AWS::Transfer::Server IdentityProviderDetails - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::Transfer::Server IdentityProviderDetails

Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE, Amazon_LAMBDA or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when IdentityProviderType is set to SERVICE_MANAGED.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "DirectoryId" : String,
  "Function" : String,
  "InvocationRole" : String,
  "SftpAuthenticationMethods" : String,
  "Url" : String
}

YAML

  DirectoryId: String
  Function: String
  InvocationRole: String
  SftpAuthenticationMethods: String
  Url: String

Properties

DirectoryId

The identifier of the Amazon Directory Service directory that you want to use as your identity provider.

Required: No

Type: String

Pattern: ^d-[0-9a-f]{10}$

Minimum: 12

Maximum: 12

Update requires: No interruption

Function

The ARN for a Lambda function to use for the Identity provider.

Required: No

Type: String

Pattern: ^arn:[a-z-]+:lambda:.*$

Minimum: 1

Maximum: 170

Update requires: No interruption

InvocationRole

This parameter is only applicable if your IdentityProviderType is API_GATEWAY. Provides the type of InvocationRole used to authenticate the user account.

Required: No

Type: String

Pattern: ^arn:.*role/\S+$

Minimum: 20

Maximum: 2048

Update requires: No interruption

SftpAuthenticationMethods

For SFTP-enabled servers, and for custom identity providers only, you can specify whether to authenticate using a password, SSH key pair, or both.

  • PASSWORD - users must provide their password to connect.

  • PUBLIC_KEY - users must provide their private key to connect.

  • PUBLIC_KEY_OR_PASSWORD - users can authenticate with either their password or their key. This is the default value.

  • PUBLIC_KEY_AND_PASSWORD - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails.

Required: No

Type: String

Allowed values: PASSWORD | PUBLIC_KEY | PUBLIC_KEY_OR_PASSWORD | PUBLIC_KEY_AND_PASSWORD

Update requires: No interruption

Url

Provides the location of the service endpoint used to authenticate users.

Required: No

Type: String

Minimum: 0

Maximum: 255

Update requires: No interruption