aws-cdk-lib
Version:
Version 2 of the AWS Cloud Development Kit library
1,028 lines • 129 kB
TypeScript
import * as cdk from "../../core";
import * as constructs from "constructs";
import * as cfn_parse from "../../core/lib/helpers-internal";
/**
* Creates an agreement.
*
* An agreement is a bilateral trading partner agreement, or partnership, between an AWS Transfer Family server and an AS2 process. The agreement defines the file and message transfer relationship between the server and the AS2 process. To define an agreement, Transfer Family combines a server, local profile, partner profile, certificate, and other attributes.
*
* The partner is identified with the `PartnerProfileId` , and the AS2 process is identified with the `LocalProfileId` .
*
* > Specify *either* `BaseDirectory` or `CustomDirectories` , but not both. Specifying both causes the command to fail.
*
* @cloudformationResource AWS::Transfer::Agreement
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html
*/
export declare class CfnAgreement extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnAgreement from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAgreement;
/**
* The unique identifier for the AS2 agreement, returned after the API call succeeds.
*
* @cloudformationAttribute AgreementId
*/
readonly attrAgreementId: string;
/**
* Specifies the unique Amazon Resource Name (ARN) for the agreement.
*
* @cloudformationAttribute Arn
*/
readonly attrArn: string;
/**
* Connectors are used to send files using either the AS2 or SFTP protocol.
*/
accessRole: string;
/**
* The landing directory (folder) for files that are transferred by using the AS2 protocol.
*/
baseDirectory?: string;
/**
* A `CustomDirectoriesType` structure.
*/
customDirectories?: CfnAgreement.CustomDirectoriesProperty | cdk.IResolvable;
/**
* The name or short description that's used to identify the agreement.
*/
description?: string;
/**
* Determines whether or not unsigned messages from your trading partners will be accepted.
*/
enforceMessageSigning?: string;
/**
* A unique identifier for the AS2 local profile.
*/
localProfileId: string;
/**
* A unique identifier for the partner profile used in the agreement.
*/
partnerProfileId: string;
/**
* Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload filename when saving it.
*/
preserveFilename?: string;
/**
* A system-assigned unique identifier for a server instance.
*/
serverId: string;
/**
* The current status of the agreement, either `ACTIVE` or `INACTIVE` .
*/
status?: string;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* Key-value pairs that can be used to group and search for agreements.
*/
tagsRaw?: Array<cdk.CfnTag>;
/**
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnAgreementProps);
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
export declare namespace CfnAgreement {
/**
* Specifies a separate directory for each type of file to store for an AS2 message.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html
*/
interface CustomDirectoriesProperty {
/**
* Specifies a location to store the failed files for an AS2 message.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-failedfilesdirectory
*/
readonly failedFilesDirectory: string;
/**
* Specifies a location to store the MDN file for an AS2 message.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-mdnfilesdirectory
*/
readonly mdnFilesDirectory: string;
/**
* Specifies a location to store the payload file for an AS2 message.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-payloadfilesdirectory
*/
readonly payloadFilesDirectory: string;
/**
* Specifies a location to store the status file for an AS2 message.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-statusfilesdirectory
*/
readonly statusFilesDirectory: string;
/**
* Specifies a location to store the temporary processing file for an AS2 message.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-temporaryfilesdirectory
*/
readonly temporaryFilesDirectory: string;
}
}
/**
* Properties for defining a `CfnAgreement`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html
*/
export interface CfnAgreementProps {
/**
* Connectors are used to send files using either the AS2 or SFTP protocol.
*
* For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use.
*
* *For AS2 connectors*
*
* With AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` .
*
* If you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key.
*
* *For SFTP connectors*
*
* Make sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-accessrole
*/
readonly accessRole: string;
/**
* The landing directory (folder) for files that are transferred by using the AS2 protocol.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-basedirectory
*/
readonly baseDirectory?: string;
/**
* A `CustomDirectoriesType` structure.
*
* This structure specifies custom directories for storing various AS2 message files. You can specify directories for the following types of files.
*
* - Failed files
* - MDN files
* - Payload files
* - Status files
* - Temporary files
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-customdirectories
*/
readonly customDirectories?: CfnAgreement.CustomDirectoriesProperty | cdk.IResolvable;
/**
* The name or short description that's used to identify the agreement.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-description
*/
readonly description?: string;
/**
* Determines whether or not unsigned messages from your trading partners will be accepted.
*
* - `ENABLED` : Transfer Family rejects unsigned messages from your trading partner.
* - `DISABLED` (default value): Transfer Family accepts unsigned messages from your trading partner.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-enforcemessagesigning
*/
readonly enforceMessageSigning?: string;
/**
* A unique identifier for the AS2 local profile.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-localprofileid
*/
readonly localProfileId: string;
/**
* A unique identifier for the partner profile used in the agreement.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-partnerprofileid
*/
readonly partnerProfileId: string;
/**
* Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload filename when saving it.
*
* - `ENABLED` : the filename provided by your trading parter is preserved when the file is saved.
* - `DISABLED` (default value): when Transfer Family saves the file, the filename is adjusted, as described in [File names and locations](https://docs.aws.amazon.com/transfer/latest/userguide/send-as2-messages.html#file-names-as2) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-preservefilename
*/
readonly preserveFilename?: string;
/**
* A system-assigned unique identifier for a server instance.
*
* This identifier indicates the specific server that the agreement uses.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-serverid
*/
readonly serverId: string;
/**
* The current status of the agreement, either `ACTIVE` or `INACTIVE` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-status
*/
readonly status?: string;
/**
* Key-value pairs that can be used to group and search for agreements.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-tags
*/
readonly tags?: Array<cdk.CfnTag>;
}
/**
* Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles.
*
* @cloudformationResource AWS::Transfer::Certificate
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html
*/
export declare class CfnCertificate extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnCertificate from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCertificate;
/**
* The unique Amazon Resource Name (ARN) for the certificate.
*
* @cloudformationAttribute Arn
*/
readonly attrArn: string;
/**
* An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.
*
* @cloudformationAttribute CertificateId
*/
readonly attrCertificateId: string;
/**
* The final date that the certificate is valid.
*
* @cloudformationAttribute NotAfterDate
*/
readonly attrNotAfterDate: string;
/**
* The earliest date that the certificate is valid.
*
* @cloudformationAttribute NotBeforeDate
*/
readonly attrNotBeforeDate: string;
/**
* The serial number for the certificate.
*
* @cloudformationAttribute Serial
*/
readonly attrSerial: string;
/**
* The certificate can be either `ACTIVE` , `PENDING_ROTATION` , or `INACTIVE` . `PENDING_ROTATION` means that this certificate will replace the current certificate when it expires.
*
* @cloudformationAttribute Status
*/
readonly attrStatus: string;
/**
* If a private key has been specified for the certificate, its type is `CERTIFICATE_WITH_PRIVATE_KEY` . If there is no private key, the type is `CERTIFICATE` .
*
* @cloudformationAttribute Type
*/
readonly attrType: string;
/**
* An optional date that specifies when the certificate becomes active.
*/
activeDate?: string;
/**
* The file name for the certificate.
*/
certificate: string;
/**
* The list of certificates that make up the chain for the certificate.
*/
certificateChain?: string;
/**
* The name or description that's used to identity the certificate.
*/
description?: string;
/**
* An optional date that specifies when the certificate becomes inactive.
*/
inactiveDate?: string;
/**
* The file that contains the private key for the certificate that's being imported.
*/
privateKey?: string;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* Key-value pairs that can be used to group and search for certificates.
*/
tagsRaw?: Array<cdk.CfnTag>;
/**
* Specifies how this certificate is used. It can be used in the following ways:.
*/
usage: string;
/**
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnCertificateProps);
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
/**
* Properties for defining a `CfnCertificate`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html
*/
export interface CfnCertificateProps {
/**
* An optional date that specifies when the certificate becomes active.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-activedate
*/
readonly activeDate?: string;
/**
* The file name for the certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-certificate
*/
readonly certificate: string;
/**
* The list of certificates that make up the chain for the certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-certificatechain
*/
readonly certificateChain?: string;
/**
* The name or description that's used to identity the certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-description
*/
readonly description?: string;
/**
* An optional date that specifies when the certificate becomes inactive.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-inactivedate
*/
readonly inactiveDate?: string;
/**
* The file that contains the private key for the certificate that's being imported.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-privatekey
*/
readonly privateKey?: string;
/**
* Key-value pairs that can be used to group and search for certificates.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-tags
*/
readonly tags?: Array<cdk.CfnTag>;
/**
* Specifies how this certificate is used. It can be used in the following ways:.
*
* - `SIGNING` : For signing AS2 messages
* - `ENCRYPTION` : For encrypting AS2 messages
* - `TLS` : For securing AS2 communications sent over HTTPS
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-usage
*/
readonly usage: string;
}
/**
* Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol.
*
* For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see [Configure AS2 connectors](https://docs.aws.amazon.com/transfer/latest/userguide/configure-as2-connector.html) and [Create SFTP connectors](https://docs.aws.amazon.com/transfer/latest/userguide/configure-sftp-connector.html) .
*
* > You must specify exactly one configuration object: either for AS2 ( `As2Config` ) or SFTP ( `SftpConfig` ).
*
* @cloudformationResource AWS::Transfer::Connector
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html
*/
export declare class CfnConnector extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnConnector from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnConnector;
/**
* Specifies the unique Amazon Resource Name (ARN) for the connector.
*
* @cloudformationAttribute Arn
*/
readonly attrArn: string;
/**
* The service-assigned ID of the connector that is created.
*
* @cloudformationAttribute ConnectorId
*/
readonly attrConnectorId: string;
/**
* The list of egress IP addresses of this connector. These IP addresses are assigned automatically when you create the connector.
*
* @cloudformationAttribute ServiceManagedEgressIpAddresses
*/
readonly attrServiceManagedEgressIpAddresses: Array<string>;
/**
* Connectors are used to send files using either the AS2 or SFTP protocol.
*/
accessRole: string;
/**
* A structure that contains the parameters for an AS2 connector object.
*/
as2Config?: any | cdk.IResolvable;
/**
* The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events.
*/
loggingRole?: string;
/**
* The text name of the security policy for the specified connector.
*/
securityPolicyName?: string;
/**
* A structure that contains the parameters for an SFTP connector object.
*/
sftpConfig?: cdk.IResolvable | CfnConnector.SftpConfigProperty;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* Key-value pairs that can be used to group and search for connectors.
*/
tagsRaw?: Array<cdk.CfnTag>;
/**
* The URL of the partner's AS2 or SFTP endpoint.
*/
url: string;
/**
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnConnectorProps);
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
export declare namespace CfnConnector {
/**
* A structure that contains the parameters for an AS2 connector object.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html
*/
interface As2ConfigProperty {
/**
* Provides Basic authentication support to the AS2 Connectors API.
*
* To use Basic authentication, you must provide the name or Amazon Resource Name (ARN) of a secret in AWS Secrets Manager .
*
* The default value for this parameter is `null` , which indicates that Basic authentication is not enabled for the connector.
*
* If the connector should use Basic authentication, the secret needs to be in the following format:
*
* `{ "Username": "user-name", "Password": "user-password" }`
*
* Replace `user-name` and `user-password` with the credentials for the actual user that is being authenticated.
*
* Note the following:
*
* - You are storing these credentials in Secrets Manager, *not passing them directly* into this API.
* - If you are using the API, SDKs, or CloudFormation to configure your connector, then you must create the secret before you can enable Basic authentication. However, if you are using the AWS management console, you can have the system create the secret for you.
*
* If you have previously enabled Basic authentication for a connector, you can disable it by using the `UpdateConnector` API call. For example, if you are using the CLI, you can run the following command to remove Basic authentication:
*
* `update-connector --connector-id my-connector-id --as2-config 'BasicAuthSecretId=""'`
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-basicauthsecretid
*/
readonly basicAuthSecretId?: string;
/**
* Specifies whether the AS2 file is compressed.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-compression
*/
readonly compression?: string;
/**
* The algorithm that is used to encrypt the file.
*
* Note the following:
*
* - Do not use the `DES_EDE3_CBC` algorithm unless you must support a legacy client that requires it, as it is a weak encryption algorithm.
* - You can only specify `NONE` if the URL for your connector uses HTTPS. Using HTTPS ensures that no traffic is sent in clear text.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-encryptionalgorithm
*/
readonly encryptionAlgorithm?: string;
/**
* A unique identifier for the AS2 local profile.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-localprofileid
*/
readonly localProfileId?: string;
/**
* Used for outbound requests (from an AWS Transfer Family server to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous.
*
* Specify either of the following values:
*
* - `SYNC` : The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not).
* - `NONE` : Specifies that no MDN response is required.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-mdnresponse
*/
readonly mdnResponse?: string;
/**
* The signing algorithm for the MDN response.
*
* > If set to DEFAULT (or not set at all), the value for `SigningAlgorithm` is used.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-mdnsigningalgorithm
*/
readonly mdnSigningAlgorithm?: string;
/**
* Used as the `Subject` HTTP header attribute in AS2 messages that are being sent with the connector.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-messagesubject
*/
readonly messageSubject?: string;
/**
* A unique identifier for the partner profile for the connector.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-partnerprofileid
*/
readonly partnerProfileId?: string;
/**
* Specifies whether to use the AWS S3 object content-type as the content-type for the AS2 message.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-preservecontenttype
*/
readonly preserveContentType?: string;
/**
* The algorithm that is used to sign the AS2 messages sent with the connector.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-signingalgorithm
*/
readonly signingAlgorithm?: string;
}
/**
* A structure that contains the parameters for an SFTP connector object.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html
*/
interface SftpConfigProperty {
/**
* The public portion of the host key, or keys, that are used to identify the external server to which you are connecting.
*
* You can use the `ssh-keyscan` command against the SFTP server to retrieve the necessary key.
*
* The three standard SSH public key format elements are `<key type>` , `<body base64>` , and an optional `<comment>` , with spaces between each element. Specify only the `<key type>` and `<body base64>` : do not enter the `<comment>` portion of the key.
*
* For the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys.
*
* - For RSA keys, the `<key type>` string is `ssh-rsa` .
* - For ECDSA keys, the `<key type>` string is either `ecdsa-sha2-nistp256` , `ecdsa-sha2-nistp384` , or `ecdsa-sha2-nistp521` , depending on the size of the key you generated.
*
* Run this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com` .
*
* `ssh-keyscan ftp.host.com`
*
* This prints the public host key to standard output.
*
* `ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key`
*
* Copy and paste this string into the `TrustedHostKeys` field for the `create-connector` command or into the *Trusted host keys* field in the console.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html#cfn-transfer-connector-sftpconfig-trustedhostkeys
*/
readonly trustedHostKeys?: Array<string>;
/**
* The identifier for the secret (in AWS Secrets Manager) that contains the SFTP user's private key, password, or both.
*
* The identifier must be the Amazon Resource Name (ARN) of the secret.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html#cfn-transfer-connector-sftpconfig-usersecretid
*/
readonly userSecretId?: string;
}
}
/**
* Properties for defining a `CfnConnector`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html
*/
export interface CfnConnectorProps {
/**
* Connectors are used to send files using either the AS2 or SFTP protocol.
*
* For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use.
*
* *For AS2 connectors*
*
* With AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` .
*
* If you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key.
*
* *For SFTP connectors*
*
* Make sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-accessrole
*/
readonly accessRole: string;
/**
* A structure that contains the parameters for an AS2 connector object.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-as2config
*/
readonly as2Config?: any | cdk.IResolvable;
/**
* The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events.
*
* When set, you can view connector activity in your CloudWatch logs.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-loggingrole
*/
readonly loggingRole?: string;
/**
* The text name of the security policy for the specified connector.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-securitypolicyname
*/
readonly securityPolicyName?: string;
/**
* A structure that contains the parameters for an SFTP connector object.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-sftpconfig
*/
readonly sftpConfig?: cdk.IResolvable | CfnConnector.SftpConfigProperty;
/**
* Key-value pairs that can be used to group and search for connectors.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-tags
*/
readonly tags?: Array<cdk.CfnTag>;
/**
* The URL of the partner's AS2 or SFTP endpoint.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-url
*/
readonly url: string;
}
/**
* Creates the local or partner profile to use for AS2 transfers.
*
* @cloudformationResource AWS::Transfer::Profile
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html
*/
export declare class CfnProfile extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnProfile from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnProfile;
/**
* The Amazon Resource Name associated with the profile, in the form `arn:aws:transfer:region:account-id:profile/profile-id/` .
*
* @cloudformationAttribute Arn
*/
readonly attrArn: string;
/**
* The unique identifier for the AS2 profile, returned after the API call succeeds.
*
* @cloudformationAttribute ProfileId
*/
readonly attrProfileId: string;
/**
* The `As2Id` is the *AS2-name* , as defined in the [RFC 4130](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc4130) . For inbound transfers, this is the `AS2-From` header for the AS2 messages sent from the partner. For outbound connectors, this is the `AS2-To` header for the AS2 messages sent to the partner using the `StartFileTransfer` API operation. This ID cannot include spaces.
*/
as2Id: string;
/**
* An array of identifiers for the imported certificates.
*/
certificateIds?: Array<string>;
/**
* Indicates whether to list only `LOCAL` type profiles or only `PARTNER` type profiles.
*/
profileType: string;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* Key-value pairs that can be used to group and search for profiles.
*/
tagsRaw?: Array<cdk.CfnTag>;
/**
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnProfileProps);
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
/**
* Properties for defining a `CfnProfile`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html
*/
export interface CfnProfileProps {
/**
* The `As2Id` is the *AS2-name* , as defined in the [RFC 4130](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc4130) . For inbound transfers, this is the `AS2-From` header for the AS2 messages sent from the partner. For outbound connectors, this is the `AS2-To` header for the AS2 messages sent to the partner using the `StartFileTransfer` API operation. This ID cannot include spaces.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-as2id
*/
readonly as2Id: string;
/**
* An array of identifiers for the imported certificates.
*
* You use this identifier for working with profiles and partner profiles.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-certificateids
*/
readonly certificateIds?: Array<string>;
/**
* Indicates whether to list only `LOCAL` type profiles or only `PARTNER` type profiles.
*
* If not supplied in the request, the command lists all types of profiles.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-profiletype
*/
readonly profileType: string;
/**
* Key-value pairs that can be used to group and search for profiles.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-tags
*/
readonly tags?: Array<cdk.CfnTag>;
}
/**
* Instantiates an auto-scaling virtual server based on the selected file transfer protocol in AWS .
*
* When you make updates to your file transfer protocol-enabled server or when you work with users, use the service-generated `ServerId` property that is assigned to the newly created server.
*
* @cloudformationResource AWS::Transfer::Server
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-server.html
*/
export declare class CfnServer extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnServer from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnServer;
/**
* Specifies the unique Amazon Resource Name (ARN) of the server.
*
* @cloudformationAttribute Arn
*/
readonly attrArn: string;
/**
* The list of egress IP addresses of this server. These IP addresses are only relevant for servers that use the AS2 protocol. They are used for sending asynchronous MDNs.
*
* These IP addresses are assigned automatically when you create an AS2 server. Additionally, if you update an existing server and add the AS2 protocol, static IP addresses are assigned as well.
*
* @cloudformationAttribute As2ServiceManagedEgressIpAddresses
*/
readonly attrAs2ServiceManagedEgressIpAddresses: Array<string>;
/**
* Specifies the unique system-assigned identifier for a server that you instantiate.
*
* @cloudformationAttribute ServerId
*/
readonly attrServerId: string;
/**
* The condition of the server that was described. A value of `ONLINE` indicates that the server can accept jobs and transfer files. A `State` value of `OFFLINE` means that the server cannot perform file transfer operations.
*
* The states of `STARTING` and `STOPPING` indicate that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of `START_FAILED` or `STOP_FAILED` can indicate an error condition.
*
* @cloudformationAttribute State
*/
readonly attrState: string;
/**
* The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate.
*/
certificate?: string;
/**
* Specifies the domain of the storage system that is used for file transfers.
*/
domain?: string;
/**
* The virtual private cloud (VPC) endpoint settings that are configured for your server.
*/
endpointDetails?: CfnServer.EndpointDetailsProperty | cdk.IResolvable;
/**
* The type of endpoint that you want your server to use.
*/
endpointType?: string;
/**
* Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE` , `AWS _LAMBDA` or `API_GATEWAY` .
*/
identityProviderDetails?: CfnServer.IdentityProviderDetailsProperty | cdk.IResolvable;
/**
* The mode of authentication for a server.
*/
identityProviderType?: string;
/**
* The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents.
*/
loggingRole?: string;
/**
* Specifies a string to display when users connect to a server. This string is displayed after the user authenticates.
*/
postAuthenticationLoginBanner?: string;
/**
* Specifies a string to display when users connect to a server.
*/
preAuthenticationLoginBanner?: string;
/**
* The protocol settings that are configured for your server.
*/
protocolDetails?: cdk.IResolvable | CfnServer.ProtocolDetailsProperty;
/**
* Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint.
*/
protocols?: Array<string>;
/**
* Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default.
*/
s3StorageOptions?: cdk.IResolvable | CfnServer.S3StorageOptionsProperty;
/**
* Specifies the name of the security policy for the server.
*/
securityPolicyName?: string;
/**
* Specifies the log groups to which your server logs are sent.
*/
structuredLogDestinations?: Array<string>;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* Key-value pairs that can be used to group and search for servers.
*/
tagsRaw?: Array<cdk.CfnTag>;
/**
* Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
*/
workflowDetails?: cdk.IResolvable | CfnServer.WorkflowDetailsProperty;
/**
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props?: CfnServerProps);
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
export declare namespace CfnServer {
/**
* Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE` , `AWS _LAMBDA` or `API_GATEWAY` .
*
* Accepts an array containing all of the information required to use a directory in `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when `IdentityProviderType` is set to `SERVICE_MANAGED` .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html
*/
interface IdentityProviderDetailsProperty {
/**
* The identifier of the AWS Directory Service directory that you want to use as your identity provider.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-directoryid
*/
readonly directoryId?: string;
/**
* The ARN for a Lambda function to use for the Identity provider.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-function
*/
readonly function?: string;
/**
* This parameter is only applicable if your `IdentityProviderType` is `API_GATEWAY` .
*
* Provides the type of `InvocationRole` used to authenticate the user account.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-invocationrole
*/
readonly invocationRole?: string;
/**
* For SFTP-enabled servers, and for custom identity providers *only* , you can specify whether to authenticate using a password, SSH key pair, or both.
*
* - `PASSWORD` - users must provide their password to connect.
* - `PUBLIC_KEY` - users must provide their private key to connect.
* - `PUBLIC_KEY_OR_PASSWORD` - users can authenticate with either their password or their key. This is the default value.
* - `PUBLIC_KEY_AND_PASSWORD` - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-sftpauthenticationmethods
*/
readonly sftpAuthenticationMethods?: string;
/**
* Provides the location of the service endpoint used to authenticate users.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-identityproviderdetails.html#cfn-transfer-server-identityproviderdetails-url
*/
readonly url?: string;
}
/**
* The virtual private cloud (VPC) endpoint settings that are configured for your server.
*
* When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-server-endpointdetails.html
*/
interface EndpointDetailsProperty {
/**
* A list of address allocation IDs that are required to attach an Elastic IP a