Server

Provides a AWS Transfer Server resource.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const fooRole = new aws.iam.Role("foo", {
    assumeRolePolicy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}
`,
});
const fooRolePolicy = new aws.iam.RolePolicy("foo", {
    policy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Sid": "AllowFullAccesstoCloudWatchLogs",
		"Effect": "Allow",
		"Action": [
			"logs:*"
		],
		"Resource": "*"
		}
	]
}
`,
    role: fooRole.id,
});
const fooServer = new aws.transfer.Server("foo", {
    identityProviderType: "SERVICE_MANAGED",
    loggingRole: fooRole.arn,
    tags: {
        ENV: "test",
        NAME: "tf-acc-test-transfer-server",
    },
});

import pulumi
import pulumi_aws as aws

foo_role = aws.iam.Role("fooRole", assume_role_policy="""{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}

""")
foo_role_policy = aws.iam.RolePolicy("fooRolePolicy",
    policy="""{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Sid": "AllowFullAccesstoCloudWatchLogs",
		"Effect": "Allow",
		"Action": [
			"logs:*"
		],
		"Resource": "*"
		}
	]
}

""",
    role=foo_role.id)
foo_server = aws.transfer.Server("fooServer",
    identity_provider_type="SERVICE_MANAGED",
    logging_role=foo_role.arn,
    tags={
        "ENV": "test",
        "NAME": "tf-acc-test-transfer-server",
    })

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var fooRole = new Aws.Iam.Role("fooRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
	""Version"": ""2012-10-17"",
	""Statement"": [
		{
		""Effect"": ""Allow"",
		""Principal"": {
			""Service"": ""transfer.amazonaws.com""
		},
		""Action"": ""sts:AssumeRole""
		}
	]
}

",
        });
        var fooRolePolicy = new Aws.Iam.RolePolicy("fooRolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = @"{
	""Version"": ""2012-10-17"",
	""Statement"": [
		{
		""Sid"": ""AllowFullAccesstoCloudWatchLogs"",
		""Effect"": ""Allow"",
		""Action"": [
			""logs:*""
		],
		""Resource"": ""*""
		}
	]
}

",
            Role = fooRole.Id,
        });
        var fooServer = new Aws.Transfer.Server("fooServer", new Aws.Transfer.ServerArgs
        {
            IdentityProviderType = "SERVICE_MANAGED",
            LoggingRole = fooRole.Arn,
            Tags = 
            {
                { "ENV", "test" },
                { "NAME", "tf-acc-test-transfer-server" },
            },
        });
    }

}

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		fooRole, err := iam.NewRole(ctx, "fooRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "	\"Version\": \"2012-10-17\",\n", "	\"Statement\": [\n", "		{\n", "		\"Effect\": \"Allow\",\n", "		\"Principal\": {\n", "			\"Service\": \"transfer.amazonaws.com\"\n", "		},\n", "		\"Action\": \"sts:AssumeRole\"\n", "		}\n", "	]\n", "}\n", "\n")),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "fooRolePolicy", &iam.RolePolicyArgs{
			Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "	\"Version\": \"2012-10-17\",\n", "	\"Statement\": [\n", "		{\n", "		\"Sid\": \"AllowFullAccesstoCloudWatchLogs\",\n", "		\"Effect\": \"Allow\",\n", "		\"Action\": [\n", "			\"logs:*\"\n", "		],\n", "		\"Resource\": \"*\"\n", "		}\n", "	]\n", "}\n", "\n")),
			Role: fooRole.ID(),
		})
		if err != nil {
			return err
		}
		_, err = transfer.NewServer(ctx, "fooServer", &transfer.ServerArgs{
			IdentityProviderType: pulumi.String("SERVICE_MANAGED"),
			LoggingRole:          fooRole.Arn,
			Tags: pulumi.StringMap{
				"ENV":  pulumi.String("test"),
				"NAME": pulumi.String("tf-acc-test-transfer-server"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Create a Server Resource

new Server(name: string, args?: ServerArgs, opts?: CustomResourceOptions);

def Server(resource_name, opts=None, endpoint_details=None, endpoint_type=None, force_destroy=None, host_key=None, identity_provider_type=None, invocation_role=None, logging_role=None, tags=None, url=None, __props__=None);

func NewServer(ctx *Context, name string, args *ServerArgs, opts ...ResourceOption) (*Server, error)

public Server(string name, ServerArgs? args = null, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args ServerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ServerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ServerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Server Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Server resource accepts the following input properties:

EndpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

EndpointType string

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC_ENDPOINT, your SFTP server isn’t accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

ForceDestroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

HostKey string

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

IdentityProviderType string

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

InvocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

LoggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

Tags Dictionary<string, string>

A map of tags to assign to the resource.

