AWS API Changes

2022/07/26 - AWS Transfer Family - 21 new4 updated api methods

Changes AWS Transfer Family now supports Applicability Statement 2 (AS2), a network protocol used for the secure and reliable transfer of critical Business-to-Business (B2B) data over the public internet using HTTP/HTTPS as the transport mechanism.

DeleteProfile (new)

Link ¶

Deletes the profile that's specified in the ProfileId parameter.

See also: AWS API Documentation

Request Syntax

client.delete_profile(
    ProfileId='string'
)

type ProfileId:

string

param ProfileId:

[REQUIRED]

The ID of the profile that you are deleting.

returns:

None

ListAgreements (new)

Link ¶

Returns a list of the agreements for the server that's identified by the ServerId that you supply. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing agreements from where you left off.

See also: AWS API Documentation

Request Syntax

client.list_agreements(
    MaxResults=123,
    NextToken='string',
    ServerId='string'
)

type MaxResults:

integer

param MaxResults:

The maximum number of agreements to return.

type NextToken:

string

param NextToken:

When you can get additional results from the ListAgreements call, a NextToken parameter is returned in the output. You can then pass in a subsequent command to the NextToken parameter to continue listing additional agreements.

type ServerId:

string

param ServerId:

[REQUIRED]

The identifier of the server for which you want a list of agreements.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'Agreements': [
        {
            'Arn': 'string',
            'AgreementId': 'string',
            'Description': 'string',
            'Status': 'ACTIVE'|'INACTIVE',
            'ServerId': 'string',
            'LocalProfileId': 'string',
            'PartnerProfileId': 'string'
        },
    ]
}

Response Structure

(dict) --
- NextToken (string) --
  
  Returns a token that you can use to call ListAgreements again and receive additional results, if there are any.
- Agreements (list) --
  
  Returns an array, where each item contains the details of an agreement.
  - (dict) --
    
    Describes the properties of an agreement.
    - Arn (string) --
      
      The Amazon Resource Name (ARN) of the specified agreement.
    - AgreementId (string) --
      
      A unique identifier for the agreement. This identifier is returned when you create an agreement.
    - Description (string) --
      
      The current description for the agreement. You can change it by calling the UpdateAgreement operation and providing a new description.
    - Status (string) --
      
      The agreement can be either ACTIVE or INACTIVE.
    - ServerId (string) --
      
      The unique identifier for the agreement.
    - LocalProfileId (string) --
      
      A unique identifier for the AS2 process.
    - PartnerProfileId (string) --
      
      A unique identifier for the partner process.

UpdateConnector (new)

Link ¶

Updates some of the parameters for an existing connector. Provide the ConnectorId for the connector that you want to update, along with the new values for the parameters to update.

See also: AWS API Documentation

Request Syntax

client.update_connector(
    ConnectorId='string',
    Url='string',
    As2Config={
        'LocalProfileId': 'string',
        'PartnerProfileId': 'string',
        'MessageSubject': 'string',
        'Compression': 'ZLIB'|'DISABLED',
        'EncryptionAlgorithm': 'AES128_CBC'|'AES192_CBC'|'AES256_CBC',
        'SigningAlgorithm': 'SHA256'|'SHA384'|'SHA512'|'SHA1'|'NONE',
        'MdnSigningAlgorithm': 'SHA256'|'SHA384'|'SHA512'|'SHA1'|'NONE'|'DEFAULT',
        'MdnResponse': 'SYNC'|'NONE'
    },
    AccessRole='string',
    LoggingRole='string'
)

type ConnectorId:

string

param ConnectorId:

[REQUIRED]

The unique identifier for the connector.

type Url:

string

param Url:

The URL of the partner's AS2 endpoint.

type As2Config:

dict

param As2Config:

A structure that contains the parameters for a connector object.

LocalProfileId (string) --

A unique identifier for the AS2 process.
PartnerProfileId (string) --

A unique identifier for the partner for the connector.
MessageSubject (string) --

A short description to help identify the connector.
Compression (string) --

Specifies whether the AS2 file is compressed.
EncryptionAlgorithm (string) --

The algorithm that is used to encrypt the file.
SigningAlgorithm (string) --

The algorithm that is used to sign the AS2 transfers for this partner profile.
MdnSigningAlgorithm (string) --

The signing algorithm for the MDN response.
MdnResponse (string) --

Used for outbound requests (from an Transfer Family server to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous. Specify either of the following values:
- SYNC: The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not).
- NONE: Specifies that no MDN response is required.

type AccessRole:

string

param AccessRole:

With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.

type LoggingRole:

string

param LoggingRole:

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.

rtype:

dict

returns:

Response Syntax

{
    'ConnectorId': 'string'
}

Response Structure

(dict) --
- ConnectorId (string) --
  
  Returns the identifier of the connector object that you are updating.

ImportCertificate (new)

Link ¶

Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles.

See also: AWS API Documentation

Request Syntax

client.import_certificate(
    Usage='SIGNING'|'ENCRYPTION',
    Certificate='string',
    CertificateChain='string',
    PrivateKey='string',
    ActiveDate=datetime(2015, 1, 1),
    InactiveDate=datetime(2015, 1, 1),
    Description='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)

type Usage:

string

param Usage:

[REQUIRED]

Specifies whether this certificate is used for signing or encryption.

type Certificate:

string

param Certificate:

[REQUIRED]

The file that contains the certificate to import.

type CertificateChain:

string

param CertificateChain:

An optional list of certificates that make up the chain for the certificate that's being imported.

type PrivateKey:

string

param PrivateKey:

The file that contains the private key for the certificate that's being imported.

type ActiveDate:

datetime

param ActiveDate:

An optional date that specifies when the certificate becomes active.

type InactiveDate:

datetime

param InactiveDate:

An optional date that specifies when the certificate becomes inactive.

type Description:

string

param Description:

A short description that helps identify the certificate.

type Tags:

list

param Tags:

Key-value pairs that can be used to group and search for certificates.

(dict) --

Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
- Key (string) -- [REQUIRED]
  
  The name assigned to the tag that you create.
- Value (string) -- [REQUIRED]
  
  Contains one or more values that you assigned to the key name you create.

rtype:

dict

returns:

Response Syntax

{
    'CertificateId': 'string'
}

Response Structure

(dict) --
- CertificateId (string) --
  
  An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.

ListProfiles (new)

Link ¶

Returns a list of the profiles for your system. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing profiles from where you left off.

See also: AWS API Documentation

Request Syntax

client.list_profiles(
    MaxResults=123,
    NextToken='string',
    ProfileType='LOCAL'|'PARTNER'
)

type MaxResults:

integer

param MaxResults:

The maximum number of profiles to return.

type NextToken:

string

param NextToken:

When there are additional results that were not returned, a NextToken parameter is returned. You can use that value for a subsequent call to ListProfiles to continue listing results.

type ProfileType:

string

param ProfileType:

Indicates whether to list only LOCAL type profiles or only PARTNER type profiles. If not supplied in the request, the command lists all types of profiles.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'Profiles': [
        {
            'Arn': 'string',
            'ProfileId': 'string',
            'As2Id': 'string',
            'ProfileType': 'LOCAL'|'PARTNER'
        },
    ]
}

Response Structure

(dict) --
- NextToken (string) --
  
  Returns a token that you can use to call ListProfiles again and receive additional results, if there are any.
- Profiles (list) --
  
  Returns an array, where each item contains the details of a profile.
  - (dict) --
    
    Returns the properties of the profile that was specified.
    - Arn (string) --
      
      The Amazon Resource Name (ARN) of the specified profile.
    - ProfileId (string) --
      
      A unique identifier for the local or partner AS2 profile.
    - As2Id (string) --
      
      The unique identifier for the AS2 process.
    - ProfileType (string) --
      
      Indicates whether to list only LOCAL type profiles or only PARTNER type profiles. If not supplied in the request, the command lists all types of profiles.

UpdateCertificate (new)

Link ¶

Updates the active and inactive dates for a certificate.

See also: AWS API Documentation

Request Syntax

client.update_certificate(
    CertificateId='string',
    ActiveDate=datetime(2015, 1, 1),
    InactiveDate=datetime(2015, 1, 1),
    Description='string'
)

type CertificateId:

string

param CertificateId:

[REQUIRED]

The identifier of the certificate object that you are updating.

type ActiveDate:

datetime

param ActiveDate:

An optional date that specifies when the certificate becomes active.

type InactiveDate:

datetime

param InactiveDate:

An optional date that specifies when the certificate becomes inactive.

type Description:

string

param Description:

A short description to help identify the certificate.

rtype:

dict

returns:

Response Syntax

{
    'CertificateId': 'string'
}

Response Structure

(dict) --
- CertificateId (string) --
  
  Returns the identifier of the certificate object that you are updating.

ListCertificates (new)

Link ¶

Returns a list of the current certificates that have been imported into Transfer Family. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for the NextToken parameter, you can supply that value to continue listing certificates from where you left off.

See also: AWS API Documentation

Request Syntax

client.list_certificates(
    MaxResults=123,
    NextToken='string'
)

type MaxResults:

integer

param MaxResults:

The maximum number of certificates to return.

type NextToken:

string

param NextToken:

When you can get additional results from the ListCertificates call, a NextToken parameter is returned in the output. You can then pass in a subsequent command to the NextToken parameter to continue listing additional certificates.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'Certificates': [
        {
            'Arn': 'string',
            'CertificateId': 'string',
            'Usage': 'SIGNING'|'ENCRYPTION',
            'Status': 'ACTIVE'|'PENDING_ROTATION'|'INACTIVE',
            'ActiveDate': datetime(2015, 1, 1),
            'InactiveDate': datetime(2015, 1, 1),
            'Type': 'CERTIFICATE'|'CERTIFICATE_WITH_PRIVATE_KEY',
            'Description': 'string'
        },
    ]
}

Response Structure

(dict) --
- NextToken (string) --
  
  Returns the next token, which you can use to list the next certificate.
- Certificates (list) --
  
  Returns an array of the certificates that are specified in the ListCertificates call.
  - (dict) --
    
    Describes the properties of a certificate.
    - Arn (string) --
      
      The Amazon Resource Name (ARN) of the specified certificate.
    - CertificateId (string) --
      
      An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.
    - Usage (string) --
      
      Specifies whether this certificate is used for signing or encryption.
    - Status (string) --
      
      The certificate can be either ACTIVE, PENDING_ROTATION, or INACTIVE. PENDING_ROTATION means that this certificate will replace the current certificate when it expires.
    - ActiveDate (datetime) --
      
      An optional date that specifies when the certificate becomes active.
    - InactiveDate (datetime) --
      
      An optional date that specifies when the certificate becomes inactive.
    - Type (string) --
      
      The type for the certificate. If a private key has been specified for the certificate, its type is CERTIFICATE_WITH_PRIVATE_KEY. If there is no private key, the type is CERTIFICATE.
    - Description (string) --
      
      The name or short description that's used to identify the certificate.

DescribeConnector (new)

Link ¶

Describes the connector that's identified by the ConnectorId.

See also: AWS API Documentation

Request Syntax

client.describe_connector(
    ConnectorId='string'
)

type ConnectorId:

string

param ConnectorId:

[REQUIRED]

The unique identifier for the connector.

rtype:

dict

returns:

Response Syntax

{
    'Connector': {
        'Arn': 'string',
        'ConnectorId': 'string',
        'Url': 'string',
        'As2Config': {
            'LocalProfileId': 'string',
            'PartnerProfileId': 'string',
            'MessageSubject': 'string',
            'Compression': 'ZLIB'|'DISABLED',
            'EncryptionAlgorithm': 'AES128_CBC'|'AES192_CBC'|'AES256_CBC',
            'SigningAlgorithm': 'SHA256'|'SHA384'|'SHA512'|'SHA1'|'NONE',
            'MdnSigningAlgorithm': 'SHA256'|'SHA384'|'SHA512'|'SHA1'|'NONE'|'DEFAULT',
            'MdnResponse': 'SYNC'|'NONE'
        },
        'AccessRole': 'string',
        'LoggingRole': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

(dict) --
- Connector (dict) --
  
  The structure that contains the details of the connector.
  - Arn (string) --
    
    The unique Amazon Resource Name (ARN) for the connector.
  - ConnectorId (string) --
    
    The unique identifier for the connector.
  - Url (string) --
    
    The URL of the partner's AS2 endpoint.
  - As2Config (dict) --
    
    A structure that contains the parameters for a connector object.
    - LocalProfileId (string) --
      
      A unique identifier for the AS2 process.
    - PartnerProfileId (string) --
      
      A unique identifier for the partner for the connector.
    - MessageSubject (string) --
      
      A short description to help identify the connector.
    - Compression (string) --
      
      Specifies whether the AS2 file is compressed.
    - EncryptionAlgorithm (string) --
      
      The algorithm that is used to encrypt the file.
    - SigningAlgorithm (string) --
      
      The algorithm that is used to sign the AS2 transfers for this partner profile.
    - MdnSigningAlgorithm (string) --
      
      The signing algorithm for the MDN response.
    - MdnResponse (string) --
      
      Used for outbound requests (from an Transfer Family server to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous. Specify either of the following values:
      - SYNC: The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not).
      - NONE: Specifies that no MDN response is required.
  - AccessRole (string) --
    
    With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
  - LoggingRole (string) --
    
    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.
  - Tags (list) --
    
    Key-value pairs that can be used to group and search for connectors.
    - (dict) --
      
      Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
      - Key (string) --
        
        The name assigned to the tag that you create.
      - Value (string) --
        
        Contains one or more values that you assigned to the key name you create.

CreateConnector (new)

Link ¶

Creates the connector, which captures the parameters for an outbound connection for the AS2 protocol. The connector is required for sending files from a customer's non Amazon Web Services server.

See also: AWS API Documentation

Request Syntax

client.create_connector(
    Url='string',
    As2Config={
        'LocalProfileId': 'string',
        'PartnerProfileId': 'string',
        'MessageSubject': 'string',
        'Compression': 'ZLIB'|'DISABLED',
        'EncryptionAlgorithm': 'AES128_CBC'|'AES192_CBC'|'AES256_CBC',
        'SigningAlgorithm': 'SHA256'|'SHA384'|'SHA512'|'SHA1'|'NONE',
        'MdnSigningAlgorithm': 'SHA256'|'SHA384'|'SHA512'|'SHA1'|'NONE'|'DEFAULT',
        'MdnResponse': 'SYNC'|'NONE'
    },
    AccessRole='string',
    LoggingRole='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)

type Url:

string

param Url:

[REQUIRED]

The URL of the partner's AS2 endpoint.

type As2Config:

dict

param As2Config:

[REQUIRED]

A structure that contains the parameters for a connector object.

LocalProfileId (string) --

A unique identifier for the AS2 process.
PartnerProfileId (string) --

A unique identifier for the partner for the connector.
MessageSubject (string) --

A short description to help identify the connector.
Compression (string) --

Specifies whether the AS2 file is compressed.
EncryptionAlgorithm (string) --

The algorithm that is used to encrypt the file.
SigningAlgorithm (string) --

The algorithm that is used to sign the AS2 transfers for this partner profile.
MdnSigningAlgorithm (string) --

The signing algorithm for the MDN response.
MdnResponse (string) --

Used for outbound requests (from an Transfer Family server to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous. Specify either of the following values:
- SYNC: The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not).
- NONE: Specifies that no MDN response is required.

type AccessRole:

string

param AccessRole:

[REQUIRED]

type LoggingRole:

string

param LoggingRole:

type Tags:

list

param Tags:

Key-value pairs that can be used to group and search for connectors. Tags are metadata attached to connectors for any purpose.

(dict) --

Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
- Key (string) -- [REQUIRED]
  
  The name assigned to the tag that you create.
- Value (string) -- [REQUIRED]
  
  Contains one or more values that you assigned to the key name you create.

rtype:

dict

returns:

Response Syntax

{
    'ConnectorId': 'string'
}

Response Structure

(dict) --
- ConnectorId (string) --
  
  The unique identifier for the connector, returned after the API call succeeds.

DeleteCertificate (new)

Link ¶

Deletes the certificate that's specified in the CertificateId parameter.

See also: AWS API Documentation

Request Syntax

client.delete_certificate(
    CertificateId='string'
)

type CertificateId:

string

param CertificateId:

[REQUIRED]

The ID of the certificate object that you are deleting.

returns:

None

DescribeAgreement (new)

Link ¶

Describes the agreement that's identified by the AgreementId.

See also: AWS API Documentation

Request Syntax

client.describe_agreement(
    AgreementId='string',
    ServerId='string'
)

type AgreementId:

string

param AgreementId:

[REQUIRED]

A unique identifier for the agreement. This identifier is returned when you create an agreement.

type ServerId:

string

param ServerId:

[REQUIRED]

The server ID that's associated with the agreement.

rtype:

dict

returns:

Response Syntax

{
    'Agreement': {
        'Arn': 'string',
        'AgreementId': 'string',
        'Description': 'string',
        'Status': 'ACTIVE'|'INACTIVE',
        'ServerId': 'string',
        'LocalProfileId': 'string',
        'PartnerProfileId': 'string',
        'BaseDirectory': 'string',
        'AccessRole': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

(dict) --
- Agreement (dict) --
  
  The details for the specified agreement, returned as a DescribedAgreement object.
  - Arn (string) --
    
    The unique Amazon Resource Name (ARN) for the agreement.
  - AgreementId (string) --
    
    A unique identifier for the agreement. This identifier is returned when you create an agreement.
  - Description (string) --
    
    The name or short description that's used to identify the agreement.
  - Status (string) --
    
    The current status of the agreement, either ACTIVE or INACTIVE.
  - ServerId (string) --
    
    A system-assigned unique identifier for a server instance. This identifier indicates the specific server that the agreement uses.
  - LocalProfileId (string) --
    
    A unique identifier for the AS2 process.
  - PartnerProfileId (string) --
    
    A unique identifier for the partner in the agreement.
  - BaseDirectory (string) --
    
    The landing directory (folder) for files that are transferred by using the AS2 protocol.
  - AccessRole (string) --
    
    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that grants access to at least the HomeDirectory of your users' Amazon S3 buckets.
  - Tags (list) --
    
    Key-value pairs that can be used to group and search for agreements.
    - (dict) --
      
      Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
      - Key (string) --
        
        The name assigned to the tag that you create.
      - Value (string) --
        
        Contains one or more values that you assigned to the key name you create.

DeleteConnector (new)

Link ¶

Deletes the agreement that's specified in the provided ConnectorId.

See also: AWS API Documentation

Request Syntax

client.delete_connector(
    ConnectorId='string'
)

type ConnectorId:

string

param ConnectorId:

[REQUIRED]

The unique identifier for the connector.

returns:

None

UpdateAgreement (new)

Link ¶

Updates some of the parameters for an existing agreement. Provide the AgreementId and the ServerId for the agreement that you want to update, along with the new values for the parameters to update.

See also: AWS API Documentation

Request Syntax

client.update_agreement(
    AgreementId='string',
    ServerId='string',
    Description='string',
    Status='ACTIVE'|'INACTIVE',
    LocalProfileId='string',
    PartnerProfileId='string',
    BaseDirectory='string',
    AccessRole='string'
)

type AgreementId:

string

param AgreementId:

[REQUIRED]

A unique identifier for the agreement. This identifier is returned when you create an agreement.

type ServerId:

string

param ServerId:

[REQUIRED]

A system-assigned unique identifier for a server instance. This is the specific server that the agreement uses.

type Description:

string

param Description:

To replace the existing description, provide a short description for the agreement.

type Status:

string

param Status:

You can update the status for the agreement, either activating an inactive agreement or the reverse.

type LocalProfileId:

string

param LocalProfileId:

To change the local profile identifier, provide a new value here.

type PartnerProfileId:

string

param PartnerProfileId:

To change the partner profile identifier, provide a new value here.

type BaseDirectory:

string

param BaseDirectory:

To change the landing directory (folder) for files that are transferred, provide the bucket folder that you want to use; for example, ``/DOC-EXAMPLE-BUCKET/home/mydirectory ``.

type AccessRole:

string

param AccessRole:

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that grants access to at least the HomeDirectory of your users' Amazon S3 buckets.

rtype:

dict

returns:

Response Syntax

{
    'AgreementId': 'string'
}

Response Structure

(dict) --
- AgreementId (string) --
  
  A unique identifier for the agreement. This identifier is returned when you create an agreement.

CreateAgreement (new)

Link ¶

Creates an agreement. An agreement is a bilateral trading partner agreement, or partnership, between an Transfer Family server and an AS2 process. The agreement defines the file and message transfer relationship between the server and the AS2 process. To define an agreement, Transfer Family combines a server, local profile, partner profile, certificate, and other attributes.

The partner is identified with the PartnerProfileId, and the AS2 process is identified with the LocalProfileId.

See also: AWS API Documentation

Request Syntax

client.create_agreement(
    Description='string',
    ServerId='string',
    LocalProfileId='string',
    PartnerProfileId='string',
    BaseDirectory='string',
    AccessRole='string',
    Status='ACTIVE'|'INACTIVE',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)

type Description:

string

param Description:

A name or short description to identify the agreement.

type ServerId:

string

param ServerId:

[REQUIRED]

A system-assigned unique identifier for a server instance. This is the specific server that the agreement uses.

type LocalProfileId:

string

param LocalProfileId:

[REQUIRED]

A unique identifier for the AS2 local profile.

type PartnerProfileId:

string

param PartnerProfileId:

[REQUIRED]

A unique identifier for the partner profile used in the agreement.

type BaseDirectory:

string

param BaseDirectory:

[REQUIRED]

The landing directory (folder) for files transferred by using the AS2 protocol.

A BaseDirectory example is ``/DOC-EXAMPLE-BUCKET/home/mydirectory ``.

type AccessRole:

string

param AccessRole:

[REQUIRED]

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that grants access to at least the HomeDirectory of your users' Amazon S3 buckets.

type Status:

string

param Status:

The status of the agreement. The agreement can be either ACTIVE or INACTIVE.

type Tags:

list

param Tags:

Key-value pairs that can be used to group and search for agreements.

(dict) --

Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
- Key (string) -- [REQUIRED]
  
  The name assigned to the tag that you create.
- Value (string) -- [REQUIRED]
  
  Contains one or more values that you assigned to the key name you create.

rtype:

dict

returns:

Response Syntax

{
    'AgreementId': 'string'
}

Response Structure

(dict) --
- AgreementId (string) --
  
  The unique identifier for the agreement. Use this ID for deleting, or updating an agreement, as well as in any other API calls that require that you specify the agreement ID.

StartFileTransfer (new)

Link ¶

Begins an outbound file transfer. You specify the ConnectorId and the file paths for where to send the files.

See also: AWS API Documentation

Request Syntax

client.start_file_transfer(
    ConnectorId='string',
    SendFilePaths=[
        'string',
    ]
)

type ConnectorId:

string

param ConnectorId:

[REQUIRED]

The unique identifier for the connector.

type SendFilePaths:

list

param SendFilePaths:

[REQUIRED]

An array of strings. Each string represents the absolute path for one outbound file transfer. For example, ``DOC-EXAMPLE-BUCKET/myfile.txt ``.

(string) --

rtype:

dict

returns:

Response Syntax

{
    'TransferId': 'string'
}

Response Structure

(dict) --
- TransferId (string) --
  
  Returns the unique identifier for this file transfer.

DescribeProfile (new)

Link ¶

Returns the details of the profile that's specified by the ProfileId.

See also: AWS API Documentation

Request Syntax

client.describe_profile(
    ProfileId='string'
)

type ProfileId:

string

param ProfileId:

[REQUIRED]

The identifier of the profile that you want described.

rtype:

dict

returns:

Response Syntax

{
    'Profile': {
        'Arn': 'string',
        'ProfileId': 'string',
        'ProfileType': 'LOCAL'|'PARTNER',
        'As2Id': 'string',
        'CertificateIds': [
            'string',
        ],
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

(dict) --
- Profile (dict) --
  
  The details of the specified profile, returned as an object.
  - Arn (string) --
    
    The unique Amazon Resource Name (ARN) for the profile.
  - ProfileId (string) --
    
    A unique identifier for the local or partner AS2 profile.
  - ProfileType (string) --
    
    Indicates whether to list only LOCAL type profiles or only PARTNER type profiles. If not supplied in the request, the command lists all types of profiles.
  - As2Id (string) --
    
    The unique identifier for the AS2 process.
  - CertificateIds (list) --
    
    An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.
    - (string) --
  - Tags (list) --
    
    Key-value pairs that can be used to group and search for profiles.
    - (dict) --
      
      Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
      - Key (string) --
        
        The name assigned to the tag that you create.
      - Value (string) --
        
        Contains one or more values that you assigned to the key name you create.

CreateProfile (new)

Link ¶

Creates the profile for the AS2 process. The agreement is between the partner and the AS2 process.

See also: AWS API Documentation

Request Syntax

client.create_profile(
    As2Id='string',
    ProfileType='LOCAL'|'PARTNER',
    CertificateIds=[
        'string',
    ],
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)

type As2Id:

string

param As2Id:

[REQUIRED]

The As2Id is the AS2-name, as defined in the defined in the RFC 4130. For inbound transfers, this is the AS2-From header for the AS2 messages sent from the partner. For outbound connectors, this is the AS2-To header for the AS2 messages sent to the partner using the StartFileTransfer API operation. This ID cannot include spaces.

type ProfileType:

string

param ProfileType:

[REQUIRED]

Indicates whether to list only LOCAL type profiles or only PARTNER type profiles. If not supplied in the request, the command lists all types of profiles.

type CertificateIds:

list

param CertificateIds:

An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.

(string) --

type Tags:

list

param Tags:

Key-value pairs that can be used to group and search for AS2 profiles.

(dict) --

Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
- Key (string) -- [REQUIRED]
  
  The name assigned to the tag that you create.
- Value (string) -- [REQUIRED]
  
  Contains one or more values that you assigned to the key name you create.

rtype:

dict

returns:

Response Syntax

{
    'ProfileId': 'string'
}

Response Structure

(dict) --
- ProfileId (string) --
  
  The unique identifier for the AS2 profile, returned after the API call succeeds.

DeleteAgreement (new)

Link ¶

Delete the agreement that's specified in the provided AgreementId.

See also: AWS API Documentation

Request Syntax

client.delete_agreement(
    AgreementId='string',
    ServerId='string'
)

type AgreementId:

string

param AgreementId:

[REQUIRED]

A unique identifier for the agreement. This identifier is returned when you create an agreement.

type ServerId:

string

param ServerId:

[REQUIRED]

The server ID associated with the agreement that you are deleting.

returns:

None

UpdateProfile (new)

Link ¶

Updates some of the parameters for an existing profile. Provide the ProfileId for the profile that you want to update, along with the new values for the parameters to update.

See also: AWS API Documentation

Request Syntax

client.update_profile(
    ProfileId='string',
    CertificateIds=[
        'string',
    ]
)

type ProfileId:

string

param ProfileId:

[REQUIRED]

The identifier of the profile object that you are updating.

type CertificateIds:

list

param CertificateIds:

An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.

(string) --

rtype:

dict

returns:

Response Syntax

{
    'ProfileId': 'string'
}

Response Structure

(dict) --
- ProfileId (string) --
  
  Returns the identifier for the profile that's being updated.

DescribeCertificate (new)

Link ¶

Describes the certificate that's identified by the CertificateId.

See also: AWS API Documentation

Request Syntax

client.describe_certificate(
    CertificateId='string'
)

type CertificateId:

string

param CertificateId:

[REQUIRED]

An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.

rtype:

dict

returns:

Response Syntax

{
    'Certificate': {
        'Arn': 'string',
        'CertificateId': 'string',
        'Usage': 'SIGNING'|'ENCRYPTION',
        'Status': 'ACTIVE'|'PENDING_ROTATION'|'INACTIVE',
        'Certificate': 'string',
        'CertificateChain': 'string',
        'ActiveDate': datetime(2015, 1, 1),
        'InactiveDate': datetime(2015, 1, 1),
        'Serial': 'string',
        'NotBeforeDate': datetime(2015, 1, 1),
        'NotAfterDate': datetime(2015, 1, 1),
        'Type': 'CERTIFICATE'|'CERTIFICATE_WITH_PRIVATE_KEY',
        'Description': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

(dict) --
- Certificate (dict) --
  
  The details for the specified certificate, returned as an object.
  - Arn (string) --
    
    The unique Amazon Resource Name (ARN) for the certificate.
  - CertificateId (string) --
    
    An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.
  - Usage (string) --
    
    Specifies whether this certificate is used for signing or encryption.
  - Status (string) --
    
    The certificate can be either ACTIVE, PENDING_ROTATION, or INACTIVE. PENDING_ROTATION means that this certificate will replace the current certificate when it expires.
  - Certificate (string) --
    
    The file name for the certificate.
  - CertificateChain (string) --
    
    The list of certificates that make up the chain for the certificate.
  - ActiveDate (datetime) --
    
    An optional date that specifies when the certificate becomes active.
  - InactiveDate (datetime) --
    
    An optional date that specifies when the certificate becomes inactive.
  - Serial (string) --
    
    The serial number for the certificate.
  - NotBeforeDate (datetime) --
    
    The earliest date that the certificate is valid.
  - NotAfterDate (datetime) --
    
    The final date that the certificate is valid.
  - Type (string) --
    
    If a private key has been specified for the certificate, its type is CERTIFICATE_WITH_PRIVATE_KEY. If there is no private key, the type is CERTIFICATE.
  - Description (string) --
    
    The name or description that's used to identity the certificate.
  - Tags (list) --
    
    Key-value pairs that can be used to group and search for certificates.
    - (dict) --
      
      Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
      - Key (string) --
        
        The name assigned to the tag that you create.
      - Value (string) --
        
        Contains one or more values that you assigned to the key name you create.

ListConnectors (new)

Link ¶

Lists the connectors for the specified Region.

See also: AWS API Documentation

Request Syntax

client.list_connectors(
    MaxResults=123,
    NextToken='string'
)

type MaxResults:

integer

param MaxResults:

The maximum number of connectors to return.

type NextToken:

string

param NextToken:

When you can get additional results from the ListConnectors call, a NextToken parameter is returned in the output. You can then pass in a subsequent command to the NextToken parameter to continue listing additional connectors.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'Connectors': [
        {
            'Arn': 'string',
            'ConnectorId': 'string',
            'Url': 'string'
        },
    ]
}

Response Structure

(dict) --
- NextToken (string) --
  
  Returns a token that you can use to call ListConnectors again and receive additional results, if there are any.
- Connectors (list) --
  
  Returns an array, where each item contains the details of a connector.
  - (dict) --
    
    Returns details of the connector that is specified.
    - Arn (string) --
      
      The Amazon Resource Name (ARN) of the specified connector.
    - ConnectorId (string) --
      
      The unique identifier for the connector.
    - Url (string) --
      
      The URL of the partner's AS2 endpoint.

CreateServer (updated)

Link ¶
Changes (request)

{'ProtocolDetails': {'As2Transports': ['HTTP']}, 'Protocols': {'AS2'}}

Instantiates an auto-scaling virtual server based on the selected file transfer protocol in Amazon Web Services. When you make updates to your file transfer protocol-enabled server or when you work with users, use the service-generated ServerId property that is assigned to the newly created server.

See also: AWS API Documentation

Request Syntax

client.create_server(
    Certificate='string',
    Domain='S3'|'EFS',
    EndpointDetails={
        'AddressAllocationIds': [
            'string',
        ],
        'SubnetIds': [
            'string',
        ],
        'VpcEndpointId': 'string',
        'VpcId': 'string',
        'SecurityGroupIds': [
            'string',
        ]
    },
    EndpointType='PUBLIC'|'VPC'|'VPC_ENDPOINT',
    HostKey='string',
    IdentityProviderDetails={
        'Url': 'string',
        'InvocationRole': 'string',
        'DirectoryId': 'string',
        'Function': 'string'
    },
    IdentityProviderType='SERVICE_MANAGED'|'API_GATEWAY'|'AWS_DIRECTORY_SERVICE'|'AWS_LAMBDA',
    LoggingRole='string',
    PostAuthenticationLoginBanner='string',
    PreAuthenticationLoginBanner='string',
    Protocols=[
        'SFTP'|'FTP'|'FTPS'|'AS2',
    ],
    ProtocolDetails={
        'PassiveIp': 'string',
        'TlsSessionResumptionMode': 'DISABLED'|'ENABLED'|'ENFORCED',
        'SetStatOption': 'DEFAULT'|'ENABLE_NO_OP',
        'As2Transports': [
            'HTTP',
        ]
    },
    SecurityPolicyName='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    WorkflowDetails={
        'OnUpload': [
            {
                'WorkflowId': 'string',
                'ExecutionRole': 'string'
            },
        ]
    }
)

type Certificate:

string

param Certificate:

The Amazon Resource Name (ARN) of the Certificate Manager (ACM) certificate. Required when Protocols is set to FTPS.

To request a new public certificate, see Request a public certificate in the Certificate Manager User Guide.

To import an existing certificate into ACM, see Importing certificates into ACM in the Certificate Manager User Guide.

To request a private certificate to use FTPS through private IP addresses, see Request a private certificate in the Certificate Manager User Guide.

Certificates with the following cryptographic algorithms and key sizes are supported:

2048-bit RSA (RSA_2048)
4096-bit RSA (RSA_4096)
Elliptic Prime Curve 256 bit (EC_prime256v1)
Elliptic Prime Curve 384 bit (EC_secp384r1)
Elliptic Prime Curve 521 bit (EC_secp521r1)

type Domain:

string

param Domain:

The domain of the storage system that is used for file transfers. There are two domains available: Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default value is S3.

type EndpointDetails:

dict

param EndpointDetails:

The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint.

AddressAllocationIds (list) --

A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.

Note

This property can only be set when EndpointType is set to VPC and it is only valid in the UpdateServer API.
- (string) --
SubnetIds (list) --

A list of subnet IDs that are required to host your server endpoint in your VPC.

Note

This property can only be set when EndpointType is set to VPC.
- (string) --
VpcEndpointId (string) --

The ID of the VPC endpoint.

Note

This property can only be set when EndpointType is set to VPC_ENDPOINT.

For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
VpcId (string) --

The VPC ID of the VPC in which a server's endpoint will be hosted.

Note

This property can only be set when EndpointType is set to VPC.
SecurityGroupIds (list) --

A list of security groups IDs that are available to attach to your server's endpoint.

Note

This property can only be set when EndpointType is set to VPC.

You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API.
- (string) --

type EndpointType:

string

param EndpointType:

The type of endpoint that you want your server to use. You can choose to make your server's endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it.

Note

After May 19, 2021, you won't be able to create a server using EndpointType=VPC_ENDPOINT in your Amazon Web Services account if your account hasn't already done so before May 19, 2021. If you have already created servers with EndpointType=VPC_ENDPOINT in your Amazon Web Services account on or before May 19, 2021, you will not be affected. After this date, use EndpointType``= ``VPC.

For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.

It is recommended that you use VPC as the EndpointType. With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with EndpointType set to VPC_ENDPOINT.

type HostKey:

string

param HostKey:

The RSA, ECDSA, or ED25519 private key to use for your server.

Use the following command to generate an RSA 2048 bit key with no passphrase:

ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key.

Use a minimum value of 2048 for the -b option. You can create a stronger key by using 3072 or 4096.

Use the following command to generate an ECDSA 256 bit key with no passphrase:

ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key.

Valid values for the -b option for ECDSA are 256, 384, and 521.

Use the following command to generate an ED25519 key with no passphrase:

ssh-keygen -t ed25519 -N "" -f my-new-server-key.

For all of these commands, you can replace my-new-server-key with a string of your choice.

For more information, see Change the host key for your SFTP-enabled server in the Transfer Family User Guide.

type IdentityProviderDetails:

dict

param IdentityProviderDetails:

Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Not required when IdentityProviderType is set to SERVICE_MANAGED.

Url (string) --

Provides the location of the service endpoint used to authenticate users.
InvocationRole (string) --

Provides the type of InvocationRole used to authenticate the user account.
DirectoryId (string) --

The identifier of the Directory Service directory that you want to stop sharing.
Function (string) --

The ARN for a lambda function to use for the Identity provider.

type IdentityProviderType:

string

param IdentityProviderType:

The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.

Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.

Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.

Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter or the IdentityProviderDetails data type.

type LoggingRole:

string

param LoggingRole:

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.

type PostAuthenticationLoginBanner:

string

param PostAuthenticationLoginBanner:

Specifies a string to display when users connect to a server. This string is displayed after the user authenticates.

type PreAuthenticationLoginBanner:

string

param PreAuthenticationLoginBanner:

Specifies a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system:

This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.

type Protocols:

list

param Protocols:

Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:

SFTP (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH
FTPS (File Transfer Protocol Secure): File transfer with TLS encryption
FTP (File Transfer Protocol): Unencrypted file transfer
AS2 (Applicability Statement 2): used for transporting structured business-to-business data

(string) --

type ProtocolDetails:

dict

param ProtocolDetails:

The protocol settings that are configured for your server.

To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.
To ignore the error that is generated when the client attempts to use the SETSTAT command on a file that you are uploading to an Amazon S3 bucket, use the SetStatOption parameter. To have the Transfer Family server ignore the SETSTAT command and upload files without needing to make any changes to your SFTP client, set the value to ENABLE_NO_OP. If you set the SetStatOption parameter to ENABLE_NO_OP, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a SETSTAT call.
To determine whether your Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the TlsSessionResumptionMode parameter.
As2Transports indicates the transport method for the AS2 messages. Currently, only HTTP is supported.

PassiveIp (string) --

Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:

aws transfer update-server --protocol-details PassiveIp=0.0.0.0

Replace 0.0.0.0 in the example above with the actual IP address you want to use.

Note

If you change the PassiveIp value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see Configuring your FTPS server behind a firewall or NAT with Transfer Family.
TlsSessionResumptionMode (string) --

A property used with Transfer Family servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. TlsSessionResumptionMode determines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available during CreateServer and UpdateServer calls. If a TlsSessionResumptionMode value is not specified during CreateServer, it is set to ENFORCED by default.
- DISABLED: the server does not process TLS session resumption client requests and creates a new TLS session for each request.
- ENABLED: the server processes and accepts clients that are performing TLS session resumption. The server doesn't reject client data connections that do not perform the TLS session resumption client processing.
- ENFORCED: the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value to ENFORCED, test your clients.
Note

Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don't perform the protocol negotiation. To determine whether or not you can use the ENFORCED value, you need to test your clients.
SetStatOption (string) --

Use the SetStatOption to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket.

Some SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such as SETSTAT when uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded.

Set the value to ENABLE_NO_OP to have the Transfer Family server ignore the SETSTAT command, and upload files without needing to make any changes to your SFTP client. While the SetStatOption ENABLE_NO_OP setting ignores the error, it does generate a log entry in Amazon CloudWatch Logs, so you can determine when the client is making a SETSTAT call.

Note

If you want to preserve the original timestamp for your file, and modify other file attributes using SETSTAT, you can use Amazon EFS as backend storage with Transfer Family.
As2Transports (list) --

Indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
- (string) --

type SecurityPolicyName:

string

param SecurityPolicyName:

Specifies the name of the security policy that is attached to the server.

type Tags:

list

param Tags:

Key-value pairs that can be used to group and search for servers.

(dict) --

Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
- Key (string) -- [REQUIRED]
  
  The name assigned to the tag that you create.
- Value (string) -- [REQUIRED]
  
  Contains one or more values that you assigned to the key name you create.

type WorkflowDetails:

dict

param WorkflowDetails:

Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.

OnUpload (list) -- [REQUIRED]

A trigger that starts a workflow: the workflow begins to execute after a file is uploaded.

To remove an associated workflow from a server, you can provide an empty OnUpload object, as in the following example.

aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{"OnUpload":[]}'
- (dict) --
  
  Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
  - WorkflowId (string) -- [REQUIRED]
    
    A unique identifier for the workflow.
  - ExecutionRole (string) -- [REQUIRED]
    
    Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources

rtype:

dict

returns:

Response Syntax

{
    'ServerId': 'string'
}

Response Structure

(dict) --
- ServerId (string) --
  
  The service-assigned ID of the server that is created.

DescribeServer (updated)

Link ¶
Changes (response)

{'Server': {'ProtocolDetails': {'As2Transports': ['HTTP']},
            'Protocols': {'AS2'}}}

Describes a file transfer protocol-enabled server that you specify by passing the ServerId parameter.

The response contains a description of a server's properties. When you set EndpointType to VPC, the response will contain the EndpointDetails.

See also: AWS API Documentation

Request Syntax

client.describe_server(
    ServerId='string'
)

type ServerId:

string

param ServerId:

[REQUIRED]

A system-assigned unique identifier for a server.

rtype:

dict

returns:

Response Syntax

{
    'Server': {
        'Arn': 'string',
        'Certificate': 'string',
        'ProtocolDetails': {
            'PassiveIp': 'string',
            'TlsSessionResumptionMode': 'DISABLED'|'ENABLED'|'ENFORCED',
            'SetStatOption': 'DEFAULT'|'ENABLE_NO_OP',
            'As2Transports': [
                'HTTP',
            ]
        },
        'Domain': 'S3'|'EFS',
        'EndpointDetails': {
            'AddressAllocationIds': [
                'string',
            ],
            'SubnetIds': [
                'string',
            ],
            'VpcEndpointId': 'string',
            'VpcId': 'string',
            'SecurityGroupIds': [
                'string',
            ]
        },
        'EndpointType': 'PUBLIC'|'VPC'|'VPC_ENDPOINT',
        'HostKeyFingerprint': 'string',
        'IdentityProviderDetails': {
            'Url': 'string',
            'InvocationRole': 'string',
            'DirectoryId': 'string',
            'Function': 'string'
        },
        'IdentityProviderType': 'SERVICE_MANAGED'|'API_GATEWAY'|'AWS_DIRECTORY_SERVICE'|'AWS_LAMBDA',
        'LoggingRole': 'string',
        'PostAuthenticationLoginBanner': 'string',
        'PreAuthenticationLoginBanner': 'string',
        'Protocols': [
            'SFTP'|'FTP'|'FTPS'|'AS2',
        ],
        'SecurityPolicyName': 'string',
        'ServerId': 'string',
        'State': 'OFFLINE'|'ONLINE'|'STARTING'|'STOPPING'|'START_FAILED'|'STOP_FAILED',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'UserCount': 123,
        'WorkflowDetails': {
            'OnUpload': [
                {
                    'WorkflowId': 'string',
                    'ExecutionRole': 'string'
                },
            ]
        }
    }
}

Response Structure

(dict) --
- Server (dict) --
  
  An array containing the properties of a server with the ServerID you specified.
  - Arn (string) --
    
    Specifies the unique Amazon Resource Name (ARN) of the server.
  - Certificate (string) --
    
    Specifies the ARN of the Amazon Web ServicesCertificate Manager (ACM) certificate. Required when Protocols is set to FTPS.
  - ProtocolDetails (dict) --
    
    The protocol settings that are configured for your server.
    
    Use the PassiveIp parameter to indicate passive mode. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer.
    - PassiveIp (string) --
      
      Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:
      
      aws transfer update-server --protocol-details PassiveIp=0.0.0.0
      
      Replace 0.0.0.0 in the example above with the actual IP address you want to use.
      
      Note
      
      If you change the PassiveIp value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see Configuring your FTPS server behind a firewall or NAT with Transfer Family.
    - TlsSessionResumptionMode (string) --
      
      A property used with Transfer Family servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. TlsSessionResumptionMode determines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available during CreateServer and UpdateServer calls. If a TlsSessionResumptionMode value is not specified during CreateServer, it is set to ENFORCED by default.
      - DISABLED: the server does not process TLS session resumption client requests and creates a new TLS session for each request.
      - ENABLED: the server processes and accepts clients that are performing TLS session resumption. The server doesn't reject client data connections that do not perform the TLS session resumption client processing.
      - ENFORCED: the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value to ENFORCED, test your clients.
      Note
      
      Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don't perform the protocol negotiation. To determine whether or not you can use the ENFORCED value, you need to test your clients.
    - SetStatOption (string) --
      
      Use the SetStatOption to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket.
      
      Some SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such as SETSTAT when uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded.
      
      Set the value to ENABLE_NO_OP to have the Transfer Family server ignore the SETSTAT command, and upload files without needing to make any changes to your SFTP client. While the SetStatOption ENABLE_NO_OP setting ignores the error, it does generate a log entry in Amazon CloudWatch Logs, so you can determine when the client is making a SETSTAT call.
      
      Note
      
      If you want to preserve the original timestamp for your file, and modify other file attributes using SETSTAT, you can use Amazon EFS as backend storage with Transfer Family.
    - As2Transports (list) --
      
      Indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
      - (string) --
  - Domain (string) --
    
    Specifies the domain of the storage system that is used for file transfers.
  - EndpointDetails (dict) --
    
    The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint.
    - AddressAllocationIds (list) --
      
      A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.
      
      Note
      
      This property can only be set when EndpointType is set to VPC and it is only valid in the UpdateServer API.
      - (string) --
    - SubnetIds (list) --
      
      A list of subnet IDs that are required to host your server endpoint in your VPC.
      
      Note
      
      This property can only be set when EndpointType is set to VPC.
      - (string) --
    - VpcEndpointId (string) --
      
      The ID of the VPC endpoint.
      
      Note
      
      This property can only be set when EndpointType is set to VPC_ENDPOINT.
      
      For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
    - VpcId (string) --
      
      The VPC ID of the VPC in which a server's endpoint will be hosted.
      
      Note
      
      This property can only be set when EndpointType is set to VPC.
    - SecurityGroupIds (list) --
      
      A list of security groups IDs that are available to attach to your server's endpoint.
      
      Note
      
      This property can only be set when EndpointType is set to VPC.
      
      You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API.
      - (string) --
  - EndpointType (string) --
    
    Defines the type of endpoint that your server is connected to. If your server is connected to a VPC endpoint, your server isn't accessible over the public internet.
  - HostKeyFingerprint (string) --
    
    Specifies the Base64-encoded SHA256 fingerprint of the server's host key. This value is equivalent to the output of the ssh-keygen -l -f my-new-server-key command.
  - IdentityProviderDetails (dict) --
    
    Specifies information to call a customer-supplied authentication API. This field is not populated when the IdentityProviderType of a server is AWS_DIRECTORY_SERVICE or SERVICE_MANAGED.
    - Url (string) --
      
      Provides the location of the service endpoint used to authenticate users.
    - InvocationRole (string) --
      
      Provides the type of InvocationRole used to authenticate the user account.
    - DirectoryId (string) --
      
      The identifier of the Directory Service directory that you want to stop sharing.
    - Function (string) --
      
      The ARN for a lambda function to use for the Identity provider.
  - IdentityProviderType (string) --
    
    The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.
    
    Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.
    
    Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.
    
    Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter or the IdentityProviderDetails data type.
  - LoggingRole (string) --
    
    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
  - PostAuthenticationLoginBanner (string) --
    
    Specifies a string to display when users connect to a server. This string is displayed after the user authenticates.
    
    Note
    
    The SFTP protocol does not support post-authentication display banners.
  - PreAuthenticationLoginBanner (string) --
    
    Specifies a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system:
    
    This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.
  - Protocols (list) --
    
    Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:
    - SFTP (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH
    - FTPS (File Transfer Protocol Secure): File transfer with TLS encryption
    - FTP (File Transfer Protocol): Unencrypted file transfer
    - (string) --
  - SecurityPolicyName (string) --
    
    Specifies the name of the security policy that is attached to the server.
  - ServerId (string) --
    
    Specifies the unique system-assigned identifier for a server that you instantiate.
  - State (string) --
    
    The condition of the server that was described. A value of ONLINE indicates that the server can accept jobs and transfer files. A State value of OFFLINE means that the server cannot perform file transfer operations.
    
    The states of STARTING and STOPPING indicate that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of START_FAILED or STOP_FAILED can indicate an error condition.
  - Tags (list) --
    
    Specifies the key-value pairs that you can use to search for and group servers that were assigned to the server that was described.
    - (dict) --
      
      Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called Group and assign the values Research and Accounting to that group.
      - Key (string) --
        
        The name assigned to the tag that you create.
      - Value (string) --
        
        Contains one or more values that you assigned to the key name you create.
  - UserCount (integer) --
    
    Specifies the number of users that are assigned to a server you specified with the ServerId.
  - WorkflowDetails (dict) --
    
    Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
    - OnUpload (list) --
      
      A trigger that starts a workflow: the workflow begins to execute after a file is uploaded.
      
      To remove an associated workflow from a server, you can provide an empty OnUpload object, as in the following example.
      
      aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{"OnUpload":[]}'
      - (dict) --
        
        Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.
        
        WorkflowId (string) --
        
        A unique identifier for the workflow.
        
        ExecutionRole (string) --
        
        Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources

TestIdentityProvider (updated)

Link ¶
Changes (request)

{'ServerProtocol': {'AS2'}}

If the IdentityProviderType of a file transfer protocol-enabled server is AWS_DIRECTORY_SERVICE or API_Gateway, tests whether your identity provider is set up successfully. We highly recommend that you call this operation to test your authentication method as soon as you create your server. By doing so, you can troubleshoot issues with the identity provider integration to ensure that your users can successfully use the service.

The ServerId and UserName parameters are required. The ServerProtocol, SourceIp, and UserPassword are all optional.

If you provide any incorrect values for any parameters, the Response field is empty.
If you provide a server ID for a server that uses service-managed users, you get an error: An error occurred (InvalidRequestException) when calling the TestIdentityProvider operation: s-server-ID not configured for external auth
If you enter a Server ID for the --server-id parameter that does not identify an actual Transfer server, you receive the following error: An error occurred (ResourceNotFoundException) when calling the TestIdentityProvider operation: Unknown server

See also: AWS API Documentation

Request Syntax

client.test_identity_provider(
    ServerId='string',
    ServerProtocol='SFTP'|'FTP'|'FTPS'|'AS2',
    SourceIp='string',
    UserName='string',
    UserPassword='string'
)

type ServerId:

string

param ServerId:

[REQUIRED]

A system-assigned identifier for a specific server. That server's user authentication method is tested with a user name and password.

type ServerProtocol:

string

param ServerProtocol:

The type of file transfer protocol to be tested.

The available protocols are:

Secure Shell (SSH) File Transfer Protocol (SFTP)
File Transfer Protocol Secure (FTPS)
File Transfer Protocol (FTP)

type SourceIp:

string

param SourceIp:

The source IP address of the user account to be tested.

type UserName:

string

param UserName:

[REQUIRED]

The name of the user account to be tested.

type UserPassword:

string

param UserPassword:

The password of the user account to be tested.

rtype:

dict

returns:

Response Syntax

{
    'Response': 'string',
    'StatusCode': 123,
    'Message': 'string',
    'Url': 'string'
}

Response Structure

(dict) --
- Response (string) --
  
  The response that is returned from your API Gateway.
- StatusCode (integer) --
  
  The HTTP status code that is the response from your API Gateway.
- Message (string) --
  
  A message that indicates whether the test was successful or not.
  
  Note
  
  If an empty string is returned, the most likely cause is that the authentication failed due to an incorrect username or password.
- Url (string) --
  
  The endpoint of the service used to authenticate a user.

UpdateServer (updated)

Link ¶
Changes (request)

{'ProtocolDetails': {'As2Transports': ['HTTP']}, 'Protocols': {'AS2'}}

Updates the file transfer protocol-enabled server's properties after that server has been created.

The UpdateServer call returns the ServerId of the server you updated.

See also: AWS API Documentation

Request Syntax

client.update_server(
    Certificate='string',
    ProtocolDetails={
        'PassiveIp': 'string',
        'TlsSessionResumptionMode': 'DISABLED'|'ENABLED'|'ENFORCED',
        'SetStatOption': 'DEFAULT'|'ENABLE_NO_OP',
        'As2Transports': [
            'HTTP',
        ]
    },
    EndpointDetails={
        'AddressAllocationIds': [
            'string',
        ],
        'SubnetIds': [
            'string',
        ],
        'VpcEndpointId': 'string',
        'VpcId': 'string',
        'SecurityGroupIds': [
            'string',
        ]
    },
    EndpointType='PUBLIC'|'VPC'|'VPC_ENDPOINT',
    HostKey='string',
    IdentityProviderDetails={
        'Url': 'string',
        'InvocationRole': 'string',
        'DirectoryId': 'string',
        'Function': 'string'
    },
    LoggingRole='string',
    PostAuthenticationLoginBanner='string',
    PreAuthenticationLoginBanner='string',
    Protocols=[
        'SFTP'|'FTP'|'FTPS'|'AS2',
    ],
    SecurityPolicyName='string',
    ServerId='string',
    WorkflowDetails={
        'OnUpload': [
            {
                'WorkflowId': 'string',
                'ExecutionRole': 'string'
            },
        ]
    }
)

type Certificate:

string

param Certificate:

The Amazon Resource Name (ARN) of the Amazon Web ServicesCertificate Manager (ACM) certificate. Required when Protocols is set to FTPS.

To request a new public certificate, see Request a public certificate in the Amazon Web ServicesCertificate Manager User Guide.

To import an existing certificate into ACM, see Importing certificates into ACM in the Amazon Web ServicesCertificate Manager User Guide.

To request a private certificate to use FTPS through private IP addresses, see Request a private certificate in the Amazon Web ServicesCertificate Manager User Guide.

Certificates with the following cryptographic algorithms and key sizes are supported:

2048-bit RSA (RSA_2048)
4096-bit RSA (RSA_4096)
Elliptic Prime Curve 256 bit (EC_prime256v1)
Elliptic Prime Curve 384 bit (EC_secp384r1)
Elliptic Prime Curve 521 bit (EC_secp521r1)

type ProtocolDetails:

dict

param ProtocolDetails:

The protocol settings that are configured for your server.

To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.
To ignore the error that is generated when the client attempts to use the SETSTAT command on a file that you are uploading to an Amazon S3 bucket, use the SetStatOption parameter. To have the Transfer Family server ignore the SETSTAT command and upload files without needing to make any changes to your SFTP client, set the value to ENABLE_NO_OP. If you set the SetStatOption parameter to ENABLE_NO_OP, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a SETSTAT call.
To determine whether your Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the TlsSessionResumptionMode parameter.
As2Transports indicates the transport method for the AS2 messages. Currently, only HTTP is supported.

PassiveIp (string) --

Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:

aws transfer update-server --protocol-details PassiveIp=0.0.0.0

Replace 0.0.0.0 in the example above with the actual IP address you want to use.

Note

If you change the PassiveIp value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see Configuring your FTPS server behind a firewall or NAT with Transfer Family.
TlsSessionResumptionMode (string) --

A property used with Transfer Family servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. TlsSessionResumptionMode determines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available during CreateServer and UpdateServer calls. If a TlsSessionResumptionMode value is not specified during CreateServer, it is set to ENFORCED by default.
- DISABLED: the server does not process TLS session resumption client requests and creates a new TLS session for each request.
- ENABLED: the server processes and accepts clients that are performing TLS session resumption. The server doesn't reject client data connections that do not perform the TLS session resumption client processing.
- ENFORCED: the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value to ENFORCED, test your clients.
Note

Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don't perform the protocol negotiation. To determine whether or not you can use the ENFORCED value, you need to test your clients.
SetStatOption (string) --

Use the SetStatOption to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket.

Some SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such as SETSTAT when uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded.

Set the value to ENABLE_NO_OP to have the Transfer Family server ignore the SETSTAT command, and upload files without needing to make any changes to your SFTP client. While the SetStatOption ENABLE_NO_OP setting ignores the error, it does generate a log entry in Amazon CloudWatch Logs, so you can determine when the client is making a SETSTAT call.

Note

If you want to preserve the original timestamp for your file, and modify other file attributes using SETSTAT, you can use Amazon EFS as backend storage with Transfer Family.
As2Transports (list) --

Indicates the transport method for the AS2 messages. Currently, only HTTP is supported.
- (string) --

type EndpointDetails:

dict

param EndpointDetails:

AddressAllocationIds (list) --

A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.

Note

This property can only be set when EndpointType is set to VPC and it is only valid in the UpdateServer API.
- (string) --
SubnetIds (list) --

A list of subnet IDs that are required to host your server endpoint in your VPC.

Note

This property can only be set when EndpointType is set to VPC.
- (string) --
VpcEndpointId (string) --

The ID of the VPC endpoint.

Note

This property can only be set when EndpointType is set to VPC_ENDPOINT.

For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
VpcId (string) --

The VPC ID of the VPC in which a server's endpoint will be hosted.

Note

This property can only be set when EndpointType is set to VPC.
SecurityGroupIds (list) --

A list of security groups IDs that are available to attach to your server's endpoint.

Note

This property can only be set when EndpointType is set to VPC.

You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API.
- (string) --

type EndpointType:

string

param EndpointType:

Note

After May 19, 2021, you won't be able to create a server using EndpointType=VPC_ENDPOINT in your Amazon Web Servicesaccount if your account hasn't already done so before May 19, 2021. If you have already created servers with EndpointType=VPC_ENDPOINT in your Amazon Web Servicesaccount on or before May 19, 2021, you will not be affected. After this date, use EndpointType``= ``VPC.