Deploy AWS transfer service
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
quentin.vallin 71f344bc6c Merge pull request 'feat/add_multiprovider' (#4) from feat/add_multiprovider into master 1 month ago
examples feat: support vpc peering 2 months ago
modules/user Revert "tmp" 2 months ago
.gitignore Initial commit 2 months ago
.pre-commit-config.yaml Revert "tmp" 2 months ago
CHANGELOG.md doc: update changelog 2 months ago
Jenkinsfile feat: init 2 months ago
LICENSE feat: init 2 months ago
README.md feat: support vpc peering 2 months ago
data.tf feat: support vpc peering 2 months ago
main.tf feat: support vpc peering 2 months ago
outputs.tf Revert "tmp" 2 months ago
providers.tf feat: support vpc peering 2 months ago
variables.tf fix: output for dns endpoint 2 months ago
versions.tf fix: output for dns endpoint 2 months ago

README.md

terraform-module-aws-transfer

This module create AWS Transfer

Requirements

Name Version
terraform >= 0.14.0
aws >= 3.29.0

Providers

Name Version
aws >= 3.29.0
aws.vpc >= 3.29.0

Modules

Name Source Version
user ./modules/user

Resources

Name
aws_caller_identity
aws_iam_policy
aws_iam_policy_document
aws_iam_role
aws_iam_role_policy_attachment
aws_partition
aws_region
aws_security_group
aws_security_group_rule
aws_transfer_server
aws_vpc_endpoint

Inputs

Name Description Type Default Required
address_allocation_ids A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. list(string) [] no
allowed_cidrs List of CIDRs to allow in AWS Transfer list(string) [] no
allowed_security_group_ids List of security group ID to be allow im AWS Transfer list(string) [] no
allowed_security_group_ids_count Number of security group in allowed_security_group_ids number 0 no
cloud_watch_iam_role_arn Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes string null no
create_security_group Create a security group to be added to the VPC endpoint bool false no
create_vpc_endpoint Enable VPC transfer enpoint creation bool false no
endpoint_type The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC string "PUBLIC" no
host_key RSA private key string null no
iam_cloud_watch_iam_policy_name Name of the cloud watch policy if iam_cloud_watch_iam_role_create is set string "" no
iam_cloud_watch_iam_policy_name_prefix Prefix name of the cloud watch policy if iam_cloud_watch_iam_role_create is set string "" no
iam_cloud_watch_iam_policy_path Path of the cloud watch policy if iam_cloud_watch_iam_role_create is set string "/" no
iam_cloud_watch_iam_role_create Create the cloud watch IAM role. bool false no
iam_cloud_watch_iam_role_name Name of the cloud watch role if iam_cloud_watch_iam_role_create is set string "" no
iam_cloud_watch_iam_role_path Path of the cloud watch role if iam_cloud_watch_iam_role_create is set string "/" no
iam_cloud_watch_role_tags Tags to be merge with cloudwatch IAM role map {} no
iam_s3_bucket_role_create Create the cloud watch IAM role. bool false no
identity_provider_type The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. string "SERVICE_MANAGED" no
invocation_role Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY string null no
prefix Prefix to be add to all unique resources string "" no
security_group_name Name of the security group string null no
security_group_tags Tags to be merged with security group map(string) {} no
subnet_ids A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. list(string) [] no
tags Tags to be merged with all resources of this module map {} no
transfer_server_tags Tags to be merged with the transfer server resource map {} no
url URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY string null no
user_tags Tags to be merge with all transfer users map(string) {} no
users A list of object that represent a user:
* username (mandatory): The username
* public_ssh_key (mandatory): The public ssh key to associate with the user
* s3_bucket_name (mandatory): The S3 bucket to associate with the user
* home_directory (optional): The S3 home directory. Default to /
* user_policy_json (optional): An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket.
* server_role_arn (mandatory): The ARN of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
* tags (optional): Tags to be merge to the user
* home_directory_mappings (optional): Map of logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible.
This map must have the following keys:
* entry: Represents an entry and a target.
* target: Represents the map target.
list(object({
username = string
public_ssh_key = string
s3_bucket_name = string
home_directory = optional(string)
user_policy_json = optional(string)
server_role_arn = string
tags = optional(map(string))
home_directory_mappings = optional(list(object({
entry = string
target = string
})))
}))
[] no
vpc_endpoint_id The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT string null no
vpc_endpoint_name Name of the VPC transfer endpoint string null no
vpc_endpoint_private_dns_enabled Enable private DNS on VPC transfer endpoint bool false no
vpc_endpoint_security_groups List of security group IDs to be added to VPC transfer endpoint list(string) [] no
vpc_endpoint_tags Tags to be merge with VPC transfer endpoint map(string) {} no
vpc_id The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. string null no

Outputs

Name Description
arn n/a
endpoint n/a
host_key_fingerprint n/a
iam_cloud_watch_iam_policy_arn n/a
iam_cloud_watch_iam_policy_name n/a
iam_cloud_watch_iam_role_arn n/a
iam_cloud_watch_iam_role_name n/a
id n/a
security_group_arn n/a
security_group_id n/a
user_arns n/a
vpc_endpoint_arn n/a
vpc_endpoint_dns_entry n/a
vpc_endpoint_id n/a

Versioning

This repository follows Semantic Versioning 2.0.0

Git Hooks

This repository uses pre-commit hooks.