aws logo
AWS Classic v5.29.1, Feb 4 23

aws.transfer.Server

Provides a AWS Transfer Server resource.

NOTE on AWS IAM permissions: If the endpoint_type is set to VPC, the ec2:DescribeVpcEndpoints and ec2:ModifyVpcEndpoint actions are used.

NOTE: Use the aws.transfer.Tag resource to manage the system tags used for custom hostnames.

Example Usage

Basic

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        Tags = 
        {
            { "Name", "Example" },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			Tags: pulumi.StringMap{
				"Name": pulumi.String("Example"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()        
            .tags(Map.of("Name", "Example"))
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example", tags={
    "Name": "Example",
})
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {tags: {
    Name: "Example",
}});
resources:
  example:
    type: aws:transfer:Server
    properties:
      tags:
        Name: Example

Security Policy Name

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        SecurityPolicyName = "TransferSecurityPolicy-2020-06",
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			SecurityPolicyName: pulumi.String("TransferSecurityPolicy-2020-06"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()        
            .securityPolicyName("TransferSecurityPolicy-2020-06")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example", security_policy_name="TransferSecurityPolicy-2020-06")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {securityPolicyName: "TransferSecurityPolicy-2020-06"});
resources:
  example:
    type: aws:transfer:Server
    properties:
      securityPolicyName: TransferSecurityPolicy-2020-06

VPC Endpoint

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        EndpointType = "VPC",
        EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
        {
            AddressAllocationIds = new[]
            {
                aws_eip.Example.Id,
            },
            SubnetIds = new[]
            {
                aws_subnet.Example.Id,
            },
            VpcId = aws_vpc.Example.Id,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			EndpointType: pulumi.String("VPC"),
			EndpointDetails: &transfer.ServerEndpointDetailsArgs{
				AddressAllocationIds: pulumi.StringArray{
					aws_eip.Example.Id,
				},
				SubnetIds: pulumi.StringArray{
					aws_subnet.Example.Id,
				},
				VpcId: pulumi.Any(aws_vpc.Example.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()        
            .endpointType("VPC")
            .endpointDetails(ServerEndpointDetailsArgs.builder()
                .addressAllocationIds(aws_eip.example().id())
                .subnetIds(aws_subnet.example().id())
                .vpcId(aws_vpc.example().id())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example",
    endpoint_type="VPC",
    endpoint_details=aws.transfer.ServerEndpointDetailsArgs(
        address_allocation_ids=[aws_eip["example"]["id"]],
        subnet_ids=[aws_subnet["example"]["id"]],
        vpc_id=aws_vpc["example"]["id"],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {
    endpointType: "VPC",
    endpointDetails: {
        addressAllocationIds: [aws_eip.example.id],
        subnetIds: [aws_subnet.example.id],
        vpcId: aws_vpc.example.id,
    },
});
resources:
  example:
    type: aws:transfer:Server
    properties:
      endpointType: VPC
      endpointDetails:
        addressAllocationIds:
          - ${aws_eip.example.id}
        subnetIds:
          - ${aws_subnet.example.id}
        vpcId: ${aws_vpc.example.id}

AWS Directory authentication

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        IdentityProviderType = "AWS_DIRECTORY_SERVICE",
        DirectoryId = aws_directory_service_directory.Example.Id,
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			IdentityProviderType: pulumi.String("AWS_DIRECTORY_SERVICE"),
			DirectoryId:          pulumi.Any(aws_directory_service_directory.Example.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()        
            .identityProviderType("AWS_DIRECTORY_SERVICE")
            .directoryId(aws_directory_service_directory.example().id())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example",
    identity_provider_type="AWS_DIRECTORY_SERVICE",
    directory_id=aws_directory_service_directory["example"]["id"])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {
    identityProviderType: "AWS_DIRECTORY_SERVICE",
    directoryId: aws_directory_service_directory.example.id,
});
resources:
  example:
    type: aws:transfer:Server
    properties:
      identityProviderType: AWS_DIRECTORY_SERVICE
      directoryId: ${aws_directory_service_directory.example.id}

AWS Lambda authentication

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        IdentityProviderType = "AWS_LAMBDA",
        Function = aws_lambda_identity_provider.Example.Arn,
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			IdentityProviderType: pulumi.String("AWS_LAMBDA"),
			Function:             pulumi.Any(aws_lambda_identity_provider.Example.Arn),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()        
            .identityProviderType("AWS_LAMBDA")
            .function(aws_lambda_identity_provider.example().arn())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example",
    identity_provider_type="AWS_LAMBDA",
    function=aws_lambda_identity_provider["example"]["arn"])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {
    identityProviderType: "AWS_LAMBDA",
    "function": aws_lambda_identity_provider.example.arn,
});
resources:
  example:
    type: aws:transfer:Server
    properties:
      identityProviderType: AWS_LAMBDA
      function: ${aws_lambda_identity_provider.example.arn}

Protocols

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        EndpointType = "VPC",
        EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
        {
            SubnetIds = new[]
            {
                aws_subnet.Example.Id,
            },
            VpcId = aws_vpc.Example.Id,
        },
        Protocols = new[]
        {
            "FTP",
            "FTPS",
        },
        Certificate = aws_acm_certificate.Example.Arn,
        IdentityProviderType = "API_GATEWAY",
        Url = $"{aws_api_gateway_deployment.Example.Invoke_url}{aws_api_gateway_resource.Example.Path}",
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			EndpointType: pulumi.String("VPC"),
			EndpointDetails: &transfer.ServerEndpointDetailsArgs{
				SubnetIds: pulumi.StringArray{
					aws_subnet.Example.Id,
				},
				VpcId: pulumi.Any(aws_vpc.Example.Id),
			},
			Protocols: pulumi.StringArray{
				pulumi.String("FTP"),
				pulumi.String("FTPS"),
			},
			Certificate:          pulumi.Any(aws_acm_certificate.Example.Arn),
			IdentityProviderType: pulumi.String("API_GATEWAY"),
			Url:                  pulumi.String(fmt.Sprintf("%v%v", aws_api_gateway_deployment.Example.Invoke_url, aws_api_gateway_resource.Example.Path)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()        
            .endpointType("VPC")
            .endpointDetails(ServerEndpointDetailsArgs.builder()
                .subnetIds(aws_subnet.example().id())
                .vpcId(aws_vpc.example().id())
                .build())
            .protocols(            
                "FTP",
                "FTPS")
            .certificate(aws_acm_certificate.example().arn())
            .identityProviderType("API_GATEWAY")
            .url(String.format("%s%s", aws_api_gateway_deployment.example().invoke_url(),aws_api_gateway_resource.example().path()))
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example",
    endpoint_type="VPC",
    endpoint_details=aws.transfer.ServerEndpointDetailsArgs(
        subnet_ids=[aws_subnet["example"]["id"]],
        vpc_id=aws_vpc["example"]["id"],
    ),
    protocols=[
        "FTP",
        "FTPS",
    ],
    certificate=aws_acm_certificate["example"]["arn"],
    identity_provider_type="API_GATEWAY",
    url=f"{aws_api_gateway_deployment['example']['invoke_url']}{aws_api_gateway_resource['example']['path']}")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {
    endpointType: "VPC",
    endpointDetails: {
        subnetIds: [aws_subnet.example.id],
        vpcId: aws_vpc.example.id,
    },
    protocols: [
        "FTP",
        "FTPS",
    ],
    certificate: aws_acm_certificate.example.arn,
    identityProviderType: "API_GATEWAY",
    url: `${aws_api_gateway_deployment.example.invoke_url}${aws_api_gateway_resource.example.path}`,
});
resources:
  example:
    type: aws:transfer:Server
    properties:
      endpointType: VPC
      endpointDetails:
        subnetIds:
          - ${aws_subnet.example.id}
        vpcId: ${aws_vpc.example.id}
      protocols:
        - FTP
        - FTPS
      certificate: ${aws_acm_certificate.example.arn}
      identityProviderType: API_GATEWAY
      url: ${aws_api_gateway_deployment.example.invoke_url}${aws_api_gateway_resource.example.path}

Create Server Resource

new Server(name: string, args?: ServerArgs, opts?: CustomResourceOptions);
@overload
def Server(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           certificate: Optional[str] = None,
           directory_id: Optional[str] = None,
           domain: Optional[str] = None,
           endpoint_details: Optional[ServerEndpointDetailsArgs] = None,
           endpoint_type: Optional[str] = None,
           force_destroy: Optional[bool] = None,
           function: Optional[str] = None,
           host_key: Optional[str] = None,
           identity_provider_type: Optional[str] = None,
           invocation_role: Optional[str] = None,
           logging_role: Optional[str] = None,
           post_authentication_login_banner: Optional[str] = None,
           pre_authentication_login_banner: Optional[str] = None,
           protocols: Optional[Sequence[str]] = None,
           security_policy_name: Optional[str] = None,
           tags: Optional[Mapping[str, str]] = None,
           url: Optional[str] = None,
           workflow_details: Optional[ServerWorkflowDetailsArgs] = None)
@overload
def Server(resource_name: str,
           args: Optional[ServerArgs] = None,
           opts: Optional[ResourceOptions] = None)
func NewServer(ctx *Context, name string, args *ServerArgs, opts ...ResourceOption) (*Server, error)
public Server(string name, ServerArgs? args = null, CustomResourceOptions? opts = null)
public Server(String name, ServerArgs args)
public Server(String name, ServerArgs args, CustomResourceOptions options)
type: aws:transfer:Server
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ServerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ServerArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ServerArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ServerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ServerArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Server Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Server resource accepts the following input properties:

Certificate string

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

DirectoryId string

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

Domain string

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

EndpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

EndpointType string

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

ForceDestroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

Function string

The ARN for a lambda function to use for the Identity provider.

HostKey string

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

IdentityProviderType string

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

InvocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

LoggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

PostAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

PreAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

Protocols List<string>

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

SecurityPolicyName string

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

Tags Dictionary<string, string>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

WorkflowDetails ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

Certificate string

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

DirectoryId string

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

Domain string

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

EndpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

EndpointType string

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

ForceDestroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

Function string

The ARN for a lambda function to use for the Identity provider.

HostKey string

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

IdentityProviderType string

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

InvocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

LoggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

PostAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

PreAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

Protocols []string

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

SecurityPolicyName string

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

Tags map[string]string

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

WorkflowDetails ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

certificate String

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

directoryId String

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

domain String

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

endpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpointType String

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

forceDestroy Boolean

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

function String

The ARN for a lambda function to use for the Identity provider.

hostKey String

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

identityProviderType String

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

invocationRole String

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

loggingRole String

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

postAuthenticationLoginBanner String

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

preAuthenticationLoginBanner String

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

protocols List<String>

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

securityPolicyName String

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

tags Map<String,String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

url String

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

workflowDetails ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

certificate string

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

directoryId string

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

domain string

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

endpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpointType string

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

forceDestroy boolean

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

function string

The ARN for a lambda function to use for the Identity provider.

hostKey string

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

identityProviderType string

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

invocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

loggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

postAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

preAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

protocols string[]

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

securityPolicyName string

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

tags {[key: string]: string}

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

workflowDetails ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

certificate str

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

directory_id str

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

domain str

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

endpoint_details ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpoint_type str

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

force_destroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

function str

The ARN for a lambda function to use for the Identity provider.

host_key str

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

identity_provider_type str

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

invocation_role str

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

logging_role str

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

post_authentication_login_banner str

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

pre_authentication_login_banner str

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

protocols Sequence[str]

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

security_policy_name str

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

tags Mapping[str, str]

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

url str

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

workflow_details ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

certificate String

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

directoryId String

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

domain String

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

endpointDetails Property Map

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpointType String

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

forceDestroy Boolean

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

function String

The ARN for a lambda function to use for the Identity provider.

hostKey String

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

identityProviderType String

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

invocationRole String

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

loggingRole String

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

postAuthenticationLoginBanner String

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

preAuthenticationLoginBanner String

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

protocols List<String>

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

securityPolicyName String

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

tags Map<String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

url String

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

workflowDetails Property Map

Specifies the workflow details. See Workflow Details below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Server resource produces the following output properties:

Arn string

Amazon Resource Name (ARN) of Transfer Server

Endpoint string

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

HostKeyFingerprint string

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

Amazon Resource Name (ARN) of Transfer Server

Endpoint string

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

HostKeyFingerprint string

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

Amazon Resource Name (ARN) of Transfer Server

endpoint String

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

hostKeyFingerprint String

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

Amazon Resource Name (ARN) of Transfer Server

endpoint string

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

hostKeyFingerprint string

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

id string

The provider-assigned unique ID for this managed resource.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

Amazon Resource Name (ARN) of Transfer Server

endpoint str

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

host_key_fingerprint str

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

id str

The provider-assigned unique ID for this managed resource.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

Amazon Resource Name (ARN) of Transfer Server

endpoint String

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

hostKeyFingerprint String

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Look up Existing Server Resource

Get an existing Server resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServerState, opts?: CustomResourceOptions): Server
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        certificate: Optional[str] = None,
        directory_id: Optional[str] = None,
        domain: Optional[str] = None,
        endpoint: Optional[str] = None,
        endpoint_details: Optional[ServerEndpointDetailsArgs] = None,
        endpoint_type: Optional[str] = None,
        force_destroy: Optional[bool] = None,
        function: Optional[str] = None,
        host_key: Optional[str] = None,
        host_key_fingerprint: Optional[str] = None,
        identity_provider_type: Optional[str] = None,
        invocation_role: Optional[str] = None,
        logging_role: Optional[str] = None,
        post_authentication_login_banner: Optional[str] = None,
        pre_authentication_login_banner: Optional[str] = None,
        protocols: Optional[Sequence[str]] = None,
        security_policy_name: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        url: Optional[str] = None,
        workflow_details: Optional[ServerWorkflowDetailsArgs] = None) -> Server
func GetServer(ctx *Context, name string, id IDInput, state *ServerState, opts ...ResourceOption) (*Server, error)
public static Server Get(string name, Input<string> id, ServerState? state, CustomResourceOptions? opts = null)
public static Server get(String name, Output<String> id, ServerState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

Amazon Resource Name (ARN) of Transfer Server

Certificate string

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

DirectoryId string

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

Domain string

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

Endpoint string

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

EndpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

EndpointType string

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

ForceDestroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

Function string

The ARN for a lambda function to use for the Identity provider.

HostKey string

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

HostKeyFingerprint string

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

IdentityProviderType string

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

InvocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

LoggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

PostAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

PreAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

Protocols List<string>

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

SecurityPolicyName string

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

Tags Dictionary<string, string>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

WorkflowDetails ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

Arn string

Amazon Resource Name (ARN) of Transfer Server

Certificate string

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

DirectoryId string

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

Domain string

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

Endpoint string

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

EndpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

EndpointType string

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

ForceDestroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

Function string

The ARN for a lambda function to use for the Identity provider.

HostKey string

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

HostKeyFingerprint string

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

IdentityProviderType string

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

InvocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

LoggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

PostAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

PreAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

Protocols []string

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

SecurityPolicyName string

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

Tags map[string]string

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

WorkflowDetails ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

arn String

Amazon Resource Name (ARN) of Transfer Server

certificate String

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

directoryId String

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

domain String

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

endpoint String

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

endpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpointType String

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

forceDestroy Boolean

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

function String

The ARN for a lambda function to use for the Identity provider.

hostKey String

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

hostKeyFingerprint String

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

identityProviderType String

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

invocationRole String

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

loggingRole String

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

postAuthenticationLoginBanner String

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

preAuthenticationLoginBanner String

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

protocols List<String>

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

securityPolicyName String

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

tags Map<String,String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

url String

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

workflowDetails ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

arn string

Amazon Resource Name (ARN) of Transfer Server

certificate string

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

directoryId string

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

domain string

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

endpoint string

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

endpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpointType string

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

forceDestroy boolean

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

function string

The ARN for a lambda function to use for the Identity provider.

hostKey string

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

hostKeyFingerprint string

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

identityProviderType string

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

invocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

loggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

postAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

preAuthenticationLoginBanner string

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

protocols string[]

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

securityPolicyName string

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

tags {[key: string]: string}

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

workflowDetails ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

arn str

Amazon Resource Name (ARN) of Transfer Server

certificate str

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

directory_id str

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

domain str

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

endpoint str

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

endpoint_details ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpoint_type str

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

force_destroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

function str

The ARN for a lambda function to use for the Identity provider.

host_key str

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

host_key_fingerprint str

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

identity_provider_type str

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

invocation_role str

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

logging_role str

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

post_authentication_login_banner str

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

pre_authentication_login_banner str

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

protocols Sequence[str]

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

security_policy_name str

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

tags Mapping[str, str]

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

url str

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

workflow_details ServerWorkflowDetailsArgs

Specifies the workflow details. See Workflow Details below.

arn String

Amazon Resource Name (ARN) of Transfer Server

certificate String

The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS

directoryId String

The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.

domain String

The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.

endpoint String

The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)

endpointDetails Property Map

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpointType String

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

forceDestroy Boolean

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.

function String

The ARN for a lambda function to use for the Identity provider.

hostKey String

RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).

hostKeyFingerprint String

This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

identityProviderType String

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.

invocationRole String

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

loggingRole String

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

postAuthenticationLoginBanner String

Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.

preAuthenticationLoginBanner String

Specify a string to display when users connect to a server. This string is displayed before the user authenticates.

protocols List<String>

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

securityPolicyName String

Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06 and TransferSecurityPolicy-2022-03. Default value is: TransferSecurityPolicy-2018-11.

tags Map<String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

url String

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

workflowDetails Property Map

Specifies the workflow details. See Workflow Details below.

Supporting Types

ServerEndpointDetails

AddressAllocationIds List<string>

A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.

SecurityGroupIds List<string>

A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.

SubnetIds List<string>

A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.

VpcEndpointId string

The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT

VpcId string

The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.

AddressAllocationIds []string

A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.

SecurityGroupIds []string

A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.

SubnetIds []string

A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.

VpcEndpointId string

The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT

VpcId string

The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.

addressAllocationIds List<String>

A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.

securityGroupIds List<String>

A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.

subnetIds List<String>

A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.

vpcEndpointId String

The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT

vpcId String

The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.

addressAllocationIds string[]

A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.

securityGroupIds string[]

A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.

subnetIds string[]

A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.

vpcEndpointId string

The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT

vpcId string

The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.

address_allocation_ids Sequence[str]

A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.

security_group_ids Sequence[str]

A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.

subnet_ids Sequence[str]

A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.

vpc_endpoint_id str

The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT

vpc_id str

The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.

addressAllocationIds List<String>

A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.

securityGroupIds List<String>

A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.

subnetIds List<String>

A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.

vpcEndpointId String

The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT

vpcId String

The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.

ServerWorkflowDetails

OnUpload ServerWorkflowDetailsOnUpload

A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See Workflow Detail below.

OnUpload ServerWorkflowDetailsOnUpload

A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See Workflow Detail below.

onUpload ServerWorkflowDetailsOnUpload

A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See Workflow Detail below.

onUpload ServerWorkflowDetailsOnUpload

A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See Workflow Detail below.

on_upload ServerWorkflowDetailsOnUpload

A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See Workflow Detail below.

onUpload Property Map

A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See Workflow Detail below.

ServerWorkflowDetailsOnUpload

ExecutionRole string

Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.

WorkflowId string

A unique identifier for the workflow.

ExecutionRole string

Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.

WorkflowId string

A unique identifier for the workflow.

executionRole String

Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.

workflowId String

A unique identifier for the workflow.

executionRole string

Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.

workflowId string

A unique identifier for the workflow.

execution_role str

Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.

workflow_id str

A unique identifier for the workflow.

executionRole String

Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.

workflowId String

A unique identifier for the workflow.

Import

Transfer Servers can be imported using the server id, e.g.,

 $ pulumi import aws:transfer/server:Server example s-12345678

Certain resource arguments, such as host_key, cannot be read via the API and imported into the provider. This provider will display a difference for these arguments the first run after import if declared in the provider configuration for an imported resource.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.