aws-cdk-lib

import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * Creates an agreement. * * An agreement is a bilateral trading partner agreement, or partnership, between an AWS Transfer Family server and an AS2 process. The agreement defines the file and message transfer relationship between the server and the AS2 process. To define an agreement, Transfer Family combines a server, local profile, partner profile, certificate, and other attributes. * * The partner is identified with the `PartnerProfileId` , and the AS2 process is identified with the `LocalProfileId` . * * @cloudformationResource AWS::Transfer::Agreement * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html */ export declare class CfnAgreement extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAgreement from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAgreement; /** * The unique identifier for the AS2 agreement, returned after the API call succeeds. * * @cloudformationAttribute AgreementId */ readonly attrAgreementId: string; /** * Specifies the unique Amazon Resource Name (ARN) for the agreement. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * Connectors are used to send files using either the AS2 or SFTP protocol. */ accessRole: string; /** * The landing directory (folder) for files that are transferred by using the AS2 protocol. */ baseDirectory: string; /** * The name or short description that's used to identify the agreement. */ description?: string; /** * A unique identifier for the AS2 local profile. */ localProfileId: string; /** * A unique identifier for the partner profile used in the agreement. */ partnerProfileId: string; /** * A system-assigned unique identifier for a server instance. */ serverId: string; /** * The current status of the agreement, either `ACTIVE` or `INACTIVE` . */ status?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Key-value pairs that can be used to group and search for agreements. */ tagsRaw?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAgreementProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnAgreement` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html */ export interface CfnAgreementProps { /** * Connectors are used to send files using either the AS2 or SFTP protocol. * * For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use. * * *For AS2 connectors* * * With AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` . * * If you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key. * * *For SFTP connectors* * * Make sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-accessrole */ readonly accessRole: string; /** * The landing directory (folder) for files that are transferred by using the AS2 protocol. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-basedirectory */ readonly baseDirectory: string; /** * The name or short description that's used to identify the agreement. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-description */ readonly description?: string; /** * A unique identifier for the AS2 local profile. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-localprofileid */ readonly localProfileId: string; /** * A unique identifier for the partner profile used in the agreement. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-partnerprofileid */ readonly partnerProfileId: string; /** * A system-assigned unique identifier for a server instance. * * This identifier indicates the specific server that the agreement uses. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-serverid */ readonly serverId: string; /** * The current status of the agreement, either `ACTIVE` or `INACTIVE` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-status */ readonly status?: string; /** * Key-value pairs that can be used to group and search for agreements. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles. * * @cloudformationResource AWS::Transfer::Certificate * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html */ export declare class CfnCertificate extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnCertificate from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCertificate; /** * The unique Amazon Resource Name (ARN) for the certificate. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles. * * @cloudformationAttribute CertificateId */ readonly attrCertificateId: string; /** * The final date that the certificate is valid. * * @cloudformationAttribute NotAfterDate */ readonly attrNotAfterDate: string; /** * The earliest date that the certificate is valid. * * @cloudformationAttribute NotBeforeDate */ readonly attrNotBeforeDate: string; /** * The serial number for the certificate. * * @cloudformationAttribute Serial */ readonly attrSerial: string; /** * The certificate can be either `ACTIVE` , `PENDING_ROTATION` , or `INACTIVE` . `PENDING_ROTATION` means that this certificate will replace the current certificate when it expires. * * @cloudformationAttribute Status */ readonly attrStatus: string; /** * If a private key has been specified for the certificate, its type is `CERTIFICATE_WITH_PRIVATE_KEY` . If there is no private key, the type is `CERTIFICATE` . * * @cloudformationAttribute Type */ readonly attrType: string; /** * An optional date that specifies when the certificate becomes active. */ activeDate?: string; /** * The file name for the certificate. */ certificate: string; /** * The list of certificates that make up the chain for the certificate. */ certificateChain?: string; /** * The name or description that's used to identity the certificate. */ description?: string; /** * An optional date that specifies when the certificate becomes inactive. */ inactiveDate?: string; /** * The file that contains the private key for the certificate that's being imported. */ privateKey?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Key-value pairs that can be used to group and search for certificates. */ tagsRaw?: Array<cdk.CfnTag>; /** * Specifies whether this certificate is used for signing or encryption. */ usage: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnCertificateProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnCertificate` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html */ export interface CfnCertificateProps { /** * An optional date that specifies when the certificate becomes active. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-activedate */ readonly activeDate?: string; /** * The file name for the certificate. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-certificate */ readonly certificate: string; /** * The list of certificates that make up the chain for the certificate. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-certificatechain */ readonly certificateChain?: string; /** * The name or description that's used to identity the certificate. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-description */ readonly description?: string; /** * An optional date that specifies when the certificate becomes inactive. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-inactivedate */ readonly inactiveDate?: string; /** * The file that contains the private key for the certificate that's being imported. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-privatekey */ readonly privateKey?: string; /** * Key-value pairs that can be used to group and search for certificates. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-tags */ readonly tags?: Array<cdk.CfnTag>; /** * Specifies whether this certificate is used for signing or encryption. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-usage */ readonly usage: string; } /** * Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. * * For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see [Configure AS2 connectors](https://docs.aws.amazon.com/transfer/latest/userguide/configure-as2-connector.html) and [Create SFTP connectors](https://docs.aws.amazon.com/transfer/latest/userguide/configure-sftp-connector.html) . * * > You must specify exactly one configuration object: either for AS2 ( `As2Config` ) or SFTP ( `SftpConfig` ). * * @cloudformationResource AWS::Transfer::Connector * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html */ export declare class CfnConnector extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnConnector from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnConnector; /** * Specifies the unique Amazon Resource Name (ARN) for the connector. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The service-assigned ID of the connector that is created. * * @cloudformationAttribute ConnectorId */ readonly attrConnectorId: string; /** * Connectors are used to send files using either the AS2 or SFTP protocol. */ accessRole: string; /** * A structure that contains the parameters for an AS2 connector object. */ as2Config?: any | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. */ loggingRole?: string; /** * A structure that contains the parameters for an SFTP connector object. */ sftpConfig?: cdk.IResolvable | CfnConnector.SftpConfigProperty; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Key-value pairs that can be used to group and search for connectors. */ tagsRaw?: Array<cdk.CfnTag>; /** * The URL of the partner's AS2 or SFTP endpoint. */ url: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnConnectorProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnConnector { /** * A structure that contains the parameters for an AS2 connector object. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html */ interface As2ConfigProperty { /** * Provides Basic authentication support to the AS2 Connectors API. * * To use Basic authentication, you must provide the name or Amazon Resource Name (ARN) of a secret in AWS Secrets Manager . * * The default value for this parameter is `null` , which indicates that Basic authentication is not enabled for the connector. * * If the connector should use Basic authentication, the secret needs to be in the following format: * * `{ "Username": "user-name", "Password": "user-password" }` * * Replace `user-name` and `user-password` with the credentials for the actual user that is being authenticated. * * Note the following: * * - You are storing these credentials in Secrets Manager, *not passing them directly* into this API. * - If you are using the API, SDKs, or CloudFormation to configure your connector, then you must create the secret before you can enable Basic authentication. However, if you are using the AWS management console, you can have the system create the secret for you. * * If you have previously enabled Basic authentication for a connector, you can disable it by using the `UpdateConnector` API call. For example, if you are using the CLI, you can run the following command to remove Basic authentication: * * `update-connector --connector-id my-connector-id --as2-config 'BasicAuthSecretId=""'` * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-basicauthsecretid */ readonly basicAuthSecretId?: string; /** * Specifies whether the AS2 file is compressed. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-compression */ readonly compression?: string; /** * The algorithm that is used to encrypt the file. * * > You can only specify `NONE` if the URL for your connector uses HTTPS. This ensures that no traffic is sent in clear text. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-encryptionalgorithm */ readonly encryptionAlgorithm?: string; /** * A unique identifier for the AS2 local profile. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-localprofileid */ readonly localProfileId?: string; /** * Used for outbound requests (from an AWS Transfer Family server to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous. * * Specify either of the following values: * * - `SYNC` : The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not). * - `NONE` : Specifies that no MDN response is required. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-mdnresponse */ readonly mdnResponse?: string; /** * The signing algorithm for the MDN response. * * > If set to DEFAULT (or not set at all), the value for `SigningAlgorithm` is used. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-mdnsigningalgorithm */ readonly mdnSigningAlgorithm?: string; /** * Used as the `Subject` HTTP header attribute in AS2 messages that are being sent with the connector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-messagesubject */ readonly messageSubject?: string; /** * A unique identifier for the partner profile for the connector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-partnerprofileid */ readonly partnerProfileId?: string; /** * The algorithm that is used to sign the AS2 messages sent with the connector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-signingalgorithm */ readonly signingAlgorithm?: string; } /** * A structure that contains the parameters for an SFTP connector object. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html */ interface SftpConfigProperty { /** * The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. * * You can use the `ssh-keyscan` command against the SFTP server to retrieve the necessary key. * * The three standard SSH public key format elements are `<key type>` , `<body base64>` , and an optional `<comment>` , with spaces between each element. Specify only the `<key type>` and `<body base64>` : do not enter the `<comment>` portion of the key. * * For the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys. * * - For RSA keys, the `<key type>` string is `ssh-rsa` . * - For ECDSA keys, the `<key type>` string is either `ecdsa-sha2-nistp256` , `ecdsa-sha2-nistp384` , or `ecdsa-sha2-nistp521` , depending on the size of the key you generated. * * Run this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com` . * * `ssh-keyscan ftp.host.com` * * This prints the public host key to standard output. * * `ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key` * * Copy and paste this string into the `TrustedHostKeys` field for the `create-connector` command or into the *Trusted host keys* field in the console. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html#cfn-transfer-connector-sftpconfig-trustedhostkeys */ readonly trustedHostKeys?: Array<string>; /** * The identifier for the secret (in AWS Secrets Manager) that contains the SFTP user's private key, password, or both. * * The identifier must be the Amazon Resource Name (ARN) of the secret. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html#cfn-transfer-connector-sftpconfig-usersecretid */ readonly userSecretId?: string; } } /** * Properties for defining a `CfnConnector` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html */ export interface CfnConnectorProps { /** * Connectors are used to send files using either the AS2 or SFTP protocol. * * For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use. * * *For AS2 connectors* * * With AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` . * * If you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key. * * *For SFTP connectors* * * Make sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-accessrole */ readonly accessRole: string; /** * A structure that contains the parameters for an AS2 connector object. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-as2config */ readonly as2Config?: any | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. * * When set, you can view connector activity in your CloudWatch logs. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-loggingrole */ readonly loggingRole?: string; /** * A structure that contains the parameters for an SFTP connector object. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-sftpconfig */ readonly sftpConfig?: cdk.IResolvable | CfnConnector.SftpConfigProperty; /** * Key-value pairs that can be used to group and search for connectors. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-tags */ readonly tags?: Array<cdk.CfnTag>; /** * The URL of the partner's AS2 or SFTP endpoint. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-url */ readonly url: string; } /** * Creates the local or partner profile to use for AS2 transfers. * * @cloudformationResource AWS::Transfer::Profile * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html */ export declare class CfnProfile extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnProfile from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnProfile; /** * The Amazon Resource Name associated with the profile, in the form `arn:aws:transfer:region:account-id:profile/profile-id/` . * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The unique identifier for the AS2 profile, returned after the API call succeeds. * * @cloudformationAttribute ProfileId */ readonly attrProfileId: string; /** * The `As2Id` is the *AS2-name* , as defined in the [RFC 4130](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc4130) . For inbound transfers, this is the `AS2-From` header for the AS2 messages sent from the partner. For outbound connectors, this is the `AS2-To` header for the AS2 messages sent to the partner using the `StartFileTransfer` API operation. This ID cannot include spaces. */ as2Id: string; /** * An array of identifiers for the imported certificates. */ certificateIds?: Array<string>; /** * Indicates whether to list only `LOCAL` type profiles or only `PARTNER` type profiles. */ profileType: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Key-value pairs that can be used to group and search for profiles. */ tagsRaw?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnProfileProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnProfile` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html */ export interface CfnProfileProps { /** * The `As2Id` is the *AS2-name* , as defined in the [RFC 4130](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc4130) . For inbound transfers, this is the `AS2-From` header for the AS2 messages sent from the partner. For outbound connectors, this is the `AS2-To` header for the AS2 messages sent to the partner using the `StartFileTransfer` API operation. This ID cannot include spaces. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-as2id */ readonly as2Id: string; /** * An array of identifiers for the imported certificates. * * You use this identifier for working with profiles and partner profiles. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-certificateids */ readonly certificateIds?: Array<string>; /** * Indicates whether to list only `LOCAL` type profiles or only `PARTNER` type profiles. * * If not supplied in the request, the command lists all types of profiles. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-profiletype */ readonly profileType: string; /** * Key-value pairs that can be used to group and search for profiles. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * Instantiates an auto-scaling virtual server based on the selected file transfer protocol in AWS . * * When you make updates to your file transfer protocol-enabled server or when you work with users, use the service-generated `ServerId` property that is assigned to the newly created server. * * @cloudformationResource AWS::Transfer::Server * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-server.html */ export declare class CfnServer extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnServer from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnServer; /** * The Amazon Resource Name associated with the server, in the form `arn:aws:transfer:region: *account-id* :server/ *server-id* /` . * * An example of a server ARN is: `arn:aws:transfer:us-east-1:123456789012:server/s-01234567890abcdef` . * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The service-assigned ID of the server that is created. * * An example `ServerId` is `s-01234567890abcdef` . * * @cloudformationAttribute ServerId */ readonly attrServerId: string; /** * The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. */ certificate?: string; /** * Specifies the domain of the storage system that is used for file transfers. */ domain?: string; /** * The virtual private cloud (VPC) endpoint settings that are configured for your server. */ endpointDetails?: CfnServer.EndpointDetailsProperty | cdk.IResolvable; /** * The type of endpoint that you want your server to use. */ endpointType?: string; /** * Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE` , `AWS _LAMBDA` or `API_GATEWAY` . */ identityProviderDetails?: CfnServer.IdentityProviderDetailsProperty | cdk.IResolvable; /** * The mode of authentication for a server. */ identityProviderType?: string; /** * The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. */ loggingRole?: string; /** * Specifies a string to display when users connect to a server. This string is displayed after the user authenticates. */ postAuthenticationLoginBanner?: string; /** * Specifies a string to display when users connect to a server. */ preAuthenticationLoginBanner?: string; /** * The protocol settings that are configured for your server. */ protocolDetails?: cdk.IResolvable | CfnServer.ProtocolDetailsProperty; /** * Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. */ protocols?: Array<string>; /** * Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. */ s3StorageOptions?: cdk.IResolvable | CfnServer.S3StorageOptionsProperty; /** * Specifies the name of the security policy that is attached to the server. */ securityPolicyName?: string; /** * Specifies the log groups to which your server logs are sent. */ structuredLogDestinations?: Array<string>; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Key-value pairs that can be used to group and search for servers. */ tagsRaw?: Array<cdk.CfnTag>; /** * Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow. */ workflowDetails?: cdk.IResolvable | CfnServer.WorkflowDetailsProperty; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props?: CfnServerProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnServer { /** * Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE` , `AWS _LAMBDA` or `API_GATEWAY` . * * Accepts an array containing all of the information required to use a directory in `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication API, including the API Gateway URL. Not required when `IdentityProviderType` is set to `SERVICE_MANAGED` . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html */ interface IdentityProviderDetailsProperty { /** * The identifier of the AWS Directory Service directory that you want to use as your identity provider. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-directoryid */ readonly directoryId?: string; /** * The ARN for a Lambda function to use for the Identity provider. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-function */ readonly function?: string; /** * This parameter is only applicable if your `IdentityProviderType` is `API_GATEWAY` . * * Provides the type of `InvocationRole` used to authenticate the user account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-invocationrole */ readonly invocationRole?: string; /** * For SFTP-enabled servers, and for custom identity providers *only* , you can specify whether to authenticate using a password, SSH key pair, or both. * * - `PASSWORD` - users must provide their password to connect. * - `PUBLIC_KEY` - users must provide their private key to connect. * - `PUBLIC_KEY_OR_PASSWORD` - users can authenticate with either their password or their key. This is the default value. * - `PUBLIC_KEY_AND_PASSWORD` - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-sftpauthenticationmethods */ readonly sftpAuthenticationMethods?: string; /** * Provides the location of the service endpoint used to authenticate users. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-url */ readonly url?: string; } /** * The virtual private cloud (VPC) endpoint settings that are configured for your server. * * When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-endpointdetails.html */ interface EndpointDetailsProperty { /** * A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint. * * An address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the `allocationId` field from the Amazon EC2 [Address](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Address.html) data type. One way to retrieve this value is by calling the EC2 [DescribeAddresses](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html) API. * * This parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see [Create an internet-facing endpoint for your server](https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#create-internet-facing-endpoint) . * * > This property can only be set as follows: * > * > - `EndpointType` must be set to `VPC` * > - The Transfer Family server must be offline. * > - You cannot set this parameter for Transfer Family servers that use the FTP protocol. * > - The server must already have `SubnetIds` populated ( `SubnetIds` and `AddressAllocationIds` cannot be updated simultaneously). * > - `AddressAllocationIds` can't contain duplicates, and must be equal in length to `SubnetIds` . For example, if you have three subnet IDs, you must also specify three address allocation IDs. * > - Call the `UpdateServer` API to set or change this parameter. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-endpointdetails.html#cfn-transfer-server-endpointdetails-addressallocationids */ readonly addressAllocationIds?: Array<string>; /** * A list of security groups IDs that are available to attach to your server's endpoint. * * > This property can only be set when `EndpointType` is set to `VPC` . * > * > You can edit the `SecurityGroupIds` property in the [UpdateServer](https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateServer.html) API only if you are changing the `EndpointType` from `PUBLIC` or `VPC_ENDPOINT` to `VPC` . To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 [ModifyVpcEndpoint](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html) API. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-endpointdetails.html#cfn-transfer-server-endpointdetails-securitygroupids */ readonly securityGroupIds?: Array<string>; /** * A list of subnet IDs that are required to host your server endpoint in your VPC. * * > This property can only be set when `EndpointType` is set to `VPC` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-endpointdetails.html#cfn-transfer-server-endpointdetails-subnetids */ readonly subnetIds?: Array<string>; /** * The ID of the VPC endpoint. * * > This property can only be set when `EndpointType` is set to `VPC_ENDPOINT` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-endpointdetails.html#cfn-transfer-server-endpointdetails-vpcendpointid */ readonly vpcEndpointId?: string; /** * The VPC ID of the virtual private cloud in which the server's endpoint will be hosted. * * > This property can only be set when `EndpointType` is set to `VPC` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-endpointdetails.html#cfn-transfer-server-endpointdetails-vpcid */ readonly vpcId?: string; } /** * The protocol settings that are configured for your server. * * - To indicate passive mode (for FTP and FTPS protocols), use the `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer. * - To ignore the error that is generated when the client attempts to use the `SETSTAT` command on a file that you are uploading to an Amazon S3 bucket, use the `SetStatOption` parameter. To have the AWS Transfer Family server ignore the `SETSTAT` command and upload files without needing to make any changes to your SFTP client, set the value to `ENABLE_NO_OP` . If you set the `SetStatOption` parameter to `ENABLE_NO_OP` , Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a `SETSTAT` call. * - To determine whether your AWS Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the `TlsSessionResumptionMode` parameter. * - `As2Transports` indicates the transport method for the AS2 messages. Currently, only HTTP is supported. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-protocoldetails.html */ interface ProtocolDetailsProperty { /** * List of `As2Transport` objects. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-protocoldetails.html#cfn-transfer-server-protocoldetails-as2transports */ readonly as2Transports?: Array<string>; /** * Indicates passive mode, for FTP and FTPS protocols. * * Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example: * * `aws transfer update-server --protocol-details PassiveIp=0.0.0.0` * * Replace `0.0.0.0` in the example above with the actual IP address you want to use. * * > If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) . * * *Special values* * * The `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have