Docs Home
AWS v6.80.0 published on Tuesday, May 6, 2025 by Pulumi
aws.transfer.Access
Explore with Pulumi AI
Provides a AWS Transfer Access resource.
NOTE: We suggest using explicit JSON encoding or
aws.iam.getPolicyDocumentwhen assigning a value topolicy. They seamlessly translate configuration to JSON, enabling you to maintain consistency within your configuration without the need for context switches. Also, you can sidestep potential complications arising from formatting discrepancies, whitespace inconsistencies, and other nuances inherent to JSON.
Example Usage
Basic S3
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Access("example", {
externalId: "S-1-1-12-1234567890-123456789-1234567890-1234",
serverId: exampleAwsTransferServer.id,
role: exampleAwsIamRole.arn,
homeDirectory: `/${exampleAwsS3Bucket.id}/`,
});
import pulumi
import pulumi_aws as aws
example = aws.transfer.Access("example",
external_id="S-1-1-12-1234567890-123456789-1234567890-1234",
server_id=example_aws_transfer_server["id"],
role=example_aws_iam_role["arn"],
home_directory=f"/{example_aws_s3_bucket['id']}/")
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewAccess(ctx, "example", &transfer.AccessArgs{
ExternalId: pulumi.String("S-1-1-12-1234567890-123456789-1234567890-1234"),
ServerId: pulumi.Any(exampleAwsTransferServer.Id),
Role: pulumi.Any(exampleAwsIamRole.Arn),
HomeDirectory: pulumi.Sprintf("/%v/", exampleAwsS3Bucket.Id),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Access("example", new()
{
ExternalId = "S-1-1-12-1234567890-123456789-1234567890-1234",
ServerId = exampleAwsTransferServer.Id,
Role = exampleAwsIamRole.Arn,
HomeDirectory = $"/{exampleAwsS3Bucket.Id}/",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Access;
import com.pulumi.aws.transfer.AccessArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Access("example", AccessArgs.builder()
.externalId("S-1-1-12-1234567890-123456789-1234567890-1234")
.serverId(exampleAwsTransferServer.id())
.role(exampleAwsIamRole.arn())
.homeDirectory(String.format("/%s/", exampleAwsS3Bucket.id()))
.build());
}
}
resources:
example:
type: aws:transfer:Access
properties:
externalId: S-1-1-12-1234567890-123456789-1234567890-1234
serverId: ${exampleAwsTransferServer.id}
role: ${exampleAwsIamRole.arn}
homeDirectory: /${exampleAwsS3Bucket.id}/
Basic EFS
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.transfer.Access("test", {
externalId: "S-1-1-12-1234567890-123456789-1234567890-1234",
serverId: testAwsTransferServer.id,
role: testAwsIamRole.arn,
homeDirectory: `/${testAwsEfsFileSystem.id}/`,
posixProfile: {
gid: 1000,
uid: 1000,
},
});
import pulumi
import pulumi_aws as aws
test = aws.transfer.Access("test",
external_id="S-1-1-12-1234567890-123456789-1234567890-1234",
server_id=test_aws_transfer_server["id"],
role=test_aws_iam_role["arn"],
home_directory=f"/{test_aws_efs_file_system['id']}/",
posix_profile={
"gid": 1000,
"uid": 1000,
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewAccess(ctx, "test", &transfer.AccessArgs{
ExternalId: pulumi.String("S-1-1-12-1234567890-123456789-1234567890-1234"),
ServerId: pulumi.Any(testAwsTransferServer.Id),
Role: pulumi.Any(testAwsIamRole.Arn),
HomeDirectory: pulumi.Sprintf("/%v/", testAwsEfsFileSystem.Id),
PosixProfile: &transfer.AccessPosixProfileArgs{
Gid: pulumi.Int(1000),
Uid: pulumi.Int(1000),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.Transfer.Access("test", new()
{
ExternalId = "S-1-1-12-1234567890-123456789-1234567890-1234",
ServerId = testAwsTransferServer.Id,
Role = testAwsIamRole.Arn,
HomeDirectory = $"/{testAwsEfsFileSystem.Id}/",
PosixProfile = new Aws.Transfer.Inputs.AccessPosixProfileArgs
{
Gid = 1000,
Uid = 1000,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Access;
import com.pulumi.aws.transfer.AccessArgs;
import com.pulumi.aws.transfer.inputs.AccessPosixProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new Access("test", AccessArgs.builder()
.externalId("S-1-1-12-1234567890-123456789-1234567890-1234")
.serverId(testAwsTransferServer.id())
.role(testAwsIamRole.arn())
.homeDirectory(String.format("/%s/", testAwsEfsFileSystem.id()))
.posixProfile(AccessPosixProfileArgs.builder()
.gid(1000)
.uid(1000)
.build())
.build());
}
}
resources:
test:
type: aws:transfer:Access
properties:
externalId: S-1-1-12-1234567890-123456789-1234567890-1234
serverId: ${testAwsTransferServer.id}
role: ${testAwsIamRole.arn}
homeDirectory: /${testAwsEfsFileSystem.id}/
posixProfile:
gid: 1000
uid: 1000
Create Access Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Access(name: string, args: AccessArgs, opts?: CustomResourceOptions);@overload
def Access(resource_name: str,
args: AccessArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Access(resource_name: str,
opts: Optional[ResourceOptions] = None,
external_id: Optional[str] = None,
server_id: Optional[str] = None,
home_directory: Optional[str] = None,
home_directory_mappings: Optional[Sequence[AccessHomeDirectoryMappingArgs]] = None,
home_directory_type: Optional[str] = None,
policy: Optional[str] = None,
posix_profile: Optional[AccessPosixProfileArgs] = None,
role: Optional[str] = None)func NewAccess(ctx *Context, name string, args AccessArgs, opts ...ResourceOption) (*Access, error)public Access(string name, AccessArgs args, CustomResourceOptions? opts = null)
public Access(String name, AccessArgs args)
public Access(String name, AccessArgs args, CustomResourceOptions options)
type: aws:transfer:Access
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accessResource = new Aws.Transfer.Access("accessResource", new()
{
ExternalId = "string",
ServerId = "string",
HomeDirectory = "string",
HomeDirectoryMappings = new[]
{
new Aws.Transfer.Inputs.AccessHomeDirectoryMappingArgs
{
Entry = "string",
Target = "string",
},
},
HomeDirectoryType = "string",
Policy = "string",
PosixProfile = new Aws.Transfer.Inputs.AccessPosixProfileArgs
{
Gid = 0,
Uid = 0,
SecondaryGids = new[]
{
0,
},
},
Role = "string",
});
example, err := transfer.NewAccess(ctx, "accessResource", &transfer.AccessArgs{
ExternalId: pulumi.String("string"),
ServerId: pulumi.String("string"),
HomeDirectory: pulumi.String("string"),
HomeDirectoryMappings: transfer.AccessHomeDirectoryMappingArray{
&transfer.AccessHomeDirectoryMappingArgs{
Entry: pulumi.String("string"),
Target: pulumi.String("string"),
},
},
HomeDirectoryType: pulumi.String("string"),
Policy: pulumi.String("string"),
PosixProfile: &transfer.AccessPosixProfileArgs{
Gid: pulumi.Int(0),
Uid: pulumi.Int(0),
SecondaryGids: pulumi.IntArray{
pulumi.Int(0),
},
},
Role: pulumi.String("string"),
})
var accessResource = new Access("accessResource", AccessArgs.builder()
.externalId("string")
.serverId("string")
.homeDirectory("string")
.homeDirectoryMappings(AccessHomeDirectoryMappingArgs.builder()
.entry("string")
.target("string")
.build())
.homeDirectoryType("string")
.policy("string")
.posixProfile(AccessPosixProfileArgs.builder()
.gid(0)
.uid(0)
.secondaryGids(0)
.build())
.role("string")
.build());
access_resource = aws.transfer.Access("accessResource",
external_id="string",
server_id="string",
home_directory="string",
home_directory_mappings=[{
"entry": "string",
"target": "string",
}],
home_directory_type="string",
policy="string",
posix_profile={
"gid": 0,
"uid": 0,
"secondary_gids": [0],
},
role="string")
const accessResource = new aws.transfer.Access("accessResource", {
externalId: "string",
serverId: "string",
homeDirectory: "string",
homeDirectoryMappings: [{
entry: "string",
target: "string",
}],
homeDirectoryType: "string",
policy: "string",
posixProfile: {
gid: 0,
uid: 0,
secondaryGids: [0],
},
role: "string",
});
type: aws:transfer:Access
properties:
externalId: string
homeDirectory: string
homeDirectoryMappings:
- entry: string
target: string
homeDirectoryType: string
policy: string
posixProfile:
gid: 0
secondaryGids:
- 0
uid: 0
role: string
serverId: string
Access Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Access resource accepts the following input properties:
- External
Id string - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - Server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678) - Home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - Home
Directory List<AccessMappings Home Directory Mapping> - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- Home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - Policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - Posix
Profile AccessPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- External
Id string - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - Server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678) - Home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - Home
Directory []AccessMappings Home Directory Mapping Args - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- Home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - Policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - Posix
Profile AccessPosix Profile Args - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- external
Id String - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - server
Id String - The Server ID of the Transfer Server (e.g.,
s-12345678) - home
Directory String - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory List<AccessMappings Home Directory Mapping> - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory StringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy String
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile AccessPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role String
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- external
Id string - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678) - home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory AccessMappings Home Directory Mapping[] - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile AccessPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- external_
id str - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - server_
id str - The Server ID of the Transfer Server (e.g.,
s-12345678) - home_
directory str - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home_
directory_ Sequence[Accessmappings Home Directory Mapping Args] - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home_
directory_ strtype - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy str
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix_
profile AccessPosix Profile Args - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role str
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- external
Id String - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - server
Id String - The Server ID of the Transfer Server (e.g.,
s-12345678) - home
Directory String - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory List<Property Map>Mappings - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory StringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy String
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile Property Map - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role String
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
Outputs
All input properties are implicitly available as output properties. Additionally, the Access resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Access Resource
Get an existing Access resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessState, opts?: CustomResourceOptions): Access@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
external_id: Optional[str] = None,
home_directory: Optional[str] = None,
home_directory_mappings: Optional[Sequence[AccessHomeDirectoryMappingArgs]] = None,
home_directory_type: Optional[str] = None,
policy: Optional[str] = None,
posix_profile: Optional[AccessPosixProfileArgs] = None,
role: Optional[str] = None,
server_id: Optional[str] = None) -> Accessfunc GetAccess(ctx *Context, name string, id IDInput, state *AccessState, opts ...ResourceOption) (*Access, error)public static Access Get(string name, Input<string> id, AccessState? state, CustomResourceOptions? opts = null)public static Access get(String name, Output<String> id, AccessState state, CustomResourceOptions options)resources: _: type: aws:transfer:Access get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- External
Id string - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - Home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - Home
Directory List<AccessMappings Home Directory Mapping> - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- Home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - Policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - Posix
Profile AccessPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- Server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678)
- External
Id string - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - Home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - Home
Directory []AccessMappings Home Directory Mapping Args - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- Home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - Policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - Posix
Profile AccessPosix Profile Args - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- Server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678)
- external
Id String - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - home
Directory String - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory List<AccessMappings Home Directory Mapping> - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory StringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy String
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile AccessPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role String
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- server
Id String - The Server ID of the Transfer Server (e.g.,
s-12345678)
- external
Id string - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory AccessMappings Home Directory Mapping[] - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile AccessPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678)
- external_
id str - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - home_
directory str - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home_
directory_ Sequence[Accessmappings Home Directory Mapping Args] - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home_
directory_ strtype - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy str
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix_
profile AccessPosix Profile Args - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role str
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- server_
id str - The Server ID of the Transfer Server (e.g.,
s-12345678)
- external
Id String - The SID of a group in the directory connected to the Transfer Server (e.g.,
S-1-1-12-1234567890-123456789-1234567890-1234) - home
Directory String - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory List<Property Map>Mappings - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory StringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy String
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile Property Map - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role String
- Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
- server
Id String - The Server ID of the Transfer Server (e.g.,
s-12345678)
Supporting Types
AccessHomeDirectoryMapping, AccessHomeDirectoryMappingArgs
AccessPosixProfile, AccessPosixProfileArgs
- Gid int
- The POSIX group ID used for all EFS operations by this user.
- Uid int
- The POSIX user ID used for all EFS operations by this user.
- Secondary
Gids List<int> - The secondary POSIX group IDs used for all EFS operations by this user.
- Gid int
- The POSIX group ID used for all EFS operations by this user.
- Uid int
- The POSIX user ID used for all EFS operations by this user.
- Secondary
Gids []int - The secondary POSIX group IDs used for all EFS operations by this user.
- gid Integer
- The POSIX group ID used for all EFS operations by this user.
- uid Integer
- The POSIX user ID used for all EFS operations by this user.
- secondary
Gids List<Integer> - The secondary POSIX group IDs used for all EFS operations by this user.
- gid number
- The POSIX group ID used for all EFS operations by this user.
- uid number
- The POSIX user ID used for all EFS operations by this user.
- secondary
Gids number[] - The secondary POSIX group IDs used for all EFS operations by this user.
- gid int
- The POSIX group ID used for all EFS operations by this user.
- uid int
- The POSIX user ID used for all EFS operations by this user.
- secondary_
gids Sequence[int] - The secondary POSIX group IDs used for all EFS operations by this user.
- gid Number
- The POSIX group ID used for all EFS operations by this user.
- uid Number
- The POSIX user ID used for all EFS operations by this user.
- secondary
Gids List<Number> - The secondary POSIX group IDs used for all EFS operations by this user.
Import
Using pulumi import, import Transfer Accesses using the server_id and external_id. For example:
$ pulumi import aws:transfer/access:Access example s-12345678/S-1-1-12-1234567890-123456789-1234567890-1234
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.