocol Details - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - protocols string[]
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- s3Storage
Options ServerS3Storage Options - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - security
Policy stringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- sftp
Authentication stringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - structured
Log string[]Destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - url string
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - workflow
Details ServerWorkflow Details - Specifies the workflow details. See
workflow_details
Block below for details.
- certificate str
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- directory_
id str - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - domain str
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - endpoint_
details ServerEndpoint Details Args - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - endpoint_
type str - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - force_
destroy bool - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - function str
- The ARN for a lambda function to use for the Identity provider.
- host_
key str - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - identity_
provider_ strtype - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - invocation_
role str - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - logging_
role str - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- str
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- str
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- protocol_
details ServerProtocol Details Args - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - protocols Sequence[str]
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- s3_
storage_ Serveroptions S3Storage Options Args - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - security_
policy_ strname Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- sftp_
authentication_ strmethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - structured_
log_ Sequence[str]destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - url str
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - workflow_
details ServerWorkflow Details Args - Specifies the workflow details. See
workflow_details
Block below for details.
- certificate String
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- directory
Id String - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - domain String
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - endpoint
Details Property Map - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - endpoint
Type String - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - force
Destroy Boolean - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - function String
- The ARN for a lambda function to use for the Identity provider.
- host
Key String - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - identity
Provider StringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - invocation
Role String - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - logging
Role String - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- String
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- String
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- protocol
Details Property Map - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - protocols List<String>
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- s3Storage
Options Property Map - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - security
Policy StringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- sftp
Authentication StringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - structured
Log List<String>Destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - url String
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - workflow
Details Property Map - Specifies the workflow details. See
workflow_details
Block below for details.
Outputs
All input properties are implicitly available as output properties. Additionally, the Server resource produces the following output properties:
- Arn string
- Amazon Resource Name (ARN) of Transfer Server
- Endpoint string
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - Host
Key stringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - Id string
- The provider-assigned unique ID for this managed resource.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- Amazon Resource Name (ARN) of Transfer Server
- Endpoint string
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - Host
Key stringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - Id string
- The provider-assigned unique ID for this managed resource.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- Amazon Resource Name (ARN) of Transfer Server
- endpoint String
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - host
Key StringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - id String
- The provider-assigned unique ID for this managed resource.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- Amazon Resource Name (ARN) of Transfer Server
- endpoint string
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - host
Key stringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - id string
- The provider-assigned unique ID for this managed resource.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- Amazon Resource Name (ARN) of Transfer Server
- endpoint str
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - host_
key_ strfingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - id str
- The provider-assigned unique ID for this managed resource.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- Amazon Resource Name (ARN) of Transfer Server
- endpoint String
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - host
Key StringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - id String
- The provider-assigned unique ID for this managed resource.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing Server Resource
Get an existing Server resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServerState, opts?: CustomResourceOptions): Server
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
certificate: Optional[str] = None,
directory_id: Optional[str] = None,
domain: Optional[str] = None,
endpoint: Optional[str] = None,
endpoint_details: Optional[ServerEndpointDetailsArgs] = None,
endpoint_type: Optional[str] = None,
force_destroy: Optional[bool] = None,
function: Optional[str] = None,
host_key: Optional[str] = None,
host_key_fingerprint: Optional[str] = None,
identity_provider_type: Optional[str] = None,
invocation_role: Optional[str] = None,
logging_role: Optional[str] = None,
post_authentication_login_banner: Optional[str] = None,
pre_authentication_login_banner: Optional[str] = None,
protocol_details: Optional[ServerProtocolDetailsArgs] = None,
protocols: Optional[Sequence[str]] = None,
s3_storage_options: Optional[ServerS3StorageOptionsArgs] = None,
security_policy_name: Optional[str] = None,
sftp_authentication_methods: Optional[str] = None,
structured_log_destinations: Optional[Sequence[str]] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
url: Optional[str] = None,
workflow_details: Optional[ServerWorkflowDetailsArgs] = None) -> Server
func GetServer(ctx *Context, name string, id IDInput, state *ServerState, opts ...ResourceOption) (*Server, error)
public static Server Get(string name, Input<string> id, ServerState? state, CustomResourceOptions? opts = null)
public static Server get(String name, Output<String> id, ServerState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- Amazon Resource Name (ARN) of Transfer Server
- Certificate string
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- Directory
Id string - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - Domain string
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - Endpoint string
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - Endpoint
Details ServerEndpoint Details - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - Endpoint
Type string - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - Force
Destroy bool - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - Function string
- The ARN for a lambda function to use for the Identity provider.
- Host
Key string - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - Host
Key stringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - Identity
Provider stringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - Invocation
Role string - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - Logging
Role string - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- string
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- string
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- Protocol
Details ServerProtocol Details - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - Protocols List<string>
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- S3Storage
Options ServerS3Storage Options - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - Security
Policy stringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- Sftp
Authentication stringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - Structured
Log List<string>Destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Url string
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - Workflow
Details ServerWorkflow Details - Specifies the workflow details. See
workflow_details
Block below for details.
- Arn string
- Amazon Resource Name (ARN) of Transfer Server
- Certificate string
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- Directory
Id string - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - Domain string
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - Endpoint string
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - Endpoint
Details ServerEndpoint Details Args - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - Endpoint
Type string - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - Force
Destroy bool - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - Function string
- The ARN for a lambda function to use for the Identity provider.
- Host
Key string - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - Host
Key stringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - Identity
Provider stringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - Invocation
Role string - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - Logging
Role string - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- string
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- string
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- Protocol
Details ServerProtocol Details Args - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - Protocols []string
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- S3Storage
Options ServerS3Storage Options Args - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - Security
Policy stringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- Sftp
Authentication stringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - Structured
Log []stringDestinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Url string
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - Workflow
Details ServerWorkflow Details Args - Specifies the workflow details. See
workflow_details
Block below for details.
- arn String
- Amazon Resource Name (ARN) of Transfer Server
- certificate String
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- directory
Id String - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - domain String
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - endpoint String
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - endpoint
Details ServerEndpoint Details - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - endpoint
Type String - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - force
Destroy Boolean - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - function String
- The ARN for a lambda function to use for the Identity provider.
- host
Key String - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - host
Key StringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - identity
Provider StringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - invocation
Role String - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - logging
Role String - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- String
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- String
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- protocol
Details ServerProtocol Details - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - protocols List<String>
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- s3Storage
Options ServerS3Storage Options - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - security
Policy StringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- sftp
Authentication StringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - structured
Log List<String>Destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - url String
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - workflow
Details ServerWorkflow Details - Specifies the workflow details. See
workflow_details
Block below for details.
- arn string
- Amazon Resource Name (ARN) of Transfer Server
- certificate string
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- directory
Id string - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - domain string
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - endpoint string
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - endpoint
Details ServerEndpoint Details - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - endpoint
Type string - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - force
Destroy boolean - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - function string
- The ARN for a lambda function to use for the Identity provider.
- host
Key string - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - host
Key stringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - identity
Provider stringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - invocation
Role string - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - logging
Role string - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- string
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- string
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- protocol
Details ServerProtocol Details - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - protocols string[]
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- s3Storage
Options ServerS3Storage Options - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - security
Policy stringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- sftp
Authentication stringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - structured
Log string[]Destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - url string
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - workflow
Details ServerWorkflow Details - Specifies the workflow details. See
workflow_details
Block below for details.
- arn str
- Amazon Resource Name (ARN) of Transfer Server
- certificate str
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- directory_
id str - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - domain str
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - endpoint str
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - endpoint_
details ServerEndpoint Details Args - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - endpoint_
type str - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - force_
destroy bool - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - function str
- The ARN for a lambda function to use for the Identity provider.
- host_
key str - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - host_
key_ strfingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - identity_
provider_ strtype - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - invocation_
role str - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - logging_
role str - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- str
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- str
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- protocol_
details ServerProtocol Details Args - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - protocols Sequence[str]
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- s3_
storage_ Serveroptions S3Storage Options Args - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - security_
policy_ strname Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- sftp_
authentication_ strmethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - structured_
log_ Sequence[str]destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - url str
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - workflow_
details ServerWorkflow Details Args - Specifies the workflow details. See
workflow_details
Block below for details.
- arn String
- Amazon Resource Name (ARN) of Transfer Server
- certificate String
- The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when
protocols
is set toFTPS
- directory
Id String - The directory service ID of the directory service you want to connect to with an
identity_provider_type
ofAWS_DIRECTORY_SERVICE
. - domain String
- The domain of the storage system that is used for file transfers. Valid values are:
S3
andEFS
. The default value isS3
. - endpoint String
- The endpoint of the Transfer Server (e.g.,
s-12345678.server.transfer.REGION.amazonaws.com
) - endpoint
Details Property Map - The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See
endpoint_details
Block below for details. - endpoint
Type String - The type of endpoint that you want your SFTP server connect to. If you connect to a
VPC
(orVPC_ENDPOINT
), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, setPUBLIC
. Defaults toPUBLIC
. - force
Destroy Boolean - A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is
false
. This option only applies to servers configured with aSERVICE_MANAGED
identity_provider_type
. - function String
- The ARN for a lambda function to use for the Identity provider.
- host
Key String - RSA, ECDSA, or ED25519 private key (e.g., as generated by the
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
,ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
orssh-keygen -t ed25519 -N "" -f my-new-server-key
commands). - host
Key StringFingerprint - This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the
ssh-keygen -l -E md5 -f my-new-server-key
command. - identity
Provider StringType - The mode of authentication enabled for this service. The default value is
SERVICE_MANAGED
, which allows you to store and access SFTP user credentials within the service.API_GATEWAY
indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. UsingAWS_DIRECTORY_SERVICE
will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use theAWS_LAMBDA
value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in thefunction
argument. - invocation
Role String - Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an
identity_provider_type
ofAPI_GATEWAY
. - logging
Role String - Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
- String
- Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
- String
- Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
- protocol
Details Property Map - The protocol settings that are configured for your server. See
protocol_details
Block below for details. - protocols List<String>
- Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to
SFTP
. The available protocols are:AS2
: File transfer over Applicability Statement 2SFTP
: File transfer over SSHFTPS
: File transfer with TLS encryptionFTP
: Unencrypted file transfer
- s3Storage
Options Property Map - Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See
s3_storage_options
Block below for details. - security
Policy StringName Specifies the name of the security policy that is attached to the server. Default value is:
TransferSecurityPolicy-2018-11
. The available values are:TransferSecurityPolicy-2018-11
TransferSecurityPolicy-2020-06
TransferSecurityPolicy-2022-03
TransferSecurityPolicy-2023-05
TransferSecurityPolicy-2024-01
TransferSecurityPolicy-FIPS-2020-06
TransferSecurityPolicy-FIPS-2023-05
TransferSecurityPolicy-FIPS-2024-01
TransferSecurityPolicy-FIPS-2024-05
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
TransferSecurityPolicy-Restricted-2018-11
TransferSecurityPolicy-Restricted-2020-06
TransferSecurityPolicy-Restricted-2024-06
See Security policies for AWS Transfer Family servers for details.
- sftp
Authentication StringMethods - For SFTP-enabled servers, and for custom identity providers only. Valid values are
PASSWORD
,PUBLIC_KEY
,PUBLIC_KEY_OR_PASSWORD
andPUBLIC_KEY_AND_PASSWORD
. Default value is:PUBLIC_KEY_OR_PASSWORD
. - structured
Log List<String>Destinations - A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
- Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - url String
- URL of the service endpoint used to authenticate users with an
identity_provider_type
ofAPI_GATEWAY
. - workflow
Details Property Map - Specifies the workflow details. See
workflow_details
Block below for details.
Supporting Types
ServerEndpointDetails, ServerEndpointDetailsArgs
- Address
Allocation List<string>Ids - A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when
endpoint_type
is set toVPC
. - Security
Group List<string>Ids - A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when
endpoint_type
is set toVPC
. - Subnet
Ids List<string> - A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when
endpoint_type
is set toVPC
. - Vpc
Endpoint stringId - The ID of the VPC endpoint. This property can only be used when
endpoint_type
is set toVPC_ENDPOINT
- Vpc
Id string - The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when
endpoint_type
is set toVPC
.
- Address
Allocation []stringIds - A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when
endpoint_type
is set toVPC
. - Security
Group []stringIds - A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when
endpoint_type
is set toVPC
. - Subnet
Ids []string - A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when
endpoint_type
is set toVPC
. - Vpc
Endpoint stringId - The ID of the VPC endpoint. This property can only be used when
endpoint_type
is set toVPC_ENDPOINT
- Vpc
Id string - The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when
endpoint_type
is set toVPC
.
- address
Allocation List<String>Ids - A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when
endpoint_type
is set toVPC
. - security
Group List<String>Ids - A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when
endpoint_type
is set toVPC
. - subnet
Ids List<String> - A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when
endpoint_type
is set toVPC
. - vpc
Endpoint StringId - The ID of the VPC endpoint. This property can only be used when
endpoint_type
is set toVPC_ENDPOINT
- vpc
Id String - The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when
endpoint_type
is set toVPC
.
