Docs Packages
  1. Packages
  2. AWS Classic
  3. API Docs
  4. transfer
  5. Server

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi
pulumi/pulumi-aws

aws.transfer.Server

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi
pulumi/pulumi-aws

    Provides a AWS Transfer Server resource.

    NOTE on AWS IAM permissions: If the endpoint_type is set to VPC, the ec2:DescribeVpcEndpoints and ec2:ModifyVpcEndpoint actions are used.

    NOTE: Use the aws.transfer.Tag resource to manage the system tags used for custom hostnames.

    Example Usage

    Basic

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {tags: {
    Name: "Example",
}});

    import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example", tags={
    "Name": "Example",
})

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			Tags: pulumi.StringMap{
				"Name": pulumi.String("Example"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        Tags = 
        {
            { "Name", "Example" },
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()
            .tags(Map.of("Name", "Example"))
            .build());

    }
}

    resources:
  example:
    type: aws:transfer:Server
    properties:
      tags:
        Name: Example

    Security Policy Name

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {securityPolicyName: "TransferSecurityPolicy-2020-06"});

    import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example", security_policy_name="TransferSecurityPolicy-2020-06")

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			SecurityPolicyName: pulumi.String("TransferSecurityPolicy-2020-06"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        SecurityPolicyName = "TransferSecurityPolicy-2020-06",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()
            .securityPolicyName("TransferSecurityPolicy-2020-06")
            .build());

    }
}

    resources:
  example:
    type: aws:transfer:Server
    properties:
      securityPolicyName: TransferSecurityPolicy-2020-06

    VPC Endpoint

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {
    endpointType: "VPC",
    endpointDetails: {
        addressAllocationIds: [exampleAwsEip.id],
        subnetIds: [exampleAwsSubnet.id],
        vpcId: exampleAwsVpc.id,
    },
});

    import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example",
    endpoint_type="VPC",
    endpoint_details={
        "addressAllocationIds": [example_aws_eip["id"]],
        "subnetIds": [example_aws_subnet["id"]],
        "vpcId": example_aws_vpc["id"],
    })

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			EndpointType: pulumi.String("VPC"),
			EndpointDetails: &transfer.ServerEndpointDetailsArgs{
				AddressAllocationIds: pulumi.StringArray{
					exampleAwsEip.Id,
				},
				SubnetIds: pulumi.StringArray{
					exampleAwsSubnet.Id,
				},
				VpcId: pulumi.Any(exampleAwsVpc.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        EndpointType = "VPC",
        EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
        {
            AddressAllocationIds = new[]
            {
                exampleAwsEip.Id,
            },
            SubnetIds = new[]
            {
                exampleAwsSubnet.Id,
            },
            VpcId = exampleAwsVpc.Id,
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()
            .endpointType("VPC")
            .endpointDetails(ServerEndpointDetailsArgs.builder()
                .addressAllocationIds(exampleAwsEip.id())
                .subnetIds(exampleAwsSubnet.id())
                .vpcId(exampleAwsVpc.id())
                .build())
            .build());

    }
}

    resources:
  example:
    type: aws:transfer:Server
    properties:
      endpointType: VPC
      endpointDetails:
        addressAllocationIds:
          - ${exampleAwsEip.id}
        subnetIds:
          - ${exampleAwsSubnet.id}
        vpcId: ${exampleAwsVpc.id}

    AWS Directory authentication

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {
    identityProviderType: "AWS_DIRECTORY_SERVICE",
    directoryId: exampleAwsDirectoryServiceDirectory.id,
});

    import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example",
    identity_provider_type="AWS_DIRECTORY_SERVICE",
    directory_id=example_aws_directory_service_directory["id"])

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			IdentityProviderType: pulumi.String("AWS_DIRECTORY_SERVICE"),
			DirectoryId:          pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        IdentityProviderType = "AWS_DIRECTORY_SERVICE",
        DirectoryId = exampleAwsDirectoryServiceDirectory.Id,
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()
            .identityProviderType("AWS_DIRECTORY_SERVICE")
            .directoryId(exampleAwsDirectoryServiceDirectory.id())
            .build());

    }
}

    resources:
  example:
    type: aws:transfer:Server
    properties:
      identityProviderType: AWS_DIRECTORY_SERVICE
      directoryId: ${exampleAwsDirectoryServiceDirectory.id}

    AWS Lambda authentication

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {
    identityProviderType: "AWS_LAMBDA",
    "function": exampleAwsLambdaIdentityProvider.arn,
});

    import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example",
    identity_provider_type="AWS_LAMBDA",
    function=example_aws_lambda_identity_provider["arn"])

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			IdentityProviderType: pulumi.String("AWS_LAMBDA"),
			Function:             pulumi.Any(exampleAwsLambdaIdentityProvider.Arn),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        IdentityProviderType = "AWS_LAMBDA",
        Function = exampleAwsLambdaIdentityProvider.Arn,
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()
            .identityProviderType("AWS_LAMBDA")
            .function(exampleAwsLambdaIdentityProvider.arn())
            .build());

    }
}

    resources:
  example:
    type: aws:transfer:Server
    properties:
      identityProviderType: AWS_LAMBDA
      function: ${exampleAwsLambdaIdentityProvider.arn}

    Protocols

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.transfer.Server("example", {
    endpointType: "VPC",
    endpointDetails: {
        subnetIds: [exampleAwsSubnet.id],
        vpcId: exampleAwsVpc.id,
    },
    protocols: [
        "FTP",
        "FTPS",
    ],
    certificate: exampleAwsAcmCertificate.arn,
    identityProviderType: "API_GATEWAY",
    url: `${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}`,
});

    import pulumi
import pulumi_aws as aws

example = aws.transfer.Server("example",
    endpoint_type="VPC",
    endpoint_details={
        "subnetIds": [example_aws_subnet["id"]],
        "vpcId": example_aws_vpc["id"],
    },
    protocols=[
        "FTP",
        "FTPS",
    ],
    certificate=example_aws_acm_certificate["arn"],
    identity_provider_type="API_GATEWAY",
    url=f"{example_aws_api_gateway_deployment['invokeUrl']}{example_aws_api_gateway_resource['path']}")

    package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
			EndpointType: pulumi.String("VPC"),
			EndpointDetails: &transfer.ServerEndpointDetailsArgs{
				SubnetIds: pulumi.StringArray{
					exampleAwsSubnet.Id,
				},
				VpcId: pulumi.Any(exampleAwsVpc.Id),
			},
			Protocols: pulumi.StringArray{
				pulumi.String("FTP"),
				pulumi.String("FTPS"),
			},
			Certificate:          pulumi.Any(exampleAwsAcmCertificate.Arn),
			IdentityProviderType: pulumi.String("API_GATEWAY"),
			Url:                  pulumi.String(fmt.Sprintf("%v%v", exampleAwsApiGatewayDeployment.InvokeUrl, exampleAwsApiGatewayResource.Path)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Transfer.Server("example", new()
    {
        EndpointType = "VPC",
        EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
        {
            SubnetIds = new[]
            {
                exampleAwsSubnet.Id,
            },
            VpcId = exampleAwsVpc.Id,
        },
        Protocols = new[]
        {
            "FTP",
            "FTPS",
        },
        Certificate = exampleAwsAcmCertificate.Arn,
        IdentityProviderType = "API_GATEWAY",
        Url = $"{exampleAwsApiGatewayDeployment.InvokeUrl}{exampleAwsApiGatewayResource.Path}",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.transfer.inputs.ServerEndpointDetailsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Server("example", ServerArgs.builder()
            .endpointType("VPC")
            .endpointDetails(ServerEndpointDetailsArgs.builder()
                .subnetIds(exampleAwsSubnet.id())
                .vpcId(exampleAwsVpc.id())
                .build())
            .protocols(            
                "FTP",
                "FTPS")
            .certificate(exampleAwsAcmCertificate.arn())
            .identityProviderType("API_GATEWAY")
            .url(String.format("%s%s", exampleAwsApiGatewayDeployment.invokeUrl(),exampleAwsApiGatewayResource.path()))
            .build());

    }
}

    resources:
  example:
    type: aws:transfer:Server
    properties:
      endpointType: VPC
      endpointDetails:
        subnetIds:
          - ${exampleAwsSubnet.id}
        vpcId: ${exampleAwsVpc.id}
      protocols:
        - FTP
        - FTPS
      certificate: ${exampleAwsAcmCertificate.arn}
      identityProviderType: API_GATEWAY
      url: ${exampleAwsApiGatewayDeployment.invokeUrl}${exampleAwsApiGatewayResource.path}

    Using Structured Logging Destinations

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const transfer = new aws.cloudwatch.LogGroup("transfer", {namePrefix: "transfer_test_"});
const transferAssumeRole = aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "Service",
            identifiers: ["transfer.amazonaws.com"],
        }],
        actions: ["sts:AssumeRole"],
    }],
});
const iamForTransfer = new aws.iam.Role("iam_for_transfer", {
    namePrefix: "iam_for_transfer_",
    assumeRolePolicy: transferAssumeRole.then(transferAssumeRole => transferAssumeRole.json),
    managedPolicyArns: ["arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"],
});
const transferServer = new aws.transfer.Server("transfer", {
    endpointType: "PUBLIC",
    loggingRole: iamForTransfer.arn,
    protocols: ["SFTP"],
    structuredLogDestinations: [pulumi.interpolate`${transfer.arn}:*`],
});

    import pulumi
import pulumi_aws as aws

transfer = aws.cloudwatch.LogGroup("transfer", name_prefix="transfer_test_")
transfer_assume_role = aws.iam.get_policy_document(statements=[{
    "effect": "Allow",
    "principals": [{
        "type": "Service",
        "identifiers": ["transfer.amazonaws.com"],
    }],
    "actions": ["sts:AssumeRole"],
}])
iam_for_transfer = aws.iam.Role("iam_for_transfer",
    name_prefix="iam_for_transfer_",
    assume_role_policy=transfer_assume_role.json,
    managed_policy_arns=["arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"])
transfer_server = aws.transfer.Server("transfer",
    endpoint_type="PUBLIC",
    logging_role=iam_for_transfer.arn,
    protocols=["SFTP"],
    structured_log_destinations=[transfer.arn.apply(lambda arn: f"{arn}:*")])

    package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		transfer, err := cloudwatch.NewLogGroup(ctx, "transfer", &cloudwatch.LogGroupArgs{
			NamePrefix: pulumi.String("transfer_test_"),
		})
		if err != nil {
			return err
		}
		transferAssumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "Service",
							Identifiers: []string{
								"transfer.amazonaws.com",
							},
						},
					},
					Actions: []string{
						"sts:AssumeRole",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		iamForTransfer, err := iam.NewRole(ctx, "iam_for_transfer", &iam.RoleArgs{
			NamePrefix:       pulumi.String("iam_for_transfer_"),
			AssumeRolePolicy: pulumi.String(transferAssumeRole.Json),
			ManagedPolicyArns: pulumi.StringArray{
				pulumi.String("arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"),
			},
		})
		if err != nil {
			return err
		}
		_, err = transfer.NewServer(ctx, "transfer", &transfer.ServerArgs{
			EndpointType: pulumi.String("PUBLIC"),
			LoggingRole:  iamForTransfer.Arn,
			Protocols: pulumi.StringArray{
				pulumi.String("SFTP"),
			},
			StructuredLogDestinations: pulumi.StringArray{
				transfer.Arn.ApplyT(func(arn string) (string, error) {
					return fmt.Sprintf("%v:*", arn), nil
				}).(pulumi.StringOutput),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var transfer = new Aws.CloudWatch.LogGroup("transfer", new()
    {
        NamePrefix = "transfer_test_",
    });

    var transferAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "Service",
                        Identifiers = new[]
                        {
                            "transfer.amazonaws.com",
                        },
                    },
                },
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
            },
        },
    });

    var iamForTransfer = new Aws.Iam.Role("iam_for_transfer", new()
    {
        NamePrefix = "iam_for_transfer_",
        AssumeRolePolicy = transferAssumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        ManagedPolicyArns = new[]
        {
            "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess",
        },
    });

    var transferServer = new Aws.Transfer.Server("transfer", new()
    {
        EndpointType = "PUBLIC",
        LoggingRole = iamForTransfer.Arn,
        Protocols = new[]
        {
            "SFTP",
        },
        StructuredLogDestinations = new[]
        {
            transfer.Arn.Apply(arn => $"{arn}:*"),
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var transfer = new LogGroup("transfer", LogGroupArgs.builder()
            .namePrefix("transfer_test_")
            .build());

        final var transferAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("transfer.amazonaws.com")
                    .build())
                .actions("sts:AssumeRole")
                .build())
            .build());

        var iamForTransfer = new Role("iamForTransfer", RoleArgs.builder()
            .namePrefix("iam_for_transfer_")
            .assumeRolePolicy(transferAssumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .managedPolicyArns("arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess")
            .build());

        var transferServer = new Server("transferServer", ServerArgs.builder()
            .endpointType("PUBLIC")
            .loggingRole(iamForTransfer.arn())
            .protocols("SFTP")
            .structuredLogDestinations(transfer.arn().applyValue(arn -> String.format("%s:*", arn)))
            .build());

    }
}

    resources:
  transfer:
    type: aws:cloudwatch:LogGroup
    properties:
      namePrefix: transfer_test_
  iamForTransfer:
    type: aws:iam:Role
    name: iam_for_transfer
    properties:
      namePrefix: iam_for_transfer_
      assumeRolePolicy: ${transferAssumeRole.json}
      managedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess
  transferServer:
    type: aws:transfer:Server
    name: transfer
    properties:
      endpointType: PUBLIC
      loggingRole: ${iamForTransfer.arn}
      protocols:
        - SFTP
      structuredLogDestinations:
        - ${transfer.arn}:*
variables:
  transferAssumeRole:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            principals:
              - type: Service
                identifiers:
                  - transfer.amazonaws.com
            actions:
              - sts:AssumeRole

    Create Server Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Server(name: string, args?: ServerArgs, opts?: CustomResourceOptions);
    @overload
def Server(resource_name: str,
           args: Optional[ServerArgs] = None,
           opts: Optional[ResourceOptions] = None)

@overload
def Server(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           certificate: Optional[str] = None,
           directory_id: Optional[str] = None,
           domain: Optional[str] = None,
           endpoint_details: Optional[ServerEndpointDetailsArgs] = None,
           endpoint_type: Optional[str] = None,
           force_destroy: Optional[bool] = None,
           function: Optional[str] = None,
           host_key: Optional[str] = None,
           identity_provider_type: Optional[str] = None,
           invocation_role: Optional[str] = None,
           logging_role: Optional[str] = None,
           post_authentication_login_banner: Optional[str] = None,
           pre_authentication_login_banner: Optional[str] = None,
           protocol_details: Optional[ServerProtocolDetailsArgs] = None,
           protocols: Optional[Sequence[str]] = None,
           s3_storage_options: Optional[ServerS3StorageOptionsArgs] = None,
           security_policy_name: Optional[str] = None,
           sftp_authentication_methods: Optional[str] = None,
           structured_log_destinations: Optional[Sequence[str]] = None,
           tags: Optional[Mapping[str, str]] = None,
           url: Optional[str] = None,
           workflow_details: Optional[ServerWorkflowDetailsArgs] = None)
    func NewServer(ctx *Context, name string, args *ServerArgs, opts ...ResourceOption) (*Server, error)
    public Server(string name, ServerArgs? args = null, CustomResourceOptions? opts = null)
    public Server(String name, ServerArgs args)
public Server(String name, ServerArgs args, CustomResourceOptions options)

    type: aws:transfer:Server
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args ServerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ServerArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ServerArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ServerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ServerArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var serverResource = new Aws.Transfer.Server("serverResource", new()
{
    Certificate = "string",
    DirectoryId = "string",
    Domain = "string",
    EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs
    {
        AddressAllocationIds = new[]
        {
            "string",
        },
        SecurityGroupIds = new[]
        {
            "string",
        },
        SubnetIds = new[]
        {
            "string",
        },
        VpcEndpointId = "string",
        VpcId = "string",
    },
    EndpointType = "string",
    ForceDestroy = false,
    Function = "string",
    HostKey = "string",
    IdentityProviderType = "string",
    InvocationRole = "string",
    LoggingRole = "string",
    PostAuthenticationLoginBanner = "string",
    PreAuthenticationLoginBanner = "string",
    ProtocolDetails = new Aws.Transfer.Inputs.ServerProtocolDetailsArgs
    {
        As2Transports = new[]
        {
            "string",
        },
        PassiveIp = "string",
        SetStatOption = "string",
        TlsSessionResumptionMode = "string",
    },
    Protocols = new[]
    {
        "string",
    },
    S3StorageOptions = new Aws.Transfer.Inputs.ServerS3StorageOptionsArgs
    {
        DirectoryListingOptimization = "string",
    },
    SecurityPolicyName = "string",
    SftpAuthenticationMethods = "string",
    StructuredLogDestinations = new[]
    {
        "string",
    },
    Tags = 
    {
        { "string", "string" },
    },
    Url = "string",
    WorkflowDetails = new Aws.Transfer.Inputs.ServerWorkflowDetailsArgs
    {
        OnPartialUpload = new Aws.Transfer.Inputs.ServerWorkflowDetailsOnPartialUploadArgs
        {
            ExecutionRole = "string",
            WorkflowId = "string",
        },
        OnUpload = new Aws.Transfer.Inputs.ServerWorkflowDetailsOnUploadArgs
        {
            ExecutionRole = "string",
            WorkflowId = "string",
        },
    },
});

    example, err := transfer.NewServer(ctx, "serverResource", &transfer.ServerArgs{
	Certificate: pulumi.String("string"),
	DirectoryId: pulumi.String("string"),
	Domain:      pulumi.String("string"),
	EndpointDetails: &transfer.ServerEndpointDetailsArgs{
		AddressAllocationIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		SecurityGroupIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		SubnetIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		VpcEndpointId: pulumi.String("string"),
		VpcId:         pulumi.String("string"),
	},
	EndpointType:                  pulumi.String("string"),
	ForceDestroy:                  pulumi.Bool(false),
	Function:                      pulumi.String("string"),
	HostKey:                       pulumi.String("string"),
	IdentityProviderType:          pulumi.String("string"),
	InvocationRole:                pulumi.String("string"),
	LoggingRole:                   pulumi.String("string"),
	PostAuthenticationLoginBanner: pulumi.String("string"),
	PreAuthenticationLoginBanner:  pulumi.String("string"),
	ProtocolDetails: &transfer.ServerProtocolDetailsArgs{
		As2Transports: pulumi.StringArray{
			pulumi.String("string"),
		},
		PassiveIp:                pulumi.String("string"),
		SetStatOption:            pulumi.String("string"),
		TlsSessionResumptionMode: pulumi.String("string"),
	},
	Protocols: pulumi.StringArray{
		pulumi.String("string"),
	},
	S3StorageOptions: &transfer.ServerS3StorageOptionsArgs{
		DirectoryListingOptimization: pulumi.String("string"),
	},
	SecurityPolicyName:        pulumi.String("string"),
	SftpAuthenticationMethods: pulumi.String("string"),
	StructuredLogDestinations: pulumi.StringArray{
		pulumi.String("string"),
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Url: pulumi.String("string"),
	WorkflowDetails: &transfer.ServerWorkflowDetailsArgs{
		OnPartialUpload: &transfer.ServerWorkflowDetailsOnPartialUploadArgs{
			ExecutionRole: pulumi.String("string"),
			WorkflowId:    pulumi.String("string"),
		},
		OnUpload: &transfer.ServerWorkflowDetailsOnUploadArgs{
			ExecutionRole: pulumi.String("string"),
			WorkflowId:    pulumi.String("string"),
		},
	},
})

    var serverResource = new Server("serverResource", ServerArgs.builder()
    .certificate("string")
    .directoryId("string")
    .domain("string")
    .endpointDetails(ServerEndpointDetailsArgs.builder()
        .addressAllocationIds("string")
        .securityGroupIds("string")
        .subnetIds("string")
        .vpcEndpointId("string")
        .vpcId("string")
        .build())
    .endpointType("string")
    .forceDestroy(false)
    .function("string")
    .hostKey("string")
    .identityProviderType("string")
    .invocationRole("string")
    .loggingRole("string")
    .postAuthenticationLoginBanner("string")
    .preAuthenticationLoginBanner("string")
    .protocolDetails(ServerProtocolDetailsArgs.builder()
        .as2Transports("string")
        .passiveIp("string")
        .setStatOption("string")
        .tlsSessionResumptionMode("string")
        .build())
    .protocols("string")
    .s3StorageOptions(ServerS3StorageOptionsArgs.builder()
        .directoryListingOptimization("string")
        .build())
    .securityPolicyName("string")
    .sftpAuthenticationMethods("string")
    .structuredLogDestinations("string")
    .tags(Map.of("string", "string"))
    .url("string")
    .workflowDetails(ServerWorkflowDetailsArgs.builder()
        .onPartialUpload(ServerWorkflowDetailsOnPartialUploadArgs.builder()
            .executionRole("string")
            .workflowId("string")
            .build())
        .onUpload(ServerWorkflowDetailsOnUploadArgs.builder()
            .executionRole("string")
            .workflowId("string")
            .build())
        .build())
    .build());

    server_resource = aws.transfer.Server("serverResource",
    certificate="string",
    directory_id="string",
    domain="string",
    endpoint_details={
        "addressAllocationIds": ["string"],
        "securityGroupIds": ["string"],
        "subnetIds": ["string"],
        "vpcEndpointId": "string",
        "vpcId": "string",
    },
    endpoint_type="string",
    force_destroy=False,
    function="string",
    host_key="string",
    identity_provider_type="string",
    invocation_role="string",
    logging_role="string",
    post_authentication_login_banner="string",
    pre_authentication_login_banner="string",
    protocol_details={
        "as2Transports": ["string"],
        "passiveIp": "string",
        "setStatOption": "string",
        "tlsSessionResumptionMode": "string",
    },
    protocols=["string"],
    s3_storage_options={
        "directoryListingOptimization": "string",
    },
    security_policy_name="string",
    sftp_authentication_methods="string",
    structured_log_destinations=["string"],
    tags={
        "string": "string",
    },
    url="string",
    workflow_details={
        "onPartialUpload": {
            "executionRole": "string",
            "workflowId": "string",
        },
        "onUpload": {
            "executionRole": "string",
            "workflowId": "string",
        },
    })

    const serverResource = new aws.transfer.Server("serverResource", {
    certificate: "string",
    directoryId: "string",
    domain: "string",
    endpointDetails: {
        addressAllocationIds: ["string"],
        securityGroupIds: ["string"],
        subnetIds: ["string"],
        vpcEndpointId: "string",
        vpcId: "string",
    },
    endpointType: "string",
    forceDestroy: false,
    "function": "string",
    hostKey: "string",
    identityProviderType: "string",
    invocationRole: "string",
    loggingRole: "string",
    postAuthenticationLoginBanner: "string",
    preAuthenticationLoginBanner: "string",
    protocolDetails: {
        as2Transports: ["string"],
        passiveIp: "string",
        setStatOption: "string",
        tlsSessionResumptionMode: "string",
    },
    protocols: ["string"],
    s3StorageOptions: {
        directoryListingOptimization: "string",
    },
    securityPolicyName: "string",
    sftpAuthenticationMethods: "string",
    structuredLogDestinations: ["string"],
    tags: {
        string: "string",
    },
    url: "string",
    workflowDetails: {
        onPartialUpload: {
            executionRole: "string",
            workflowId: "string",
        },
        onUpload: {
            executionRole: "string",
            workflowId: "string",
        },
    },
});

    type: aws:transfer:Server
properties:
    certificate: string
    directoryId: string
    domain: string
    endpointDetails:
        addressAllocationIds:
            - string
        securityGroupIds:
            - string
        subnetIds:
            - string
        vpcEndpointId: string
        vpcId: string
    endpointType: string
    forceDestroy: false
    function: string
    hostKey: string
    identityProviderType: string
    invocationRole: string
    loggingRole: string
    postAuthenticationLoginBanner: string
    preAuthenticationLoginBanner: string
    protocolDetails:
        as2Transports:
            - string
        passiveIp: string
        setStatOption: string
        tlsSessionResumptionMode: string
    protocols:
        - string
    s3StorageOptions:
        directoryListingOptimization: string
    securityPolicyName: string
    sftpAuthenticationMethods: string
    structuredLogDestinations:
        - string
    tags:
        string: string
    url: string
    workflowDetails:
        onPartialUpload:
            executionRole: string
            workflowId: string
        onUpload:
            executionRole: string
            workflowId: string

    Server Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Server resource accepts the following input properties:

    Certificate string
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    DirectoryId string
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    Domain string
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    EndpointDetails ServerEndpointDetails
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    EndpointType string
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    ForceDestroy bool
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    Function string
    The ARN for a lambda function to use for the Identity provider.
    HostKey string
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    IdentityProviderType string
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    InvocationRole string
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    LoggingRole string
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    PostAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    PreAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    ProtocolDetails ServerProtocolDetails
    The protocol settings that are configured for your server. See protocol_details block below for details.
    Protocols List<string>
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    S3StorageOptions ServerS3StorageOptions
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    SecurityPolicyName string
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    SftpAuthenticationMethods string
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    StructuredLogDestinations List<string>
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    Tags Dictionary<string, string>
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    Url string
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    WorkflowDetails ServerWorkflowDetails
    Specifies the workflow details. See workflow_details block below for details.
    Certificate string
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    DirectoryId string
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    Domain string
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    EndpointDetails ServerEndpointDetailsArgs
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    EndpointType string
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    ForceDestroy bool
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    Function string
    The ARN for a lambda function to use for the Identity provider.
    HostKey string
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    IdentityProviderType string
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    InvocationRole string
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    LoggingRole string
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    PostAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    PreAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    ProtocolDetails ServerProtocolDetailsArgs
    The protocol settings that are configured for your server. See protocol_details block below for details.
    Protocols []string
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    S3StorageOptions ServerS3StorageOptionsArgs
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    SecurityPolicyName string
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    SftpAuthenticationMethods string
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    StructuredLogDestinations []string
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    Tags map[string]string
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    Url string
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    WorkflowDetails ServerWorkflowDetailsArgs
    Specifies the workflow details. See workflow_details block below for details.
    certificate String
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    directoryId String
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    domain String
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    endpointDetails ServerEndpointDetails
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    endpointType String
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    forceDestroy Boolean
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    function String
    The ARN for a lambda function to use for the Identity provider.
    hostKey String
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    identityProviderType String
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    invocationRole String
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    loggingRole String
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    postAuthenticationLoginBanner String
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    preAuthenticationLoginBanner String
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    protocolDetails ServerProtocolDetails
    The protocol settings that are configured for your server. See protocol_details block below for details.
    protocols List<String>
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    s3StorageOptions ServerS3StorageOptions
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    securityPolicyName String
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    sftpAuthenticationMethods String
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    structuredLogDestinations List<String>
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    tags Map<String,String>
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    url String
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    workflowDetails ServerWorkflowDetails
    Specifies the workflow details. See workflow_details block below for details.
    certificate string
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    directoryId string
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    domain string
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    endpointDetails ServerEndpointDetails
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    endpointType string
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    forceDestroy boolean
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    function string
    The ARN for a lambda function to use for the Identity provider.
    hostKey string
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    identityProviderType string
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    invocationRole string
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    loggingRole string
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    postAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    preAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    protocolDetails ServerProtocolDetails
    The protocol settings that are configured for your server. See protocol_details block below for details.
    protocols string[]
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    s3StorageOptions ServerS3StorageOptions
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    securityPolicyName string
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    sftpAuthenticationMethods string
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    structuredLogDestinations string[]
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    tags {[key: string]: string}
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    url string
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    workflowDetails ServerWorkflowDetails
    Specifies the workflow details. See workflow_details block below for details.
    certificate str
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    directory_id str
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    domain str
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    endpoint_details ServerEndpointDetailsArgs
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    endpoint_type str
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    force_destroy bool
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    function str
    The ARN for a lambda function to use for the Identity provider.
    host_key str
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    identity_provider_type str
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    invocation_role str
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    logging_role str
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    post_authentication_login_banner str
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    pre_authentication_login_banner str
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    protocol_details ServerProtocolDetailsArgs
    The protocol settings that are configured for your server. See protocol_details block below for details.
    protocols Sequence[str]
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    s3_storage_options ServerS3StorageOptionsArgs
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    security_policy_name str
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    sftp_authentication_methods str
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    structured_log_destinations Sequence[str]
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    tags Mapping[str, str]
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    url str
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    workflow_details ServerWorkflowDetailsArgs
    Specifies the workflow details. See workflow_details block below for details.
    certificate String
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    directoryId String
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    domain String
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    endpointDetails Property Map
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    endpointType String
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    forceDestroy Boolean
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    function String
    The ARN for a lambda function to use for the Identity provider.
    hostKey String
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    identityProviderType String
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    invocationRole String
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    loggingRole String
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    postAuthenticationLoginBanner String
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    preAuthenticationLoginBanner String
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    protocolDetails Property Map
    The protocol settings that are configured for your server. See protocol_details block below for details.
    protocols List<String>
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    s3StorageOptions Property Map
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    securityPolicyName String
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    sftpAuthenticationMethods String
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    structuredLogDestinations List<String>
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    tags Map<String>
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    url String
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    workflowDetails Property Map
    Specifies the workflow details. See workflow_details block below for details.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Server resource produces the following output properties:

    Arn string
    Amazon Resource Name (ARN) of Transfer Server
    Endpoint string
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    HostKeyFingerprint string
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Arn string
    Amazon Resource Name (ARN) of Transfer Server
    Endpoint string
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    HostKeyFingerprint string
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    Amazon Resource Name (ARN) of Transfer Server
    endpoint String
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    hostKeyFingerprint String
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn string
    Amazon Resource Name (ARN) of Transfer Server
    endpoint string
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    hostKeyFingerprint string
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    id string
    The provider-assigned unique ID for this managed resource.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn str
    Amazon Resource Name (ARN) of Transfer Server
    endpoint str
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    host_key_fingerprint str
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    id str
    The provider-assigned unique ID for this managed resource.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    Amazon Resource Name (ARN) of Transfer Server
    endpoint String
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    hostKeyFingerprint String
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing Server Resource

    Get an existing Server resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ServerState, opts?: CustomResourceOptions): Server
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        certificate: Optional[str] = None,
        directory_id: Optional[str] = None,
        domain: Optional[str] = None,
        endpoint: Optional[str] = None,
        endpoint_details: Optional[ServerEndpointDetailsArgs] = None,
        endpoint_type: Optional[str] = None,
        force_destroy: Optional[bool] = None,
        function: Optional[str] = None,
        host_key: Optional[str] = None,
        host_key_fingerprint: Optional[str] = None,
        identity_provider_type: Optional[str] = None,
        invocation_role: Optional[str] = None,
        logging_role: Optional[str] = None,
        post_authentication_login_banner: Optional[str] = None,
        pre_authentication_login_banner: Optional[str] = None,
        protocol_details: Optional[ServerProtocolDetailsArgs] = None,
        protocols: Optional[Sequence[str]] = None,
        s3_storage_options: Optional[ServerS3StorageOptionsArgs] = None,
        security_policy_name: Optional[str] = None,
        sftp_authentication_methods: Optional[str] = None,
        structured_log_destinations: Optional[Sequence[str]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        url: Optional[str] = None,
        workflow_details: Optional[ServerWorkflowDetailsArgs] = None) -> Server
    func GetServer(ctx *Context, name string, id IDInput, state *ServerState, opts ...ResourceOption) (*Server, error)
    public static Server Get(string name, Input<string> id, ServerState? state, CustomResourceOptions? opts = null)
    public static Server get(String name, Output<String> id, ServerState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    Amazon Resource Name (ARN) of Transfer Server
    Certificate string
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    DirectoryId string
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    Domain string
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    Endpoint string
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    EndpointDetails ServerEndpointDetails
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    EndpointType string
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    ForceDestroy bool
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    Function string
    The ARN for a lambda function to use for the Identity provider.
    HostKey string
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    HostKeyFingerprint string
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    IdentityProviderType string
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    InvocationRole string
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    LoggingRole string
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    PostAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    PreAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    ProtocolDetails ServerProtocolDetails
    The protocol settings that are configured for your server. See protocol_details block below for details.
    Protocols List<string>
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    S3StorageOptions ServerS3StorageOptions
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    SecurityPolicyName string
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    SftpAuthenticationMethods string
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    StructuredLogDestinations List<string>
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    Tags Dictionary<string, string>
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Url string
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    WorkflowDetails ServerWorkflowDetails
    Specifies the workflow details. See workflow_details block below for details.
    Arn string
    Amazon Resource Name (ARN) of Transfer Server
    Certificate string
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    DirectoryId string
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    Domain string
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    Endpoint string
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    EndpointDetails ServerEndpointDetailsArgs
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    EndpointType string
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    ForceDestroy bool
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    Function string
    The ARN for a lambda function to use for the Identity provider.
    HostKey string
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    HostKeyFingerprint string
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    IdentityProviderType string
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    InvocationRole string
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    LoggingRole string
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    PostAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    PreAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    ProtocolDetails ServerProtocolDetailsArgs
    The protocol settings that are configured for your server. See protocol_details block below for details.
    Protocols []string
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    S3StorageOptions ServerS3StorageOptionsArgs
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    SecurityPolicyName string
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    SftpAuthenticationMethods string
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    StructuredLogDestinations []string
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    Tags map[string]string
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Url string
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    WorkflowDetails ServerWorkflowDetailsArgs
    Specifies the workflow details. See workflow_details block below for details.
    arn String
    Amazon Resource Name (ARN) of Transfer Server
    certificate String
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    directoryId String
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    domain String
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    endpoint String
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    endpointDetails ServerEndpointDetails
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    endpointType String
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    forceDestroy Boolean
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    function String
    The ARN for a lambda function to use for the Identity provider.
    hostKey String
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    hostKeyFingerprint String
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    identityProviderType String
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    invocationRole String
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    loggingRole String
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    postAuthenticationLoginBanner String
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    preAuthenticationLoginBanner String
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    protocolDetails ServerProtocolDetails
    The protocol settings that are configured for your server. See protocol_details block below for details.
    protocols List<String>
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    s3StorageOptions ServerS3StorageOptions
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    securityPolicyName String
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    sftpAuthenticationMethods String
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    structuredLogDestinations List<String>
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    tags Map<String,String>
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    url String
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    workflowDetails ServerWorkflowDetails
    Specifies the workflow details. See workflow_details block below for details.
    arn string
    Amazon Resource Name (ARN) of Transfer Server
    certificate string
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    directoryId string
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    domain string
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    endpoint string
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    endpointDetails ServerEndpointDetails
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    endpointType string
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    forceDestroy boolean
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    function string
    The ARN for a lambda function to use for the Identity provider.
    hostKey string
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    hostKeyFingerprint string
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    identityProviderType string
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    invocationRole string
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    loggingRole string
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    postAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    preAuthenticationLoginBanner string
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    protocolDetails ServerProtocolDetails
    The protocol settings that are configured for your server. See protocol_details block below for details.
    protocols string[]
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    s3StorageOptions ServerS3StorageOptions
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    securityPolicyName string
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    sftpAuthenticationMethods string
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    structuredLogDestinations string[]
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    tags {[key: string]: string}
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    url string
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    workflowDetails ServerWorkflowDetails
    Specifies the workflow details. See workflow_details block below for details.
    arn str
    Amazon Resource Name (ARN) of Transfer Server
    certificate str
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    directory_id str
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    domain str
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    endpoint str
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    endpoint_details ServerEndpointDetailsArgs
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    endpoint_type str
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    force_destroy bool
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    function str
    The ARN for a lambda function to use for the Identity provider.
    host_key str
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    host_key_fingerprint str
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    identity_provider_type str
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    invocation_role str
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    logging_role str
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    post_authentication_login_banner str
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    pre_authentication_login_banner str
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    protocol_details ServerProtocolDetailsArgs
    The protocol settings that are configured for your server. See protocol_details block below for details.
    protocols Sequence[str]
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    s3_storage_options ServerS3StorageOptionsArgs
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    security_policy_name str
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    sftp_authentication_methods str
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    structured_log_destinations Sequence[str]
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    tags Mapping[str, str]
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    url str
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    workflow_details ServerWorkflowDetailsArgs
    Specifies the workflow details. See workflow_details block below for details.
    arn String
    Amazon Resource Name (ARN) of Transfer Server
    certificate String
    The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS
    directoryId String
    The directory service ID of the directory service you want to connect to with an identity_provider_type of AWS_DIRECTORY_SERVICE.
    domain String
    The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.
    endpoint String
    The endpoint of the Transfer Server (e.g., s-12345678.server.transfer.REGION.amazonaws.com)
    endpointDetails Property Map
    The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See endpoint_details block below for details.
    endpointType String
    The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.
    forceDestroy Boolean
    A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.
    function String
    The ARN for a lambda function to use for the Identity provider.
    hostKey String
    RSA, ECDSA, or ED25519 private key (e.g., as generated by the ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key, ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key or ssh-keygen -t ed25519 -N "" -f my-new-server-key commands).
    hostKeyFingerprint String
    This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.
    identityProviderType String
    The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using AWS_DIRECTORY_SERVICE will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the function argument.
    invocationRole String
    Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.
    loggingRole String
    Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
    postAuthenticationLoginBanner String
    Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
    preAuthenticationLoginBanner String
    Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
    protocolDetails Property Map
    The protocol settings that are configured for your server. See protocol_details block below for details.
    protocols List<String>
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to SFTP . The available protocols are:

    • AS2: File transfer over Applicability Statement 2
    • SFTP: File transfer over SSH
    • FTPS: File transfer with TLS encryption
    • FTP: Unencrypted file transfer
    s3StorageOptions Property Map
    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See s3_storage_options block below for details.
    securityPolicyName String
    Specifies the name of the security policy that is attached to the server. Default value is: TransferSecurityPolicy-2018-11. The available values are:

    • TransferSecurityPolicy-2024-01
    • TransferSecurityPolicy-2023-05
    • TransferSecurityPolicy-2022-03
    • TransferSecurityPolicy-2020-06
    • TransferSecurityPolicy-2018-11
    • TransferSecurityPolicy-FIPS-2024-01
    • TransferSecurityPolicy-FIPS-2023-05
    • TransferSecurityPolicy-FIPS-2020-06
    • TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
    • TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
    sftpAuthenticationMethods String
    For SFTP-enabled servers, and for custom identity providers only. Valid values are PASSWORD, PUBLIC_KEY, PUBLIC_KEY_OR_PASSWORD and PUBLIC_KEY_AND_PASSWORD. Default value is: PUBLIC_KEY_OR_PASSWORD.
    structuredLogDestinations List<String>
    A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
    tags Map<String>
    A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    url String
    URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.
    workflowDetails Property Map
    Specifies the workflow details. See workflow_details block below for details.

    Supporting Types

    ServerEndpointDetails, ServerEndpointDetailsArgs

    AddressAllocationIds List<string>
    A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.
    SecurityGroupIds List<string>
    A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.
    SubnetIds List<string>
    A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.
    VpcEndpointId string
    The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT
    VpcId string
    The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.
    AddressAllocationIds []string
    A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.
    SecurityGroupIds []string
    A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.
    SubnetIds []string
    A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.
    VpcEndpointId string
    The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT
    VpcId string
    The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.
    addressAllocationIds List<String>
    A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.
    securityGroupIds List<String>
    A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.
    subnetIds List<String>
    A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.
    vpcEndpointId String
    The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT
    vpcId String
    The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.
    addressAllocationIds string[]
    A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.
    securityGroupIds string[]
    A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.
    subnetIds string[]
    A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.
    vpcEndpointId string
    The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT
    vpcId string
    The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.
    address_allocation_ids Sequence[str]
    A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.
    security_group_ids Sequence[str]
    A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.
    subnet_ids Sequence[str]
    A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.
    vpc_endpoint_id str
    The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT
    vpc_id str
    The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.
    addressAllocationIds List<String>
    A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC.
    securityGroupIds List<String>
    A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.
    subnetIds List<String>
    A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.
    vpcEndpointId String
    The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT
    vpcId String
    The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.

    ServerProtocolDetails, ServerProtocolDetailsArgs

    As2Transports List<string>
    Indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
    PassiveIp string
    Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
    SetStatOption string
    Use to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket. Valid values: DEFAULT, ENABLE_NO_OP.
    TlsSessionResumptionMode string
    A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values: DISABLED, ENABLED, ENFORCED.
    As2Transports []string
    Indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
    PassiveIp string
    Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
    SetStatOption string
    Use to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket. Valid values: DEFAULT, ENABLE_NO_OP.
    TlsSessionResumptionMode string
    A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values: DISABLED, ENABLED, ENFORCED.
    as2Transports List<String>
    Indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
    passiveIp String
    Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
    setStatOption String
    Use to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket. Valid values: DEFAULT, ENABLE_NO_OP.
    tlsSessionResumptionMode String
    A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values: DISABLED, ENABLED, ENFORCED.
    as2Transports string[]
    Indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
    passiveIp string
    Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
    setStatOption string
    Use to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket. Valid values: DEFAULT, ENABLE_NO_OP.
    tlsSessionResumptionMode string
    A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values: DISABLED, ENABLED, ENFORCED.
    as2_transports Sequence[str]
    Indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
    passive_ip str
    Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
    set_stat_option str
    Use to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket. Valid values: DEFAULT, ENABLE_NO_OP.
    tls_session_resumption_mode str
    A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values: DISABLED, ENABLED, ENFORCED.
    as2Transports List<String>
    Indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
    passiveIp String
    Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
    setStatOption String
    Use to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket. Valid values: DEFAULT, ENABLE_NO_OP.
    tlsSessionResumptionMode String
    A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values: DISABLED, ENABLED, ENFORCED.

    ServerS3StorageOptions, ServerS3StorageOptionsArgs

    DirectoryListingOptimization string

    Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are DISABLED, ENABLED.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.

    DirectoryListingOptimization string

    Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are DISABLED, ENABLED.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.

    directoryListingOptimization String

    Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are DISABLED, ENABLED.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.

    directoryListingOptimization string

    Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are DISABLED, ENABLED.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.

    directory_listing_optimization str

    Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are DISABLED, ENABLED.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.

    directoryListingOptimization String

    Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are DISABLED, ENABLED.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target. See Using logical directories to simplify your Transfer Family directory structures for details.

    ServerWorkflowDetails, ServerWorkflowDetailsArgs

    OnPartialUpload ServerWorkflowDetailsOnPartialUpload
    A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See on_partial_upload block below for details.
    OnUpload ServerWorkflowDetailsOnUpload
    A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See on_upload block below for details.
    OnPartialUpload ServerWorkflowDetailsOnPartialUpload
    A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See on_partial_upload block below for details.
    OnUpload ServerWorkflowDetailsOnUpload
    A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See on_upload block below for details.
    onPartialUpload ServerWorkflowDetailsOnPartialUpload
    A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See on_partial_upload block below for details.
    onUpload ServerWorkflowDetailsOnUpload
    A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See on_upload block below for details.
    onPartialUpload ServerWorkflowDetailsOnPartialUpload
    A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See on_partial_upload block below for details.
    onUpload ServerWorkflowDetailsOnUpload
    A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See on_upload block below for details.
    on_partial_upload ServerWorkflowDetailsOnPartialUpload
    A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See on_partial_upload block below for details.
    on_upload ServerWorkflowDetailsOnUpload
    A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See on_upload block below for details.
    onPartialUpload Property Map
    A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See on_partial_upload block below for details.
    onUpload Property Map
    A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See on_upload block below for details.

    ServerWorkflowDetailsOnPartialUpload, ServerWorkflowDetailsOnPartialUploadArgs

    ExecutionRole string
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    WorkflowId string
    A unique identifier for the workflow.
    ExecutionRole string
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    WorkflowId string
    A unique identifier for the workflow.
    executionRole String
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    workflowId String
    A unique identifier for the workflow.
    executionRole string
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    workflowId string
    A unique identifier for the workflow.
    execution_role str
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    workflow_id str
    A unique identifier for the workflow.
    executionRole String
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    workflowId String
    A unique identifier for the workflow.

    ServerWorkflowDetailsOnUpload, ServerWorkflowDetailsOnUploadArgs

    ExecutionRole string
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    WorkflowId string
    A unique identifier for the workflow.
    ExecutionRole string
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    WorkflowId string
    A unique identifier for the workflow.
    executionRole String
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    workflowId String
    A unique identifier for the workflow.
    executionRole string
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    workflowId string
    A unique identifier for the workflow.
    execution_role str
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    workflow_id str
    A unique identifier for the workflow.
    executionRole String
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
    workflowId String
    A unique identifier for the workflow.

    Import

    Using pulumi import, import Transfer Servers using the server id. For example:

    $ pulumi import aws:transfer/server:Server example s-12345678

    Certain resource arguments, such as host_key, cannot be read via the API and imported into the provider. This provider will display a difference for these arguments the first run after import if declared in the provider configuration for an imported resource.

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi
    pulumi/pulumi-aws