Table Of Contents


User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . transfer ]



Instantiates an autoscaling virtual server based on Secure File Transfer Protocol (SFTP) in AWS. When you make updates to your server or when you work with users, use the service-generated ServerId property that is assigned to the newly created server.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.


[--endpoint-details <value>]
[--endpoint-type <value>]
[--host-key <value>]
[--identity-provider-details <value>]
[--identity-provider-type <value>]
[--logging-role <value>]
[--tags <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]


--endpoint-details (structure)

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. This parameter is required when you specify a value for the EndpointType parameter.

Shorthand Syntax:


JSON Syntax:

  "VpcEndpointId": "string"

--endpoint-type (string)

The type of VPC endpoint that you want your SFTP server to connect to. If you connect to a VPC endpoint, your SFTP server isn't accessible over the public internet.

Possible values:


--host-key (string)

The RSA private key as generated by the ssh-keygen -N "" -f my-new-server-key command.


If you aren't planning to migrate existing users from an existing SFTP server to a new AWS SFTP server, don't update the host key. Accidentally changing a server's host key can be disruptive.

For more information, see "" in the AWS SFTP User Guide.

--identity-provider-details (structure)

This parameter is required when the IdentityProviderType is set to API_GATEWAY . Accepts an array containing all of the information required to call a customer-supplied authentication API, including the API Gateway URL. This property is not required when the IdentityProviderType is set to SERVICE_MANAGED .

Shorthand Syntax:


JSON Syntax:

  "Url": "string",
  "InvocationRole": "string"

--identity-provider-type (string)

Specifies the mode of authentication for the SFTP server. The default value is SERVICE_MANAGED , which allows you to store and access SFTP user credentials within the AWS Transfer for SFTP service. Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an API Gateway endpoint URL to call for authentication using the IdentityProviderDetails parameter.

Possible values:


--logging-role (string)

A value that allows the service to write your SFTP users' activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

--tags (list)

Key-value pairs that can be used to group and search for servers.

Shorthand Syntax:

Key=string,Value=string ...

JSON Syntax:

    "Key": "string",
    "Value": "string"

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.


ServerId -> (string)

The service-assigned ID of the SFTP server that is created.