pulumi-aws-kotlin/com.pulumi.aws.transfer.kotlin/User

User

class User : KotlinCustomResource

Provides a AWS Transfer User resource. Managing SSH keys can be accomplished with the aws.transfer.SshKey resource.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.aws.transfer.User;
import com.pulumi.aws.transfer.UserArgs;
import com.pulumi.aws.transfer.inputs.UserHomeDirectoryMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var fooServer = new Server("fooServer", ServerArgs.builder()
            .identityProviderType("SERVICE_MANAGED")
            .tags(Map.of("NAME", "tf-acc-test-transfer-server"))
            .build());
        var fooRole = new Role("fooRole", RoleArgs.builder()
            .assumeRolePolicy("""
{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}
            """)
            .build());
        var fooRolePolicy = new RolePolicy("fooRolePolicy", RolePolicyArgs.builder()
            .role(fooRole.id())
            .policy("""
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AllowFullAccesstoS3",
			"Effect": "Allow",
			"Action": [
				"s3:*"
			],
			"Resource": "*"
		}
	]
}
            """)
            .build());
        var fooUser = new User("fooUser", UserArgs.builder()
            .serverId(fooServer.id())
            .userName("tftestuser")
            .role(fooRole.arn())
            .homeDirectoryType("LOGICAL")
            .homeDirectoryMappings(UserHomeDirectoryMappingArgs.builder()
                .entry("/test.pdf")
                .target("/bucket3/test-path/tftestuser.pdf")
                .build())
            .build());
    }
}
Content copied to clipboard

Import

Transfer Users can be imported using the server_id and user_name separated by /.

$ pulumi import aws:transfer/user:User bar s-12345678/test-username
Content copied to clipboard

Properties

Link copied to clipboard
val arn: Output<String>

Amazon Resource Name (ARN) of Transfer User

Link copied to clipboard
val homeDirectory: Output<String>?

The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.

Link copied to clipboard
val homeDirectoryMappings: Output<List<UserHomeDirectoryMapping>>?

Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.

Link copied to clipboard
val homeDirectoryType: Output<String>?

The type of landing directory (folder) you mapped for your users' home directory. Valid values are PATH and LOGICAL.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val policy: Output<String>?

An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.

Link copied to clipboard
val posixProfile: Output<UserPosixProfile>?

Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val role: Output<String>

Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

Link copied to clipboard
val serverId: Output<String>

The Server ID of the Transfer Server (e.g., s-12345678)

Link copied to clipboard
val tags: Output<Map<String, String>>?

A map of tags to assign to the resource. If configured with a provider default_tags configuration block, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val tagsAll: Output<Map<String, String>>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val userName: Output<String>

The name used for log in to your SFTP server.