Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

AWS::Transfer::Connector SftpConfig

RSS
Focus mode
AWS::Transfer::Connector SftpConfig - AWS CloudFormation
SyntaxProperties
Filter View

A structure that contains the parameters for an SFTP connector object.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "TrustedHostKeys" : [ String, ... ],
  "UserSecretId" : String
}

YAML

  TrustedHostKeys: 
    - String
  UserSecretId: String

Properties

TrustedHostKeys

The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the ssh-keyscan command against the SFTP server to retrieve the necessary key.

The three standard SSH public key format elements are <key type>, <body base64>, and an optional <comment>, with spaces between each element. Specify only the <key type> and <body base64>: do not enter the <comment> portion of the key.

For the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys.

  • For RSA keys, the <key type> string is ssh-rsa.

  • For ECDSA keys, the <key type> string is either ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521, depending on the size of the key you generated.

Run this command to retrieve the SFTP server host key, where your SFTP server name is ftp.host.com.

ssh-keyscan ftp.host.com

This prints the public host key to standard output.

ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key

Copy and paste this string into the TrustedHostKeys field for the create-connector command or into the Trusted host keys field in the console.

Required: No

Type: Array of String

Maximum: 10

Update requires: No interruption

UserSecretId

The identifier for the secret (in AWS Secrets Manager) that contains the SFTP user's private key, password, or both. The identifier must be the Amazon Resource Name (ARN) of the secret.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: No interruption

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.