AWS Transfer for SFTP
User Guide


Instantiates an autoscaling virtual server based on Secure File Transfer Protocol (SFTP) in AWS. When you make updates to your server or when you work with users, use the service-generated ServerId property that is assigned to the newly created server.

Request Syntax

{ "EndpointDetails": { "VpcEndpointId": "string" }, "EndpointType": "string", "HostKey": "string", "IdentityProviderDetails": { "InvocationRole": "string", "Url": "string" }, "IdentityProviderType": "string", "LoggingRole": "string", "Tags": [ { "Key": "string", "Value": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. This parameter is required when you specify a value for the EndpointType parameter.

Type: EndpointDetails object

Required: No


The type of VPC endpoint that you want your SFTP server to connect to. If you connect to a VPC endpoint, your SFTP server isn't accessible over the public internet.

Type: String


Required: No


The RSA private key as generated by the ssh-keygen -N "" -f my-new-server-key command.


If you aren't planning to migrate existing users from an existing SFTP server to a new AWS SFTP server, don't update the host key. Accidentally changing a server's host key can be disruptive.

For more information, see Changing the Host Key for Your AWS SFTP Server in the AWS SFTP User Guide.

Type: String

Length Constraints: Maximum length of 4096.

Required: No


This parameter is required when the IdentityProviderType is set to API_GATEWAY. Accepts an array containing all of the information required to call a customer-supplied authentication API, including the API Gateway URL. This property is not required when the IdentityProviderType is set to SERVICE_MANAGED.

Type: IdentityProviderDetails object

Required: No


Specifies the mode of authentication for the SFTP server. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the AWS Transfer for SFTP service. Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an API Gateway endpoint URL to call for authentication using the IdentityProviderDetails parameter.

Type: String


Required: No


A value that allows the service to write your SFTP users' activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:.*role/.*

Required: No


Key-value pairs that can be used to group and search for servers.

Type: Array of Tag objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: No

Response Syntax

{ "ServerId": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The service-assigned ID of the SFTP server that is created.

Type: String

Length Constraints: Fixed length of 19.

Pattern: ^s-([0-9a-f]{17})$


For information about the errors that are common to all actions, see Common Errors.


This exception is thrown when an error occurs in the AWS Transfer for SFTP service.

HTTP Status Code: 500


This exception is thrown when the client submits a malformed request.

HTTP Status Code: 400


The requested resource does not exist.

HTTP Status Code: 400


The request has failed because the AWS Transfer for SFTP service is not available.

HTTP Status Code: 500



The following example creates a new SFTP server.

Sample Request

{ "EndpointDetails": { "VpcEndpointId": ""vpce-01234f056f3g13"" }, "EndpointType": "VPC_ENDPOINT", "IdentityProviderDetails": "IdentityProvider", "IdentityProviderType": "SERVICE_MANAGED", "LoggingRole": "CloudWatchLoggingRole", "Tags": [ { "Key": "Name", "Value": "MySFTPServer" } ] }


Sample Response

{ "ServerId": "s-01234567890abcdef" }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: