Server
data class ServerArgs(val certificate: Output<String>? = null, val directoryId: Output<String>? = null, val domain: Output<String>? = null, val endpointDetails: Output<ServerEndpointDetailsArgs>? = null, val endpointType: Output<String>? = null, val forceDestroy: Output<Boolean>? = null, val function: Output<String>? = null, val hostKey: Output<String>? = null, val identityProviderType: Output<String>? = null, val invocationRole: Output<String>? = null, val loggingRole: Output<String>? = null, val postAuthenticationLoginBanner: Output<String>? = null, val preAuthenticationLoginBanner: Output<String>? = null, val protocolDetails: Output<ServerProtocolDetailsArgs>? = null, val protocols: Output<List<String>>? = null, val s3StorageOptions: Output<ServerS3StorageOptionsArgs>? = null, val securityPolicyName: Output<String>? = null, val sftpAuthenticationMethods: Output<String>? = null, val structuredLogDestinations: Output<List<String>>? = null, val tags: Output<Map<String, String>>? = null, val url: Output<String>? = null, val workflowDetails: Output<ServerWorkflowDetailsArgs>? = null) : ConvertibleToJava<ServerArgs>
Provides a AWS Transfer Server resource.
NOTE on AWS IAM permissions: If the
endpoint_typeis set toVPC, theec2:DescribeVpcEndpointsandec2:ModifyVpcEndpointactions are used. NOTE: Use theaws.transfer.Tagresource to manage the system tags used for custom hostnames.
Example Usage
Basic
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {tags: {
Name: "Example",
}});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example", tags={
"Name": "Example",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
Tags =
{
{ "Name", "Example" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
Tags: pulumi.StringMap{
"Name": pulumi.String("Example"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.tags(Map.of("Name", "Example"))
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:transfer:Server
properties:
tags:
Name: ExampleContent copied to clipboard
Security Policy Name
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {securityPolicyName: "TransferSecurityPolicy-2020-06"});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example", security_policy_name="TransferSecurityPolicy-2020-06")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
SecurityPolicyName = "TransferSecurityPolicy-2020-06",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
SecurityPolicyName: pulumi.String("TransferSecurityPolicy-2020-06"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.securityPolicyName("TransferSecurityPolicy-2020-06")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:transfer:Server
properties:
securityPolicyName: TransferSecurityPolicy-2020-06Content copied to clipboard
VPC Endpoint
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {
endpointType: "VPC",
endpointDetails: {
addressAllocationIds: [exampleAwsEip.id],
subnetIds: [exampleAwsSubnet.id],
vpcId: exampleAwsVpc.id,
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example",
endpoint_type="VPC",
endpoint_details={
"address_allocation_ids": [example_aws_eip["id"]],
"subnet_ids": [example_aws_subnet["id"]],
"vpc_id": example_aws_vpc["id"],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
EndpointType = "VPC",
EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
{
AddressAllocationIds = new[]
{
exampleAwsEip.Id,
},
SubnetIds = new[]
{
exampleAwsSubnet.Id,
},
VpcId = exampleAwsVpc.Id,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
EndpointType: pulumi.String("VPC"),
EndpointDetails: &transfer.ServerEndpointDetailsArgs{
AddressAllocationIds: pulumi.StringArray{
exampleAwsEip.Id,
},
SubnetIds: pulumi.StringArray{
exampleAwsSubnet.Id,
},
VpcId: pulumi.Any(exampleAwsVpc.Id),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.endpointType("VPC")
.endpointDetails(ServerEndpointDetailsArgs.builder()
.addressAllocationIds(exampleAwsEip.id())
.subnetIds(exampleAwsSubnet.id())
.vpcId(exampleAwsVpc.id())
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:transfer:Server
properties:
endpointType: VPC
endpointDetails:
addressAllocationIds:
- ${exampleAwsEip.id}
subnetIds:
- ${exampleAwsSubnet.id}
vpcId: ${exampleAwsVpc.id}Content copied to clipboard
AWS Directory authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {
identityProviderType: "AWS_DIRECTORY_SERVICE",
directoryId: exampleAwsDirectoryServiceDirectory.id,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example",
identity_provider_type="AWS_DIRECTORY_SERVICE",
directory_id=example_aws_directory_service_directory["id"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
IdentityProviderType = "AWS_DIRECTORY_SERVICE",
DirectoryId = exampleAwsDirectoryServiceDirectory.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
IdentityProviderType: pulumi.String("AWS_DIRECTORY_SERVICE"),
DirectoryId: pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.identityProviderType("AWS_DIRECTORY_SERVICE")
.directoryId(exampleAwsDirectoryServiceDirectory.id())
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:transfer:Server
properties:
identityProviderType: AWS_DIRECTORY_SERVICE
directoryId: ${exampleAwsDirectoryServiceDirectory.id}Content copied to clipboard
AWS Lambda authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {
identityProviderType: "AWS_LAMBDA",
"function": exampleAwsLambdaIdentityProvider.arn,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example",
identity_provider_type="AWS_LAMBDA",
function=example_aws_lambda_identity_provider["arn"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
