Module transfer

@pulumi/aws > transfer

class Server

extends CustomResource

Provides a AWS Transfer Server resource.

resource "aws_iam_role" "foo" {
	name = "tf-test-transfer-server-iam-role"

	assume_role_policy = <<EOF
{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}
EOF
}

resource "aws_iam_role_policy" "foo" {
	name = "tf-test-transfer-server-iam-policy-%s"
	role = "${aws_iam_role.foo.id}"
	policy = <<POLICY
{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Sid": "AllowFullAccesstoCloudWatchLogs",
		"Effect": "Allow",
		"Action": [
			"logs:*"
		],
		"Resource": "*"
		}
	]
}
POLICY
}


resource "aws_transfer_server" "foo" {
  identity_provider_type = "SERVICE_MANAGED"
  logging_role = "${aws_iam_role.foo.arn}"

  tags {
	NAME   = "tf-acc-test-transfer-server"
	ENV    = "test"
  }
}

constructor

new Server(name: string, args?: ServerArgs, opts?: pulumi.CustomResourceOptions)

Create a Server resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerState, opts?: pulumi.CustomResourceOptions): Server

Get an existing Server resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityProviderType

public identityProviderType: pulumi.Output<string | undefined>;

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

property invocationRole

public invocationRole: pulumi.Output<string | undefined>;

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

property forceDestroy

public forceDestroy: pulumi.Output<boolean | undefined>;

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the resource.

property url

public url: pulumi.Output<string | undefined>;
  • URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property endpoint

public endpoint: pulumi.Output<string>;

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of Transfer Server

property loggingRole

public loggingRole: pulumi.Output<string | undefined>;

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

class SshKey

extends CustomResource

Provides a AWS Transfer User SSH Key resource.

resource "aws_transfer_server" "foo" {
	identity_provider_type = "SERVICE_MANAGED"

	tags {
		NAME     = "tf-acc-test-transfer-server"
	}
}


resource "aws_iam_role" "foo" {
	name = "tf-test-transfer-user-iam-role-%s"

	assume_role_policy = <<EOF
{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}
EOF
}

resource "aws_iam_role_policy" "foo" {
	name = "tf-test-transfer-user-iam-policy-%s"
	role = "${aws_iam_role.foo.id}"
	policy = <<POLICY
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AllowFullAccesstoS3",
			"Effect": "Allow",
			"Action": [
				"s3:*"
			],
			"Resource": "*"
		}
	]
}
POLICY
}


resource "aws_transfer_user" "foo" {
	server_id      = "${aws_transfer_server.foo.id}"
	user_name      = "tftestuser"
	role           = "${aws_iam_role.foo.arn}"

	tags {
		NAME = "tftestuser"
	}
}

resource "aws_transfer_ssh_key" "foo" {
	server_id = "${aws_transfer_server.foo.id}"
	user_name = "${aws_transfer_user.foo.user_name}"
	body 	  = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 example@example.com"
}

constructor

new SshKey(name: string, args: SshKeyArgs, opts?: pulumi.CustomResourceOptions)

Create a SshKey resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SshKeyState, opts?: pulumi.CustomResourceOptions): SshKey

Get an existing SshKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

property serverId

public serverId: pulumi.Output<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userName

public userName: pulumi.Output<string>;

The name of the user account that is assigned to one or more servers.

property body

public body: pulumi.Output<string>;

The public key portion of an SSH key pair.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

class User

extends CustomResource

Provides a AWS Transfer User resource. Managing SSH keys can be accomplished with the aws_transfer_ssh_key resource.

