Use a template to create a demo Transfer Family AS2 stack - Amazon Transfer Family
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use a template to create a demo Transfer Family AS2 stack

We supply a self-contained, Amazon CloudFormation template to quickly create an AS2-enabled Transfer Family server. The template configures the server with a public Amazon VPC endpoint, certificates, local and partner profiles, an agreement, and a connector.

Before using this template, note the following:

  • If you create a stack from this template, you will be billed for the Amazon resources that are used.

  • The template creates multiple certificates and places them in Amazon Secrets Manager to store them securely. You can delete these certificates from Secrets Manager if you want, because you're charged for using this service. Deleting these certificates in Secrets Manager doesn't delete them from the Transfer Family server. Therefore, the functionality of the demo stack isn't affected. However, for certificates that you're going to use with a production AS2 server, you might want to use Secrets Manager to manage and periodically rotate your stored certificates.

  • We recommend that you use the template as a base only, and mainly for demonstration purposes. If you want to use this demo stack in production, we recommend that you modify the template's YAML code to create a more robust stack. For example, create production-level certificates, and create an Amazon Lambda function that you can use in production.

To create an AS2-enabled Transfer Family server from a CloudFormation template

  1. Open the Amazon CloudFormation console at https://console.amazonaws.cn/cloudformation.

  2. In the left navigation pane, choose Stacks.

  3. Choose Create stack, and then choose With new resources (standard).

  4. In the Prerequisite - Prepare template section, choose Template is ready.

  5. Copy this link, AS2 demo template, and paste it into the Amazon S3 URL field.

  6. Choose Next.

  7. On the Specify stack details page, name your stack, and then specify the following parameters:

    • Under AS2, enter values for Local AS2 ID and Partner AS2 ID, or accept the defaults, local and partner, respectively.

    • Under Network, enter a value for Security group ingress CIDR IP, or accept the default, 0.0.0.0/0.

      Note

      This value, in CIDR format, specifies which IP addresses are allowed for incoming traffic to the AS2 server. The default value, 0.0.0.0/0, allows all IP addresses.

    • Under General, enter a value for Prefix, or accept the default, transfer-as2. This prefix is placed before any resource names that are created by the stack. For example, if you use the default prefix, your Amazon S3 bucket is named transfer-as2-TransferS3BucketName.

  8. Choose Next. On the Configure stack options page, choose Next again.

  9. Review the details for the stack that you're creating, and then choose Create stack.

    Note

    At the bottom of the page, under Capabilities, you must acknowledge that Amazon CloudFormation might create Amazon Identity and Access Management (IAM) resources.

After the stack is created, you can send a test AS2 message from the partner server to your local Transfer Family server by using the Amazon Command Line Interface (Amazon CLI). A sample Amazon CLI command for sending a test message is created along with all of the other resources in the stack.

To use this sample command, go to the Outputs tab of your stack, and copy the TransferExampleAs2Command. You can then run the command by using the Amazon CLI. If you haven't already installed the Amazon CLI, see Installing or updating the latest version of the Amazon CLI in the Amazon Command Line Interface User Guide.

The sample command has the following format:

aws s3api put-object --bucket TransferS3BucketName --key test.txt && aws transfer start-file-transfer --region aws-region --connector-id TransferConnectorId --send-file-paths /TransferS3BucketName/test.txt
Note

Your version of this command contains the actual values for the TransferS3BucketName and TransferConnectorId resources in your stack.

This sample command consists of two separate commands that are chained together by using the && string.

The first command creates a new, empty text file in your bucket:

aws s3api put-object --bucket TransferS3BucketName --key test.txt

Then, the second command uses the connector to send the file from the partner profile to the local profile. The Transfer Family server has an agreement set up that allows the local profile to accept messages from the partner profile.

aws transfer start-file-transfer --region aws-region --connector-id TransferConnectorId --send-file-paths /TransferS3BucketName/test.txt

After you run the command, you can go to your Amazon S3 bucket (TransferS3BucketName) and view the contents. If the command is successful, you should see the following objects in your bucket:

  • processed/ – This folder contains a JSON file that describes the transferred file and the MDN response.

  • processing/ – This folder temporarily contains files as they are being processed, but after a transfer is completed, this folder should be empty.

  • server-id/ – This folder is named based on your Transfer Family server ID. It contains from-partner (this folder is dynamically named, based on the partner's AS2 ID), which itself contains failed/, processed/, and processing/ folders. The /server-id/from-partner/processed/ folder contains a copy of the transferred text file, and the corresponding JSON and MDN files.

  • test.txt – This object is the (empty) file that was transferred.