AWS::Transfer::Server IdentityProviderDetails

Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE, AWS_LAMBDA or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when IdentityProviderType is set to SERVICE_MANAGED.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "DirectoryId" : String,
  "Function" : String,
  "InvocationRole" : String,
  "SftpAuthenticationMethods" : String,
  "Url" : String
}

YAML


  DirectoryId: String
  Function: String
  InvocationRole: String
  SftpAuthenticationMethods: String
  Url: String

Properties

DirectoryId

The identifier of the AWS Directory Service directory that you want to use as your identity provider.

Required: No

Type: String

Pattern: ^d-[0-9a-f]{10}$

Minimum: 12

Maximum: 12

Update requires: No interruption

Function

The ARN for a Lambda function to use for the Identity provider.

Required: No

Type: String

Pattern: ^arn:[a-z-]+:lambda:.*$

Minimum: 1

Maximum: 170

Update requires: No interruption

InvocationRole

This parameter is only applicable if your IdentityProviderType is API_GATEWAY. Provides the type of InvocationRole used to authenticate the user account.

Required: No

Type: String

Pattern: ^arn:.*role/\S+$

Minimum: 20

Maximum: 2048

Update requires: No interruption

SftpAuthenticationMethods

For SFTP-enabled servers, and for custom identity providers only, you can specify whether to authenticate using a password, SSH key pair, or both.

PASSWORD - users must provide their password to connect.
PUBLIC_KEY - users must provide their private key to connect.
PUBLIC_KEY_OR_PASSWORD - users can authenticate with either their password or their key. This is the default value.
PUBLIC_KEY_AND_PASSWORD - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails.

Required: No

Type: String

Allowed values: PASSWORD | PUBLIC_KEY | PUBLIC_KEY_OR_PASSWORD | PUBLIC_KEY_AND_PASSWORD

Update requires: No interruption

Url

Provides the location of the service endpoint used to authenticate users.

Required: No

Type: String

Minimum: 0

Maximum: 255

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

EndpointDetails

ProtocolDetails