AWS Transfer for SFTP
User Guide


Instantiates an autoscaling virtual server based on Secure File Transfer Protocol (SFTP) in AWS. The call returns the ServerId property assigned by the service to the newly created server. Reference this ServerId property when you make updates to your server, or work with users.

The response returns the ServerId value for the newly created server.

Request Syntax

{ "EndpointDetails": { "VpcEndpointId": "string" }, "EndpointType": "string", "HostKey": "string", "IdentityProviderDetails": { "InvocationRole": "string", "Url": "string" }, "IdentityProviderType": "string", "LoggingRole": "string", "Tags": [ { "Key": "string", "Value": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server.

Type: EndpointDetails object

Required: No


The type of VPC endpoint that you want your SFTP server connect to. If you connect to a VPC endpoint, your SFTP server isn't accessible over the public internet.

Type: String


Required: No


The RSA private key as generated by ssh-keygen -N "" -f my-new-server-key command.


If you aren't planning to migrate existing users from an existing SFTP server to a new AWS SFTP server, don't update the host key. Accidentally changing a server's host key can be disruptive.

For more information, see in the AWS SFTP User Guide.

Type: String

Length Constraints: Maximum length of 4096.

Required: No


An array containing all of the information required to call a customer-supplied authentication API. This parameter is not required when the IdentityProviderType value of server that is created uses the SERVICE_MANAGED authentication method.

Type: IdentityProviderDetails object

Required: No


The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. An IdentityProviderType value of API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.

Type: String


Required: No


A value that allows the service to write your SFTP users' activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

Type: String

Pattern: arn:.*role/.*

Required: No


Key-value pairs that can be used to group and search for servers.

Type: Array of Tag objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: No

Response Syntax

{ "ServerId": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The service-assigned ID of the SFTP server that is created.

Type: String

Pattern: ^s-([0-9a-f]{17})$


For information about the errors that are common to all actions, see Common Errors.


This exception is thrown when an error occurs in the AWS Transfer for SFTP service.

HTTP Status Code: 500


This exception is thrown when the client submits a malformed request.

HTTP Status Code: 400


The requested resource does not exist.

HTTP Status Code: 400


The request has failed because the AWS Transfer for SFTP service is not available.

HTTP Status Code: 500



The following example creates a new SFTP server.

Sample Request

{ "EndpointDetails": { "VpcEndpointId": ""vpce-01234f056f3g13"" }, "EndpointType": "VPC_ENDPOINT", "IdentityProviderDetails": "IdentityProvider", "IdentityProviderType": "SERVICE_MANAGED", "LoggingRole": "CloudWatchLoggingRole", "Tags": [ { "Key": "Name", "Value": "MySFTPServer" } ] }


Sample Response

{ "ServerId": "s-01234567890abcdef" }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: