Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.transfer.User
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const fooServer = new aws.transfer.Server("foo", {
identityProviderType: "SERVICE_MANAGED",
tags: {
NAME: "tf-acc-test-transfer-server",
},
});
const assumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["transfer.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const fooRole = new aws.iam.Role("foo", {
name: "tf-test-transfer-user-iam-role",
assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const foo = aws.iam.getPolicyDocument({
statements: [{
sid: "AllowFullAccesstoS3",
effect: "Allow",
actions: ["s3:*"],
resources: ["*"],
}],
});
const fooRolePolicy = new aws.iam.RolePolicy("foo", {
name: "tf-test-transfer-user-iam-policy",
role: fooRole.id,
policy: foo.then(foo => foo.json),
});
const fooUser = new aws.transfer.User("foo", {
serverId: fooServer.id,
userName: "tftestuser",
role: fooRole.arn,
homeDirectoryType: "LOGICAL",
homeDirectoryMappings: [{
entry: "/test.pdf",
target: "/bucket3/test-path/tftestuser.pdf",
}],
});
import pulumi
import pulumi_aws as aws
foo_server = aws.transfer.Server("foo",
identity_provider_type="SERVICE_MANAGED",
tags={
"NAME": "tf-acc-test-transfer-server",
})
assume_role = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"principals": [{
"type": "Service",
"identifiers": ["transfer.amazonaws.com"],
}],
"actions": ["sts:AssumeRole"],
}])
foo_role = aws.iam.Role("foo",
name="tf-test-transfer-user-iam-role",
assume_role_policy=assume_role.json)
foo = aws.iam.get_policy_document(statements=[{
"sid": "AllowFullAccesstoS3",
"effect": "Allow",
"actions": ["s3:*"],
"resources": ["*"],
}])
foo_role_policy = aws.iam.RolePolicy("foo",
name="tf-test-transfer-user-iam-policy",
role=foo_role.id,
policy=foo.json)
foo_user = aws.transfer.User("foo",
server_id=foo_server.id,
user_name="tftestuser",
role=foo_role.arn,
home_directory_type="LOGICAL",
home_directory_mappings=[{
"entry": "/test.pdf",
"target": "/bucket3/test-path/tftestuser.pdf",
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
fooServer, err := transfer.NewServer(ctx, "foo", &transfer.ServerArgs{
IdentityProviderType: pulumi.String("SERVICE_MANAGED"),
Tags: pulumi.StringMap{
"NAME": pulumi.String("tf-acc-test-transfer-server"),
},
})
if err != nil {
return err
}
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"transfer.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil)
if err != nil {
return err
}
fooRole, err := iam.NewRole(ctx, "foo", &iam.RoleArgs{
Name: pulumi.String("tf-test-transfer-user-iam-role"),
AssumeRolePolicy: pulumi.String(assumeRole.Json),
})
if err != nil {
return err
}
foo, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Sid: pulumi.StringRef("AllowFullAccesstoS3"),
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"s3:*",
},
Resources: []string{
"*",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iam.NewRolePolicy(ctx, "foo", &iam.RolePolicyArgs{
Name: pulumi.String("tf-test-transfer-user-iam-policy"),
Role: fooRole.ID(),
Policy: pulumi.String(foo.Json),
})
if err != nil {
return err
}
_, err = transfer.NewUser(ctx, "foo", &transfer.UserArgs{
ServerId: fooServer.ID(),
UserName: pulumi.String("tftestuser"),
Role: fooRole.Arn,
HomeDirectoryType: pulumi.String("LOGICAL"),
HomeDirectoryMappings: transfer.UserHomeDirectoryMappingArray{
&transfer.UserHomeDirectoryMappingArgs{
Entry: pulumi.String("/test.pdf"),
Target: pulumi.String("/bucket3/test-path/tftestuser.pdf"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var fooServer = new Aws.Transfer.Server("foo", new()
{
IdentityProviderType = "SERVICE_MANAGED",
Tags =
{
{ "NAME", "tf-acc-test-transfer-server" },
},
});
var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"transfer.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var fooRole = new Aws.Iam.Role("foo", new()
{
Name = "tf-test-transfer-user-iam-role",
AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var foo = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Sid = "AllowFullAccesstoS3",
Effect = "Allow",
Actions = new[]
{
"s3:*",
},
Resources = new[]
{
"*",
},
},
},
});
var fooRolePolicy = new Aws.Iam.RolePolicy("foo", new()
{
Name = "tf-test-transfer-user-iam-policy",
Role = fooRole.Id,
Policy = foo.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var fooUser = new Aws.Transfer.User("foo", new()
{
ServerId = fooServer.Id,
UserName = "tftestuser",
Role = fooRole.Arn,
HomeDirectoryType = "LOGICAL",
HomeDirectoryMappings = new[]
{
new Aws.Transfer.Inputs.UserHomeDirectoryMappingArgs
{
Entry = "/test.pdf",
Target = "/bucket3/test-path/tftestuser.pdf",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.aws.transfer.User;
import com.pulumi.aws.transfer.UserArgs;
import com.pulumi.aws.transfer.inputs.UserHomeDirectoryMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var fooServer = new Server("fooServer", ServerArgs.builder()
.identityProviderType("SERVICE_MANAGED")
.tags(Map.of("NAME", "tf-acc-test-transfer-server"))
.build());
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("transfer.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var fooRole = new Role("fooRole", RoleArgs.builder()
.name("tf-test-transfer-user-iam-role")
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
final var foo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.sid("AllowFullAccesstoS3")
.effect("Allow")
.actions("s3:*")
.resources("*")
.build())
.build());
var fooRolePolicy = new RolePolicy("fooRolePolicy", RolePolicyArgs.builder()
.name("tf-test-transfer-user-iam-policy")
.role(fooRole.id())
.policy(foo.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var fooUser = new User("fooUser", UserArgs.builder()
.serverId(fooServer.id())
.userName("tftestuser")
.role(fooRole.arn())
.homeDirectoryType("LOGICAL")
.homeDirectoryMappings(UserHomeDirectoryMappingArgs.builder()
.entry("/test.pdf")
.target("/bucket3/test-path/tftestuser.pdf")
.build())
.build());
}
}
resources:
fooServer:
type: aws:transfer:Server
name: foo
properties:
identityProviderType: SERVICE_MANAGED
tags:
NAME: tf-acc-test-transfer-server
fooRole:
type: aws:iam:Role
name: foo
properties:
name: tf-test-transfer-user-iam-role
assumeRolePolicy: ${assumeRole.json}
fooRolePolicy:
type: aws:iam:RolePolicy
name: foo
properties:
name: tf-test-transfer-user-iam-policy
role: ${fooRole.id}
policy: ${foo.json}
fooUser:
type: aws:transfer:User
name: foo
properties:
serverId: ${fooServer.id}
userName: tftestuser
role: ${fooRole.arn}
homeDirectoryType: LOGICAL
homeDirectoryMappings:
- entry: /test.pdf
target: /bucket3/test-path/tftestuser.pdf
variables:
assumeRole:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- transfer.amazonaws.com
actions:
- sts:AssumeRole
foo:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- sid: AllowFullAccesstoS3
effect: Allow
actions:
- s3:*
resources:
- '*'
Create User Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new User(name: string, args: UserArgs, opts?: CustomResourceOptions);@overload
def User(resource_name: str,
args: UserArgs,
opts: Optional[ResourceOptions] = None)
@overload
def User(resource_name: str,
opts: Optional[ResourceOptions] = None,
role: Optional[str] = None,
server_id: Optional[str] = None,
user_name: Optional[str] = None,
home_directory: Optional[str] = None,
home_directory_mappings: Optional[Sequence[UserHomeDirectoryMappingArgs]] = None,
home_directory_type: Optional[str] = None,
policy: Optional[str] = None,
posix_profile: Optional[UserPosixProfileArgs] = None,
tags: Optional[Mapping[str, str]] = None)func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)public User(string name, UserArgs args, CustomResourceOptions? opts = null)type: aws:transfer:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleuserResourceResourceFromTransferuser = new Aws.Transfer.User("exampleuserResourceResourceFromTransferuser", new()
{
Role = "string",
ServerId = "string",
UserName = "string",
HomeDirectory = "string",
HomeDirectoryMappings = new[]
{
new Aws.Transfer.Inputs.UserHomeDirectoryMappingArgs
{
Entry = "string",
Target = "string",
},
},
HomeDirectoryType = "string",
Policy = "string",
PosixProfile = new Aws.Transfer.Inputs.UserPosixProfileArgs
{
Gid = 0,
Uid = 0,
SecondaryGids = new[]
{
0,
},
},
Tags =
{
{ "string", "string" },
},
});
example, err := transfer.NewUser(ctx, "exampleuserResourceResourceFromTransferuser", &transfer.UserArgs{
Role: pulumi.String("string"),
ServerId: pulumi.String("string"),
UserName: pulumi.String("string"),
HomeDirectory: pulumi.String("string"),
HomeDirectoryMappings: transfer.UserHomeDirectoryMappingArray{
&transfer.UserHomeDirectoryMappingArgs{
Entry: pulumi.String("string"),
Target: pulumi.String("string"),
},
},
HomeDirectoryType: pulumi.String("string"),
Policy: pulumi.String("string"),
PosixProfile: &transfer.UserPosixProfileArgs{
Gid: pulumi.Int(0),
Uid: pulumi.Int(0),
SecondaryGids: pulumi.IntArray{
pulumi.Int(0),
},
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var exampleuserResourceResourceFromTransferuser = new User("exampleuserResourceResourceFromTransferuser", UserArgs.builder()
.role("string")
.serverId("string")
.userName("string")
.homeDirectory("string")
.homeDirectoryMappings(UserHomeDirectoryMappingArgs.builder()
.entry("string")
.target("string")
.build())
.homeDirectoryType("string")
.policy("string")
.posixProfile(UserPosixProfileArgs.builder()
.gid(0)
.uid(0)
.secondaryGids(0)
.build())
.tags(Map.of("string", "string"))
.build());
exampleuser_resource_resource_from_transferuser = aws.transfer.User("exampleuserResourceResourceFromTransferuser",
role="string",
server_id="string",
user_name="string",
home_directory="string",
home_directory_mappings=[{
"entry": "string",
"target": "string",
}],
home_directory_type="string",
policy="string",
posix_profile={
"gid": 0,
"uid": 0,
"secondary_gids": [0],
},
tags={
"string": "string",
})
const exampleuserResourceResourceFromTransferuser = new aws.transfer.User("exampleuserResourceResourceFromTransferuser", {
role: "string",
serverId: "string",
userName: "string",
homeDirectory: "string",
homeDirectoryMappings: [{
entry: "string",
target: "string",
}],
homeDirectoryType: "string",
policy: "string",
posixProfile: {
gid: 0,
uid: 0,
secondaryGids: [0],
},
tags: {
string: "string",
},
});
type: aws:transfer:User
properties:
homeDirectory: string
homeDirectoryMappings:
- entry: string
target: string
homeDirectoryType: string
policy: string
posixProfile:
gid: 0
secondaryGids:
- 0
uid: 0
role: string
serverId: string
tags:
string: string
userName: string
User Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The User resource accepts the following input properties:
- Role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- Server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678) - User
Name string - The name used for log in to your SFTP server.
- Home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - Home
Directory List<UserMappings Home Directory Mapping> - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- Home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - Policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - Posix
Profile UserPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level.
- Role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- Server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678) - User
Name string - The name used for log in to your SFTP server.
- Home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - Home
Directory []UserMappings Home Directory Mapping Args - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- Home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - Policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - Posix
Profile UserPosix Profile Args - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level.
- role String
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- server
Id String - The Server ID of the Transfer Server (e.g.,
s-12345678) - user
Name String - The name used for log in to your SFTP server.
- home
Directory String - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory List<UserMappings Home Directory Mapping> - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory StringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy String
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile UserPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level.
- role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678) - user
Name string - The name used for log in to your SFTP server.
- home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory UserMappings Home Directory Mapping[] - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile UserPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level.
- role str
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- server_
id str - The Server ID of the Transfer Server (e.g.,
s-12345678) - user_
name str - The name used for log in to your SFTP server.
- home_
directory str - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home_
directory_ Sequence[Usermappings Home Directory Mapping Args] - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home_
directory_ strtype - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy str
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix_
profile UserPosix Profile Args - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level.
- role String
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- server
Id String - The Server ID of the Transfer Server (e.g.,
s-12345678) - user
Name String - The name used for log in to your SFTP server.
- home
Directory String - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory List<Property Map>Mappings - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory StringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy String
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile Property Map - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:
Look up Existing User Resource
Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
home_directory: Optional[str] = None,
home_directory_mappings: Optional[Sequence[UserHomeDirectoryMappingArgs]] = None,
home_directory_type: Optional[str] = None,
policy: Optional[str] = None,
posix_profile: Optional[UserPosixProfileArgs] = None,
role: Optional[str] = None,
server_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
user_name: Optional[str] = None) -> Userfunc GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)public static User get(String name, Output<String> id, UserState state, CustomResourceOptions options)resources: _: type: aws:transfer:User get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- Amazon Resource Name (ARN) of Transfer User
- Home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - Home
Directory List<UserMappings Home Directory Mapping> - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- Home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - Policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - Posix
Profile UserPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- Server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678) - Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - User
Name string - The name used for log in to your SFTP server.
- Arn string
- Amazon Resource Name (ARN) of Transfer User
- Home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - Home
Directory []UserMappings Home Directory Mapping Args - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- Home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - Policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - Posix
Profile UserPosix Profile Args - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- Role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- Server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678) - map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - User
Name string - The name used for log in to your SFTP server.
- arn String
- Amazon Resource Name (ARN) of Transfer User
- home
Directory String - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory List<UserMappings Home Directory Mapping> - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory StringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy String
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile UserPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role String
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- server
Id String - The Server ID of the Transfer Server (e.g.,
s-12345678) - Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - user
Name String - The name used for log in to your SFTP server.
- arn string
- Amazon Resource Name (ARN) of Transfer User
- home
Directory string - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory UserMappings Home Directory Mapping[] - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory stringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy string
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile UserPosix Profile - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role string
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- server
Id string - The Server ID of the Transfer Server (e.g.,
s-12345678) - {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - user
Name string - The name used for log in to your SFTP server.
- arn str
- Amazon Resource Name (ARN) of Transfer User
- home_
directory str - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home_
directory_ Sequence[Usermappings Home Directory Mapping Args] - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home_
directory_ strtype - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy str
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix_
profile UserPosix Profile Args - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role str
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- server_
id str - The Server ID of the Transfer Server (e.g.,
s-12345678) - Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - user_
name str - The name used for log in to your SFTP server.
- arn String
- Amazon Resource Name (ARN) of Transfer User
- home
Directory String - The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a
/. The first item in the path is the name of the home bucket (accessible as${Transfer:HomeBucket}in the policy) and the rest is the home directory (accessible as${Transfer:HomeDirectory}in the policy). For example,/example-bucket-1234/usernamewould set the home bucket toexample-bucket-1234and the home directory tousername. - home
Directory List<Property Map>Mappings - Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.
- home
Directory StringType - The type of landing directory (folder) you mapped for your users' home directory. Valid values are
PATHandLOGICAL. - policy String
- An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include
${Transfer:UserName},${Transfer:HomeDirectory}, and${Transfer:HomeBucket}. These are evaluated on-the-fly when navigating the bucket. - posix
Profile Property Map - Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.
- role String
- Amazon Resource Name (ARN) of an IAM role that allows the service to control your user’s access to your Amazon S3 bucket.
- server
Id String - The Server ID of the Transfer Server (e.g.,
s-12345678) - Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - user
Name String - The name used for log in to your SFTP server.
Supporting Types
UserHomeDirectoryMapping, UserHomeDirectoryMappingArgs
UserPosixProfile, UserPosixProfileArgs
- Gid int
- The POSIX group ID used for all EFS operations by this user.
- Uid int
- The POSIX user ID used for all EFS operations by this user.
- Secondary
Gids List<int> - The secondary POSIX group IDs used for all EFS operations by this user.
- Gid int
- The POSIX group ID used for all EFS operations by this user.
- Uid int
- The POSIX user ID used for all EFS operations by this user.
- Secondary
Gids []int - The secondary POSIX group IDs used for all EFS operations by this user.
- gid Integer
- The POSIX group ID used for all EFS operations by this user.
- uid Integer
- The POSIX user ID used for all EFS operations by this user.
- secondary
Gids List<Integer> - The secondary POSIX group IDs used for all EFS operations by this user.
- gid number
- The POSIX group ID used for all EFS operations by this user.
- uid number
- The POSIX user ID used for all EFS operations by this user.
- secondary
Gids number[] - The secondary POSIX group IDs used for all EFS operations by this user.
- gid int
- The POSIX group ID used for all EFS operations by this user.
- uid int
- The POSIX user ID used for all EFS operations by this user.
- secondary_
gids Sequence[int] - The secondary POSIX group IDs used for all EFS operations by this user.
- gid Number
- The POSIX group ID used for all EFS operations by this user.
- uid Number
- The POSIX user ID used for all EFS operations by this user.
- secondary
Gids List<Number> - The secondary POSIX group IDs used for all EFS operations by this user.
Import
Using pulumi import, import Transfer Users using the server_id and user_name separated by /. For example:
$ pulumi import aws:transfer/user:User bar s-12345678/test-username
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.