1. Docs
  2. Reference
  3. API
  4. @pulumi/aws
  5. transfer

Module transfer

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Functions

Others

Resources

Resource Server

class Server extends CustomResource

Provides a AWS Transfer Server resource.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const fooRole = new aws.iam.Role("foo", {
    assumeRolePolicy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}
`,
});
const fooRolePolicy = new aws.iam.RolePolicy("foo", {
    policy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Sid": "AllowFullAccesstoCloudWatchLogs",
		"Effect": "Allow",
		"Action": [
			"logs:*"
		],
		"Resource": "*"
		}
	]
}
`,
    role: fooRole.id,
});
const fooServer = new aws.transfer.Server("foo", {
    identityProviderType: "SERVICE_MANAGED",
    loggingRole: fooRole.arn,
    tags: {
        ENV: "test",
        NAME: "tf-acc-test-transfer-server",
    },
});

constructor

new Server(name: string, args?: ServerArgs, opts?: pulumi.CustomResourceOptions)

Create a Server resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerState, opts?: pulumi.CustomResourceOptions): Server

Get an existing Server resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Server

Returns true if the given object is an instance of Server. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of Transfer Server

property endpoint

public endpoint: pulumi.Output<string>;

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

property endpointDetails

public endpointDetails: pulumi.Output<ServerEndpointDetails | undefined>;

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

property endpointType

public endpointType: pulumi.Output<string | undefined>;

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC_ENDPOINT, your SFTP server isn’t accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

property forceDestroy

public forceDestroy: pulumi.Output<boolean | undefined>;

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

property hostKey

public hostKey: pulumi.Output<string | undefined>;

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

property hostKeyFingerprint

public hostKeyFingerprint: pulumi.Output<string>;

This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityProviderType

public identityProviderType: pulumi.Output<string | undefined>;

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

property invocationRole

public invocationRole: pulumi.Output<string | undefined>;

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identityProviderType of API_GATEWAY.

property loggingRole

public loggingRole: pulumi.Output<string | undefined>;

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource.

property url

public url: pulumi.Output<string | undefined>;
  • URL of the service endpoint used to authenticate users with an identityProviderType of API_GATEWAY.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource SshKey

class SshKey extends CustomResource

Provides a AWS Transfer User SSH Key resource.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const fooServer = new aws.transfer.Server("foo", {
    identityProviderType: "SERVICE_MANAGED",
    tags: {
        NAME: "tf-acc-test-transfer-server",
    },
});
const fooRole = new aws.iam.Role("foo", {
    assumeRolePolicy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}
`,
});
const fooRolePolicy = new aws.iam.RolePolicy("foo", {
    policy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AllowFullAccesstoS3",
			"Effect": "Allow",
			"Action": [
				"s3:*"
			],
			"Resource": "*"
		}
	]
}
`,
    role: fooRole.id,
});
const fooUser = new aws.transfer.User("foo", {
    role: fooRole.arn,
    serverId: fooServer.id,
    tags: {
        NAME: "tftestuser",
    },
    userName: "tftestuser",
});
const fooSshKey = new aws.transfer.SshKey("foo", {
    body: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 example@example.com",
    serverId: fooServer.id,
    userName: fooUser.userName,
});

constructor

new SshKey(name: string, args: SshKeyArgs, opts?: pulumi.CustomResourceOptions)

Create a SshKey resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SshKeyState, opts?: pulumi.CustomResourceOptions): SshKey

Get an existing SshKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SshKey

Returns true if the given object is an instance of SshKey. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property body

public body: pulumi.Output<string>;

The public key portion of an SSH key pair.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property serverId

public serverId: pulumi.Output<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userName

public userName: pulumi.Output<string>;

The name of the user account that is assigned to one or more servers.

Resource User

class User extends CustomResource

Provides a AWS Transfer User resource. Managing SSH keys can be accomplished with the aws.transfer.SshKey resource.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const fooServer = new aws.transfer.Server("foo", {
    identityProviderType: "SERVICE_MANAGED",
    tags: {
        NAME: "tf-acc-test-transfer-server",
    },
});
const fooRole = new aws.iam.Role("foo", {
    assumeRolePolicy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}
`,
});
const fooRolePolicy = new aws.iam.RolePolicy("foo", {
    policy: `{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AllowFullAccesstoS3",
			"Effect": "Allow",
			"Action": [
				"s3:*"
			],
			"Resource": "*"
		}
	]
}
`,
    role: fooRole.id,
});
const fooUser = new aws.transfer.User("foo", {
    role: fooRole.arn,
    serverId: fooServer.id,
    userName: "tftestuser",
});

constructor

new User(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions)

Create a User resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is User

Returns true if the given object is an instance of User. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of Transfer User

property homeDirectory

public homeDirectory: pulumi.Output<string | undefined>;

The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policy

public policy: pulumi.Output<string | undefined>;

An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.

property role

public role: pulumi.Output<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

property serverId

public serverId: pulumi.Output<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userName

public userName: pulumi.Output<string>;

The name used for log in to your SFTP server.

