AWS Transfer for SFTP
User Guide

CreateServer

Instantiates an autoscaling virtual server based on Secure File Transfer Protocol (SFTP) in AWS. When you make updates to your server or when you work with users, use the service-generated ServerId property that is assigned to the newly created server.

Request Syntax

{ "EndpointDetails": { "VpcEndpointId": "string" }, "EndpointType": "string", "HostKey": "string", "IdentityProviderDetails": { "InvocationRole": "string", "Url": "string" }, "IdentityProviderType": "string", "LoggingRole": "string", "Tags": [ { "Key": "string", "Value": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

EndpointDetails

The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. This parameter is required when you specify a value for the EndpointType parameter.

Type: EndpointDetails object

Required: No

EndpointType

The type of VPC endpoint that you want your SFTP server to connect to. If you connect to a VPC endpoint, your SFTP server isn't accessible over the public internet.

Type: String

Valid Values: PUBLIC | VPC_ENDPOINT

Required: No

HostKey

The RSA private key as generated by the ssh-keygen -N "" -f my-new-server-key command.

Important

If you aren't planning to migrate existing users from an existing SFTP server to a new AWS SFTP server, don't update the host key. Accidentally changing a server's host key can be disruptive.

For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/change-host-key in the AWS SFTP User Guide.

Type: String

Length Constraints: Maximum length of 4096.

Required: No

IdentityProviderDetails

This parameter is required when the IdentityProviderType is set to API_GATEWAY. Accepts an array containing all of the information required to call a customer-supplied authentication API, including the API Gateway URL. This property is not required when the IdentityProviderType is set to SERVICE_MANAGED.

Type: IdentityProviderDetails object

Required: No

IdentityProviderType

Specifies the mode of authentication for the SFTP server. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the AWS Transfer for SFTP service. Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an API Gateway endpoint URL to call for authentication using the IdentityProviderDetails parameter.

Type: String

Valid Values: SERVICE_MANAGED | API_GATEWAY

Required: No

LoggingRole

A value that allows the service to write your SFTP users' activity to your Amazon CloudWatch logs for monitoring and auditing purposes.

Type: String

Pattern: arn:.*role/.*

Required: No

Tags

Key-value pairs that can be used to group and search for servers.

Type: Array of Tag objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: No

Response Syntax

{ "ServerId": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ServerId

The service-assigned ID of the SFTP server that is created.

Type: String

Pattern: ^s-([0-9a-f]{17})$

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServiceError

This exception is thrown when an error occurs in the AWS Transfer for SFTP service.

HTTP Status Code: 500

InvalidRequestException

This exception is thrown when the client submits a malformed request.

HTTP Status Code: 400

ResourceExistsException

The requested resource does not exist.

HTTP Status Code: 400

ServiceUnavailableException

The request has failed because the AWS Transfer for SFTP service is not available.

HTTP Status Code: 500

Examples

Example

The following example creates a new SFTP server.

Sample Request

{ "EndpointDetails": { "VpcEndpointId": ""vpce-01234f056f3g13"" }, "EndpointType": "VPC_ENDPOINT", "IdentityProviderDetails": "IdentityProvider", "IdentityProviderType": "SERVICE_MANAGED", "LoggingRole": "CloudWatchLoggingRole", "Tags": [ { "Key": "Name", "Value": "MySFTPServer" } ] }

Example

Sample Response

{ "ServerId": "s-01234567890abcdef" }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: