Creates an AWS Transfer for SFTP endpoint.
Creates the following resources:
- AWS Transfer for SFTP Server.
- IAM role for logging.
- Route53 record for Transfer endpoint (optional).
module "sftp" {
source = "trussworks/sftp/aws"
version = "~> 1.0.0"
name = "myapp-sftp-endpoint"
domain_name = "sftp.example.com"
iam_role_name = "sftp-logging-role"
zone_id = data.aws_route53_zone.main.zone_id
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 2.70 |
| Name | Version |
|---|---|
| aws | >= 2.70 |
No modules.
| Name | Type |
|---|---|
| aws_iam_role.main | resource |
| aws_iam_role_policy.main | resource |
| aws_route53_record.main | resource |
| aws_transfer_server.main | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| aws_iam_policy_document.role_policy | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| certificate | The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. | string |
null |
no |
| domain_name | Domain name of the SFTP Endpoint as a CNAME record. Also requires zone_id. | string |
"" |
no |
| endpoint_details | The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Only required if endpoint_type is set to VPC. | map(object({ address_allocation_ids = list(string) subnet_ids = list(string) vpc_id = string security_group_ids = list(string) })) |
{} |
no |
| endpoint_type | The type of endpoint that you want your SFTP server connect to. Either PUBLIC or VPC. | string |
"PUBLIC" |
no |
| host_key | RSA private key (e.g., as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command). | string |
null |
no |
| iam_role_description | Description of the AWS Transfer Server IAM Role used for logging to CloudWatch Logs | string |
"IAM Role used by AWS Transfer Server to log to Cloudwatch" |
no |
| iam_role_name | Name of the AWS Transfer Server IAM Role used for logging to CloudWatch Logs | string |
"sftp-logging-role" |
no |
| name | Name of the AWS Transfer Server | string |
n/a | yes |
| protocols | Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. | list(string) |
[ "SFTP" ] |
no |
| security_policy_name | Specifies the name of the security policy that is attached to the server. | string |
"TransferSecurityPolicy-2020-06" |
no |
| tags | Additional tags | map(string) |
{} |
no |
| zone_id | Route53 Zone ID of the SFTP Endpoint CNAME record. Also requires domain_name. | string |
"" |
no |
| Name | Description |
|---|---|
| sftp_server_endpoint | The endpoint of the Transfer Server |
| sftp_server_id | Server ID of the AWS Transfer Server (aka SFTP Server) |