This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS Transfer Family **Resource types** + [AWS::Transfer::Agreement](aws-resource-transfer-agreement.md) + [AWS::Transfer::Certificate](aws-resource-transfer-certificate.md) + [AWS::Transfer::Connector](aws-resource-transfer-connector.md) + [AWS::Transfer::Profile](aws-resource-transfer-profile.md) + [AWS::Transfer::Server](aws-resource-transfer-server.md) + [AWS::Transfer::User](aws-resource-transfer-user.md) + [AWS::Transfer::WebApp](aws-resource-transfer-webapp.md) + [AWS::Transfer::Workflow](aws-resource-transfer-workflow.md) # AWS::Transfer::Agreement Creates an agreement. An agreement is a bilateral trading partner agreement, or partnership, between an AWS Transfer Family server and an AS2 process. The agreement defines the file and message transfer relationship between the server and the AS2 process. To define an agreement, Transfer Family combines a server, local profile, partner profile, certificate, and other attributes. The partner is identified with the `PartnerProfileId`, and the AS2 process is identified with the `LocalProfileId`. **Note** Specify *either*`BaseDirectory` or `CustomDirectories`, but not both. Specifying both causes the command to fail. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Transfer::Agreement", "Properties" : { "[AccessRole](#cfn-transfer-agreement-accessrole)" : String, "[BaseDirectory](#cfn-transfer-agreement-basedirectory)" : String, "[CustomDirectories](#cfn-transfer-agreement-customdirectories)" : CustomDirectories, "[Description](#cfn-transfer-agreement-description)" : String, "[EnforceMessageSigning](#cfn-transfer-agreement-enforcemessagesigning)" : String, "[LocalProfileId](#cfn-transfer-agreement-localprofileid)" : String, "[PartnerProfileId](#cfn-transfer-agreement-partnerprofileid)" : String, "[PreserveFilename](#cfn-transfer-agreement-preservefilename)" : String, "[ServerId](#cfn-transfer-agreement-serverid)" : String, "[Status](#cfn-transfer-agreement-status)" : String, "[Tags](#cfn-transfer-agreement-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::Transfer::Agreement Properties: [AccessRole](#cfn-transfer-agreement-accessrole): String [BaseDirectory](#cfn-transfer-agreement-basedirectory): String [CustomDirectories](#cfn-transfer-agreement-customdirectories): CustomDirectories [Description](#cfn-transfer-agreement-description): String [EnforceMessageSigning](#cfn-transfer-agreement-enforcemessagesigning): String [LocalProfileId](#cfn-transfer-agreement-localprofileid): String [PartnerProfileId](#cfn-transfer-agreement-partnerprofileid): String [PreserveFilename](#cfn-transfer-agreement-preservefilename): String [ServerId](#cfn-transfer-agreement-serverid): String [Status](#cfn-transfer-agreement-status): String [Tags](#cfn-transfer-agreement-tags): - Tag ``` ## Properties `AccessRole` Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use. **For AS2 connectors** With AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths`. We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt`, parent directory is `/bucket/dir/`) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer`. If you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key. **For SFTP connectors** Make sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager. *Required*: Yes *Type*: String *Pattern*: `arn:.*role/.*` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `BaseDirectory` The landing directory (folder) for files that are transferred by using the AS2 protocol. *Required*: No *Type*: String *Pattern*: `^(|/.*)$` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CustomDirectories` A `CustomDirectoriesType` structure. This structure specifies custom directories for storing various AS2 message files. You can specify directories for the following types of files. + Failed files + MDN files + Payload files + Status files + Temporary files *Required*: No *Type*: [CustomDirectories](aws-properties-transfer-agreement-customdirectories.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` The name or short description that's used to identify the agreement. *Required*: No *Type*: String *Pattern*: `^[\u0021-\u007E]+$` *Minimum*: `1` *Maximum*: `200` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EnforceMessageSigning` Determines whether or not unsigned messages from your trading partners will be accepted. + `ENABLED`: Transfer Family rejects unsigned messages from your trading partner. + `DISABLED` (default value): Transfer Family accepts unsigned messages from your trading partner. *Required*: No *Type*: String *Allowed values*: `ENABLED | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LocalProfileId` A unique identifier for the AS2 local profile. *Required*: Yes *Type*: String *Pattern*: `^p-([0-9a-f]{17})$` *Minimum*: `19` *Maximum*: `19` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PartnerProfileId` A unique identifier for the partner profile used in the agreement. *Required*: Yes *Type*: String *Pattern*: `^p-([0-9a-f]{17})$` *Minimum*: `19` *Maximum*: `19` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PreserveFilename` Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload filename when saving it. + `ENABLED`: the filename provided by your trading parter is preserved when the file is saved. + `DISABLED` (default value): when Transfer Family saves the file, the filename is adjusted, as described in [File names and locations](https://docs.aws.amazon.com/transfer/latest/userguide/send-as2-messages.html#file-names-as2). *Required*: No *Type*: String *Allowed values*: `ENABLED | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServerId` A system-assigned unique identifier for a server instance. This identifier indicates the specific server that the agreement uses. *Required*: Yes *Type*: String *Pattern*: `^s-([0-9a-f]{17})$` *Minimum*: `19` *Maximum*: `19` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Status` The current status of the agreement, either `ACTIVE` or `INACTIVE`. *Required*: No *Type*: String *Allowed values*: `ACTIVE | INACTIVE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Key-value pairs that can be used to group and search for agreements. *Required*: No *Type*: Array of [Tag](aws-properties-transfer-agreement-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `AgreementId` The unique identifier for the AS2 agreement, returned after the API call succeeds. # AWS::Transfer::Agreement CustomDirectories The `CustomDirectories` property type specifies Property description not available. for an [AWS::Transfer::Agreement](aws-resource-transfer-agreement.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[FailedFilesDirectory](#cfn-transfer-agreement-customdirectories-failedfilesdirectory)" : String, "[MdnFilesDirectory](#cfn-transfer-agreement-customdirectories-mdnfilesdirectory)" : String, "[PayloadFilesDirectory](#cfn-transfer-agreement-customdirectories-payloadfilesdirectory)" : String, "[StatusFilesDirectory](#cfn-transfer-agreement-customdirectories-statusfilesdirectory)" : String, "[TemporaryFilesDirectory](#cfn-transfer-agreement-customdirectories-temporaryfilesdirectory)" : String } ``` ### YAML ``` [FailedFilesDirectory](#cfn-transfer-agreement-customdirectories-failedfilesdirectory): String [MdnFilesDirectory](#cfn-transfer-agreement-customdirectories-mdnfilesdirectory): String [PayloadFilesDirectory](#cfn-transfer-agreement-customdirectories-payloadfilesdirectory): String [StatusFilesDirectory](#cfn-transfer-agreement-customdirectories-statusfilesdirectory): String [TemporaryFilesDirectory](#cfn-transfer-agreement-customdirectories-temporaryfilesdirectory): String ``` ## Properties `FailedFilesDirectory` Property description not available. *Required*: Yes *Type*: String *Pattern*: `(|/.*)` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MdnFilesDirectory` Property description not available. *Required*: Yes *Type*: String *Pattern*: `(|/.*)` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PayloadFilesDirectory` Property description not available. *Required*: Yes *Type*: String *Pattern*: `(|/.*)` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StatusFilesDirectory` Property description not available. *Required*: Yes *Type*: String *Pattern*: `(|/.*)` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TemporaryFilesDirectory` Property description not available. *Required*: Yes *Type*: String *Pattern*: `(|/.*)` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Agreement Tag Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called `Group` and assign the values `Research` and `Accounting` to that group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-transfer-agreement-tag-key)" : String, "[Value](#cfn-transfer-agreement-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-transfer-agreement-tag-key): String [Value](#cfn-transfer-agreement-tag-value): String ``` ## Properties `Key` The name assigned to the tag that you create. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Contains one or more values that you assigned to the key name you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Certificate Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles. You can import both the certificate and its chain in the `Certificate` parameter. After importing a certificate, AWS Transfer Family automatically creates a Amazon CloudWatch metric called `DaysUntilExpiry` that tracks the number of days until the certificate expires. The metric is based on the `InactiveDate` parameter and is published daily in the `AWS/Transfer` namespace. **Important** It can take up to a full day after importing a certificate for Transfer Family to emit the `DaysUntilExpiry` metric to your account. **Note** If you use the `Certificate` parameter to upload both the certificate and its chain, don't use the `CertificateChain` parameter. **CloudWatch monitoring** The `DaysUntilExpiry` metric includes the following specifications: + **Units:** Count (days) + **Dimensions:**`CertificateId` (always present), `Description` (if provided during certificate import) + **Statistics:** Minimum, Maximum, Average + **Frequency:** Published daily ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Transfer::Certificate", "Properties" : { "[ActiveDate](#cfn-transfer-certificate-activedate)" : String, "[Certificate](#cfn-transfer-certificate-certificate)" : String, "[CertificateChain](#cfn-transfer-certificate-certificatechain)" : String, "[Description](#cfn-transfer-certificate-description)" : String, "[InactiveDate](#cfn-transfer-certificate-inactivedate)" : String, "[PrivateKey](#cfn-transfer-certificate-privatekey)" : String, "[Tags](#cfn-transfer-certificate-tags)" : [ Tag, ... ], "[Usage](#cfn-transfer-certificate-usage)" : String } } ``` ### YAML ``` Type: AWS::Transfer::Certificate Properties: [ActiveDate](#cfn-transfer-certificate-activedate): String [Certificate](#cfn-transfer-certificate-certificate): String [CertificateChain](#cfn-transfer-certificate-certificatechain): String [Description](#cfn-transfer-certificate-description): String [InactiveDate](#cfn-transfer-certificate-inactivedate): String [PrivateKey](#cfn-transfer-certificate-privatekey): String [Tags](#cfn-transfer-certificate-tags): - Tag [Usage](#cfn-transfer-certificate-usage): String ``` ## Properties `ActiveDate` An optional date that specifies when the certificate becomes active. If you do not specify a value, `ActiveDate` takes the same value as `NotBeforeDate`, which is specified by the CA. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Certificate` The file name for the certificate. *Required*: Yes *Type*: String *Pattern*: `^[\t\n\r\u0020-\u00FF]+$` *Minimum*: `1` *Maximum*: `16384` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CertificateChain` The list of certificates that make up the chain for the certificate. *Required*: No *Type*: String *Pattern*: `^[\t\n\r\u0020-\u00FF]+$` *Minimum*: `1` *Maximum*: `2097152` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Description` The name or description that's used to identity the certificate. *Required*: No *Type*: String *Pattern*: `^[\u0021-\u007E]+$` *Minimum*: `1` *Maximum*: `200` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InactiveDate` An optional date that specifies when the certificate becomes inactive. If you do not specify a value, `InactiveDate` takes the same value as `NotAfterDate`, which is specified by the CA. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PrivateKey` The file that contains the private key for the certificate that's being imported. *Required*: No *Type*: String *Pattern*: `^[\t\n\r\u0020-\u00FF]+$` *Minimum*: `1` *Maximum*: `16384` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Key-value pairs that can be used to group and search for certificates. *Required*: No *Type*: Array of [Tag](aws-properties-transfer-certificate-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Usage` Specifies how this certificate is used. It can be used in the following ways: + `SIGNING`: For signing AS2 messages + `ENCRYPTION`: For encrypting AS2 messages + `TLS`: For securing AS2 communications sent over HTTPS *Required*: Yes *Type*: String *Allowed values*: `SIGNING | ENCRYPTION | TLS` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the `certificateId` , such as `cert-1c698edce1654f869` . For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The unique Amazon Resource Name (ARN) for the certificate. `CertificateId` An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles. `NotAfterDate` The final date that the certificate is valid. `NotBeforeDate` The earliest date that the certificate is valid. `Serial` The serial number for the certificate. `Status` The certificate can be either `ACTIVE` , `PENDING_ROTATION` , or `INACTIVE` . `PENDING_ROTATION` means that this certificate will replace the current certificate when it expires. `Type` If a private key has been specified for the certificate, its type is `CERTIFICATE_WITH_PRIVATE_KEY` . If there is no private key, the type is `CERTIFICATE` . # AWS::Transfer::Certificate Tag Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called `Group` and assign the values `Research` and `Accounting` to that group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-transfer-certificate-tag-key)" : String, "[Value](#cfn-transfer-certificate-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-transfer-certificate-tag-key): String [Value](#cfn-transfer-certificate-tag-value): String ``` ## Properties `Key` The name assigned to the tag that you create. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Contains one or more values that you assigned to the key name you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Connector Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see [Configure AS2 connectors](https://docs.aws.amazon.com/transfer/latest/userguide/configure-as2-connector.html) and [Create SFTP connectors](https://docs.aws.amazon.com/transfer/latest/userguide/configure-sftp-connector.html). **Note** You must specify exactly one configuration object: either for AS2 (`As2Config`) or SFTP (`SftpConfig`). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Transfer::Connector", "Properties" : { "[AccessRole](#cfn-transfer-connector-accessrole)" : String, "[As2Config](#cfn-transfer-connector-as2config)" : As2Config, "[EgressConfig](#cfn-transfer-connector-egressconfig)" : ConnectorEgressConfig, "[EgressType](#cfn-transfer-connector-egresstype)" : String, "[IpAddressType](#cfn-transfer-connector-ipaddresstype)" : String, "[LoggingRole](#cfn-transfer-connector-loggingrole)" : String, "[SecurityPolicyName](#cfn-transfer-connector-securitypolicyname)" : String, "[SftpConfig](#cfn-transfer-connector-sftpconfig)" : SftpConfig, "[Tags](#cfn-transfer-connector-tags)" : [ Tag, ... ], "[Url](#cfn-transfer-connector-url)" : String } } ``` ### YAML ``` Type: AWS::Transfer::Connector Properties: [AccessRole](#cfn-transfer-connector-accessrole): String [As2Config](#cfn-transfer-connector-as2config): As2Config [EgressConfig](#cfn-transfer-connector-egressconfig): ConnectorEgressConfig [EgressType](#cfn-transfer-connector-egresstype): String [IpAddressType](#cfn-transfer-connector-ipaddresstype): String [LoggingRole](#cfn-transfer-connector-loggingrole): String [SecurityPolicyName](#cfn-transfer-connector-securitypolicyname): String [SftpConfig](#cfn-transfer-connector-sftpconfig): SftpConfig [Tags](#cfn-transfer-connector-tags): - Tag [Url](#cfn-transfer-connector-url): String ``` ## Properties `AccessRole` Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use. **For AS2 connectors** With AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths`. We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt`, parent directory is `/bucket/dir/`) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer`. If you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key. **For SFTP connectors** Make sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager. *Required*: Yes *Type*: String *Pattern*: `arn:.*role/.*` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `As2Config` A structure that contains the parameters for an AS2 connector object. *Required*: No *Type*: [As2Config](aws-properties-transfer-connector-as2config.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EgressConfig` Current egress configuration of the connector, showing how traffic is routed to the SFTP server. Contains VPC Lattice settings when using VPC\$1LATTICE egress type. When using the VPC\$1LATTICE egress type, AWS Transfer Family uses a managed Service Network to simplify the resource sharing process. *Required*: No *Type*: [ConnectorEgressConfig](aws-properties-transfer-connector-connectoregressconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EgressType` Type of egress configuration for the connector. SERVICE\$1MANAGED uses Transfer Family managed NAT gateways, while VPC\$1LATTICE routes traffic through customer VPCs using VPC Lattice. *Required*: No *Type*: String *Allowed values*: `SERVICE_MANAGED | VPC_LATTICE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IpAddressType` Property description not available. *Required*: No *Type*: String *Allowed values*: `IPV4 | DUALSTACK` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LoggingRole` The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs. *Required*: No *Type*: String *Pattern*: `arn:.*role/.*` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SecurityPolicyName` The text name of the security policy for the specified connector. *Required*: No *Type*: String *Pattern*: `TransferSFTPConnectorSecurityPolicy-[A-Za-z0-9-]+` *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SftpConfig` A structure that contains the parameters for an SFTP connector object. *Required*: No *Type*: [SftpConfig](aws-properties-transfer-connector-sftpconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Key-value pairs that can be used to group and search for connectors. *Required*: No *Type*: Array of [Tag](aws-properties-transfer-connector-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Url` The URL of the partner's AS2 or SFTP endpoint. When creating AS2 connectors or service-managed SFTP connectors (connectors without egress configuration), you must provide a URL to specify the remote server endpoint. For VPC Lattice type connectors, the URL must be null. *Required*: No *Type*: String *Maximum*: `255` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `ConnectorId` The service-assigned ID of the connector that is created. `ErrorMessage` Error message providing details when the connector is in ERRORED status. Contains information to help troubleshoot connector creation or operation failures. `ServiceManagedEgressIpAddresses` The list of egress IP addresses of this connector. These IP addresses are assigned automatically when you create the connector. `Status` Current status of the connector. PENDING indicates creation/update in progress, ACTIVE means ready for operations, and ERRORED indicates a failure requiring attention. # AWS::Transfer::Connector As2Config A structure that contains the parameters for an AS2 connector object. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AsyncMdnConfig](#cfn-transfer-connector-as2config-asyncmdnconfig)" : ConnectorAsyncMdnConfig, "[BasicAuthSecretId](#cfn-transfer-connector-as2config-basicauthsecretid)" : String, "[Compression](#cfn-transfer-connector-as2config-compression)" : String, "[EncryptionAlgorithm](#cfn-transfer-connector-as2config-encryptionalgorithm)" : String, "[LocalProfileId](#cfn-transfer-connector-as2config-localprofileid)" : String, "[MdnResponse](#cfn-transfer-connector-as2config-mdnresponse)" : String, "[MdnSigningAlgorithm](#cfn-transfer-connector-as2config-mdnsigningalgorithm)" : String, "[MessageSubject](#cfn-transfer-connector-as2config-messagesubject)" : String, "[PartnerProfileId](#cfn-transfer-connector-as2config-partnerprofileid)" : String, "[PreserveContentType](#cfn-transfer-connector-as2config-preservecontenttype)" : String, "[SigningAlgorithm](#cfn-transfer-connector-as2config-signingalgorithm)" : String } ``` ### YAML ``` [AsyncMdnConfig](#cfn-transfer-connector-as2config-asyncmdnconfig): ConnectorAsyncMdnConfig [BasicAuthSecretId](#cfn-transfer-connector-as2config-basicauthsecretid): String [Compression](#cfn-transfer-connector-as2config-compression): String [EncryptionAlgorithm](#cfn-transfer-connector-as2config-encryptionalgorithm): String [LocalProfileId](#cfn-transfer-connector-as2config-localprofileid): String [MdnResponse](#cfn-transfer-connector-as2config-mdnresponse): String [MdnSigningAlgorithm](#cfn-transfer-connector-as2config-mdnsigningalgorithm): String [MessageSubject](#cfn-transfer-connector-as2config-messagesubject): String [PartnerProfileId](#cfn-transfer-connector-as2config-partnerprofileid): String [PreserveContentType](#cfn-transfer-connector-as2config-preservecontenttype): String [SigningAlgorithm](#cfn-transfer-connector-as2config-signingalgorithm): String ``` ## Properties `AsyncMdnConfig` Property description not available. *Required*: No *Type*: [ConnectorAsyncMdnConfig](aws-properties-transfer-connector-connectorasyncmdnconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `BasicAuthSecretId` Provides Basic authentication support to the AS2 Connectors API. To use Basic authentication, you must provide the name or Amazon Resource Name (ARN) of a secret in AWS Secrets Manager. The default value for this parameter is `null`, which indicates that Basic authentication is not enabled for the connector. If the connector should use Basic authentication, the secret needs to be in the following format: `{ "Username": "user-name", "Password": "user-password" }` Replace `user-name` and `user-password` with the credentials for the actual user that is being authenticated. Note the following: + You are storing these credentials in Secrets Manager, *not passing them directly* into this API. + If you are using the API, SDKs, or CloudFormation to configure your connector, then you must create the secret before you can enable Basic authentication. However, if you are using the AWS management console, you can have the system create the secret for you. If you have previously enabled Basic authentication for a connector, you can disable it by using the `UpdateConnector` API call. For example, if you are using the CLI, you can run the following command to remove Basic authentication: `update-connector --connector-id my-connector-id --as2-config 'BasicAuthSecretId=""'` *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Compression` Specifies whether the AS2 file is compressed. *Required*: No *Type*: String *Allowed values*: `ZLIB | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EncryptionAlgorithm` The algorithm that is used to encrypt the file. Note the following: + Do not use the `DES_EDE3_CBC` algorithm unless you must support a legacy client that requires it, as it is a weak encryption algorithm. + You can only specify `NONE` if the URL for your connector uses HTTPS. Using HTTPS ensures that no traffic is sent in clear text. *Required*: No *Type*: String *Allowed values*: `AES128_CBC | AES192_CBC | AES256_CBC | NONE | DES_EDE3_CBC` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LocalProfileId` A unique identifier for the AS2 local profile. *Required*: No *Type*: String *Pattern*: `^p-([0-9a-f]{17})$` *Minimum*: `19` *Maximum*: `19` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MdnResponse` Used for outbound requests (from an AWS Transfer Family connector to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous. Specify either of the following values: + `ASYNC`: The system expects an asynchronous MDN response, confirming that the file was transferred successfully (or not). + `SYNC`: The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not). + `NONE`: Specifies that no MDN response is required. *Required*: No *Type*: String *Allowed values*: `SYNC | ASYNC | NONE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MdnSigningAlgorithm` The signing algorithm for the MDN response. If set to DEFAULT (or not set at all), the value for `SigningAlgorithm` is used. *Required*: No *Type*: String *Allowed values*: `SHA256 | SHA384 | SHA512 | SHA1 | NONE | DEFAULT` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MessageSubject` Used as the `Subject` HTTP header attribute in AS2 messages that are being sent with the connector. *Required*: No *Type*: String *Pattern*: `^[\u0020-\u007E\t]+$` *Minimum*: `1` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PartnerProfileId` A unique identifier for the partner profile for the connector. *Required*: No *Type*: String *Pattern*: `^p-([0-9a-f]{17})$` *Minimum*: `19` *Maximum*: `19` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PreserveContentType` Property description not available. *Required*: No *Type*: String *Allowed values*: `ENABLED | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SigningAlgorithm` The algorithm that is used to sign the AS2 messages sent with the connector. *Required*: No *Type*: String *Allowed values*: `SHA256 | SHA384 | SHA512 | SHA1 | NONE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Connector ConnectorAsyncMdnConfig The `ConnectorAsyncMdnConfig` property type specifies Property description not available. for an [AWS::Transfer::Connector](aws-resource-transfer-connector.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ServerIds](#cfn-transfer-connector-connectorasyncmdnconfig-serverids)" : [ String, ... ], "[Url](#cfn-transfer-connector-connectorasyncmdnconfig-url)" : String } ``` ### YAML ``` [ServerIds](#cfn-transfer-connector-connectorasyncmdnconfig-serverids): - String [Url](#cfn-transfer-connector-connectorasyncmdnconfig-url): String ``` ## Properties `ServerIds` Property description not available. *Required*: Yes *Type*: Array of String *Minimum*: `1` *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Url` Property description not available. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Connector ConnectorEgressConfig Configuration structure that defines how traffic is routed from the connector to the SFTP server. Contains VPC Lattice settings when using VPC\$1LATTICE egress type for private connectivity through customer VPCs. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[VpcLattice](#cfn-transfer-connector-connectoregressconfig-vpclattice)" : ConnectorVpcLatticeEgressConfig } ``` ### YAML ``` [VpcLattice](#cfn-transfer-connector-connectoregressconfig-vpclattice): ConnectorVpcLatticeEgressConfig ``` ## Properties `VpcLattice` VPC\$1LATTICE configuration for routing connector traffic through customer VPCs. Enables private connectivity to SFTP servers without requiring public internet access or complex network configurations. *Required*: Yes *Type*: [ConnectorVpcLatticeEgressConfig](aws-properties-transfer-connector-connectorvpclatticeegressconfig.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Connector ConnectorVpcLatticeEgressConfig VPC\$1LATTICE egress configuration that specifies the Resource Configuration ARN and port for connecting to SFTP servers through customer VPCs. Requires a valid Resource Configuration with appropriate network access. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[PortNumber](#cfn-transfer-connector-connectorvpclatticeegressconfig-portnumber)" : Integer, "[ResourceConfigurationArn](#cfn-transfer-connector-connectorvpclatticeegressconfig-resourceconfigurationarn)" : String } ``` ### YAML ``` [PortNumber](#cfn-transfer-connector-connectorvpclatticeegressconfig-portnumber): Integer [ResourceConfigurationArn](#cfn-transfer-connector-connectorvpclatticeegressconfig-resourceconfigurationarn): String ``` ## Properties `PortNumber` Port number for connecting to the SFTP server through VPC\$1LATTICE. Defaults to 22 if not specified. Must match the port on which the target SFTP server is listening. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `65535` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ResourceConfigurationArn` ARN of the VPC\$1LATTICE Resource Configuration that defines the target SFTP server location. Must point to a valid Resource Configuration in the customer's VPC with appropriate network connectivity to the SFTP server. *Required*: Yes *Type*: String *Pattern*: `^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$` *Minimum*: `1` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Connector SftpConfig A structure that contains the parameters for an SFTP connector object. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[MaxConcurrentConnections](#cfn-transfer-connector-sftpconfig-maxconcurrentconnections)" : Integer, "[TrustedHostKeys](#cfn-transfer-connector-sftpconfig-trustedhostkeys)" : [ String, ... ], "[UserSecretId](#cfn-transfer-connector-sftpconfig-usersecretid)" : String } ``` ### YAML ``` [MaxConcurrentConnections](#cfn-transfer-connector-sftpconfig-maxconcurrentconnections): Integer [TrustedHostKeys](#cfn-transfer-connector-sftpconfig-trustedhostkeys): - String [UserSecretId](#cfn-transfer-connector-sftpconfig-usersecretid): String ``` ## Properties `MaxConcurrentConnections` Specify the number of concurrent connections that your connector creates to the remote server. The default value is `1`. The maximum values is `5`. If you are using the AWS Management Console, the default value is `5`. This parameter specifies the number of active connections that your connector can establish with the remote server at the same time. Increasing this value can enhance connector performance when transferring large file batches by enabling parallel operations. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `5` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TrustedHostKeys` The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the `ssh-keyscan` command against the SFTP server to retrieve the necessary key. `TrustedHostKeys` is optional for `CreateConnector`. If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key. When creating connectors with egress config (VPC\$1LATTICE type connectors), since host name is not something we can verify, the only accepted trusted host key format is `key-type key-body` without the host name. For example: `ssh-rsa AAAAB3Nza...` The three standard SSH public key format elements are ``, ``, and an optional ``, with spaces between each element. Specify only the `` and ``: do not enter the `` portion of the key. For the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys. + For RSA keys, the `` string is `ssh-rsa`. + For ECDSA keys, the `` string is either `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, or `ecdsa-sha2-nistp521`, depending on the size of the key you generated. Run this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com`. `ssh-keyscan ftp.host.com` This prints the public host key to standard output. `ftp.host.com ssh-rsa AAAAB3Nza...` Copy and paste this string into the `TrustedHostKeys` field for the `create-connector` command or into the **Trusted host keys** field in the console. For VPC Lattice type connectors (VPC\$1LATTICE), remove the hostname from the key and use only the `key-type key-body` format. In this example, it should be: `ssh-rsa AAAAB3Nza...` *Required*: No *Type*: Array of String *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UserSecretId` The identifier for the secret (in AWS Secrets Manager) that contains the SFTP user's private key, password, or both. The identifier must be the Amazon Resource Name (ARN) of the secret. + Required when creating an SFTP connector + Optional when updating an existing SFTP connector *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Connector Tag Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called `Group` and assign the values `Research` and `Accounting` to that group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-transfer-connector-tag-key)" : String, "[Value](#cfn-transfer-connector-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-transfer-connector-tag-key): String [Value](#cfn-transfer-connector-tag-value): String ``` ## Properties `Key` The name assigned to the tag that you create. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Contains one or more values that you assigned to the key name you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Profile Creates the local or partner profile to use for AS2 transfers. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Transfer::Profile", "Properties" : { "[As2Id](#cfn-transfer-profile-as2id)" : String, "[CertificateIds](#cfn-transfer-profile-certificateids)" : [ String, ... ], "[ProfileType](#cfn-transfer-profile-profiletype)" : String, "[Tags](#cfn-transfer-profile-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::Transfer::Profile Properties: [As2Id](#cfn-transfer-profile-as2id): String [CertificateIds](#cfn-transfer-profile-certificateids): - String [ProfileType](#cfn-transfer-profile-profiletype): String [Tags](#cfn-transfer-profile-tags): - Tag ``` ## Properties `As2Id` The `As2Id` is the *AS2-name*, as defined in the [RFC 4130](https://datatracker.ietf.org/doc/html/rfc4130). For inbound transfers, this is the `AS2-From` header for the AS2 messages sent from the partner. For outbound connectors, this is the `AS2-To` header for the AS2 messages sent to the partner using the `StartFileTransfer` API operation. This ID cannot include spaces. *Required*: Yes *Type*: String *Pattern*: `^[\u0020-\u007E\s]*$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `CertificateIds` An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ProfileType` Indicates whether to list only `LOCAL` type profiles or only `PARTNER` type profiles. If not supplied in the request, the command lists all types of profiles. *Required*: Yes *Type*: String *Allowed values*: `LOCAL | PARTNER` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Key-value pairs that can be used to group and search for profiles. *Required*: No *Type*: Array of [Tag](aws-properties-transfer-profile-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name associated with the profile, in the form `arn:aws:transfer:region:account-id:profile/profile-id/` . `ProfileId` The unique identifier for the AS2 profile, returned after the API call succeeds. # AWS::Transfer::Profile Tag Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called `Group` and assign the values `Research` and `Accounting` to that group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-transfer-profile-tag-key)" : String, "[Value](#cfn-transfer-profile-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-transfer-profile-tag-key): String [Value](#cfn-transfer-profile-tag-value): String ``` ## Properties `Key` The name assigned to the tag that you create. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Contains one or more values that you assigned to the key name you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Server Instantiates an auto-scaling virtual server based on the selected file transfer protocol in AWS. When you make updates to your file transfer protocol-enabled server or when you work with users, use the service-generated `ServerId` property that is assigned to the newly created server. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Transfer::Server", "Properties" : { "[Certificate](#cfn-transfer-server-certificate)" : String, "[Domain](#cfn-transfer-server-domain)" : String, "[EndpointDetails](#cfn-transfer-server-endpointdetails)" : EndpointDetails, "[EndpointType](#cfn-transfer-server-endpointtype)" : String, "[IdentityProviderDetails](#cfn-transfer-server-identityproviderdetails)" : IdentityProviderDetails, "[IdentityProviderType](#cfn-transfer-server-identityprovidertype)" : String, "[IpAddressType](#cfn-transfer-server-ipaddresstype)" : String, "[LoggingRole](#cfn-transfer-server-loggingrole)" : String, "[PostAuthenticationLoginBanner](#cfn-transfer-server-postauthenticationloginbanner)" : String, "[PreAuthenticationLoginBanner](#cfn-transfer-server-preauthenticationloginbanner)" : String, "[ProtocolDetails](#cfn-transfer-server-protocoldetails)" : ProtocolDetails, "[Protocols](#cfn-transfer-server-protocols)" : [ String, ... ], "[S3StorageOptions](#cfn-transfer-server-s3storageoptions)" : S3StorageOptions, "[SecurityPolicyName](#cfn-transfer-server-securitypolicyname)" : String, "[StructuredLogDestinations](#cfn-transfer-server-structuredlogdestinations)" : [ String, ... ], "[Tags](#cfn-transfer-server-tags)" : [ Tag, ... ], "[WorkflowDetails](#cfn-transfer-server-workflowdetails)" : WorkflowDetails } } ``` ### YAML ``` Type: AWS::Transfer::Server Properties: [Certificate](#cfn-transfer-server-certificate): String [Domain](#cfn-transfer-server-domain): String [EndpointDetails](#cfn-transfer-server-endpointdetails): EndpointDetails [EndpointType](#cfn-transfer-server-endpointtype): String [IdentityProviderDetails](#cfn-transfer-server-identityproviderdetails): IdentityProviderDetails [IdentityProviderType](#cfn-transfer-server-identityprovidertype): String [IpAddressType](#cfn-transfer-server-ipaddresstype): String [LoggingRole](#cfn-transfer-server-loggingrole): String [PostAuthenticationLoginBanner](#cfn-transfer-server-postauthenticationloginbanner): String [PreAuthenticationLoginBanner](#cfn-transfer-server-preauthenticationloginbanner): String [ProtocolDetails](#cfn-transfer-server-protocoldetails): ProtocolDetails [Protocols](#cfn-transfer-server-protocols): - String [S3StorageOptions](#cfn-transfer-server-s3storageoptions): S3StorageOptions [SecurityPolicyName](#cfn-transfer-server-securitypolicyname): String [StructuredLogDestinations](#cfn-transfer-server-structuredlogdestinations): - String [Tags](#cfn-transfer-server-tags): - Tag [WorkflowDetails](#cfn-transfer-server-workflowdetails): WorkflowDetails ``` ## Properties `Certificate` The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when `Protocols` is set to `FTPS`. To request a new public certificate, see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) in the *AWS Certificate Manager User Guide*. To import an existing certificate into ACM, see [Importing certificates into ACM](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide*. To request a private certificate to use FTPS through private IP addresses, see [Request a private certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html) in the *AWS Certificate Manager User Guide*. Certificates with the following cryptographic algorithms and key sizes are supported: + 2048-bit RSA (RSA\$12048) + 4096-bit RSA (RSA\$14096) + Elliptic Prime Curve 256 bit (EC\$1prime256v1) + Elliptic Prime Curve 384 bit (EC\$1secp384r1) + Elliptic Prime Curve 521 bit (EC\$1secp521r1) The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `1600` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Domain` Specifies the domain of the storage system that is used for file transfers. There are two domains available: Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default value is S3. *Required*: No *Type*: String *Allowed values*: `S3 | EFS` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EndpointDetails` The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint. *Required*: No *Type*: [EndpointDetails](aws-properties-transfer-server-endpointdetails.md) *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) `EndpointType` The type of endpoint that you want your server to use. You can choose to make your server's endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it. After May 19, 2021, you won't be able to create a server using `EndpointType=VPC_ENDPOINT` in your AWS account if your account hasn't already done so before May 19, 2021. If you have already created servers with `EndpointType=VPC_ENDPOINT` in your AWS account on or before May 19, 2021, you will not be affected. After this date, use `EndpointType` = `VPC` . For more information, see [Discontinuing the use of VPC\$1ENDPOINT](https://docs.aws.amazon.com//transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint) . It is recommended that you use `VPC` as the `EndpointType` . With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with `EndpointType` set to `VPC_ENDPOINT` . *Required*: No *Type*: String *Allowed values*: `PUBLIC | VPC | VPC_ENDPOINT` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityProviderDetails` Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE`, `AWS_LAMBDA` or `API_GATEWAY`. Accepts an array containing all of the information required to use a directory in `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when `IdentityProviderType` is set to `SERVICE_MANAGED`. *Required*: No *Type*: [IdentityProviderDetails](aws-properties-transfer-server-identityproviderdetails.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityProviderType` The mode of authentication for a server. The default value is `SERVICE_MANAGED`, which allows you to store and access user credentials within the AWS Transfer Family service. Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory groups in AWS Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in AWS using AD Connector. This option also requires you to provide a Directory ID by using the `IdentityProviderDetails` parameter. Use the `API_GATEWAY` value to integrate with an identity provider of your choosing. The `API_GATEWAY` setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the `IdentityProviderDetails` parameter. Use the `AWS_LAMBDA` value to directly use an AWS Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the `Function` parameter for the `IdentityProviderDetails` data type. *Required*: No *Type*: String *Allowed values*: `SERVICE_MANAGED | API_GATEWAY | AWS_DIRECTORY_SERVICE | AWS_LAMBDA` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IpAddressType` Specifies whether to use IPv4 only, or to use dual-stack (IPv4 and IPv6) for your AWS Transfer Family endpoint. The default value is `IPV4`. The `IpAddressType` parameter has the following limitations: + It cannot be changed while the server is online. You must stop the server before modifying this parameter. + It cannot be updated to `DUALSTACK` if the server has `AddressAllocationIds` specified. When using `DUALSTACK` as the `IpAddressType`, you cannot set the `AddressAllocationIds` parameter for the [EndpointDetails](https://docs.aws.amazon.com/transfer/latest/APIReference/API_EndpointDetails.html) for the server. *Required*: No *Type*: String *Allowed values*: `IPV4 | DUALSTACK` *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) `LoggingRole` The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, you can view user activity in your CloudWatch logs. *Required*: No *Type*: String *Pattern*: `^(|arn:.*role/\S+)$` *Minimum*: `0` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PostAuthenticationLoginBanner` Specifies a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners. *Required*: No *Type*: String *Pattern*: `^[\x09-\x0D\x20-\x7E]*$` *Minimum*: `0` *Maximum*: `4096` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PreAuthenticationLoginBanner` Specifies a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system: `This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.` *Required*: No *Type*: String *Pattern*: `^[\x09-\x0D\x20-\x7E]*$` *Minimum*: `0` *Maximum*: `4096` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ProtocolDetails` The protocol settings that are configured for your server. + To indicate passive mode (for FTP and FTPS protocols), use the `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer. + To ignore the error that is generated when the client attempts to use the `SETSTAT` command on a file that you are uploading to an Amazon S3 bucket, use the `SetStatOption` parameter. To have the AWS Transfer Family server ignore the `SETSTAT` command and upload files without needing to make any changes to your SFTP client, set the value to `ENABLE_NO_OP` . If you set the `SetStatOption` parameter to `ENABLE_NO_OP` , Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a `SETSTAT` call. + To determine whether your AWS Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the `TlsSessionResumptionMode` parameter. + `As2Transports` indicates the transport method for the AS2 messages. Currently, only HTTP is supported. The `Protocols` parameter is an array of strings. *Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2` *Required*: No *Type*: [ProtocolDetails](aws-properties-transfer-server-protocoldetails.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Protocols` Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are: + `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH + `FTPS` (File Transfer Protocol Secure): File transfer with TLS encryption + `FTP` (File Transfer Protocol): Unencrypted file transfer + `AS2` (Applicability Statement 2): used for transporting structured business-to-business data + If you select `FTPS` , you must choose a certificate stored in AWS Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS. + If `Protocol` includes either `FTP` or `FTPS` , then the `EndpointType` must be `VPC` and the `IdentityProviderType` must be either `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` . + If `Protocol` includes `FTP` , then `AddressAllocationIds` cannot be associated. + If `Protocol` is set only to `SFTP` , the `EndpointType` can be set to `PUBLIC` and the `IdentityProviderType` can be set any of the supported identity types: `SERVICE_MANAGED` , `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` . + If `Protocol` includes `AS2` , then the `EndpointType` must be `VPC` , and domain must be Amazon S3. The `Protocols` parameter is an array of strings. *Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2` *Required*: No *Type*: Array of String *Minimum*: `1` *Maximum*: `4` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `S3StorageOptions` Specifies whether or not performance for your Amazon S3 directories is optimized. + If using the console, this is enabled by default. + If using the API or CLI, this is disabled by default. By default, home directory mappings have a `TYPE` of `DIRECTORY`. If you enable this option, you would then need to explicitly set the `HomeDirectoryMapEntry``Type` to `FILE` if you want a mapping to have a file target. *Required*: No *Type*: [S3StorageOptions](aws-properties-transfer-server-s3storageoptions.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SecurityPolicyName` Specifies the name of the security policy for the server. *Required*: No *Type*: String *Pattern*: `^TransferSecurityPolicy-.+$` *Minimum*: `0` *Maximum*: `100` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `StructuredLogDestinations` Specifies the log groups to which your server logs are sent. To specify a log group, you must provide the ARN for an existing log group. In this case, the format of the log group is as follows: `arn:aws:logs:region-name:amazon-account-id:log-group:log-group-name:*` For example, `arn:aws:logs:us-east-1:111122223333:log-group:mytestgroup:*` If you have previously specified a log group for a server, you can clear it, and in effect turn off structured logging, by providing an empty value for this parameter in an `update-server` call. For example: `update-server --server-id s-1234567890abcdef0 --structured-log-destinations` *Required*: No *Type*: Array of String *Minimum*: `20 | 0` *Maximum*: `1600 | 1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Key-value pairs that can be used to group and search for servers. *Required*: No *Type*: Array of [Tag](aws-properties-transfer-server-tag.md) *Minimum*: `1` *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `WorkflowDetails` Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow. In addition to a workflow to execute when a file is uploaded completely, `WorkflowDetails` can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects. *Required*: No *Type*: [WorkflowDetails](aws-properties-transfer-server-workflowdetails.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the server ARN, such as `arn:aws:transfer:us-east-1:123456789012:server/s-01234567890abcdef` . For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` Specifies the unique Amazon Resource Name (ARN) of the server. `As2ServiceManagedEgressIpAddresses` The list of egress IP addresses of this server. These IP addresses are only relevant for servers that use the AS2 protocol. They are used for sending asynchronous MDNs. These IP addresses are assigned automatically when you create an AS2 server. Additionally, if you update an existing server and add the AS2 protocol, static IP addresses are assigned as well. `ServerId` Specifies the unique system-assigned identifier for a server that you instantiate. `State` The condition of the server that was described. A value of `ONLINE` indicates that the server can accept jobs and transfer files. A `State` value of `OFFLINE` means that the server cannot perform file transfer operations. The states of `STARTING` and `STOPPING` indicate that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of `START_FAILED` or `STOP_FAILED` can indicate an error condition. # AWS::Transfer::Server EndpointDetails The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AddressAllocationIds](#cfn-transfer-server-endpointdetails-addressallocationids)" : [ String, ... ], "[SecurityGroupIds](#cfn-transfer-server-endpointdetails-securitygroupids)" : [ String, ... ], "[SubnetIds](#cfn-transfer-server-endpointdetails-subnetids)" : [ String, ... ], "[VpcEndpointId](#cfn-transfer-server-endpointdetails-vpcendpointid)" : String, "[VpcId](#cfn-transfer-server-endpointdetails-vpcid)" : String } ``` ### YAML ``` [AddressAllocationIds](#cfn-transfer-server-endpointdetails-addressallocationids): - String [SecurityGroupIds](#cfn-transfer-server-endpointdetails-securitygroupids): - String [SubnetIds](#cfn-transfer-server-endpointdetails-subnetids): - String [VpcEndpointId](#cfn-transfer-server-endpointdetails-vpcendpointid): String [VpcId](#cfn-transfer-server-endpointdetails-vpcid): String ``` ## Properties `AddressAllocationIds` A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint. An address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the `allocationId` field from the Amazon EC2 [Address](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Address.html) data type. One way to retrieve this value is by calling the EC2 [DescribeAddresses](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html) API. This parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see [Create an internet-facing endpoint for your server](https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#create-internet-facing-endpoint). This property can only be set as follows: + `EndpointType` must be set to `VPC` + The Transfer Family server must be offline. + You cannot set this parameter for Transfer Family servers that use the FTP protocol. + The server must already have `SubnetIds` populated (`SubnetIds` and `AddressAllocationIds` cannot be updated simultaneously). + `AddressAllocationIds` can't contain duplicates, and must be equal in length to `SubnetIds`. For example, if you have three subnet IDs, you must also specify three address allocation IDs. + Call the `UpdateServer` API to set or change this parameter. + You can't set address allocation IDs for servers that have an `IpAddressType` set to `DUALSTACK` You can only set this property if `IpAddressType` is set to `IPV4`. *Required*: No *Type*: Array of String *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) `SecurityGroupIds` A list of security groups IDs that are available to attach to your server's endpoint. While `SecurityGroupIds` appears in the response syntax for consistency with `CreateServer` and `UpdateServer` operations, this field is not populated in `DescribeServer` responses. Security groups are managed at the VPC endpoint level and can be modified outside of the Transfer Family service. To retrieve current security group information, use the EC2 `DescribeVpcEndpoints` API with the `VpcEndpointId` returned in the response. This property can only be set when `EndpointType` is set to `VPC`. You can edit the `SecurityGroupIds` property in the [UpdateServer](https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateServer.html) API only if you are changing the `EndpointType` from `PUBLIC` or `VPC_ENDPOINT` to `VPC`. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 [ModifyVpcEndpoint](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html) API. *Required*: No *Type*: Array of String *Minimum*: `11` *Maximum*: `20` *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) `SubnetIds` A list of subnet IDs that are required to host your server endpoint in your VPC. This property can only be set when `EndpointType` is set to `VPC` . *Required*: No *Type*: Array of String *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) `VpcEndpointId` The ID of the VPC endpoint. This property can only be set when `EndpointType` is set to `VPC_ENDPOINT` . *Required*: No *Type*: String *Pattern*: `^vpce-[0-9a-f]{17}$` *Minimum*: `22` *Maximum*: `22` *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) `VpcId` The VPC ID of the virtual private cloud in which the server's endpoint will be hosted. This property can only be set when `EndpointType` is set to `VPC` . *Required*: No *Type*: String *Update requires*: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt) # AWS::Transfer::Server IdentityProviderDetails Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE`, `AWS_LAMBDA` or `API_GATEWAY`. Accepts an array containing all of the information required to use a directory in `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when `IdentityProviderType` is set to `SERVICE_MANAGED`. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DirectoryId](#cfn-transfer-server-identityproviderdetails-directoryid)" : String, "[Function](#cfn-transfer-server-identityproviderdetails-function)" : String, "[InvocationRole](#cfn-transfer-server-identityproviderdetails-invocationrole)" : String, "[SftpAuthenticationMethods](#cfn-transfer-server-identityproviderdetails-sftpauthenticationmethods)" : String, "[Url](#cfn-transfer-server-identityproviderdetails-url)" : String } ``` ### YAML ``` [DirectoryId](#cfn-transfer-server-identityproviderdetails-directoryid): String [Function](#cfn-transfer-server-identityproviderdetails-function): String [InvocationRole](#cfn-transfer-server-identityproviderdetails-invocationrole): String [SftpAuthenticationMethods](#cfn-transfer-server-identityproviderdetails-sftpauthenticationmethods): String [Url](#cfn-transfer-server-identityproviderdetails-url): String ``` ## Properties `DirectoryId` The identifier of the AWS Directory Service directory that you want to use as your identity provider. *Required*: No *Type*: String *Pattern*: `^d-[0-9a-f]{10}$` *Minimum*: `12` *Maximum*: `12` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Function` The ARN for a Lambda function to use for the Identity provider. *Required*: No *Type*: String *Pattern*: `^arn:[a-z-]+:lambda:.*$` *Minimum*: `1` *Maximum*: `170` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InvocationRole` This parameter is only applicable if your `IdentityProviderType` is `API_GATEWAY`. Provides the type of `InvocationRole` used to authenticate the user account. *Required*: No *Type*: String *Pattern*: `^arn:.*role/\S+$` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SftpAuthenticationMethods` For SFTP-enabled servers, and for custom identity providers *only*, you can specify whether to authenticate using a password, SSH key pair, or both. + `PASSWORD` - users must provide their password to connect. + `PUBLIC_KEY` - users must provide their private key to connect. + `PUBLIC_KEY_OR_PASSWORD` - users can authenticate with either their password or their key. This is the default value. + `PUBLIC_KEY_AND_PASSWORD` - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails. *Required*: No *Type*: String *Allowed values*: `PASSWORD | PUBLIC_KEY | PUBLIC_KEY_OR_PASSWORD | PUBLIC_KEY_AND_PASSWORD` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Url` Provides the location of the service endpoint used to authenticate users. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `255` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Server ProtocolDetails The protocol settings that are configured for your server. **Note** Avoid placing Network Load Balancers (NLBs) or NAT gateways in front of AWS Transfer Family servers, as this increases costs and can cause performance issues, including reduced connection limits for FTPS. For more details, see [ Avoid placing NLBs and NATs in front of AWS Transfer Family](https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations). + To indicate passive mode (for FTP and FTPS protocols), use the `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer. + To ignore the error that is generated when the client attempts to use the `SETSTAT` command on a file that you are uploading to an Amazon S3 bucket, use the `SetStatOption` parameter. To have the AWS Transfer Family server ignore the `SETSTAT` command and upload files without needing to make any changes to your SFTP client, set the value to `ENABLE_NO_OP`. If you set the `SetStatOption` parameter to `ENABLE_NO_OP`, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a `SETSTAT` call. + To determine whether your AWS Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the `TlsSessionResumptionMode` parameter. + `As2Transports` indicates the transport method for the AS2 messages. Currently, only HTTP is supported. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[As2Transports](#cfn-transfer-server-protocoldetails-as2transports)" : [ String, ... ], "[PassiveIp](#cfn-transfer-server-protocoldetails-passiveip)" : String, "[SetStatOption](#cfn-transfer-server-protocoldetails-setstatoption)" : String, "[TlsSessionResumptionMode](#cfn-transfer-server-protocoldetails-tlssessionresumptionmode)" : String } ``` ### YAML ``` [As2Transports](#cfn-transfer-server-protocoldetails-as2transports): - String [PassiveIp](#cfn-transfer-server-protocoldetails-passiveip): String [SetStatOption](#cfn-transfer-server-protocoldetails-setstatoption): String [TlsSessionResumptionMode](#cfn-transfer-server-protocoldetails-tlssessionresumptionmode): String ``` ## Properties `As2Transports` List of `As2Transport` objects. *Required*: No *Type*: Array of String *Minimum*: `1` *Maximum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PassiveIp` Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example: `aws transfer update-server --protocol-details PassiveIp=0.0.0.0` Replace `0.0.0.0` in the example above with the actual IP address you want to use. If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://aws.amazon.com/blogs/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/). Additionally, avoid placing Network Load Balancers (NLBs) or NAT gateways in front of AWS Transfer Family servers. This configuration increases costs and can cause performance issues. When NLBs or NATs are in the communication path, Transfer Family cannot accurately recognize client IP addresses, which impacts connection sharding and limits FTPS servers to only 300 simultaneous connections instead of 10,000. If you must use an NLB, use port 21 for health checks and enable TLS session resumption by setting `TlsSessionResumptionMode = ENFORCED`. For optimal performance, migrate to VPC endpoints with Elastic IP addresses instead of using NLBs. For more details, see [ Avoid placing NLBs and NATs in front of AWS Transfer Family](https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations). *Special values* The `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the `PassiveIp` parameter. This reduces the effectiveness of having High Availability. In this case, you can specify `PassiveIp=0.0.0.0`. This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the `PassiveIp=0.0.0.0` response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the `PassiveIp=0.0.0.0` response. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `15` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SetStatOption` Use the `SetStatOption` to ignore the error that is generated when the client attempts to use `SETSTAT` on a file you are uploading to an S3 bucket. Some SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such as `SETSTAT` when uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded. Set the value to `ENABLE_NO_OP` to have the Transfer Family server ignore the `SETSTAT` command, and upload files without needing to make any changes to your SFTP client. While the `SetStatOption``ENABLE_NO_OP` setting ignores the error, it does generate a log entry in Amazon CloudWatch Logs, so you can determine when the client is making a `SETSTAT` call. If you want to preserve the original timestamp for your file, and modify other file attributes using `SETSTAT`, you can use Amazon EFS as backend storage with Transfer Family. *Required*: No *Type*: String *Allowed values*: `DEFAULT | ENABLE_NO_OP` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TlsSessionResumptionMode` A property used with Transfer Family servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. `TlsSessionResumptionMode` determines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available during `CreateServer` and `UpdateServer` calls. If a `TlsSessionResumptionMode` value is not specified during `CreateServer`, it is set to `ENFORCED` by default. + `DISABLED`: the server does not process TLS session resumption client requests and creates a new TLS session for each request. + `ENABLED`: the server processes and accepts clients that are performing TLS session resumption. The server doesn't reject client data connections that do not perform the TLS session resumption client processing. + `ENFORCED`: the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value to `ENFORCED`, test your clients. **Note** Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don't perform the protocol negotiation. To determine whether or not you can use the `ENFORCED` value, you need to test your clients. *Required*: No *Type*: String *Allowed values*: `DISABLED | ENABLED | ENFORCED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Server S3StorageOptions The Amazon S3 storage options that are configured for your server. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DirectoryListingOptimization](#cfn-transfer-server-s3storageoptions-directorylistingoptimization)" : String } ``` ### YAML ``` [DirectoryListingOptimization](#cfn-transfer-server-s3storageoptions-directorylistingoptimization): String ``` ## Properties `DirectoryListingOptimization` Specifies whether or not performance for your Amazon S3 directories is optimized. + If using the console, this is enabled by default. + If using the API or CLI, this is disabled by default. By default, home directory mappings have a `TYPE` of `DIRECTORY`. If you enable this option, you would then need to explicitly set the `HomeDirectoryMapEntry``Type` to `FILE` if you want a mapping to have a file target. *Required*: No *Type*: String *Allowed values*: `ENABLED | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Server Tag Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called `Group` and assign the values `Research` and `Accounting` to that group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-transfer-server-tag-key)" : String, "[Value](#cfn-transfer-server-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-transfer-server-tag-key): String [Value](#cfn-transfer-server-tag-value): String ``` ## Properties `Key` The name assigned to the tag that you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Contains one or more values that you assigned to the key name you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Server WorkflowDetail Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow. In addition to a workflow to execute when a file is uploaded completely, `WorkflowDetails` can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ExecutionRole](#cfn-transfer-server-workflowdetail-executionrole)" : String, "[WorkflowId](#cfn-transfer-server-workflowdetail-workflowid)" : String } ``` ### YAML ``` [ExecutionRole](#cfn-transfer-server-workflowdetail-executionrole): String [WorkflowId](#cfn-transfer-server-workflowdetail-workflowid): String ``` ## Properties `ExecutionRole` Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources *Required*: Yes *Type*: String *Pattern*: `^arn:.*role/\S+$` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `WorkflowId` A unique identifier for the workflow. *Required*: Yes *Type*: String *Pattern*: `^w-([a-z0-9]{17})$` *Minimum*: `19` *Maximum*: `19` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Server WorkflowDetails Container for the `WorkflowDetail` data type. It is used by actions that trigger a workflow to begin execution. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[OnPartialUpload](#cfn-transfer-server-workflowdetails-onpartialupload)" : [ WorkflowDetail, ... ], "[OnUpload](#cfn-transfer-server-workflowdetails-onupload)" : [ WorkflowDetail, ... ] } ``` ### YAML ``` [OnPartialUpload](#cfn-transfer-server-workflowdetails-onpartialupload): - WorkflowDetail [OnUpload](#cfn-transfer-server-workflowdetails-onupload): - WorkflowDetail ``` ## Properties `OnPartialUpload` A trigger that starts a workflow if a file is only partially uploaded. You can attach a workflow to a server that executes whenever there is a partial upload. A *partial upload* occurs when a file is open when the session disconnects. `OnPartialUpload` can contain a maximum of one `WorkflowDetail` object. *Required*: No *Type*: Array of [WorkflowDetail](aws-properties-transfer-server-workflowdetail.md) *Minimum*: `0` *Maximum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `OnUpload` A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. To remove an associated workflow from a server, you can provide an empty `OnUpload` object, as in the following example. `aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{"OnUpload":[]}'` `OnUpload` can contain a maximum of one `WorkflowDetail` object. *Required*: No *Type*: Array of [WorkflowDetail](aws-properties-transfer-server-workflowdetail.md) *Minimum*: `0` *Maximum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::User The `AWS::Transfer::User` resource creates a user and associates them with an existing server. You can only create and associate users with servers that have the `IdentityProviderType` set to `SERVICE_MANAGED` . Using parameters for `CreateUser` , you can specify the user name, set the home directory, store the user's public key, and assign the user's AWS Identity and Access Management (IAM) role. You can also optionally add a session policy, and assign metadata with tags that can be used to group and search for users. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Transfer::User", "Properties" : { "[HomeDirectory](#cfn-transfer-user-homedirectory)" : String, "[HomeDirectoryMappings](#cfn-transfer-user-homedirectorymappings)" : [ HomeDirectoryMapEntry, ... ], "[HomeDirectoryType](#cfn-transfer-user-homedirectorytype)" : String, "[Policy](#cfn-transfer-user-policy)" : String, "[PosixProfile](#cfn-transfer-user-posixprofile)" : PosixProfile, "[Role](#cfn-transfer-user-role)" : String, "[ServerId](#cfn-transfer-user-serverid)" : String, "[SshPublicKeys](#cfn-transfer-user-sshpublickeys)" : [ String, ... ], "[Tags](#cfn-transfer-user-tags)" : [ Tag, ... ], "[UserName](#cfn-transfer-user-username)" : String } } ``` ### YAML ``` Type: AWS::Transfer::User Properties: [HomeDirectory](#cfn-transfer-user-homedirectory): String [HomeDirectoryMappings](#cfn-transfer-user-homedirectorymappings): - HomeDirectoryMapEntry [HomeDirectoryType](#cfn-transfer-user-homedirectorytype): String [Policy](#cfn-transfer-user-policy): String [PosixProfile](#cfn-transfer-user-posixprofile): PosixProfile [Role](#cfn-transfer-user-role): String [ServerId](#cfn-transfer-user-serverid): String [SshPublicKeys](#cfn-transfer-user-sshpublickeys): - String [Tags](#cfn-transfer-user-tags): - Tag [UserName](#cfn-transfer-user-username): String ``` ## Properties `HomeDirectory` The landing directory (folder) for a user when they log in to the server using the client. A `HomeDirectory` example is `/bucket_name/home/mydirectory`. You can use the `HomeDirectory` parameter for `HomeDirectoryType` when it is set to either `PATH` or `LOGICAL`. *Required*: No *Type*: String *Pattern*: `^(|/.*)$` *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `HomeDirectoryMappings` Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the `Entry` and `Target` pair, where `Entry` shows how the path is made visible and `Target` is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your AWS Identity and Access Management (IAM) role provides access to paths in `Target`. This value can be set only when `HomeDirectoryType` is set to *LOGICAL*. The following is an `Entry` and `Target` pair example. `[ { "Entry": "/directory1", "Target": "/bucket_name/home/mydirectory" } ]` In most cases, you can use this value instead of the session policy to lock your user down to the designated home directory ("`chroot`"). To do this, you can set `Entry` to `/` and set `Target` to the value the user should see for their home directory when they log in. The following is an `Entry` and `Target` pair example for `chroot`. `[ { "Entry": "/", "Target": "/bucket_name/home/mydirectory" } ]` *Required*: No *Type*: Array of [HomeDirectoryMapEntry](aws-properties-transfer-user-homedirectorymapentry.md) *Minimum*: `1` *Maximum*: `50000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `HomeDirectoryType` The type of landing directory (folder) that you want your users' home directory to be when they log in to the server. If you set it to `PATH`, the user will see the absolute Amazon S3 bucket or Amazon EFS path as is in their file transfer protocol clients. If you set it to `LOGICAL`, you need to provide mappings in the `HomeDirectoryMappings` for how you want to make Amazon S3 or Amazon EFS paths visible to your users. If `HomeDirectoryType` is `LOGICAL`, you must provide mappings, using the `HomeDirectoryMappings` parameter. If, on the other hand, `HomeDirectoryType` is `PATH`, you provide an absolute path using the `HomeDirectory` parameter. You cannot have both `HomeDirectory` and `HomeDirectoryMappings` in your template. *Required*: No *Type*: String *Allowed values*: `PATH | LOGICAL` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Policy` A session policy for your user so you can use the same IAM role across multiple users. This policy restricts user access to portions of their Amazon S3 bucket. Variables that you can use inside this policy include `${Transfer:UserName}` , `${Transfer:HomeDirectory}` , and `${Transfer:HomeBucket}` . For session policies, AWS Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the `Policy` argument. For an example of a session policy, see [Example session policy](https://docs.aws.amazon.com/transfer/latest/userguide/session-policy.html) . For more information, see [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) in the *AWS Security Token Service API Reference * . *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PosixProfile` Specifies the full POSIX identity, including user ID (`Uid`), group ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that controls your users' access to your Amazon Elastic File System (Amazon EFS) file systems. The POSIX permissions that are set on files and directories in your file system determine the level of access your users get when transferring files into and out of your Amazon EFS file systems. *Required*: No *Type*: [PosixProfile](aws-properties-transfer-user-posixprofile.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Role` The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that controls your users' access to your Amazon S3 bucket or Amazon EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests. *Required*: Yes *Type*: String *Pattern*: `^arn:.*role/\S+$` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ServerId` A system-assigned unique identifier for a server instance. This is the specific server that you added your user to. *Required*: Yes *Type*: String *Pattern*: `^s-([0-9a-f]{17})$` *Minimum*: `19` *Maximum*: `19` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SshPublicKeys` Specifies the public key portion of the Secure Shell (SSH) keys stored for the described user. To delete the public key body, set its value to zero keys, as shown here: `SshPublicKeys: []` *Required*: No *Type*: Array of String *Minimum*: `0` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Key-value pairs that can be used to group and search for users. Tags are metadata attached to users for any purpose. *Required*: No *Type*: Array of [Tag](aws-properties-transfer-user-tag.md) *Minimum*: `1` *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UserName` A unique string that identifies a user and is associated with a `ServerId`. This user name must be a minimum of 3 and a maximum of 100 characters long. The following are valid characters: a-z, A-Z, 0-9, underscore '\$1', hyphen '-', period '.', and at sign '@'. The user name can't start with a hyphen, period, or at sign. *Required*: Yes *Type*: String *Pattern*: `^[\w][\w@.-]{2,99}$` *Minimum*: `3` *Maximum*: `100` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the username, such as `transfer_user` . For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name associated with the user, in the form ` arn:aws:transfer:region: account-id :user/ server-id / username` . An example of a user ARN is: `arn:aws:transfer:us-east-1:123456789012:user/user1` . `ServerId` The ID of the server to which the user is attached. An example `ServerId` is `s-01234567890abcdef` . `UserName` A unique string that identifies a Transfer Family user account associated with a server. An example `UserName` is `transfer-user-1` . # AWS::Transfer::User HomeDirectoryMapEntry Represents an object that contains entries and targets for `HomeDirectoryMappings` . ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Entry](#cfn-transfer-user-homedirectorymapentry-entry)" : String, "[Target](#cfn-transfer-user-homedirectorymapentry-target)" : String, "[Type](#cfn-transfer-user-homedirectorymapentry-type)" : String } ``` ### YAML ``` [Entry](#cfn-transfer-user-homedirectorymapentry-entry): String [Target](#cfn-transfer-user-homedirectorymapentry-target): String [Type](#cfn-transfer-user-homedirectorymapentry-type): String ``` ## Properties `Entry` Represents an entry for `HomeDirectoryMappings`. *Required*: Yes *Type*: String *Pattern*: `^/.*$` *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Target` Represents the map target that is used in a `HomeDirectoryMapEntry`. *Required*: Yes *Type*: String *Pattern*: `^/.*$` *Minimum*: `0` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` Specifies the type of mapping. Set the type to `FILE` if you want the mapping to point to a file, or `DIRECTORY` for the directory to point to a directory. By default, home directory mappings have a `Type` of `DIRECTORY` when you create a Transfer Family server. You would need to explicitly set `Type` to `FILE` if you want a mapping to have a file target. *Required*: No *Type*: String *Allowed values*: `FILE | DIRECTORY` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::User PosixProfile The full POSIX identity, including user ID (`Uid`), group ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that controls your users' access to your Amazon EFS file systems. The POSIX permissions that are set on files and directories in your file system determine the level of access your users get when transferring files into and out of your Amazon EFS file systems. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Gid](#cfn-transfer-user-posixprofile-gid)" : Number, "[SecondaryGids](#cfn-transfer-user-posixprofile-secondarygids)" : [ Number, ... ], "[Uid](#cfn-transfer-user-posixprofile-uid)" : Number } ``` ### YAML ``` [Gid](#cfn-transfer-user-posixprofile-gid): Number [SecondaryGids](#cfn-transfer-user-posixprofile-secondarygids): - Number [Uid](#cfn-transfer-user-posixprofile-uid): Number ``` ## Properties `Gid` The POSIX group ID used for all EFS operations by this user. *Required*: Yes *Type*: Number *Minimum*: `0` *Maximum*: `4294967295` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SecondaryGids` The secondary POSIX group IDs used for all EFS operations by this user. *Required*: No *Type*: Array of Number *Minimum*: `0 | 0` *Maximum*: `16 | 4294967295` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Uid` The POSIX user ID used for all EFS operations by this user. *Required*: Yes *Type*: Number *Minimum*: `0` *Maximum*: `4294967295` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::User Tag Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called `Group` and assign the values `Research` and `Accounting` to that group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-transfer-user-tag-key)" : String, "[Value](#cfn-transfer-user-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-transfer-user-tag-key): String [Value](#cfn-transfer-user-tag-value): String ``` ## Properties `Key` The name assigned to the tag that you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Contains one or more values that you assigned to the key name you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::WebApp Creates a web app based on specified parameters, and returns the ID for the new web app. You can configure the web app to be publicly accessible or hosted within a VPC. For more information about using VPC endpoints with AWS Transfer Family, see [Create a Transfer Family web app in a VPC](https://docs.aws.amazon.com/transfer/latest/userguide/create-webapp-in-vpc.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Transfer::WebApp", "Properties" : { "[AccessEndpoint](#cfn-transfer-webapp-accessendpoint)" : String, "[EndpointDetails](#cfn-transfer-webapp-endpointdetails)" : EndpointDetails, "[IdentityProviderDetails](#cfn-transfer-webapp-identityproviderdetails)" : IdentityProviderDetails, "[Tags](#cfn-transfer-webapp-tags)" : [ Tag, ... ], "[WebAppCustomization](#cfn-transfer-webapp-webappcustomization)" : WebAppCustomization, "[WebAppEndpointPolicy](#cfn-transfer-webapp-webappendpointpolicy)" : String, "[WebAppUnits](#cfn-transfer-webapp-webappunits)" : WebAppUnits } } ``` ### YAML ``` Type: AWS::Transfer::WebApp Properties: [AccessEndpoint](#cfn-transfer-webapp-accessendpoint): String [EndpointDetails](#cfn-transfer-webapp-endpointdetails): EndpointDetails [IdentityProviderDetails](#cfn-transfer-webapp-identityproviderdetails): IdentityProviderDetails [Tags](#cfn-transfer-webapp-tags): - Tag [WebAppCustomization](#cfn-transfer-webapp-webappcustomization): WebAppCustomization [WebAppEndpointPolicy](#cfn-transfer-webapp-webappendpointpolicy): String [WebAppUnits](#cfn-transfer-webapp-webappunits): WebAppUnits ``` ## Properties `AccessEndpoint` The `AccessEndpoint` is the URL that you provide to your users for them to interact with the Transfer Family web app. You can specify a custom URL or use the default value. Before you enter a custom URL for this parameter, follow the steps described in [Update your access endpoint with a custom URL](https://docs.aws.amazon.com//transfer/latest/userguide/webapp-customize.html). *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EndpointDetails` The virtual private cloud (VPC) endpoint settings that are configured for your file transfer protocol-enabled server. With a VPC endpoint, you can restrict access to your server and resources only within your VPC. To control incoming internet traffic, invoke the `UpdateServer` API and attach an Elastic IP address to your server's endpoint. After May 19, 2021, you won't be able to create a server using `EndpointType=VPC_ENDPOINT` in your AWS account if your account hasn't already done so before May 19, 2021. If you have already created servers with `EndpointType=VPC_ENDPOINT` in your AWS account on or before May 19, 2021, you will not be affected. After this date, use `EndpointType`=`VPC`. For more information, see [Discontinuing the use of VPC\$1ENDPOINT](https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint). It is recommended that you use `VPC` as the `EndpointType`. With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with `EndpointType` set to `VPC_ENDPOINT`. *Required*: No *Type*: [EndpointDetails](aws-properties-transfer-webapp-endpointdetails.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IdentityProviderDetails` You can provide a structure that contains the details for the identity provider to use with your web app. For more details about this parameter, see [Configure your identity provider for Transfer Family web apps](https://docs.aws.amazon.com//transfer/latest/userguide/webapp-identity-center.html). *Required*: Yes *Type*: [IdentityProviderDetails](aws-properties-transfer-webapp-identityproviderdetails.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Key-value pairs that can be used to group and search for web apps. Tags are metadata attached to web apps for any purpose. *Required*: No *Type*: Array of [Tag](aws-properties-transfer-webapp-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `WebAppCustomization` A structure that contains the customization fields for the web app. You can provide a title, logo, and icon to customize the appearance of your web app. *Required*: No *Type*: [WebAppCustomization](aws-properties-transfer-webapp-webappcustomization.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `WebAppEndpointPolicy` Setting for the type of endpoint policy for the web app. The default value is `STANDARD`. If your web app was created in an AWS GovCloud (US) Region, the value of this parameter can be `FIPS`, which indicates the web app endpoint is FIPS-compliant. *Required*: No *Type*: String *Allowed values*: `STANDARD | FIPS` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `WebAppUnits` A union that contains the value for number of concurrent connections or the user sessions on your web app. *Required*: No *Type*: [WebAppUnits](aws-properties-transfer-webapp-webappunits.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the web app ARN, such as `arn:aws:transfer:us-east-2:123456789012:webapp/webapp-01234567890abcdef` . For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt #### `Arn` The Amazon Resource Name (ARN) of the web app. `IdentityProviderDetails.ApplicationArn` Property description not available. `VpcEndpointId` The identifier of the VPC endpoint created for the web app. `WebAppId` The unique identifier for the web app. # AWS::Transfer::WebApp EndpointDetails The virtual private cloud (VPC) endpoint settings that are configured for your file transfer protocol-enabled server. With a VPC endpoint, you can restrict access to your server and resources only within your VPC. To control incoming internet traffic, invoke the `UpdateServer` API and attach an Elastic IP address to your server's endpoint. **Note** After May 19, 2021, you won't be able to create a server using `EndpointType=VPC_ENDPOINT` in your AWS account if your account hasn't already done so before May 19, 2021. If you have already created servers with `EndpointType=VPC_ENDPOINT` in your AWS account on or before May 19, 2021, you will not be affected. After this date, use `EndpointType`=`VPC`. For more information, see [Discontinuing the use of VPC\$1ENDPOINT](https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint). It is recommended that you use `VPC` as the `EndpointType`. With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with `EndpointType` set to `VPC_ENDPOINT`. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Vpc](#cfn-transfer-webapp-endpointdetails-vpc)" : Vpc } ``` ### YAML ``` [Vpc](#cfn-transfer-webapp-endpointdetails-vpc): Vpc ``` ## Properties `Vpc` Property description not available. *Required*: No *Type*: [Vpc](aws-properties-transfer-webapp-vpc.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::WebApp IdentityProviderDetails A structure that describes the values to use for the IAM Identity Center settings when you create or update a web app. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ApplicationArn](#cfn-transfer-webapp-identityproviderdetails-applicationarn)" : String, "[InstanceArn](#cfn-transfer-webapp-identityproviderdetails-instancearn)" : String, "[Role](#cfn-transfer-webapp-identityproviderdetails-role)" : String } ``` ### YAML ``` [ApplicationArn](#cfn-transfer-webapp-identityproviderdetails-applicationarn): String [InstanceArn](#cfn-transfer-webapp-identityproviderdetails-instancearn): String [Role](#cfn-transfer-webapp-identityproviderdetails-role): String ``` ## Properties `ApplicationArn` The Amazon Resource Name (ARN) for the IAM Identity Center application: this value is set automatically when you create your web app. *Required*: No *Type*: String *Pattern*: `^arn:[\w-]+:sso::\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}$` *Minimum*: `10` *Maximum*: `1224` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InstanceArn` The Amazon Resource Name (ARN) for the IAM Identity Center used for the web app. *Required*: No *Type*: String *Pattern*: `^arn:[\w-]+:sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$` *Minimum*: `10` *Maximum*: `1224` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Role` The IAM role in IAM Identity Center used for the web app. *Required*: No *Type*: String *Pattern*: `^arn:[a-z-]+:iam::[0-9]{12}:role[:/]\S+$` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::WebApp Tag Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called `Group` and assign the values `Research` and `Accounting` to that group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-transfer-webapp-tag-key)" : String, "[Value](#cfn-transfer-webapp-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-transfer-webapp-tag-key): String [Value](#cfn-transfer-webapp-tag-value): String ``` ## Properties `Key` The name assigned to the tag that you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Contains one or more values that you assigned to the key name you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::WebApp Vpc The `Vpc` property type specifies Property description not available. for an [AWS::Transfer::WebApp](aws-resource-transfer-webapp.md). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[SecurityGroupIds](#cfn-transfer-webapp-vpc-securitygroupids)" : [ String, ... ], "[SubnetIds](#cfn-transfer-webapp-vpc-subnetids)" : [ String, ... ], "[VpcId](#cfn-transfer-webapp-vpc-vpcid)" : String } ``` ### YAML ``` [SecurityGroupIds](#cfn-transfer-webapp-vpc-securitygroupids): - String [SubnetIds](#cfn-transfer-webapp-vpc-subnetids): - String [VpcId](#cfn-transfer-webapp-vpc-vpcid): String ``` ## Properties `SecurityGroupIds` Property description not available. *Required*: No *Type*: Array of String *Minimum*: `11` *Maximum*: `20 | 10` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SubnetIds` Property description not available. *Required*: No *Type*: Array of String *Minimum*: `15` *Maximum*: `24 | 10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VpcId` Property description not available. *Required*: No *Type*: String *Pattern*: `^vpc-[0-9a-f]{8,17}$` *Minimum*: `12` *Maximum*: `21` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::WebApp WebAppCustomization A structure that contains the customization fields for the web app. You can provide a title, logo, and icon to customize the appearance of your web app. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[FaviconFile](#cfn-transfer-webapp-webappcustomization-faviconfile)" : String, "[LogoFile](#cfn-transfer-webapp-webappcustomization-logofile)" : String, "[Title](#cfn-transfer-webapp-webappcustomization-title)" : String } ``` ### YAML ``` [FaviconFile](#cfn-transfer-webapp-webappcustomization-faviconfile): String [LogoFile](#cfn-transfer-webapp-webappcustomization-logofile): String [Title](#cfn-transfer-webapp-webappcustomization-title): String ``` ## Properties `FaviconFile` Returns an icon file data string (in base64 encoding). *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `20960` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LogoFile` Returns a logo file data string (in base64 encoding). *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `51200` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Title` Returns the page title that you defined for your web app. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `100` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::WebApp WebAppUnits Contains an integer value that represents the value for number of concurrent connections or the user sessions on your web app. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Provisioned](#cfn-transfer-webapp-webappunits-provisioned)" : Integer } ``` ### YAML ``` [Provisioned](#cfn-transfer-webapp-webappunits-provisioned): Integer ``` ## Properties `Provisioned` An integer that represents the number of units for your desired number of concurrent connections, or the number of user sessions on your web app at the same time. Each increment allows an additional 250 concurrent sessions: a value of `1` sets the number of concurrent sessions to 250; `2` sets a value of 500, and so on. *Required*: Yes *Type*: Integer *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Workflow Allows you to create a workflow with specified steps and step details the workflow invokes after file transfer completes. After creating a workflow, you can associate the workflow created with any transfer servers by specifying the `workflow-details` field in `CreateServer` and `UpdateServer` operations. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Transfer::Workflow", "Properties" : { "[Description](#cfn-transfer-workflow-description)" : String, "[OnExceptionSteps](#cfn-transfer-workflow-onexceptionsteps)" : [ WorkflowStep, ... ], "[Steps](#cfn-transfer-workflow-steps)" : [ WorkflowStep, ... ], "[Tags](#cfn-transfer-workflow-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::Transfer::Workflow Properties: [Description](#cfn-transfer-workflow-description): String [OnExceptionSteps](#cfn-transfer-workflow-onexceptionsteps): - WorkflowStep [Steps](#cfn-transfer-workflow-steps): - WorkflowStep [Tags](#cfn-transfer-workflow-tags): - Tag ``` ## Properties `Description` Specifies the text description for the workflow. *Required*: No *Type*: String *Pattern*: `^[\w\- ]*$` *Minimum*: `0` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `OnExceptionSteps` Specifies the steps (actions) to take if errors are encountered during execution of the workflow. *Required*: No *Type*: Array of [WorkflowStep](aws-properties-transfer-workflow-workflowstep.md) *Maximum*: `8` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Steps` Specifies the details for the steps that are in the specified workflow. *Required*: Yes *Type*: Array of [WorkflowStep](aws-properties-transfer-workflow-workflowstep.md) *Maximum*: `8` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Key-value pairs that can be used to group and search for workflows. Tags are metadata attached to workflows for any purpose. *Required*: No *Type*: Array of [Tag](aws-properties-transfer-workflow-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `WorkflowId` A unique identifier for a workflow. # AWS::Transfer::Workflow CopyStepDetails Details for a step that performs a file copy. Consists of the following values: + A description + An Amazon S3 location for the destination of the file copy. + A flag that indicates whether to overwrite an existing file of the same name. The default is `FALSE`. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DestinationFileLocation](#cfn-transfer-workflow-copystepdetails-destinationfilelocation)" : S3FileLocation, "[Name](#cfn-transfer-workflow-copystepdetails-name)" : String, "[OverwriteExisting](#cfn-transfer-workflow-copystepdetails-overwriteexisting)" : String, "[SourceFileLocation](#cfn-transfer-workflow-copystepdetails-sourcefilelocation)" : String } ``` ### YAML ``` [DestinationFileLocation](#cfn-transfer-workflow-copystepdetails-destinationfilelocation): S3FileLocation [Name](#cfn-transfer-workflow-copystepdetails-name): String [OverwriteExisting](#cfn-transfer-workflow-copystepdetails-overwriteexisting): String [SourceFileLocation](#cfn-transfer-workflow-copystepdetails-sourcefilelocation): String ``` ## Properties `DestinationFileLocation` Specifies the location for the file being copied. Use `${Transfer:UserName}` or `${Transfer:UploadDate}` in this field to parametrize the destination prefix by username or uploaded date. + Set the value of `DestinationFileLocation` to `${Transfer:UserName}` to copy uploaded files to an Amazon S3 bucket that is prefixed with the name of the Transfer Family user that uploaded the file. + Set the value of `DestinationFileLocation` to `${Transfer:UploadDate}` to copy uploaded files to an Amazon S3 bucket that is prefixed with the date of the upload. **Note** The system resolves `UploadDate` to a date format of *YYYY-MM-DD*, based on the date the file is uploaded in UTC. *Required*: No *Type*: [S3FileLocation](aws-properties-transfer-workflow-s3filelocation.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Name` The name of the step, used as an identifier. *Required*: No *Type*: String *Pattern*: `^[\w-]*$` *Minimum*: `0` *Maximum*: `30` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `OverwriteExisting` A flag that indicates whether to overwrite an existing file of the same name. The default is `FALSE`. If the workflow is processing a file that has the same name as an existing file, the behavior is as follows: + If `OverwriteExisting` is `TRUE`, the existing file is replaced with the file being processed. + If `OverwriteExisting` is `FALSE`, nothing happens, and the workflow processing stops. *Required*: No *Type*: String *Allowed values*: `TRUE | FALSE` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SourceFileLocation` Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. + To use the previous file as the input, enter `${previous.file}`. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. + To use the originally uploaded file location as input for this step, enter `${original.file}`. *Required*: No *Type*: String *Pattern*: `^\$\{(\w+.)+\w+\}$` *Minimum*: `0` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow CustomStepDetails Details for a step that invokes an AWS Lambda function. Consists of the Lambda function's name, target, and timeout (in seconds). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Name](#cfn-transfer-workflow-customstepdetails-name)" : String, "[SourceFileLocation](#cfn-transfer-workflow-customstepdetails-sourcefilelocation)" : String, "[Target](#cfn-transfer-workflow-customstepdetails-target)" : String, "[TimeoutSeconds](#cfn-transfer-workflow-customstepdetails-timeoutseconds)" : Integer } ``` ### YAML ``` [Name](#cfn-transfer-workflow-customstepdetails-name): String [SourceFileLocation](#cfn-transfer-workflow-customstepdetails-sourcefilelocation): String [Target](#cfn-transfer-workflow-customstepdetails-target): String [TimeoutSeconds](#cfn-transfer-workflow-customstepdetails-timeoutseconds): Integer ``` ## Properties `Name` The name of the step, used as an identifier. *Required*: No *Type*: String *Pattern*: `^[\w-]*$` *Minimum*: `0` *Maximum*: `30` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SourceFileLocation` Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. + To use the previous file as the input, enter `${previous.file}`. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. + To use the originally uploaded file location as input for this step, enter `${original.file}`. *Required*: No *Type*: String *Pattern*: `^\$\{(\w+.)+\w+\}$` *Minimum*: `0` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Target` The ARN for the Lambda function that is being called. *Required*: No *Type*: String *Pattern*: `arn:[a-z-]+:lambda:.*$` *Minimum*: `0` *Maximum*: `170` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `TimeoutSeconds` Timeout, in seconds, for the step. *Required*: No *Type*: Integer *Minimum*: `1` *Maximum*: `1800` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow DecryptStepDetails Details for a step that decrypts an encrypted file. Consists of the following values: + A descriptive name + An Amazon S3 or Amazon Elastic File System (Amazon EFS) location for the source file to decrypt. + An S3 or Amazon EFS location for the destination of the file decryption. + A flag that indicates whether to overwrite an existing file of the same name. The default is `FALSE`. + The type of encryption that's used. Currently, only PGP encryption is supported. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DestinationFileLocation](#cfn-transfer-workflow-decryptstepdetails-destinationfilelocation)" : InputFileLocation, "[Name](#cfn-transfer-workflow-decryptstepdetails-name)" : String, "[OverwriteExisting](#cfn-transfer-workflow-decryptstepdetails-overwriteexisting)" : String, "[SourceFileLocation](#cfn-transfer-workflow-decryptstepdetails-sourcefilelocation)" : String, "[Type](#cfn-transfer-workflow-decryptstepdetails-type)" : String } ``` ### YAML ``` [DestinationFileLocation](#cfn-transfer-workflow-decryptstepdetails-destinationfilelocation): InputFileLocation [Name](#cfn-transfer-workflow-decryptstepdetails-name): String [OverwriteExisting](#cfn-transfer-workflow-decryptstepdetails-overwriteexisting): String [SourceFileLocation](#cfn-transfer-workflow-decryptstepdetails-sourcefilelocation): String [Type](#cfn-transfer-workflow-decryptstepdetails-type): String ``` ## Properties `DestinationFileLocation` Specifies the location for the file being decrypted. Use `${Transfer:UserName}` or `${Transfer:UploadDate}` in this field to parametrize the destination prefix by username or uploaded date. + Set the value of `DestinationFileLocation` to `${Transfer:UserName}` to decrypt uploaded files to an Amazon S3 bucket that is prefixed with the name of the Transfer Family user that uploaded the file. + Set the value of `DestinationFileLocation` to `${Transfer:UploadDate}` to decrypt uploaded files to an Amazon S3 bucket that is prefixed with the date of the upload. **Note** The system resolves `UploadDate` to a date format of *YYYY-MM-DD*, based on the date the file is uploaded in UTC. *Required*: Yes *Type*: [InputFileLocation](aws-properties-transfer-workflow-inputfilelocation.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Name` The name of the step, used as an identifier. *Required*: No *Type*: String *Pattern*: `^[\w-]*$` *Minimum*: `0` *Maximum*: `30` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `OverwriteExisting` A flag that indicates whether to overwrite an existing file of the same name. The default is `FALSE`. If the workflow is processing a file that has the same name as an existing file, the behavior is as follows: + If `OverwriteExisting` is `TRUE`, the existing file is replaced with the file being processed. + If `OverwriteExisting` is `FALSE`, nothing happens, and the workflow processing stops. *Required*: No *Type*: String *Allowed values*: `TRUE | FALSE` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SourceFileLocation` Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. + To use the previous file as the input, enter `${previous.file}`. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. + To use the originally uploaded file location as input for this step, enter `${original.file}`. *Required*: No *Type*: String *Pattern*: `^\$\{(\w+.)+\w+\}$` *Minimum*: `0` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Type` The type of encryption used. Currently, this value must be `PGP`. *Required*: Yes *Type*: String *Allowed values*: `PGP` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow DeleteStepDetails An object that contains the name and file location for a file being deleted by a workflow. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Name](#cfn-transfer-workflow-deletestepdetails-name)" : String, "[SourceFileLocation](#cfn-transfer-workflow-deletestepdetails-sourcefilelocation)" : String } ``` ### YAML ``` [Name](#cfn-transfer-workflow-deletestepdetails-name): String [SourceFileLocation](#cfn-transfer-workflow-deletestepdetails-sourcefilelocation): String ``` ## Properties `Name` The name of the step, used as an identifier. *Required*: No *Type*: String *Pattern*: `^[\w-]*$` *Minimum*: `0` *Maximum*: `30` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SourceFileLocation` Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. + To use the previous file as the input, enter `${previous.file}`. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. + To use the originally uploaded file location as input for this step, enter `${original.file}`. *Required*: No *Type*: String *Pattern*: `^\$\{(\w+.)+\w+\}$` *Minimum*: `0` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow EfsInputFileLocation Specifies the Amazon EFS identifier and the path for the file being used. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[FileSystemId](#cfn-transfer-workflow-efsinputfilelocation-filesystemid)" : String, "[Path](#cfn-transfer-workflow-efsinputfilelocation-path)" : String } ``` ### YAML ``` [FileSystemId](#cfn-transfer-workflow-efsinputfilelocation-filesystemid): String [Path](#cfn-transfer-workflow-efsinputfilelocation-path): String ``` ## Properties `FileSystemId` The identifier of the file system, assigned by Amazon EFS. *Required*: No *Type*: String *Pattern*: `^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:(access-point/fsap|file-system/fs)-[0-9a-f]{8,40}|fs(ap)?-[0-9a-f]{8,40})$` *Minimum*: `0` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Path` The pathname for the folder being used by a workflow. *Required*: No *Type*: String *Pattern*: `^[^\x00]+$` *Minimum*: `1` *Maximum*: `65536` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow InputFileLocation Specifies the location for the file that's being processed. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EfsFileLocation](#cfn-transfer-workflow-inputfilelocation-efsfilelocation)" : EfsInputFileLocation, "[S3FileLocation](#cfn-transfer-workflow-inputfilelocation-s3filelocation)" : S3InputFileLocation } ``` ### YAML ``` [EfsFileLocation](#cfn-transfer-workflow-inputfilelocation-efsfilelocation): EfsInputFileLocation [S3FileLocation](#cfn-transfer-workflow-inputfilelocation-s3filelocation): S3InputFileLocation ``` ## Properties `EfsFileLocation` Specifies the details for the Amazon Elastic File System (Amazon EFS) file that's being decrypted. *Required*: No *Type*: [EfsInputFileLocation](aws-properties-transfer-workflow-efsinputfilelocation.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `S3FileLocation` Specifies the details for the Amazon S3 file that's being copied or decrypted. *Required*: No *Type*: [S3InputFileLocation](aws-properties-transfer-workflow-s3inputfilelocation.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow S3FileLocation Specifies the S3 details for the file being used, such as bucket, ETag, and so forth. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[S3FileLocation](#cfn-transfer-workflow-s3filelocation-s3filelocation)" : S3InputFileLocation } ``` ### YAML ``` [S3FileLocation](#cfn-transfer-workflow-s3filelocation-s3filelocation): S3InputFileLocation ``` ## Properties `S3FileLocation` Specifies the details for the file location for the file that's being used in the workflow. Only applicable if you are using Amazon S3 storage. *Required*: No *Type*: [S3InputFileLocation](aws-properties-transfer-workflow-s3inputfilelocation.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow S3InputFileLocation Specifies the details for the Amazon S3 location for an input file to a workflow. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Bucket](#cfn-transfer-workflow-s3inputfilelocation-bucket)" : String, "[Key](#cfn-transfer-workflow-s3inputfilelocation-key)" : String } ``` ### YAML ``` [Bucket](#cfn-transfer-workflow-s3inputfilelocation-bucket): String [Key](#cfn-transfer-workflow-s3inputfilelocation-key): String ``` ## Properties `Bucket` Specifies the S3 bucket for the customer input file. *Required*: No *Type*: String *Pattern*: `^[a-z0-9][\.\-a-z0-9]{1,61}[a-z0-9]$` *Minimum*: `3` *Maximum*: `63` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Key` The name assigned to the file when it was created in Amazon S3. You use the object key to retrieve the object. *Required*: No *Type*: String *Pattern*: `.*` *Minimum*: `0` *Maximum*: `1024` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow S3Tag Specifies the key-value pair that are assigned to a file during the execution of a Tagging step. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-transfer-workflow-s3tag-key)" : String, "[Value](#cfn-transfer-workflow-s3tag-value)" : String } ``` ### YAML ``` [Key](#cfn-transfer-workflow-s3tag-key): String [Value](#cfn-transfer-workflow-s3tag-value): String ``` ## Properties `Key` The name assigned to the tag that you create. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Value` The value that corresponds to the key. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow Tag Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called `Group` and assign the values `Research` and `Accounting` to that group. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-transfer-workflow-tag-key)" : String, "[Value](#cfn-transfer-workflow-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-transfer-workflow-tag-key): String [Value](#cfn-transfer-workflow-tag-value): String ``` ## Properties `Key` The name assigned to the tag that you create. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Contains one or more values that you assigned to the key name you create. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Transfer::Workflow TagStepDetails Details for a step that creates one or more tags. You specify one or more tags. Each tag contains a key-value pair. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Name](#cfn-transfer-workflow-tagstepdetails-name)" : String, "[SourceFileLocation](#cfn-transfer-workflow-tagstepdetails-sourcefilelocation)" : String, "[Tags](#cfn-transfer-workflow-tagstepdetails-tags)" : [ S3Tag, ... ] } ``` ### YAML ``` [Name](#cfn-transfer-workflow-tagstepdetails-name): String [SourceFileLocation](#cfn-transfer-workflow-tagstepdetails-sourcefilelocation): String [Tags](#cfn-transfer-workflow-tagstepdetails-tags): - S3Tag ``` ## Properties `Name` The name of the step, used as an identifier. *Required*: No *Type*: String *Pattern*: `^[\w-]*$` *Minimum*: `0` *Maximum*: `30` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SourceFileLocation` Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. + To use the previous file as the input, enter `${previous.file}`. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. + To use the originally uploaded file location as input for this step, enter `${original.file}`. *Required*: No *Type*: String *Pattern*: `^\$\{(\w+.)+\w+\}$` *Minimum*: `0` *Maximum*: `256` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Array that contains from 1 to 10 key/value pairs. *Required*: No *Type*: Array of [S3Tag](aws-properties-transfer-workflow-s3tag.md) *Maximum*: `10` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) # AWS::Transfer::Workflow WorkflowStep The basic building block of a workflow. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CopyStepDetails](#cfn-transfer-workflow-workflowstep-copystepdetails)" : CopyStepDetails, "[CustomStepDetails](#cfn-transfer-workflow-workflowstep-customstepdetails)" : CustomStepDetails, "[DecryptStepDetails](#cfn-transfer-workflow-workflowstep-decryptstepdetails)" : DecryptStepDetails, "[DeleteStepDetails](#cfn-transfer-workflow-workflowstep-deletestepdetails)" : DeleteStepDetails, "[TagStepDetails](#cfn-transfer-workflow-workflowstep-tagstepdetails)" : TagStepDetails, "[Type](#cfn-transfer-workflow-workflowstep-type)" : String } ``` ### YAML ``` [CopyStepDetails](#cfn-transfer-workflow-workflowstep-copystepdetails): CopyStepDetails [CustomStepDetails](#cfn-transfer-workflow-workflowstep-customstepdetails): CustomStepDetails [DecryptStepDetails](#cfn-transfer-workflow-workflowstep-decryptstepdetails): DecryptStepDetails [DeleteStepDetails](#cfn-transfer-workflow-workflowstep-deletestepdetails): DeleteStepDetails [TagStepDetails](#cfn-transfer-workflow-workflowstep-tagstepdetails): TagStepDetails [Type](#cfn-transfer-workflow-workflowstep-type): String ``` ## Properties `CopyStepDetails` Details for a step that performs a file copy. Consists of the following values: + A description + An Amazon S3 location for the destination of the file copy. + A flag that indicates whether to overwrite an existing file of the same name. The default is `FALSE`. *Required*: No *Type*: [CopyStepDetails](aws-properties-transfer-workflow-copystepdetails.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CustomStepDetails` Details for a step that invokes an AWS Lambda function. Consists of the Lambda function's name, target, and timeout (in seconds). *Required*: No *Type*: [CustomStepDetails](aws-properties-transfer-workflow-customstepdetails.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DecryptStepDetails` Details for a step that decrypts an encrypted file. Consists of the following values: + A descriptive name + An Amazon S3 or Amazon Elastic File System (Amazon EFS) location for the source file to decrypt. + An S3 or Amazon EFS location for the destination of the file decryption. + A flag that indicates whether to overwrite an existing file of the same name. The default is `FALSE`. + The type of encryption that's used. Currently, only PGP encryption is supported. *Required*: No *Type*: [DecryptStepDetails](aws-properties-transfer-workflow-decryptstepdetails.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DeleteStepDetails` Details for a step that deletes the file. *Required*: No *Type*: [DeleteStepDetails](aws-properties-transfer-workflow-deletestepdetails.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `TagStepDetails` Details for a step that creates one or more tags. You specify one or more tags. Each tag contains a key-value pair. *Required*: No *Type*: [TagStepDetails](aws-properties-transfer-workflow-tagstepdetails.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Type` Currently, the following step types are supported. + ** `COPY` ** - Copy the file to another location. + ** `CUSTOM` ** - Perform a custom step with an AWS Lambda function target. + ** `DECRYPT` ** - Decrypt a file that was encrypted before it was uploaded. + ** `DELETE` ** - Delete the file. + ** `TAG` ** - Add a tag to the file. *Required*: No *Type*: String *Allowed values*: `COPY | CUSTOM | DECRYPT | DELETE | TAG` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)