Resource: aws_transfer_server

Provides a AWS Transfer Server resource.

Example Usage

Basic

resource "aws_transfer_server" "example" {
  tags = {
    Name = "Example"
  }
}

Security Policy Name

resource "aws_transfer_server" "example" {
  security_policy_name = "TransferSecurityPolicy-2020-06"
}

VPC Endpoint

resource "aws_transfer_server" "example" {
  endpoint_type = "VPC"

  endpoint_details {
    address_allocation_ids = [aws_eip.example.id]
    subnet_ids             = [aws_subnet.example.id]
    vpc_id                 = aws_vpc.example.id
  }
}

AWS Directory authentication

resource "aws_transfer_server" "example" {
  identity_provider_type = "AWS_DIRECTORY_SERVICE"
  directory_id           = aws_directory_service_directory.example.id
}

AWS Lambda authentication

resource "aws_transfer_server" "example" {
  identity_provider_type = "AWS_LAMBDA"
  function               = aws_lambda_identity_provider.example.arn
}

Protocols

resource "aws_transfer_server" "example" {
  endpoint_type = "VPC"

  endpoint_details {
    subnet_ids = [aws_subnet.example.id]
    vpc_id     = aws_vpc.example.id
  }

  protocols   = ["FTP", "FTPS"]
  certificate = aws_acm_certificate.example.arn

  identity_provider_type = "API_GATEWAY"
  url                    = "${aws_api_gateway_deployment.example.invoke_url}${aws_api_gateway_resource.example.path}"
}

Using Structured Logging Destinations

resource "aws_cloudwatch_log_group" "transfer" {
  name_prefix = "transfer_test_"
}

data "aws_iam_policy_document" "transfer_assume_role" {
  statement {
    effect = "Allow"

    principals {
      type        = "Service"
      identifiers = ["transfer.amazonaws.com"]
    }

    actions = ["sts:AssumeRole"]
  }
}

resource "aws_iam_role" "iam_for_transfer" {
  name_prefix         = "iam_for_transfer_"
  assume_role_policy  = data.aws_iam_policy_document.transfer_assume_role.json
  managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"]
}

resource "aws_transfer_server" "transfer" {
  endpoint_type = "PUBLIC"
  logging_role  = aws_iam_role.iam_for_transfer.arn
  protocols     = ["SFTP"]
  structured_log_destinations = [
    "${aws_cloudwatch_log_group.transfer.arn}:*"
  ]
}

Argument Reference

This resource supports the following arguments:

endpoint_details block

The endpoint_details configuration block supports the following arguments:

protocol_details block

THe protocol_details configuration block supports the following arguments:

s3_storage_options block

The s3_storage_options configuration block supports the following arguments:

workflow_details block

The workflow_details configuration block supports the following arguments:

on_upload block

The on_upload configuration block supports the following arguments:

on_partial_upload block

The on_partial_upload configuration block supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import Transfer Servers using the server id. For example:

import {
  to = aws_transfer_server.example
  id = "s-12345678"
}

Using terraform import, import Transfer Servers using the server id. For example:

% terraform import aws_transfer_server.example s-12345678

Certain resource arguments, such as host_key, cannot be read via the API and imported into Terraform. Terraform will display a difference for these arguments the first run after import if declared in the Terraform configuration for an imported resource.