IdentityProviderType = "AWS_LAMBDA",
Function = exampleAwsLambdaIdentityProvider.Arn,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
IdentityProviderType: pulumi.String("AWS_LAMBDA"),
Function: pulumi.Any(exampleAwsLambdaIdentityProvider.Arn),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.identityProviderType("AWS_LAMBDA")
.function(exampleAwsLambdaIdentityProvider.arn())
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:transfer:Server
properties:
identityProviderType: AWS_LAMBDA
function: ${exampleAwsLambdaIdentityProvider.arn}Content copied to clipboard
Protocols
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.transfer.Server("example", {
endpointType: "VPC",
endpointDetails: {
subnetIds: [exampleAwsSubnet.id],
vpcId: exampleAwsVpc.id,
},
protocols: [
"FTP",
"FTPS",
],
certificate: exampleAwsAcmCertificate.arn,
identityProviderType: "API_GATEWAY",
url: `${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}`,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.transfer.Server("example",
endpoint_type="VPC",
endpoint_details={
"subnet_ids": [example_aws_subnet["id"]],
"vpc_id": example_aws_vpc["id"],
},
protocols=[
"FTP",
"FTPS",
],
certificate=example_aws_acm_certificate["arn"],
identity_provider_type="API_GATEWAY",
url=f"{example_aws_api_gateway_deployment['invokeUrl']}{example_aws_api_gateway_resource['path']}")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Transfer.Server("example", new()
{
EndpointType = "VPC",
EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
{
SubnetIds = new[]
{
exampleAwsSubnet.Id,
},
VpcId = exampleAwsVpc.Id,
},
Protocols = new[]
{
"FTP",
"FTPS",
},
Certificate = exampleAwsAcmCertificate.Arn,
IdentityProviderType = "API_GATEWAY",
Url = $"{exampleAwsApiGatewayDeployment.InvokeUrl}{exampleAwsApiGatewayResource.Path}",
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
EndpointType: pulumi.String("VPC"),
EndpointDetails: &transfer.ServerEndpointDetailsArgs{
SubnetIds: pulumi.StringArray{
exampleAwsSubnet.Id,
},
VpcId: pulumi.Any(exampleAwsVpc.Id),
},
Protocols: pulumi.StringArray{
pulumi.String("FTP"),
pulumi.String("FTPS"),
},
Certificate: pulumi.Any(exampleAwsAcmCertificate.Arn),
IdentityProviderType: pulumi.String("API_GATEWAY"),
Url: pulumi.Sprintf("%v%v", exampleAwsApiGatewayDeployment.InvokeUrl, exampleAwsApiGatewayResource.Path),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Server("example", ServerArgs.builder()
.endpointType("VPC")
.endpointDetails(ServerEndpointDetailsArgs.builder()
.subnetIds(exampleAwsSubnet.id())
.vpcId(exampleAwsVpc.id())
.build())
.protocols(
"FTP",
"FTPS")
.certificate(exampleAwsAcmCertificate.arn())
.identityProviderType("API_GATEWAY")
.url(String.format("%s%s", exampleAwsApiGatewayDeployment.invokeUrl(),exampleAwsApiGatewayResource.path()))
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:transfer:Server
properties:
endpointType: VPC
endpointDetails:
subnetIds:
- ${exampleAwsSubnet.id}
vpcId: ${exampleAwsVpc.id}
protocols:
- FTP
- FTPS
certificate: ${exampleAwsAcmCertificate.arn}
identityProviderType: API_GATEWAY
url: ${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}Content copied to clipboard
Using Structured Logging Destinations
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const transfer = new aws.cloudwatch.LogGroup("transfer", {namePrefix: "transfer_test_"});
const transferAssumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["transfer.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const iamForTransfer = new aws.iam.Role("iam_for_transfer", {
namePrefix: "iam_for_transfer_",
assumeRolePolicy: transferAssumeRole.then(transferAssumeRole => transferAssumeRole.json),
managedPolicyArns: ["arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"],
});
const transferServer = new aws.transfer.Server("transfer", {
endpointType: "PUBLIC",
loggingRole: iamForTransfer.arn,
protocols: ["SFTP"],
structuredLogDestinations: [pulumi.interpolate`${transfer.arn}:*`],
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
transfer = aws.cloudwatch.LogGroup("transfer", name_prefix="transfer_test_")
transfer_assume_role = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"principals": [{
"type": "Service",
"identifiers": ["transfer.amazonaws.com"],
}],
"actions": ["sts:AssumeRole"],
}])
iam_for_transfer = aws.iam.Role("iam_for_transfer",
name_prefix="iam_for_transfer_",
assume_role_policy=transfer_assume_role.json,
managed_policy_arns=["arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"])
transfer_server = aws.transfer.Server("transfer",
endpoint_type="PUBLIC",
logging_role=iam_for_transfer.arn,
protocols=["SFTP"],
structured_log_destinations=[transfer.arn.apply(lambda arn: f"{arn}:*")])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var transfer = new Aws.CloudWatch.LogGroup("transfer", new()
{
NamePrefix = "transfer_test_",
});
var transferAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"transfer.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var iamForTransfer = new Aws.Iam.Role("iam_for_transfer", new()
{
NamePrefix = "iam_for_transfer_",
AssumeRolePolicy = transferAssumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
ManagedPolicyArns = new[]
{
"arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess",
},
});
var transferServer = new Aws.Transfer.Server("transfer", new()
{
EndpointType = "PUBLIC",
LoggingRole = iamForTransfer.Arn,
Protocols = new[]
{
"SFTP",
},
StructuredLogDestinations = new[]
{
transfer.Arn.Apply(arn => $"{arn}:*"),
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
