DescribeSecurityPolicy
Describes the security policy that is attached to your server or SFTP connector. The response contains a description of the security policy's properties. For more information about security policies, see Working with security policies for servers or Working with security policies for SFTP connectors.
Request Syntax
{
"SecurityPolicyName": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- SecurityPolicyName
-
Specify the text name of the security policy for which you want the details.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 100.
Pattern:
Transfer[A-Za-z0-9]*SecurityPolicy-[A-Za-z0-9-]+Required: Yes
Response Syntax
{
"SecurityPolicy": {
"Fips": boolean,
"Protocols": [ "string" ],
"SecurityPolicyName": "string",
"SshCiphers": [ "string" ],
"SshHostKeyAlgorithms": [ "string" ],
"SshKexs": [ "string" ],
"SshMacs": [ "string" ],
"TlsCiphers": [ "string" ],
"Type": "string"
}
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- SecurityPolicy
-
An array containing the properties of the security policy.
Type: DescribedSecurityPolicy object
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalServiceError
-
This exception is thrown when an error occurs in the AWS Transfer Family service.
HTTP Status Code: 500
- InvalidRequestException
-
This exception is thrown when the client submits a malformed request.
HTTP Status Code: 400
- ResourceNotFoundException
-
This exception is thrown when a resource is not found by the AWSTransfer Family service.
HTTP Status Code: 400
- ServiceUnavailableException
-
The request has failed because the AWSTransfer Family service is not available.
HTTP Status Code: 500
Examples
Example
The following example command takes the security policy name as an argument, and returns the algorithms for the specified security policy.
Sample Request
aws transfer describe-security-policy --security-policy-name "TransferSecurityPolicy-FIPS-2023-05"Sample Response
{
"SecurityPolicy": {
"Fips": true,
"SecurityPolicyName": "TransferSecurityPolicy-FIPS-2023-05",
"SshCiphers": [
"aes256-gcm@openssh.com",
"aes128-gcm@openssh.com",
"aes256-ctr",
"aes192-ctr"
],
"SshKexs": [
"diffie-hellman-group16-sha512",
"diffie-hellman-group18-sha512",
"diffie-hellman-group-exchange-sha256"
],
"SshMacs": [
"hmac-sha2-256-etm@openssh.com",
"hmac-sha2-512-etm@openssh.com"
],
"TlsCiphers": [
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
]
}
}See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
