1. Docs
  2. Reference
  3. API
  4. pulumi_aws
  5. transfer

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

transfer

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.transfer.AwaitableGetServerResult(arn=None, endpoint=None, id=None, identity_provider_type=None, invocation_role=None, logging_role=None, server_id=None, url=None)
class pulumi_aws.transfer.GetServerResult(arn=None, endpoint=None, id=None, identity_provider_type=None, invocation_role=None, logging_role=None, server_id=None, url=None)

A collection of values returned by getServer.

arn = None

Amazon Resource Name (ARN) of Transfer Server

endpoint = None

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

id = None

The provider-assigned unique ID for this managed resource.

identity_provider_type = None

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

invocation_role = None

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

logging_role = None

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

url = None

URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

class pulumi_aws.transfer.Server(resource_name, opts=None, endpoint_details=None, endpoint_type=None, force_destroy=None, host_key=None, identity_provider_type=None, invocation_role=None, logging_role=None, tags=None, url=None, __props__=None, __name__=None, __opts__=None)

Provides a AWS Transfer Server resource.

import pulumi
import pulumi_aws as aws

foo_role = aws.iam.Role("fooRole", assume_role_policy="""{
        "Version": "2012-10-17",
        "Statement": [
                {
                "Effect": "Allow",
                "Principal": {
                        "Service": "transfer.amazonaws.com"
                },
                "Action": "sts:AssumeRole"
                }
        ]
}

""")
foo_role_policy = aws.iam.RolePolicy("fooRolePolicy",
    policy="""{
        "Version": "2012-10-17",
        "Statement": [
                {
                "Sid": "AllowFullAccesstoCloudWatchLogs",
                "Effect": "Allow",
                "Action": [
                        "logs:*"
                ],
                "Resource": "*"
                }
        ]
}

""",
    role=foo_role.id)
foo_server = aws.transfer.Server("fooServer",
    identity_provider_type="SERVICE_MANAGED",
    logging_role=foo_role.arn,
    tags={
        "ENV": "test",
        "NAME": "tf-acc-test-transfer-server",
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • endpoint_details (pulumi.Input[dict]) – The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

  • endpoint_type (pulumi.Input[str]) – The type of endpoint that you want your SFTP server connect to. If you connect to a VPC_ENDPOINT, your SFTP server isn’t accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

  • force_destroy (pulumi.Input[bool]) – A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

  • host_key (pulumi.Input[str]) – RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

  • identity_provider_type (pulumi.Input[str]) – The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

  • invocation_role (pulumi.Input[str]) – Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

  • logging_role (pulumi.Input[str]) – Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

  • tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

  • url (pulumi.Input[str]) –

    • URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

The endpoint_details object supports the following:

  • vpc_endpoint_id (pulumi.Input[str]) - The ID of the VPC endpoint.

arn: pulumi.Output[str] = None

Amazon Resource Name (ARN) of Transfer Server

endpoint: pulumi.Output[str] = None

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

endpoint_details: pulumi.Output[dict] = None

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

  • vpc_endpoint_id (str) - The ID of the VPC endpoint.

endpoint_type: pulumi.Output[str] = None

The type of endpoint that you want your SFTP server connect to. If you connect to a VPC_ENDPOINT, your SFTP server isn’t accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

force_destroy: pulumi.Output[bool] = None

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

host_key: pulumi.Output[str] = None

RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

host_key_fingerprint: pulumi.Output[str] = None

This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

identity_provider_type: pulumi.Output[str] = None

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

invocation_role: pulumi.Output[str] = None

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

logging_role: pulumi.Output[str] = None

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

tags: pulumi.Output[dict] = None

A map of tags to assign to the resource.

url: pulumi.Output[str] = None

  • URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

static get(resource_name, id, opts=None, arn=None, endpoint=None, endpoint_details=None, endpoint_type=None, force_destroy=None, host_key=None, host_key_fingerprint=None, identity_provider_type=None, invocation_role=None, logging_role=None, tags=None, url=None)

Get an existing Server resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of Transfer Server

  • endpoint (pulumi.Input[str]) – The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

  • endpoint_details (pulumi.Input[dict]) – The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.

  • endpoint_type (pulumi.Input[str]) – The type of endpoint that you want your SFTP server connect to. If you connect to a VPC_ENDPOINT, your SFTP server isn’t accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.

  • force_destroy (pulumi.Input[bool]) – A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

  • host_key (pulumi.Input[str]) – RSA private key (e.g. as generated by the ssh-keygen -N "" -f my-new-server-key command).

  • host_key_fingerprint (pulumi.Input[str]) – This value contains the message-digest algorithm (MD5) hash of the server’s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.

