Class: Aws::Transfer::Types::CreateServerRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::Transfer::Types::CreateServerRequest
- Defined in:
- gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb
Overview
Constant Summary collapse
- SENSITIVE =
[:host_key]
Instance Attribute Summary collapse
-
#certificate ⇒ String
The Amazon Resource Name (ARN) of the Certificate Manager (ACM) certificate.
-
#domain ⇒ String
The domain of the storage system that is used for file transfers.
-
#endpoint_details ⇒ Types::EndpointDetails
The virtual private cloud (VPC) endpoint settings that are configured for your server.
-
#endpoint_type ⇒ String
The type of endpoint that you want your server to use.
-
#host_key ⇒ String
The RSA, ECDSA, or ED25519 private key to use for your SFTP-enabled server.
-
#identity_provider_details ⇒ Types::IdentityProviderDetails
Required when
IdentityProviderType
is set toAWS_DIRECTORY_SERVICE
orAPI_GATEWAY
. -
#identity_provider_type ⇒ String
The mode of authentication for a server.
-
#logging_role ⇒ String
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents.
-
#post_authentication_login_banner ⇒ String
Specifies a string to display when users connect to a server.
-
#pre_authentication_login_banner ⇒ String
Specifies a string to display when users connect to a server.
-
#protocol_details ⇒ Types::ProtocolDetails
The protocol settings that are configured for your server.
-
#protocols ⇒ Array<String>
Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint.
-
#security_policy_name ⇒ String
Specifies the name of the security policy that is attached to the server.
-
#tags ⇒ Array<Types::Tag>
Key-value pairs that can be used to group and search for servers.
-
#workflow_details ⇒ Types::WorkflowDetails
Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
Instance Attribute Details
#certificate ⇒ String
The Amazon Resource Name (ARN) of the Certificate Manager (ACM)
certificate. Required when Protocols
is set to FTPS
.
To request a new public certificate, see Request a public certificate in the Certificate Manager User Guide.
To import an existing certificate into ACM, see Importing certificates into ACM in the Certificate Manager User Guide.
To request a private certificate to use FTPS through private IP addresses, see Request a private certificate in the Certificate Manager User Guide.
Certificates with the following cryptographic algorithms and key sizes are supported:
2048-bit RSA (RSA_2048)
4096-bit RSA (RSA_4096)
Elliptic Prime Curve 256 bit (EC_prime256v1)
Elliptic Prime Curve 384 bit (EC_secp384r1)
Elliptic Prime Curve 521 bit (EC_secp521r1)
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#domain ⇒ String
The domain of the storage system that is used for file transfers. There are two domains available: Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default value is S3.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#endpoint_details ⇒ Types::EndpointDetails
The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#endpoint_type ⇒ String
The type of endpoint that you want your server to use. You can choose to make your server's endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it.
EndpointType=VPC_ENDPOINT
in your Amazon Web Services account if
your account hasn't already done so before May 19, 2021. If you
have already created servers with EndpointType=VPC_ENDPOINT
in
your Amazon Web Services account on or before May 19, 2021, you will
not be affected. After this date, use EndpointType
=VPC
.
For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
It is recommended that you use VPC
as the EndpointType
. With
this endpoint type, you have the option to directly associate up to
three Elastic IPv4 addresses (BYO IP included) with your server's
endpoint and use VPC security groups to restrict traffic by the
client's public IP address. This is not possible with
EndpointType
set to VPC_ENDPOINT
.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#host_key ⇒ String
The RSA, ECDSA, or ED25519 private key to use for your SFTP-enabled server. You can add multiple host keys, in case you want to rotate keys, or have a set of active keys that use different algorithms.
Use the following command to generate an RSA 2048 bit key with no passphrase:
ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key
.
Use a minimum value of 2048 for the -b
option. You can create a
stronger key by using 3072 or 4096.
Use the following command to generate an ECDSA 256 bit key with no passphrase:
ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key
.
Valid values for the -b
option for ECDSA are 256, 384, and 521.
Use the following command to generate an ED25519 key with no passphrase:
ssh-keygen -t ed25519 -N "" -f my-new-server-key
.
For all of these commands, you can replace my-new-server-key with a string of your choice.
If you aren't planning to migrate existing users from an existing SFTP-enabled server to a new server, don't update the host key. Accidentally changing a server's host key can be disruptive.
For more information, see Update host keys for your SFTP-enabled server in the Transfer Family User Guide.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#identity_provider_details ⇒ Types::IdentityProviderDetails
Required when IdentityProviderType
is set to
AWS_DIRECTORY_SERVICE
or API_GATEWAY
. Accepts an array
containing all of the information required to use a directory in
AWS_DIRECTORY_SERVICE
or invoke a customer-supplied authentication
API, including the API Gateway URL. Not required when
IdentityProviderType
is set to SERVICE_MANAGED
.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#identity_provider_type ⇒ String
The mode of authentication for a server. The default value is
SERVICE_MANAGED
, which allows you to store and access user
credentials within the Transfer Family service.
Use AWS_DIRECTORY_SERVICE
to provide access to Active Directory
groups in Directory Service for Microsoft Active Directory or
Microsoft Active Directory in your on-premises environment or in
Amazon Web Services using AD Connector. This option also requires
you to provide a Directory ID by using the IdentityProviderDetails
parameter.
Use the API_GATEWAY
value to integrate with an identity provider
of your choosing. The API_GATEWAY
setting requires you to provide
an Amazon API Gateway endpoint URL to call for authentication by
using the IdentityProviderDetails
parameter.
Use the AWS_LAMBDA
value to directly use an Lambda function as
your identity provider. If you choose this value, you must specify
the ARN for the Lambda function in the Function
parameter or the
IdentityProviderDetails
data type.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#logging_role ⇒ String
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#post_authentication_login_banner ⇒ String
Specifies a string to display when users connect to a server. This string is displayed after the user authenticates.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#pre_authentication_login_banner ⇒ String
Specifies a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system:
This system is for the use of authorized users only. Individuals
using this computer system without authority, or in excess of their
authority, are subject to having all of their activities on this
system monitored and recorded by system personnel.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#protocol_details ⇒ Types::ProtocolDetails
The protocol settings that are configured for your server.
To indicate passive mode (for FTP and FTPS protocols), use the
PassiveIp
parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.To ignore the error that is generated when the client attempts to use the
SETSTAT
command on a file that you are uploading to an Amazon S3 bucket, use theSetStatOption
parameter. To have the Transfer Family server ignore theSETSTAT
command and upload files without needing to make any changes to your SFTP client, set the value toENABLE_NO_OP
. If you set theSetStatOption
parameter toENABLE_NO_OP
, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making aSETSTAT
call.To determine whether your Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the
TlsSessionResumptionMode
parameter.As2Transports
indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#protocols ⇒ Array<String>
Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:
SFTP
(Secure Shell (SSH) File Transfer Protocol): File transfer over SSHFTPS
(File Transfer Protocol Secure): File transfer with TLS encryptionFTP
(File Transfer Protocol): Unencrypted file transferAS2
(Applicability Statement 2): used for transporting structured business-to-business data
FTPS
, you must choose a certificate stored in
Certificate Manager (ACM) which is used to identify your server
when clients connect to it over FTPS.
If
Protocol
includes eitherFTP
orFTPS
, then theEndpointType
must beVPC
and theIdentityProviderType
must beAWS_DIRECTORY_SERVICE
orAPI_GATEWAY
.If
Protocol
includesFTP
, thenAddressAllocationIds
cannot be associated.If
Protocol
is set only toSFTP
, theEndpointType
can be set toPUBLIC
and theIdentityProviderType
can be set toSERVICE_MANAGED
.If
Protocol
includesAS2
, then theEndpointType
must beVPC
, and domain must be Amazon S3.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#security_policy_name ⇒ String
Specifies the name of the security policy that is attached to the server.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#tags ⇒ Array<Types::Tag>
Key-value pairs that can be used to group and search for servers.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |
#workflow_details ⇒ Types::WorkflowDetails
Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
In additon to a workflow to execute when a file is uploaded
completely, WorkflowDeatails
can also contain a workflow ID (and
execution role) for a workflow to execute on partial upload. A
partial upload occurs when a file is open when the session
disconnects.
765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 |
# File 'gems/aws-sdk-transfer/lib/aws-sdk-transfer/types.rb', line 765 class CreateServerRequest < Struct.new( :certificate, :domain, :endpoint_details, :endpoint_type, :host_key, :identity_provider_details, :identity_provider_type, :logging_role, :post_authentication_login_banner, :pre_authentication_login_banner, :protocols, :protocol_details, :security_policy_name, :tags, :workflow_details) SENSITIVE = [:host_key] include Aws::Structure end |