aws-cdk-lib

import * as cdk from "../../core/lib"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; import { AgreementReference, CertificateReference, ConnectorReference, IAgreementRef, ICertificateRef, IConnectorRef, IProfileRef, IServerRef, IUserRef, IWebAppRef, IWorkflowRef, ProfileReference, ServerReference, UserReference, WebAppReference, WorkflowReference } from "../../interfaces/generated/aws-transfer-interfaces.generated"; /** * Creates an agreement. * * An agreement is a bilateral trading partner agreement, or partnership, between an AWS Transfer Family server and an AS2 process. The agreement defines the file and message transfer relationship between the server and the AS2 process. To define an agreement, Transfer Family combines a server, local profile, partner profile, certificate, and other attributes. * * The partner is identified with the `PartnerProfileId` , and the AS2 process is identified with the `LocalProfileId` . * * > Specify *either* `BaseDirectory` or `CustomDirectories` , but not both. Specifying both causes the command to fail. * * @cloudformationResource AWS::Transfer::Agreement * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html */ export declare class CfnAgreement extends cdk.CfnResource implements cdk.IInspectable, IAgreementRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAgreement from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAgreement; /** * Checks whether the given object is a CfnAgreement */ static isCfnAgreement(x: any): x is CfnAgreement; static arnForAgreement(resource: IAgreementRef): string; /** * The unique identifier for the AS2 agreement, returned after the API call succeeds. * * @cloudformationAttribute AgreementId */ readonly attrAgreementId: string; /** * Specifies the unique Amazon Resource Name (ARN) for the agreement. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * Connectors are used to send files using either the AS2 or SFTP protocol. */ accessRole: string; /** * The landing directory (folder) for files that are transferred by using the AS2 protocol. */ baseDirectory?: string; /** * A `CustomDirectoriesType` structure. */ customDirectories?: CfnAgreement.CustomDirectoriesProperty | cdk.IResolvable; /** * The name or short description that's used to identify the agreement. */ description?: string; /** * Determines whether or not unsigned messages from your trading partners will be accepted. */ enforceMessageSigning?: string; /** * A unique identifier for the AS2 local profile. */ localProfileId: string; /** * A unique identifier for the partner profile used in the agreement. */ partnerProfileId: string; /** * Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload filename when saving it. */ preserveFilename?: string; /** * A system-assigned unique identifier for a server instance. */ serverId: string; /** * The current status of the agreement, either `ACTIVE` or `INACTIVE` . */ status?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Key-value pairs that can be used to group and search for agreements. */ tagsRaw?: Array<cdk.CfnTag>; /** * Create a new `AWS::Transfer::Agreement`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAgreementProps); get agreementRef(): AgreementReference; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnAgreement { /** * Specifies a separate directory for each type of file to store for an AS2 message. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html */ interface CustomDirectoriesProperty { /** * Specifies a location to store the failed files for an AS2 message. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-failedfilesdirectory */ readonly failedFilesDirectory: string; /** * Specifies a location to store the MDN file for an AS2 message. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-mdnfilesdirectory */ readonly mdnFilesDirectory: string; /** * Specifies a location to store the payload file for an AS2 message. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-payloadfilesdirectory */ readonly payloadFilesDirectory: string; /** * Specifies a location to store the status file for an AS2 message. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-statusfilesdirectory */ readonly statusFilesDirectory: string; /** * Specifies a location to store the temporary processing file for an AS2 message. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-temporaryfilesdirectory */ readonly temporaryFilesDirectory: string; } } /** * Properties for defining a `CfnAgreement` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html */ export interface CfnAgreementProps { /** * Connectors are used to send files using either the AS2 or SFTP protocol. * * For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use. * * *For AS2 connectors* * * With AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` . * * If you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key. * * *For SFTP connectors* * * Make sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-accessrole */ readonly accessRole: string; /** * The landing directory (folder) for files that are transferred by using the AS2 protocol. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-basedirectory */ readonly baseDirectory?: string; /** * A `CustomDirectoriesType` structure. * * This structure specifies custom directories for storing various AS2 message files. You can specify directories for the following types of files. * * - Failed files * - MDN files * - Payload files * - Status files * - Temporary files * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-customdirectories */ readonly customDirectories?: CfnAgreement.CustomDirectoriesProperty | cdk.IResolvable; /** * The name or short description that's used to identify the agreement. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-description */ readonly description?: string; /** * Determines whether or not unsigned messages from your trading partners will be accepted. * * - `ENABLED` : Transfer Family rejects unsigned messages from your trading partner. * - `DISABLED` (default value): Transfer Family accepts unsigned messages from your trading partner. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-enforcemessagesigning */ readonly enforceMessageSigning?: string; /** * A unique identifier for the AS2 local profile. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-localprofileid */ readonly localProfileId: string; /** * A unique identifier for the partner profile used in the agreement. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-partnerprofileid */ readonly partnerProfileId: string; /** * Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload filename when saving it. * * - `ENABLED` : the filename provided by your trading parter is preserved when the file is saved. * - `DISABLED` (default value): when Transfer Family saves the file, the filename is adjusted, as described in [File names and locations](https://docs.aws.amazon.com/transfer/latest/userguide/send-as2-messages.html#file-names-as2) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-preservefilename */ readonly preserveFilename?: string; /** * A system-assigned unique identifier for a server instance. * * This identifier indicates the specific server that the agreement uses. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-serverid */ readonly serverId: string; /** * The current status of the agreement, either `ACTIVE` or `INACTIVE` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-status */ readonly status?: string; /** * Key-value pairs that can be used to group and search for agreements. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles. * * You can import both the certificate and its chain in the `Certificate` parameter. * * After importing a certificate, AWS Transfer Family automatically creates a Amazon CloudWatch metric called `DaysUntilExpiry` that tracks the number of days until the certificate expires. The metric is based on the `InactiveDate` parameter and is published daily in the `AWS/Transfer` namespace. * * > It can take up to a full day after importing a certificate for Transfer Family to emit the `DaysUntilExpiry` metric to your account. > If you use the `Certificate` parameter to upload both the certificate and its chain, don't use the `CertificateChain` parameter. * * *CloudWatch monitoring* * * The `DaysUntilExpiry` metric includes the following specifications: * * - *Units:* Count (days) * - *Dimensions:* `CertificateId` (always present), `Description` (if provided during certificate import) * - *Statistics:* Minimum, Maximum, Average * - *Frequency:* Published daily * * @cloudformationResource AWS::Transfer::Certificate * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html */ export declare class CfnCertificate extends cdk.CfnResource implements cdk.IInspectable, ICertificateRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnCertificate from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCertificate; /** * Checks whether the given object is a CfnCertificate */ static isCfnCertificate(x: any): x is CfnCertificate; /** * Creates a new ICertificateRef from an ARN */ static fromCertificateArn(scope: constructs.Construct, id: string, arn: string): ICertificateRef; /** * Creates a new ICertificateRef from a certificateId */ static fromCertificateId(scope: constructs.Construct, id: string, certificateId: string): ICertificateRef; static arnForCertificate(resource: ICertificateRef): string; /** * The unique Amazon Resource Name (ARN) for the certificate. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles. * * @cloudformationAttribute CertificateId */ readonly attrCertificateId: string; /** * The final date that the certificate is valid. * * @cloudformationAttribute NotAfterDate */ readonly attrNotAfterDate: string; /** * The earliest date that the certificate is valid. * * @cloudformationAttribute NotBeforeDate */ readonly attrNotBeforeDate: string; /** * The serial number for the certificate. * * @cloudformationAttribute Serial */ readonly attrSerial: string; /** * The certificate can be either `ACTIVE` , `PENDING_ROTATION` , or `INACTIVE` . `PENDING_ROTATION` means that this certificate will replace the current certificate when it expires. * * @cloudformationAttribute Status */ readonly attrStatus: string; /** * If a private key has been specified for the certificate, its type is `CERTIFICATE_WITH_PRIVATE_KEY` . If there is no private key, the type is `CERTIFICATE` . * * @cloudformationAttribute Type */ readonly attrType: string; /** * An optional date that specifies when the certificate becomes active. */ activeDate?: string; /** * The file name for the certificate. */ certificate: string; /** * The list of certificates that make up the chain for the certificate. */ certificateChain?: string; /** * The name or description that's used to identity the certificate. */ description?: string; /** * An optional date that specifies when the certificate becomes inactive. */ inactiveDate?: string; /** * The file that contains the private key for the certificate that's being imported. */ privateKey?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Key-value pairs that can be used to group and search for certificates. */ tagsRaw?: Array<cdk.CfnTag>; /** * Specifies how this certificate is used. It can be used in the following ways:. */ usage: string; /** * Create a new `AWS::Transfer::Certificate`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnCertificateProps); get certificateRef(): CertificateReference; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnCertificate` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html */ export interface CfnCertificateProps { /** * An optional date that specifies when the certificate becomes active. * * If you do not specify a value, `ActiveDate` takes the same value as `NotBeforeDate` , which is specified by the CA. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-activedate */ readonly activeDate?: string; /** * The file name for the certificate. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-certificate */ readonly certificate: string; /** * The list of certificates that make up the chain for the certificate. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-certificatechain */ readonly certificateChain?: string; /** * The name or description that's used to identity the certificate. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-description */ readonly description?: string; /** * An optional date that specifies when the certificate becomes inactive. * * If you do not specify a value, `InactiveDate` takes the same value as `NotAfterDate` , which is specified by the CA. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-inactivedate */ readonly inactiveDate?: string; /** * The file that contains the private key for the certificate that's being imported. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-privatekey */ readonly privateKey?: string; /** * Key-value pairs that can be used to group and search for certificates. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-tags */ readonly tags?: Array<cdk.CfnTag>; /** * Specifies how this certificate is used. It can be used in the following ways:. * * - `SIGNING` : For signing AS2 messages * - `ENCRYPTION` : For encrypting AS2 messages * - `TLS` : For securing AS2 communications sent over HTTPS * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.html#cfn-transfer-certificate-usage */ readonly usage: string; } /** * Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. * * For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see [Configure AS2 connectors](https://docs.aws.amazon.com/transfer/latest/userguide/configure-as2-connector.html) and [Create SFTP connectors](https://docs.aws.amazon.com/transfer/latest/userguide/configure-sftp-connector.html) . * * > You must specify exactly one configuration object: either for AS2 ( `As2Config` ) or SFTP ( `SftpConfig` ). * * @cloudformationResource AWS::Transfer::Connector * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html */ export declare class CfnConnector extends cdk.CfnResource implements cdk.IInspectable, IConnectorRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnConnector from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnConnector; /** * Checks whether the given object is a CfnConnector */ static isCfnConnector(x: any): x is CfnConnector; /** * Creates a new IConnectorRef from an ARN */ static fromConnectorArn(scope: constructs.Construct, id: string, arn: string): IConnectorRef; /** * Creates a new IConnectorRef from a connectorId */ static fromConnectorId(scope: constructs.Construct, id: string, connectorId: string): IConnectorRef; static arnForConnector(resource: IConnectorRef): string; /** * Specifies the unique Amazon Resource Name (ARN) for the connector. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The service-assigned ID of the connector that is created. * * @cloudformationAttribute ConnectorId */ readonly attrConnectorId: string; /** * Error message providing details when the connector is in ERRORED status. Contains information to help troubleshoot connector creation or operation failures. * * @cloudformationAttribute ErrorMessage */ readonly attrErrorMessage: string; /** * The list of egress IP addresses of this connector. These IP addresses are assigned automatically when you create the connector. * * @cloudformationAttribute ServiceManagedEgressIpAddresses */ readonly attrServiceManagedEgressIpAddresses: Array<string>; /** * Current status of the connector. PENDING indicates creation/update in progress, ACTIVE means ready for operations, and ERRORED indicates a failure requiring attention. * * @cloudformationAttribute Status */ readonly attrStatus: string; /** * Connectors are used to send files using either the AS2 or SFTP protocol. */ accessRole: string; /** * A structure that contains the parameters for an AS2 connector object. */ as2Config?: any | cdk.IResolvable; /** * Current egress configuration of the connector, showing how traffic is routed to the SFTP server. */ egressConfig?: CfnConnector.ConnectorEgressConfigProperty | cdk.IResolvable; /** * Type of egress configuration for the connector. */ egressType?: string; /** * The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. */ loggingRole?: string; /** * The text name of the security policy for the specified connector. */ securityPolicyName?: string; /** * A structure that contains the parameters for an SFTP connector object. */ sftpConfig?: cdk.IResolvable | CfnConnector.SftpConfigProperty; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Key-value pairs that can be used to group and search for connectors. */ tagsRaw?: Array<cdk.CfnTag>; /** * The URL of the partner's AS2 or SFTP endpoint. */ url?: string; /** * Create a new `AWS::Transfer::Connector`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnConnectorProps); get connectorRef(): ConnectorReference; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnConnector { /** * A structure that contains the parameters for an AS2 connector object. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html */ interface As2ConfigProperty { /** * Provides Basic authentication support to the AS2 Connectors API. * * To use Basic authentication, you must provide the name or Amazon Resource Name (ARN) of a secret in AWS Secrets Manager . * * The default value for this parameter is `null` , which indicates that Basic authentication is not enabled for the connector. * * If the connector should use Basic authentication, the secret needs to be in the following format: * * `{ "Username": "user-name", "Password": "user-password" }` * * Replace `user-name` and `user-password` with the credentials for the actual user that is being authenticated. * * Note the following: * * - You are storing these credentials in Secrets Manager, *not passing them directly* into this API. * - If you are using the API, SDKs, or CloudFormation to configure your connector, then you must create the secret before you can enable Basic authentication. However, if you are using the AWS management console, you can have the system create the secret for you. * * If you have previously enabled Basic authentication for a connector, you can disable it by using the `UpdateConnector` API call. For example, if you are using the CLI, you can run the following command to remove Basic authentication: * * `update-connector --connector-id my-connector-id --as2-config 'BasicAuthSecretId=""'` * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-basicauthsecretid */ readonly basicAuthSecretId?: string; /** * Specifies whether the AS2 file is compressed. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-compression */ readonly compression?: string; /** * The algorithm that is used to encrypt the file. * * Note the following: * * - Do not use the `DES_EDE3_CBC` algorithm unless you must support a legacy client that requires it, as it is a weak encryption algorithm. * - You can only specify `NONE` if the URL for your connector uses HTTPS. Using HTTPS ensures that no traffic is sent in clear text. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-encryptionalgorithm */ readonly encryptionAlgorithm?: string; /** * A unique identifier for the AS2 local profile. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-localprofileid */ readonly localProfileId?: string; /** * Used for outbound requests (from an AWS Transfer Family connector to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous. * * Specify either of the following values: * * - `SYNC` : The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not). * - `NONE` : Specifies that no MDN response is required. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-mdnresponse */ readonly mdnResponse?: string; /** * The signing algorithm for the MDN response. * * > If set to DEFAULT (or not set at all), the value for `SigningAlgorithm` is used. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-mdnsigningalgorithm */ readonly mdnSigningAlgorithm?: string; /** * Used as the `Subject` HTTP header attribute in AS2 messages that are being sent with the connector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-messagesubject */ readonly messageSubject?: string; /** * A unique identifier for the partner profile for the connector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-partnerprofileid */ readonly partnerProfileId?: string; /** * Specifies whether to use the AWS S3 object content-type as the content-type for the AS2 message. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-preservecontenttype */ readonly preserveContentType?: string; /** * The algorithm that is used to sign the AS2 messages sent with the connector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-as2config.html#cfn-transfer-connector-as2config-signingalgorithm */ readonly signingAlgorithm?: string; } /** * A structure that contains the parameters for an SFTP connector object. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html */ interface SftpConfigProperty { /** * Specify the number of concurrent connections that your connector creates to the remote server. * * The default value is `1` . The maximum values is `5` . * * > If you are using the AWS Management Console , the default value is `5` . * * This parameter specifies the number of active connections that your connector can establish with the remote server at the same time. Increasing this value can enhance connector performance when transferring large file batches by enabling parallel operations. * * @default - 1 * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html#cfn-transfer-connector-sftpconfig-maxconcurrentconnections */ readonly maxConcurrentConnections?: number; /** * The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. * * You can use the `ssh-keyscan` command against the SFTP server to retrieve the necessary key. * * > `TrustedHostKeys` is optional for `CreateConnector` . If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key. * * When creating connectors with egress config (VPC_LATTICE type connectors), since host name is not something we can verify, the only accepted trusted host key format is `key-type key-body` without the host name. For example: `ssh-rsa AAAAB3Nza...<long-string-for-public-key>` * * The three standard SSH public key format elements are `<key type>` , `<body base64>` , and an optional `<comment>` , with spaces between each element. Specify only the `<key type>` and `<body base64>` : do not enter the `<comment>` portion of the key. * * For the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys. * * - For RSA keys, the `<key type>` string is `ssh-rsa` . * - For ECDSA keys, the `<key type>` string is either `ecdsa-sha2-nistp256` , `ecdsa-sha2-nistp384` , or `ecdsa-sha2-nistp521` , depending on the size of the key you generated. * * Run this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com` . * * `ssh-keyscan ftp.host.com` * * This prints the public host key to standard output. * * `ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key>` * * Copy and paste this string into the `TrustedHostKeys` field for the `create-connector` command or into the *Trusted host keys* field in the console. * * For VPC Lattice type connectors (VPC_LATTICE), remove the hostname from the key and use only the `key-type key-body` format. In this example, it should be: `ssh-rsa AAAAB3Nza...<long-string-for-public-key>` * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html#cfn-transfer-connector-sftpconfig-trustedhostkeys */ readonly trustedHostKeys?: Array<string>; /** * The identifier for the secret (in AWS Secrets Manager) that contains the SFTP user's private key, password, or both. * * The identifier must be the Amazon Resource Name (ARN) of the secret. * * > - Required when creating an SFTP connector * > - Optional when updating an existing SFTP connector * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.html#cfn-transfer-connector-sftpconfig-usersecretid */ readonly userSecretId?: string; } /** * Configuration structure that defines how traffic is routed from the connector to the SFTP server. * * Contains VPC Lattice settings when using VPC_LATTICE egress type for private connectivity through customer VPCs. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-connectoregressconfig.html */ interface ConnectorEgressConfigProperty { /** * VPC_LATTICE configuration for routing connector traffic through customer VPCs. * * Enables private connectivity to SFTP servers without requiring public internet access or complex network configurations. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-connectoregressconfig.html#cfn-transfer-connector-connectoregressconfig-vpclattice */ readonly vpcLattice: CfnConnector.ConnectorVpcLatticeEgressConfigProperty | cdk.IResolvable; } /** * VPC_LATTICE egress configuration that specifies the Resource Configuration ARN and port for connecting to SFTP servers through customer VPCs. * * Requires a valid Resource Configuration with appropriate network access. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-connectorvpclatticeegressconfig.html */ interface ConnectorVpcLatticeEgressConfigProperty { /** * Port number for connecting to the SFTP server through VPC_LATTICE. * * Defaults to 22 if not specified. Must match the port on which the target SFTP server is listening. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-connectorvpclatticeegressconfig.html#cfn-transfer-connector-connectorvpclatticeegressconfig-portnumber */ readonly portNumber?: number; /** * ARN of the VPC_LATTICE Resource Configuration that defines the target SFTP server location. * * Must point to a valid Resource Configuration in the customer's VPC with appropriate network connectivity to the SFTP server. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-connectorvpclatticeegressconfig.html#cfn-transfer-connector-connectorvpclatticeegressconfig-resourceconfigurationarn */ readonly resourceConfigurationArn: string; } } /** * Properties for defining a `CfnConnector` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html */ export interface CfnConnectorProps { /** * Connectors are used to send files using either the AS2 or SFTP protocol. * * For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use. * * *For AS2 connectors* * * With AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` . * * If you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key. * * *For SFTP connectors* * * Make sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-accessrole */ readonly accessRole: string; /** * A structure that contains the parameters for an AS2 connector object. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-as2config */ readonly as2Config?: any | cdk.IResolvable; /** * Current egress configuration of the connector, showing how traffic is routed to the SFTP server. * * Contains VPC Lattice settings when using VPC_LATTICE egress type. * * When using the VPC_LATTICE egress type, AWS Transfer Family uses a managed Service Network to simplify the resource sharing process. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-egressconfig */ readonly egressConfig?: CfnConnector.ConnectorEgressConfigProperty | cdk.IResolvable; /** * Type of egress configuration for the connector. * * SERVICE_MANAGED uses Transfer Family managed NAT gateways, while VPC_LATTICE routes traffic through customer VPCs using VPC Lattice. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-egresstype */ readonly egressType?: string; /** * The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. * * When set, you can view connector activity in your CloudWatch logs. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-loggingrole */ readonly loggingRole?: string; /** * The text name of the security policy for the specified connector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-securitypolicyname */ readonly securityPolicyName?: string; /** * A structure that contains the parameters for an SFTP connector object. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-sftpconfig */ readonly sftpConfig?: cdk.IResolvable | CfnConnector.SftpConfigProperty; /** * Key-value pairs that can be used to group and search for connectors. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-tags */ readonly tags?: Array<cdk.CfnTag>; /** * The URL of the partner's AS2 or SFTP endpoint. * * When creating AS2 connectors or service-managed SFTP connectors (connectors without egress configuration), you must provide a URL to specify the remote server endpoint. For VPC Lattice type connectors, the URL must be null. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-connector.html#cfn-transfer-connector-url */ readonly url?: string; } /** * Creates the local or partner profile to use for AS2 transfers. * * @cloudformationResource AWS::Transfer::Profile * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html */ export declare class CfnProfile extends cdk.CfnResource implements cdk.IInspectable, IProfileRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnProfile from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnProfile; /** * Checks whether the given object is a CfnProfile */ static isCfnProfile(x: any): x is CfnProfile; /** * Creates a new IProfileRef from an ARN */ static fromProfileArn(scope: constructs.Construct, id: string, arn: string): IProfileRef; /** * Creates a new IProfileRef from a profileId */ static fromProfileId(scope: constructs.Construct, id: string, profileId: string): IProfileRef; static arnForProfile(resource: IProfileRef): string; /** * The Amazon Resource Name associated with the profile, in the form `arn:aws:transfer:region:account-id:profile/profile-id/` . * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The unique identifier for the AS2 profile, returned after the API call succeeds. * * @cloudformationAttribute ProfileId */ readonly attrProfileId: string; /** * The `As2Id` is the *AS2-name* , as defined in the [RFC 4130](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc4130) . For inbound transfers, this is the `AS2-From` header for the AS2 messages sent from the partner. For outbound connectors, this is the `AS2-To` header for the AS2 messages sent to the partner using the `StartFileTransfer` API operation. This ID cannot include spaces. */ as2Id: string; /** * An array of identifiers for the imported certificates. */ certificateIds?: Array<string>; /** * Indicates whether to list only `LOCAL` type profiles or only `PARTNER` type profiles. */ profileType: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Key-value pairs that can be used to group and search for profiles. */ tagsRaw?: Array<cdk.CfnTag>; /** * Create a new `AWS::Transfer::Profile`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnProfileProps); get profileRef(): ProfileReference; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnProfile` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html */ export interface CfnProfileProps { /** * The `As2Id` is the *AS2-name* , as defined in the [RFC 4130](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc4130) . For inbound transfers, this is the `AS2-From` header for the AS2 messages sent from the partner. For outbound connectors, this is the `AS2-To` header for the AS2 messages sent to the partner using the `StartFileTransfer` API operation. This ID cannot include spaces. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-as2id */ readonly as2Id: string; /** * An array of identifiers for the imported certificates. * * You use this identifier for working with profiles and partner profiles. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#cfn-transfer-profile-certificateids */ readonly certificateIds?: Array<string>; /** * Indicates whether to list only `LOCAL` type profiles or only `PARTNER` type profiles. * * If not supplied in the request, the command lists all types of profiles. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-profile.html#c