AWS::Transfer::Server IdentityProviderDetails - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Transfer::Server IdentityProviderDetails

Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE, Amazon_LAMBDA or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Not required when IdentityProviderType is set to SERVICE_MANAGED.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "DirectoryId" : String, "Function" : String, "InvocationRole" : String, "SftpAuthenticationMethods" : String, "Url" : String }

YAML

DirectoryId: String Function: String InvocationRole: String SftpAuthenticationMethods: String Url: String

Properties

DirectoryId

The identifier of the Amazon Directory Service directory that you want to use as your identity provider.

Required: No

Type: String

Update requires: No interruption

Function

The ARN for a Lambda function to use for the Identity provider.

Required: No

Type: String

Update requires: No interruption

InvocationRole

This parameter is only applicable if your IdentityProviderType is API_GATEWAY. Provides the type of InvocationRole used to authenticate the user account.

Required: No

Type: String

Update requires: No interruption

SftpAuthenticationMethods

For SFTP-enabled servers, and for custom identity providers only, you can specify whether to authenticate using a password, SSH key pair, or both.

  • PASSWORD - users must provide their password to connect.

  • PUBLIC_KEY - users must provide their private key to connect.

  • PUBLIC_KEY_OR_PASSWORD - users can authenticate with either their password or their key. This is the default value.

  • PUBLIC_KEY_AND_PASSWORD - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails.

Required: No

Type: String

Update requires: No interruption

Url

Provides the location of the service endpoint used to authenticate users.

Required: No

Type: String

Update requires: No interruption

See also

IdentityProviderDetails in the Amazon Transfer Family User Guide.