User

Provides a AWS Transfer User resource. Managing SSH keys can be accomplished with the aws.transfer.SshKey resource.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const fooServer = new aws.transfer.Server("foo", {
    identityProviderType: "SERVICE_MANAGED",
    tags: {
        NAME: "tf-acc-test-transfer-server",
    },
});
const fooRole = new aws.iam.Role("foo", {
    assumeRolePolicy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}
`,
});
const fooRolePolicy = new aws.iam.RolePolicy("foo", {
    policy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AllowFullAccesstoS3",
			"Effect": "Allow",
			"Action": [
				"s3:*"
			],
			"Resource": "*"
		}
	]
}
`,
    role: fooRole.id,
});
const fooUser = new aws.transfer.User("foo", {
    role: fooRole.arn,
    serverId: fooServer.id,
    userName: "tftestuser",
});

import pulumi
import pulumi_aws as aws

foo_server = aws.transfer.Server("fooServer",
    identity_provider_type="SERVICE_MANAGED",
    tags={
        "NAME": "tf-acc-test-transfer-server",
    })
foo_role = aws.iam.Role("fooRole", assume_role_policy="""{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}

""")
foo_role_policy = aws.iam.RolePolicy("fooRolePolicy",
    policy="""{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AllowFullAccesstoS3",
			"Effect": "Allow",
			"Action": [
				"s3:*"
			],
			"Resource": "*"
		}
	]
}

""",
    role=foo_role.id)
foo_user = aws.transfer.User("fooUser",
    role=foo_role.arn,
    server_id=foo_server.id,
    user_name="tftestuser")

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var fooServer = new Aws.Transfer.Server("fooServer", new Aws.Transfer.ServerArgs
        {
            IdentityProviderType = "SERVICE_MANAGED",
            Tags = 
            {
                { "NAME", "tf-acc-test-transfer-server" },
            },
        });
        var fooRole = new Aws.Iam.Role("fooRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
	""Version"": ""2012-10-17"",
	""Statement"": [
		{
		""Effect"": ""Allow"",
		""Principal"": {
			""Service"": ""transfer.amazonaws.com""
		},
		""Action"": ""sts:AssumeRole""
		}
	]
}

",
        });
        var fooRolePolicy = new Aws.Iam.RolePolicy("fooRolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = @"{
	""Version"": ""2012-10-17"",
	""Statement"": [
		{
			""Sid"": ""AllowFullAccesstoS3"",
			""Effect"": ""Allow"",
			""Action"": [
				""s3:*""
			],
			""Resource"": ""*""
		}
	]
}

",
            Role = fooRole.Id,
        });
        var fooUser = new Aws.Transfer.User("fooUser", new Aws.Transfer.UserArgs
        {
            Role = fooRole.Arn,
            ServerId = fooServer.Id,
            UserName = "tftestuser",
        });
    }

}

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		fooServer, err := transfer.NewServer(ctx, "fooServer", &transfer.ServerArgs{
			IdentityProviderType: pulumi.String("SERVICE_MANAGED"),
			Tags: pulumi.StringMap{
				"NAME": pulumi.String("tf-acc-test-transfer-server"),
			},
		})
		if err != nil {
			return err
		}
		fooRole, err := iam.NewRole(ctx, "fooRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "	\"Version\": \"2012-10-17\",\n", "	\"Statement\": [\n", "		{\n", "		\"Effect\": \"Allow\",\n", "		\"Principal\": {\n", "			\"Service\": \"transfer.amazonaws.com\"\n", "		},\n", "		\"Action\": \"sts:AssumeRole\"\n", "		}\n", "	]\n", "}\n", "\n")),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "fooRolePolicy", &iam.RolePolicyArgs{
			Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "	\"Version\": \"2012-10-17\",\n", "	\"Statement\": [\n", "		{\n", "			\"Sid\": \"AllowFullAccesstoS3\",\n", "			\"Effect\": \"Allow\",\n", "			\"Action\": [\n", "				\"s3:*\"\n", "			],\n", "			\"Resource\": \"*\"\n", "		}\n", "	]\n", "}\n", "\n")),
			Role: fooRole.ID(),
		})
		if err != nil {
			return err
		}
		_, err = transfer.NewUser(ctx, "fooUser", &transfer.UserArgs{
			Role:     fooRole.Arn,
			ServerId: fooServer.ID(),
			UserName: pulumi.String("tftestuser"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Create a User Resource

new User(name: string, args: UserArgs, opts?: CustomResourceOptions);

def User(resource_name, opts=None, home_directory=None, policy=None, role=None, server_id=None, tags=None, user_name=None, __props__=None);

func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)

public User(string name, UserArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

User Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The User resource accepts the following input properties:

Role string: Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
ServerId string: The Server ID of the Transfer Server (e.g. s-12345678)
UserName string: The name used for log in to your SFTP server.
HomeDirectory string: The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.
Policy string: An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.
Tags Dictionary<string, string>: A map of tags to assign to the resource.

Role string: Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
ServerId string: The Server ID of the Transfer Server (e.g. s-12345678)
UserName string: The name used for log in to your SFTP server.
HomeDirectory string: The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.
Policy string: An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.
Tags map[string]string: A map of tags to assign to the resource.

role string: Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
serverId string: The Server ID of the Transfer Server (e.g. s-12345678)
userName string: The name used for log in to your SFTP server.
homeDirectory string: The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.
policy string: An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.
tags {[key: string]: string}: A map of tags to assign to the resource.

role str: Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
server_id str: The Server ID of the Transfer Server (e.g. s-12345678)
user_name str: The name used for log in to your SFTP server.
home_directory str: The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.
policy str: An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.
tags Dict[str, str]: A map of tags to assign to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

Arn string: Amazon Resource Name (ARN) of Transfer User
Id string: The provider-assigned unique ID for this managed resource.

Arn string: Amazon Resource Name (ARN) of Transfer User
Id string: The provider-assigned unique ID for this managed resource.

arn string: Amazon Resource Name (ARN) of Transfer User
id string: The provider-assigned unique ID for this managed resource.

arn str: Amazon Resource Name (ARN) of Transfer User
id str: The provider-assigned unique ID for this managed resource.

Look up an Existing User Resource

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User

static get(resource_name, id, opts=None, arn=None, home_directory=None, policy=None, role=None, server_id=None, tags=None, user_name=None, __props__=None);

func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)

public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: Amazon Resource Name (ARN) of Transfer User
HomeDirectory string: The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.
Policy string: An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.
Role string: Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
ServerId string: The Server ID of the Transfer Server (e.g. s-12345678)
Tags Dictionary<string, string>: A map of tags to assign to the resource.
UserName string: The name used for log in to your SFTP server.

Arn string: Amazon Resource Name (ARN) of Transfer User
HomeDirectory string: The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.
Policy string: An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.
Role string: Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
ServerId string: The Server ID of the Transfer Server (e.g. s-12345678)
Tags map[string]string: A map of tags to assign to the resource.
UserName string: The name used for log in to your SFTP server.

arn string: Amazon Resource Name (ARN) of Transfer User
homeDirectory string: The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.
policy string: An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.
role string: Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
serverId string: The Server ID of the Transfer Server (e.g. s-12345678)
tags {[key: string]: string}: A map of tags to assign to the resource.
userName string: The name used for log in to your SFTP server.

arn str: Amazon Resource Name (ARN) of Transfer User
home_directory str: The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.
policy str: An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.
role str: Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
server_id str: The Server ID of the Transfer Server (e.g. s-12345678)
tags Dict[str, str]: A map of tags to assign to the resource.
user_name str: The name used for log in to your SFTP server.

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud