AWS CloudFormation
User Guide (Version )

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS::Transfer::Server

Instantiates an autoscaling virtual server based on Secure File Transfer Protocol (SFTP) in AWS. When you make updates to your server or when you work with users, use the service-generated ServerId property that is assigned to the newly created server.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Transfer::Server", "Properties" : { "EndpointDetails" : EndpointDetails, "EndpointType" : String, "IdentityProviderDetails" : IdentityProviderDetails, "IdentityProviderType" : String, "LoggingRole" : String, "Tags" : [ Tag, ... ] } }

Properties

EndpointDetails

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. This parameter is required when you specify a value for the EndpointType parameter.

Required: No

Type: EndpointDetails

Update requires: No interruption

EndpointType

The type of VPC endpoint that you want your SFTP server to connect to. If you connect to a VPC endpoint, your SFTP server isn't accessible over the public internet.

Required: Conditional

Type: String

Allowed Values: PUBLIC | VPC_ENDPOINT

Update requires: No interruption

IdentityProviderDetails

This parameter is required when the IdentityProviderType is set to API_GATEWAY. Accepts an array containing all of the information required to call a customer-supplied authentication API, including the API Gateway URL. This property is not required when the IdentityProviderType is set to SERVICE_MANAGED.

Required: No

Type: IdentityProviderDetails

Update requires: No interruption

IdentityProviderType

Specifies the mode of authentication for the SFTP server. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the AWS Transfer for SFTP service. Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an API Gateway endpoint URL to call for authentication using the IdentityProviderDetails parameter.

Required: No

Type: String

Allowed Values: API_GATEWAY | SERVICE_MANAGED

Update requires: Replacement

LoggingRole

A value that allows the service to write your SFTP users' activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

Required: No

Type: String

Pattern: arn:.*role/.*

Update requires: No interruption

Tags

Key-value pairs that can be used to group and search for servers.

Required: No

Type: List of Tag

Maximum: 50

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ServerId, such as s-01234567890abcdef, and the server ARN, such as arn:aws:transfer:us-east-1:123456789012:server/s-01234567890abcdef.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name associated with the AWS Transfer SFTP server, in the form arn:aws:transfer:region:account-id:server/server-id/.

An example of a server ARN is: arn:aws:transfer:us-east-1:123456789012:server/s-01234567890abcdef.

ServerId

The service-assigned ID of the SFTP server that is created.

An example ServerId is s-01234567890abcdef.