transfer, err := cloudwatch.NewLogGroup(ctx, "transfer", &cloudwatch.LogGroupArgs{
NamePrefix: pulumi.String("transfer_test_"),
})
if err != nil {
return err
}
transferAssumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"transfer.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil)
if err != nil {
return err
}
iamForTransfer, err := iam.NewRole(ctx, "iam_for_transfer", &iam.RoleArgs{
NamePrefix: pulumi.String("iam_for_transfer_"),
AssumeRolePolicy: pulumi.String(transferAssumeRole.Json),
ManagedPolicyArns: pulumi.StringArray{
pulumi.String("arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"),
},
})
if err != nil {
return err
}
_, err = transfer.NewServer(ctx, "transfer", &transfer.ServerArgs{
EndpointType: pulumi.String("PUBLIC"),
LoggingRole: iamForTransfer.Arn,
Protocols: pulumi.StringArray{
pulumi.String("SFTP"),
},
StructuredLogDestinations: pulumi.StringArray{
transfer.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v:*", arn), nil
}).(pulumi.StringOutput),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var transfer = new LogGroup("transfer", LogGroupArgs.builder()
.namePrefix("transfer_test_")
.build());
final var transferAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("transfer.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var iamForTransfer = new Role("iamForTransfer", RoleArgs.builder()
.namePrefix("iam_for_transfer_")
.assumeRolePolicy(transferAssumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.managedPolicyArns("arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess")
.build());
var transferServer = new Server("transferServer", ServerArgs.builder()
.endpointType("PUBLIC")
.loggingRole(iamForTransfer.arn())
.protocols("SFTP")
.structuredLogDestinations(transfer.arn().applyValue(arn -> String.format("%s:*", arn)))
.build());
}
}Content copied to clipboard
resources:
transfer:
type: aws:cloudwatch:LogGroup
properties:
namePrefix: transfer_test_
iamForTransfer:
type: aws:iam:Role
name: iam_for_transfer
properties:
namePrefix: iam_for_transfer_
assumeRolePolicy: ${transferAssumeRole.json}
managedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess
transferServer:
type: aws:transfer:Server
name: transfer
properties:
endpointType: PUBLIC
loggingRole: ${iamForTransfer.arn}
protocols:
- SFTP
structuredLogDestinations:
- ${transfer.arn}:*
variables:
transferAssumeRole:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- transfer.amazonaws.com
actions:
- sts:AssumeRoleContent copied to clipboard
Import
In Terraform v1.5.0 and later, use an import Block to import Transfer Servers using the server id. For example: Using pulumi import, import Transfer Servers using the server id. For example:
$ pulumi import aws:transfer/server:Server example s-12345678Content copied to clipboard
Certain resource arguments, such as host_key, cannot be read via the API and imported into the provider. This provider will display a difference for these arguments the first run after import if declared in the provider configuration for an imported resource.
Constructors
Link copied to clipboard
constructor(certificate: Output<String>? = null, directoryId: Output<String>? = null, domain: Output<String>? = null, endpointDetails: Output<ServerEndpointDetailsArgs>? = null, endpointType: Output<String>? = null, forceDestroy: Output<Boolean>? = null, function: Output<String>? = null, hostKey: Output<String>? = null, identityProviderType: Output<String>? = null, invocationRole: Output<String>? = null, loggingRole: Output<String>? = null, postAuthenticationLoginBanner: Output<String>? = null, preAuthenticationLoginBanner: Output<String>? = null, protocolDetails: Output<ServerProtocolDetailsArgs>? = null, protocols: Output<List<String>>? = null, s3StorageOptions: Output<ServerS3StorageOptionsArgs>? = null, securityPolicyName: Output<String>? = null, sftpAuthenticationMethods: Output<String>? = null, structuredLogDestinations: Output<List<String>>? = null, tags: Output<Map<String, String>>? = null, url: Output<String>? = null, workflowDetails: Output<ServerWorkflowDetailsArgs>? = null)
Properties
Link copied to clipboard
The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
Link copied to clipboard
The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
Link copied to clipboard
The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details Block below for details.
Link copied to clipboard
The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
Link copied to clipboard
A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
Link copied to clipboard
Link copied to clipboard
The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
Link copied to clipboard
Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
Link copied to clipboard
Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
Link copied to clipboard
Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
Link copied to clipboard
Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
Link copied to clipboard
The protocol settings that are configured for your server. See protocol_details Block below for details.
Link copied to clipboard
Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options Block below for details.
Link copied to clipboard
Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:
Link copied to clipboard
For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
Link copied to clipboard
A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
Link copied to clipboard
Specifies the workflow details. See workflow_details Block below for details.