  • identity_provider_type (pulumi.Input[str]) – The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

  • invocation_role (pulumi.Input[str]) – Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

  • logging_role (pulumi.Input[str]) – Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

  • tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

  • url (pulumi.Input[str]) –

    • URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

The endpoint_details object supports the following:

  • vpc_endpoint_id (pulumi.Input[str]) - The ID of the VPC endpoint.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.transfer.SshKey(resource_name, opts=None, body=None, server_id=None, user_name=None, __props__=None, __name__=None, __opts__=None)

Provides a AWS Transfer User SSH Key resource.

import pulumi
import pulumi_aws as aws

foo_server = aws.transfer.Server("fooServer",
    identity_provider_type="SERVICE_MANAGED",
    tags={
        "NAME": "tf-acc-test-transfer-server",
    })
foo_role = aws.iam.Role("fooRole", assume_role_policy="""{
        "Version": "2012-10-17",
        "Statement": [
                {
                "Effect": "Allow",
                "Principal": {
                        "Service": "transfer.amazonaws.com"
                },
                "Action": "sts:AssumeRole"
                }
        ]
}

""")
foo_role_policy = aws.iam.RolePolicy("fooRolePolicy",
    policy="""{
        "Version": "2012-10-17",
        "Statement": [
                {
                        "Sid": "AllowFullAccesstoS3",
                        "Effect": "Allow",
                        "Action": [
                                "s3:*"
                        ],
                        "Resource": "*"
                }
        ]
}

""",
    role=foo_role.id)
foo_user = aws.transfer.User("fooUser",
    role=foo_role.arn,
    server_id=foo_server.id,
    tags={
        "NAME": "tftestuser",
    },
    user_name="tftestuser")
foo_ssh_key = aws.transfer.SshKey("fooSshKey",
    body="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 example@example.com",
    server_id=foo_server.id,
    user_name=foo_user.user_name)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • body (pulumi.Input[str]) – The public key portion of an SSH key pair.

  • server_id (pulumi.Input[str]) – The Server ID of the Transfer Server (e.g. s-12345678)

  • user_name (pulumi.Input[str]) – The name of the user account that is assigned to one or more servers.

body: pulumi.Output[str] = None

The public key portion of an SSH key pair.

server_id: pulumi.Output[str] = None

The Server ID of the Transfer Server (e.g. s-12345678)

user_name: pulumi.Output[str] = None

The name of the user account that is assigned to one or more servers.

static get(resource_name, id, opts=None, body=None, server_id=None, user_name=None)

Get an existing SshKey resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • body (pulumi.Input[str]) – The public key portion of an SSH key pair.

  • server_id (pulumi.Input[str]) – The Server ID of the Transfer Server (e.g. s-12345678)

  • user_name (pulumi.Input[str]) – The name of the user account that is assigned to one or more servers.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.transfer.User(resource_name, opts=None, home_directory=None, policy=None, role=None, server_id=None, tags=None, user_name=None, __props__=None, __name__=None, __opts__=None)

Provides a AWS Transfer User resource. Managing SSH keys can be accomplished with the transfer.SshKey resource.

import pulumi
import pulumi_aws as aws

foo_server = aws.transfer.Server("fooServer",
    identity_provider_type="SERVICE_MANAGED",
    tags={
        "NAME": "tf-acc-test-transfer-server",
    })
foo_role = aws.iam.Role("fooRole", assume_role_policy="""{
        "Version": "2012-10-17",
        "Statement": [
                {
                "Effect": "Allow",
                "Principal": {
                        "Service": "transfer.amazonaws.com"
                },
                "Action": "sts:AssumeRole"
                }
        ]
}

""")
foo_role_policy = aws.iam.RolePolicy("fooRolePolicy",
    policy="""{
        "Version": "2012-10-17",
        "Statement": [
                {
                        "Sid": "AllowFullAccesstoS3",
                        "Effect": "Allow",
                        "Action": [
                                "s3:*"
                        ],
                        "Resource": "*"
                }
        ]
}

""",
    role=foo_role.id)
foo_user = aws.transfer.User("fooUser",
    role=foo_role.arn,
    server_id=foo_server.id,
    user_name="tftestuser")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • home_directory (pulumi.Input[str]) – The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.

  • policy (pulumi.Input[str]) – An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.

  • role (pulumi.Input[str]) – Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

  • server_id (pulumi.Input[str]) – The Server ID of the Transfer Server (e.g. s-12345678)

  • tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

  • user_name (pulumi.Input[str]) – The name used for log in to your SFTP server.

arn: pulumi.Output[str] = None

Amazon Resource Name (ARN) of Transfer User

home_directory: pulumi.Output[str] = None

The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.

policy: pulumi.Output[str] = None

An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.

role: pulumi.Output[str] = None

Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

server_id: pulumi.Output[str] = None

The Server ID of the Transfer Server (e.g. s-12345678)

tags: pulumi.Output[dict] = None

A map of tags to assign to the resource.

user_name: pulumi.Output[str] = None

The name used for log in to your SFTP server.

static get(resource_name, id, opts=None, arn=None, home_directory=None, policy=None, role=None, server_id=None, tags=None, user_name=None)

Get an existing User resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of Transfer User

  • home_directory (pulumi.Input[str]) – The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.

  • policy (pulumi.Input[str]) – An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket.

  • role (pulumi.Input[str]) – Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

  • server_id (pulumi.Input[str]) – The Server ID of the Transfer Server (e.g. s-12345678)

  • tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

  • user_name (pulumi.Input[str]) – The name used for log in to your SFTP server.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_aws.transfer.get_server(server_id=None, opts=None)

Use this data source to get the ARN of an AWS Transfer Server for use in other resources.

import pulumi
import pulumi_aws as aws

example = aws.transfer.get_server(server_id="s-1234567")
Parameters

server_id (str) – ID for an SFTP server.