AWS::Transfer::Server IdentityProviderDetails - AWS CloudFormation
SyntaxPropertiesSee also

AWS::Transfer::Server IdentityProviderDetails

Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE, AWS_LAMBDA or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Not required when IdentityProviderType is set to SERVICE_MANAGED.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "DirectoryId" : String,
  "Function" : String,
  "InvocationRole" : String,
  "SftpAuthenticationMethods" : String,
  "Url" : String
}

YAML

  DirectoryId: String
  Function: String
  InvocationRole: String
  SftpAuthenticationMethods: String
  Url: String

Properties

DirectoryId

The identifier of the AWS Directory Service directory that you want to use as your identity provider.

Required: No

Type: String

Update requires: No interruption

Function

The ARN for a Lambda function to use for the Identity provider.

Required: No

Type: String

Update requires: No interruption

InvocationRole

This parameter is only applicable if your IdentityProviderType is API_GATEWAY. Provides the type of InvocationRole used to authenticate the user account.

Required: No

Type: String

Update requires: No interruption

SftpAuthenticationMethods

For SFTP-enabled servers, and for custom identity providers only, you can specify whether to authenticate using a password, SSH key pair, or both.

  • PASSWORD - users must provide their password to connect.

  • PUBLIC_KEY - users must provide their private key to connect.

  • PUBLIC_KEY_OR_PASSWORD - users can authenticate with either their password or their key. This is the default value.

  • PUBLIC_KEY_AND_PASSWORD - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails.

Required: No

Type: String

Update requires: No interruption

Url

Provides the location of the service endpoint used to authenticate users.

Required: No

Type: String

Update requires: No interruption

See also

IdentityProviderDetails in the AWS Transfer Family User Guide.