resource "aws_transfer_server" "foo" {
	identity_provider_type = "SERVICE_MANAGED"

	tags {
		NAME     = "tf-acc-test-transfer-server"
	}
}

resource "aws_iam_role" "foo" {
	name = "tf-test-transfer-user-iam-role"

	assume_role_policy = <<EOF
{
	"Version": "2012-10-17",
	"Statement": [
		{
		"Effect": "Allow",
		"Principal": {
			"Service": "transfer.amazonaws.com"
		},
		"Action": "sts:AssumeRole"
		}
	]
}
EOF
}

resource "aws_iam_role_policy" "foo" {
	name = "tf-test-transfer-user-iam-policy"
	role = "${aws_iam_role.foo.id}"
	policy = <<POLICY
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "AllowFullAccesstoS3",
			"Effect": "Allow",
			"Action": [
				"s3:*"
			],
			"Resource": "*"
		}
	]
}
POLICY
}

resource "aws_transfer_user" "foo" {
	server_id      = "${aws_transfer_server.foo.id}"
	user_name      = "tftestuser"
	role           = "${aws_iam_role.foo.arn}"
}

constructor

new User(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions)

Create a User resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property policy

public policy: pulumi.Output<string | undefined>;

An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. Since the IAM variable syntax matches Terraform’s interpolation syntax, they must be escaped inside Terraform configuration strings ($${Transfer:UserName}).

property role

public role: pulumi.Output<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userName

public userName: pulumi.Output<string>;

The name used for log in to your SFTP server.

property homeDirectory

public homeDirectory: pulumi.Output<string | undefined>;

The landing directory (folder) for a user when they log in to the server using their SFTP client.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of Transfer User

property serverId

public serverId: pulumi.Output<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

interface ServerArgs

The set of arguments for constructing a Server resource.

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

property identityProviderType

identityProviderType?: pulumi.Input<string>;

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

property invocationRole

invocationRole?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

property loggingRole

loggingRole?: pulumi.Input<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property url

url?: pulumi.Input<string>;
  • URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

interface ServerState

Input properties used for looking up and filtering Server resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of Transfer Server

property endpoint

endpoint?: pulumi.Input<string>;

The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false.

property identityProviderType

identityProviderType?: pulumi.Input<string>;

The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

property invocationRole

invocationRole?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

property loggingRole

loggingRole?: pulumi.Input<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property url

url?: pulumi.Input<string>;
  • URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.

interface SshKeyArgs

The set of arguments for constructing a SshKey resource.

property body

body: pulumi.Input<string>;

The public key portion of an SSH key pair.

property serverId

serverId: pulumi.Input<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property userName

userName: pulumi.Input<string>;

The name of the user account that is assigned to one or more servers.

interface SshKeyState

Input properties used for looking up and filtering SshKey resources.

property body

body?: pulumi.Input<string>;

The public key portion of an SSH key pair.

property serverId

serverId?: pulumi.Input<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property userName

userName?: pulumi.Input<string>;

The name of the user account that is assigned to one or more servers.

interface UserArgs

The set of arguments for constructing a User resource.

property homeDirectory

homeDirectory?: pulumi.Input<string>;

The landing directory (folder) for a user when they log in to the server using their SFTP client.

property policy

policy?: pulumi.Input<string>;

An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. Since the IAM variable syntax matches Terraform’s interpolation syntax, they must be escaped inside Terraform configuration strings ($${Transfer:UserName}).

property role

role: pulumi.Input<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

property serverId

serverId: pulumi.Input<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property userName

userName: pulumi.Input<string>;

The name used for log in to your SFTP server.

interface UserState

Input properties used for looking up and filtering User resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of Transfer User

property homeDirectory

homeDirectory?: pulumi.Input<string>;

The landing directory (folder) for a user when they log in to the server using their SFTP client.

property policy

policy?: pulumi.Input<string>;

An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. Since the IAM variable syntax matches Terraform’s interpolation syntax, they must be escaped inside Terraform configuration strings ($${Transfer:UserName}).

property role

role?: pulumi.Input<string>;

Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.

property serverId

serverId?: pulumi.Input<string>;

The Server ID of the Transfer Server (e.g. s-12345678)

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property userName

userName?: pulumi.Input<string>;

The name used for log in to your SFTP server.