Deploy AWS transfer service
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Charles CÈBE 59d7a1172c Merge pull request 'Release 4.0.0: maintenance/bump_versions' (#7) from maintenance/bump_versions into master 1 week ago
examples fix: least aws provider version 1 week ago
modules/user feat: add multiple ssh key for 1 user 1 month ago
.gitignore Initial commit 5 months ago
.pre-commit-config.yaml chore: bumps pre-commit hooks versions 3 weeks ago
CHANGELOG.md doc: update CHANGELOG.md 1 week ago
Jenkinsfile feat: init 5 months ago
LICENSE feat: init 5 months ago
README.md fix: least aws provider version 1 week ago
data.tf feat: add vpce dns name output 1 month ago
main.tf refactor: least providers versions 2 weeks ago
outputs.tf refactor: least providers versions 2 weeks ago
variables.tf refactor: least providers versions 2 weeks ago
versions.tf fix: least aws provider version 1 week ago

README.md

terraform-module-aws-transfer

This module create AWS Transfer

Requirements

Name Version
terraform >= 0.14
aws >= 3.0

Providers

Name Version
aws >= 3.0

Modules

Name Source Version
user ./modules/user n/a

Resources

Name Type
aws_iam_policy.cloud_watch resource
aws_iam_role.cloud_watch resource
aws_iam_role_policy_attachment.cloud_watch resource
aws_security_group.this resource
aws_security_group_rule.this_in_cidr resource
aws_security_group_rule.this_in_sg resource
aws_security_group_rule.this_out_cidr resource
aws_security_group_rule.this_out_sg resource
aws_transfer_server.this resource
aws_caller_identity.this data source
aws_iam_policy_document.cloud_watch data source
aws_iam_policy_document.sts_transfer data source
aws_partition.this data source
aws_region.this data source
aws_vpc_endpoint.this data source

Inputs

Name Description Type Default Required
acm_certificate_arn The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS string null no
allowed_cidrs List of CIDRs to allow in AWS Transfer list(string) [] no
allowed_security_group_ids List of security group ID to be allow im AWS Transfer list(string) [] no
allowed_security_group_ids_count Number of security group in allowed_security_group_ids number 0 no
cloud_watch_iam_role_arn Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes string null no
create_security_group Create a security group to be added to the VPC endpoint bool false no
endpoint_type The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC string "PUBLIC" no
host_key RSA private key string null no
iam_cloud_watch_iam_policy_name Name of the cloud watch policy if iam_cloud_watch_iam_role_create is set string "" no
iam_cloud_watch_iam_policy_name_prefix Prefix name of the cloud watch policy if iam_cloud_watch_iam_role_create is set string "" no
iam_cloud_watch_iam_policy_path Path of the cloud watch policy if iam_cloud_watch_iam_role_create is set string "/" no
iam_cloud_watch_iam_role_create Create the cloud watch IAM role. bool false no
iam_cloud_watch_iam_role_name Name of the cloud watch role if iam_cloud_watch_iam_role_create is set string "" no
iam_cloud_watch_iam_role_path Path of the cloud watch role if iam_cloud_watch_iam_role_create is set string "/" no
iam_cloud_watch_role_tags Tags to be merge with cloudwatch IAM role map {} no
iam_s3_bucket_role_create Create the cloud watch IAM role. bool false no
identity_provider_type The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. string "SERVICE_MANAGED" no
invocation_role Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY string null no
prefix Prefix to be add to all unique resources string "" no
protocols Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint list(string)
[
“SFTP"
]
no
security_group_name Name of the security group string null no
security_group_tags Tags to be merged with security group map(string) {} no
subnet_ids A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. list(string) [] no
tags Tags to be merged with all resources of this module map {} no
transfer_server_tags Tags to be merged with the transfer server resource map {} no
url URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY string null no
user_tags Tags to be merge with all transfer users map(string) {} no
users A list of object that represent a user:
* username (mandatory): The username
* public_ssh_keys (mandatory): List of public ssh keys to associate with the user
* s3_bucket_name (mandatory): The S3 bucket to associate with the user
* home_directory (optional): The S3 home directory. Default to /
* user_policy_json (optional): An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket.
* server_role_arn (mandatory): The ARN of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.
* tags (optional): Tags to be merge to the user
* home_directory_mappings (optional): Map of logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible.
This map must have the following keys:
* entry: Represents an entry and a target.
* target: Represents the map target.
list(object({
username = string
public_ssh_keys = list(string)
s3_bucket_name = string
home_directory = optional(string)
user_policy_json = optional(string)
server_role_arn = string
tags = optional(map(string))
home_directory_mappings = optional(list(object({
entry = string
target = string
})))
}))
[] no
vpc_address_allocation_ids A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. list(string) [] no
vpc_endpoint_id The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT string null no
vpc_endpoint_security_groups List of security group IDs to be added to VPC transfer endpoint list(string) [] no
vpc_id The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. string null no

Outputs

Name Description
arn n/a
endpoint n/a
host_key_fingerprint n/a
iam_cloud_watch_iam_policy_arn n/a
iam_cloud_watch_iam_policy_name n/a
iam_cloud_watch_iam_role_arn n/a
iam_cloud_watch_iam_role_name n/a
id n/a
security_group_arn n/a
security_group_id n/a
user_arns n/a
vpc_endpoint_dns_name n/a
vpc_endpoint_route53_hosted_zone_id n/a

Versioning

This repository follows Semantic Versioning 2.0.0

Git Hooks

This repository uses pre-commit hooks.