- address
Allocation string[]Ids - A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when
endpoint_type
is set toVPC
. - security
Group string[]Ids - A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when
endpoint_type
is set toVPC
. - subnet
Ids string[] - A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when
endpoint_type
is set toVPC
. - vpc
Endpoint stringId - The ID of the VPC endpoint. This property can only be used when
endpoint_type
is set toVPC_ENDPOINT
- vpc
Id string - The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when
endpoint_type
is set toVPC
.
- address_
allocation_ Sequence[str]ids - A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when
endpoint_type
is set toVPC
. - security_
group_ Sequence[str]ids - A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when
endpoint_type
is set toVPC
. - subnet_
ids Sequence[str] - A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when
endpoint_type
is set toVPC
. - vpc_
endpoint_ strid - The ID of the VPC endpoint. This property can only be used when
endpoint_type
is set toVPC_ENDPOINT
- vpc_
id str - The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when
endpoint_type
is set toVPC
.
- address
Allocation List<String>Ids - A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when
endpoint_type
is set toVPC
. - security
Group List<String>Ids - A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when
endpoint_type
is set toVPC
. - subnet
Ids List<String> - A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when
endpoint_type
is set toVPC
. - vpc
Endpoint StringId - The ID of the VPC endpoint. This property can only be used when
endpoint_type
is set toVPC_ENDPOINT
- vpc
Id String - The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when
endpoint_type
is set toVPC
.
ServerProtocolDetails, ServerProtocolDetailsArgs
- As2Transports List<string>
- Indicates the transport method for the AS2 messages. Currently, only
HTTP
is supported. - Passive
Ip string - Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
- Set
Stat stringOption - Use to ignore the error that is generated when the client attempts to use
SETSTAT
on a file you are uploading to an S3 bucket. Valid values:DEFAULT
,ENABLE_NO_OP
. - Tls
Session stringResumption Mode - A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values:
DISABLED
,ENABLED
,ENFORCED
.
- As2Transports []string
- Indicates the transport method for the AS2 messages. Currently, only
HTTP
is supported. - Passive
Ip string - Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
- Set
Stat stringOption - Use to ignore the error that is generated when the client attempts to use
SETSTAT
on a file you are uploading to an S3 bucket. Valid values:DEFAULT
,ENABLE_NO_OP
. - Tls
Session stringResumption Mode - A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values:
DISABLED
,ENABLED
,ENFORCED
.
- as2Transports List<String>
- Indicates the transport method for the AS2 messages. Currently, only
HTTP
is supported. - passive
Ip String - Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
- set
Stat StringOption - Use to ignore the error that is generated when the client attempts to use
SETSTAT
on a file you are uploading to an S3 bucket. Valid values:DEFAULT
,ENABLE_NO_OP
. - tls
Session StringResumption Mode - A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values:
DISABLED
,ENABLED
,ENFORCED
.
- as2Transports string[]
- Indicates the transport method for the AS2 messages. Currently, only
HTTP
is supported. - passive
Ip string - Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
- set
Stat stringOption - Use to ignore the error that is generated when the client attempts to use
SETSTAT
on a file you are uploading to an S3 bucket. Valid values:DEFAULT
,ENABLE_NO_OP
. - tls
Session stringResumption Mode - A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values:
DISABLED
,ENABLED
,ENFORCED
.
- as2_
transports Sequence[str] - Indicates the transport method for the AS2 messages. Currently, only
HTTP
is supported. - passive_
ip str - Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
- set_
stat_ stroption - Use to ignore the error that is generated when the client attempts to use
SETSTAT
on a file you are uploading to an S3 bucket. Valid values:DEFAULT
,ENABLE_NO_OP
. - tls_
session_ strresumption_ mode - A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values:
DISABLED
,ENABLED
,ENFORCED
.
- as2Transports List<String>
- Indicates the transport method for the AS2 messages. Currently, only
HTTP
is supported. - passive
Ip String - Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
- set
Stat StringOption - Use to ignore the error that is generated when the client attempts to use
SETSTAT
on a file you are uploading to an S3 bucket. Valid values:DEFAULT
,ENABLE_NO_OP
. - tls
Session StringResumption Mode - A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values:
DISABLED
,ENABLED
,ENFORCED
.
ServerS3StorageOptions, ServerS3StorageOptionsArgs
- Directory
Listing stringOptimization Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are
DISABLED
,ENABLED
.By default, home directory mappings have a
TYPE
ofDIRECTORY
. If you enable this option, you would then need to explicitly set theHomeDirectoryMapEntry
Type toFILE
if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.
- Directory
Listing stringOptimization Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are
DISABLED
,ENABLED
.By default, home directory mappings have a
TYPE
ofDIRECTORY
. If you enable this option, you would then need to explicitly set theHomeDirectoryMapEntry
Type toFILE
if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.
- directory
Listing StringOptimization Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are
DISABLED
,ENABLED
.By default, home directory mappings have a
TYPE
ofDIRECTORY
. If you enable this option, you would then need to explicitly set theHomeDirectoryMapEntry
Type toFILE
if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.
- directory
Listing stringOptimization Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are
DISABLED
,ENABLED
.By default, home directory mappings have a
TYPE
ofDIRECTORY
. If you enable this option, you would then need to explicitly set theHomeDirectoryMapEntry
Type toFILE
if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.
- directory_
listing_ stroptimization Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are
DISABLED
,ENABLED
.By default, home directory mappings have a
TYPE
ofDIRECTORY
. If you enable this option, you would then need to explicitly set theHomeDirectoryMapEntry
Type toFILE
if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.
- directory
Listing StringOptimization Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are
DISABLED
,ENABLED
.By default, home directory mappings have a
TYPE
ofDIRECTORY
. If you enable this option, you would then need to explicitly set theHomeDirectoryMapEntry
Type toFILE
if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.
ServerWorkflowDetails, ServerWorkflowDetailsArgs
- On
Partial ServerUpload Workflow Details On Partial Upload - A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See
on_partial_upload
Block below for details. - On
Upload ServerWorkflow Details On Upload - A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See
on_upload
Block below for details.
- On
Partial ServerUpload Workflow Details On Partial Upload - A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See
on_partial_upload
Block below for details. - On
Upload ServerWorkflow Details On Upload - A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See
on_upload
Block below for details.
- on
Partial ServerUpload Workflow Details On Partial Upload - A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See
on_partial_upload
Block below for details. - on
Upload ServerWorkflow Details On Upload - A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See
on_upload
Block below for details.
- on
Partial ServerUpload Workflow Details On Partial Upload - A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See
on_partial_upload
Block below for details. - on
Upload ServerWorkflow Details On Upload - A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See
on_upload
Block below for details.
- on_
partial_ Serverupload Workflow Details On Partial Upload - A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See
on_partial_upload
Block below for details. - on_
upload ServerWorkflow Details On Upload - A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See
on_upload
Block below for details.
- on
Partial Property MapUpload - A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See
on_partial_upload
Block below for details. - on
Upload Property Map - A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See
on_upload
Block below for details.
ServerWorkflowDetailsOnPartialUpload, ServerWorkflowDetailsOnPartialUploadArgs
- Execution
Role string - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- Workflow
Id string - A unique identifier for the workflow.
- Execution
Role string - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- Workflow
Id string - A unique identifier for the workflow.
- execution
Role String - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- workflow
Id String - A unique identifier for the workflow.
- execution
Role string - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- workflow
Id string - A unique identifier for the workflow.
- execution_
role str - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- workflow_
id str - A unique identifier for the workflow.
- execution
Role String - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- workflow
Id String - A unique identifier for the workflow.
ServerWorkflowDetailsOnUpload, ServerWorkflowDetailsOnUploadArgs
- Execution
Role string - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- Workflow
Id string - A unique identifier for the workflow.
- Execution
Role string - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- Workflow
Id string - A unique identifier for the workflow.
- execution
Role String - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- workflow
Id String - A unique identifier for the workflow.
- execution
Role string - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- workflow
Id string - A unique identifier for the workflow.
- execution_
role str - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- workflow_
id str - A unique identifier for the workflow.
- execution
Role String - Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- workflow
Id String - A unique identifier for the workflow.
Import
In Terraform v1.5.0 and later, use an import
Block to import Transfer Servers using the server id
. For example:
Using pulumi import
, import Transfer Servers using the server id
. For example:
$ pulumi import aws:transfer/server:Server example s-12345678
Certain resource arguments, such as host_key
, cannot be read via the API and imported into the provider. This provider will display a difference for these arguments the first run after import if declared in the provider configuration for an imported resource.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.