Functions

Function getServer

getServer(args: GetServerArgs, opts?: pulumi.InvokeOptions): Promise<GetServerResult>

Use this data source to get the ARN of an AWS Transfer Server for use in other resources.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.transfer.getServer({
    serverId: "s-1234567",
}, { async: true }));

Others

interface GetServerArgs

interface GetServerArgs

A collection of arguments for invoking getServer.

property serverId

serverId: string;

ID for an SFTP server.

interface GetServerResult

interface GetServerResult

A collection of values returned by getServer.

property arn

arn: string;

Amazon Resource Name (ARN) of Transfer Server

property endpoint

endpoint: string;

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

property id

id: string;

The provider-assigned unique ID for this managed resource.

property identityProviderType

identityProviderType: string;

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

property invocationRole

invocationRole: string;

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identityProviderType of API_GATEWAY.

property loggingRole

loggingRole: string;

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

property serverId

serverId: string;

property url

url: string;

URL of the service endpoint used to authenticate users with an identityProviderType of API_GATEWAY.

interface ServerArgs

interface ServerArgs

The set of arguments for constructing a Server resource.

property endpointDetails

endpointDetails?: pulumi.Input<ServerEndpointDetails>;

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

property endpointType

endpointType?: pulumi.Input<string>;

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC_ENDPOINT, your SFTP server isn’t accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

property hostKey

hostKey?: pulumi.Input<string>;

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

property identityProviderType

identityProviderType?: pulumi.Input<string>;

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

property invocationRole

invocationRole?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identityProviderType of API_GATEWAY.

property loggingRole

loggingRole?: pulumi.Input<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

property url

url?: pulumi.Input<string>;
  • URL of the service endpoint used to authenticate users with an identityProviderType of API_GATEWAY.

interface ServerState

interface ServerState

Input properties used for looking up and filtering Server resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of Transfer Server

property endpoint

endpoint?: pulumi.Input<string>;

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

property endpointDetails

endpointDetails?: pulumi.Input<ServerEndpointDetails>;

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

property endpointType

endpointType?: pulumi.Input<string>;

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC_ENDPOINT, your SFTP server isn’t accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

property hostKey

hostKey?: pulumi.Input<string>;

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

property hostKeyFingerprint

hostKeyFingerprint?: pulumi.Input<string>;

This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

property identityProviderType

identityProviderType?: pulumi.Input<string>;

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

property invocationRole

invocationRole?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identityProviderType of API_GATEWAY.

property loggingRole

loggingRole?: pulumi.Input<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

property url

url?: pulumi.Input<string>;
  • URL of the service endpoint used to authenticate users with an identityProviderType of API_GATEWAY.

interface SshKeyArgs

interface SshKeyArgs

The set of arguments for constructing a SshKey resource.

property body

body: pulumi.Input<string>;

The public key portion of an SSH key pair.

property serverId

serverId: pulumi.Input<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property userName

userName: pulumi.Input<string>;

The name of the user account that is assigned to one or more servers.

interface SshKeyState

interface SshKeyState

Input properties used for looking up and filtering SshKey resources.

property body

body?: pulumi.Input<string>;

The public key portion of an SSH key pair.

property serverId

serverId?: pulumi.Input<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property userName

userName?: pulumi.Input<string>;

The name of the user account that is assigned to one or more servers.

interface UserArgs

interface UserArgs

The set of arguments for constructing a User resource.

property homeDirectory

homeDirectory?: pulumi.Input<string>;

The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.

property policy

policy?: pulumi.Input<string>;

An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.

property role

role: pulumi.Input<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

property serverId

serverId: pulumi.Input<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

property userName

userName: pulumi.Input<string>;

The name used for log in to your SFTP server.

interface UserState

interface UserState

Input properties used for looking up and filtering User resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of Transfer User

property homeDirectory

homeDirectory?: pulumi.Input<string>;

The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.

property policy

policy?: pulumi.Input<string>;

An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.

property role

role?: pulumi.Input<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

property serverId

serverId?: pulumi.Input<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

property userName

userName?: pulumi.Input<string>;

The name used for log in to your SFTP server.