Url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

EndpointDetails ServerEndpointDetails

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

EndpointType string

ForceDestroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

HostKey string

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

IdentityProviderType string

InvocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

LoggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

Tags map[string]string

A map of tags to assign to the resource.

Url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

endpointDetails ServerEndpointDetails

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpointType string

forceDestroy boolean

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

hostKey string

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

identityProviderType string

invocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

loggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

tags {[key: string]: string}

A map of tags to assign to the resource.

url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

endpoint_details Dict[ServerEndpointDetails]

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpoint_type str

force_destroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

host_key str

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

identity_provider_type str

invocation_role str

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

logging_role str

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

tags Dict[str, str]

A map of tags to assign to the resource.

url str

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

Outputs

All input properties are implicitly available as output properties. Additionally, the Server resource produces the following output properties:

Arn string: Amazon Resource Name (ARN) of Transfer Server
Endpoint string: The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)
HostKeyFingerprint string: This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
Id string: The provider-assigned unique ID for this managed resource.

Arn string: Amazon Resource Name (ARN) of Transfer Server
Endpoint string: The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)
HostKeyFingerprint string: This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
Id string: The provider-assigned unique ID for this managed resource.

arn string: Amazon Resource Name (ARN) of Transfer Server
endpoint string: The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)
hostKeyFingerprint string: This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
id string: The provider-assigned unique ID for this managed resource.

arn str: Amazon Resource Name (ARN) of Transfer Server
endpoint str: The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)
host_key_fingerprint str: This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
id str: The provider-assigned unique ID for this managed resource.

Look up an Existing Server Resource

Get an existing Server resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServerState, opts?: CustomResourceOptions): Server

static get(resource_name, id, opts=None, arn=None, endpoint=None, endpoint_details=None, endpoint_type=None, force_destroy=None, host_key=None, host_key_fingerprint=None, identity_provider_type=None, invocation_role=None, logging_role=None, tags=None, url=None, __props__=None);

func GetServer(ctx *Context, name string, id IDInput, state *ServerState, opts ...ResourceOption) (*Server, error)

public static Server Get(string name, Input<string> id, ServerState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string

Amazon Resource Name (ARN) of Transfer Server

Endpoint string

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

EndpointDetails ServerEndpointDetailsArgs

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

EndpointType string

ForceDestroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

HostKey string

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

HostKeyFingerprint string

This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

IdentityProviderType string

InvocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

LoggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

Tags Dictionary<string, string>

A map of tags to assign to the resource.

Url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

Arn string

Amazon Resource Name (ARN) of Transfer Server

Endpoint string

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

EndpointDetails ServerEndpointDetails

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

EndpointType string

ForceDestroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

HostKey string

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

HostKeyFingerprint string

This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

IdentityProviderType string

InvocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

LoggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

Tags map[string]string

A map of tags to assign to the resource.

Url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

arn string

Amazon Resource Name (ARN) of Transfer Server

endpoint string

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

endpointDetails ServerEndpointDetails

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpointType string

forceDestroy boolean

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

hostKey string

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

hostKeyFingerprint string

This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

identityProviderType string

invocationRole string

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

loggingRole string

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

tags {[key: string]: string}

A map of tags to assign to the resource.

url string

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

arn str

Amazon Resource Name (ARN) of Transfer Server

endpoint str

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

endpoint_details Dict[ServerEndpointDetails]

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

endpoint_type str

force_destroy bool

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

host_key str

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

host_key_fingerprint str

This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

identity_provider_type str

invocation_role str

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

logging_role str

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

tags Dict[str, str]

A map of tags to assign to the resource.

url str

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

Supporting Types

ServerEndpointDetails

See the input and output API doc for this type.

VpcEndpointId string: The ID of the VPC endpoint.

VpcEndpointId string: The ID of the VPC endpoint.

vpcEndpointId string: The ID of the VPC endpoint.

vpc_endpoint_id str: The ID of the VPC endpoint.

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Server

Create a Server Resource

Server Resource Properties

Inputs

Outputs

Look up an Existing Server Resource

Supporting Types

ServerEndpointDetails

Package Details

On This Page