TransferClient

Transfer Family is a fully managed service that enables the transfer of files over the File Transfer Protocol (FTP), File Transfer Protocol over SSL (FTPS), or Secure Shell (SSH) File Transfer Protocol (SFTP) directly into and out of Amazon Simple Storage Service (Amazon S3) or Amazon EFS. Additionally, you can use Applicability Statement 2 (AS2) to transfer files into and out of Amazon S3. Amazon Web Services helps you seamlessly migrate your file transfer workflows to Transfer Family by integrating with existing authentication systems, and providing DNS routing with Amazon Route 53 so nothing changes for your customers and partners, or their applications. With your data in Amazon S3, you can use it with Amazon Web Services services for processing, analytics, machine learning, and archiving. Getting started with Transfer Family is easy since there is no infrastructure to buy and set up.

Installation

NPM
npm install @aws-sdk/client-transfer
Yarn
yarn add @aws-sdk/client-transfer
pnpm
pnpm add @aws-sdk/client-transfer

TransferClient Operations

Command
Summary
CreateAccessCommand

Used by administrators to choose which groups in the directory should have access to upload and download files over the enabled protocols using Transfer Family. For example, a Microsoft Active Directory might contain 50,000 users, but only a small fraction might need the ability to transfer files to the server. An administrator can use CreateAccess to limit the access to the correct set of users who need this ability.

CreateAgreementCommand

Creates an agreement. An agreement is a bilateral trading partner agreement, or partnership, between an Transfer Family server and an AS2 process. The agreement defines the file and message transfer relationship between the server and the AS2 process. To define an agreement, Transfer Family combines a server, local profile, partner profile, certificate, and other attributes.

The partner is identified with the PartnerProfileId, and the AS2 process is identified with the LocalProfileId.

CreateConnectorCommand

Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see Configure AS2 connectors  and Create SFTP connectors .

You must specify exactly one configuration object: either for AS2 (As2Config) or SFTP (SftpConfig).

CreateProfileCommand

Creates the local or partner profile to use for AS2 transfers.

CreateServerCommand

Instantiates an auto-scaling virtual server based on the selected file transfer protocol in Amazon Web Services. When you make updates to your file transfer protocol-enabled server or when you work with users, use the service-generated ServerId property that is assigned to the newly created server.

CreateUserCommand

Creates a user and associates them with an existing file transfer protocol-enabled server. You can only create and associate users with servers that have the IdentityProviderType set to SERVICE_MANAGED. Using parameters for CreateUser, you can specify the user name, set the home directory, store the user's public key, and assign the user's Identity and Access Management (IAM) role. You can also optionally add a session policy, and assign metadata with tags that can be used to group and search for users.

CreateWebAppCommand

Creates a web app based on specified parameters, and returns the ID for the new web app.

CreateWorkflowCommand

Allows you to create a workflow with specified steps and step details the workflow invokes after file transfer completes. After creating a workflow, you can associate the workflow created with any transfer servers by specifying the workflow-details field in CreateServer and UpdateServer operations.

DeleteAccessCommand

Allows you to delete the access specified in the ServerID and ExternalID parameters.

DeleteAgreementCommand

Delete the agreement that's specified in the provided AgreementId.

DeleteCertificateCommand

Deletes the certificate that's specified in the CertificateId parameter.

DeleteConnectorCommand

Deletes the connector that's specified in the provided ConnectorId.

DeleteHostKeyCommand

Deletes the host key that's specified in the HostKeyId parameter.

DeleteProfileCommand

Deletes the profile that's specified in the ProfileId parameter.

DeleteServerCommand

Deletes the file transfer protocol-enabled server that you specify.

No response returns from this operation.

DeleteSshPublicKeyCommand

Deletes a user's Secure Shell (SSH) public key.

DeleteUserCommand

Deletes the user belonging to a file transfer protocol-enabled server you specify.

No response returns from this operation.

When you delete a user from a server, the user's information is lost.

DeleteWebAppCommand

Deletes the specified web app.

DeleteWebAppCustomizationCommand

Deletes the WebAppCustomization object that corresponds to the web app ID specified.

DeleteWorkflowCommand

Deletes the specified workflow.

DescribeAccessCommand

Describes the access that is assigned to the specific file transfer protocol-enabled server, as identified by its ServerId property and its ExternalId.

The response from this call returns the properties of the access that is associated with the ServerId value that was specified.

DescribeAgreementCommand

Describes the agreement that's identified by the AgreementId.

DescribeCertificateCommand

Describes the certificate that's identified by the CertificateId.

DescribeConnectorCommand

Describes the connector that's identified by the ConnectorId.

DescribeExecutionCommand

You can use DescribeExecution to check the details of the execution of the specified workflow.

This API call only returns details for in-progress workflows.

If you provide an ID for an execution that is not in progress, or if the execution doesn't match the specified workflow ID, you receive a ResourceNotFound exception.

DescribeHostKeyCommand

Returns the details of the host key that's specified by the HostKeyId and ServerId.

DescribeProfileCommand

Returns the details of the profile that's specified by the ProfileId.

DescribeSecurityPolicyCommand

Describes the security policy that is attached to your server or SFTP connector. The response contains a description of the security policy's properties. For more information about security policies, see Working with security policies for servers  or Working with security policies for SFTP connectors .

DescribeServerCommand

Describes a file transfer protocol-enabled server that you specify by passing the ServerId parameter.

The response contains a description of a server's properties. When you set EndpointType to VPC, the response will contain the EndpointDetails.

DescribeUserCommand

Describes the user assigned to the specific file transfer protocol-enabled server, as identified by its ServerId property.

The response from this call returns the properties of the user associated with the ServerId value that was specified.

DescribeWebAppCommand

Describes the web app that's identified by WebAppId.

DescribeWebAppCustomizationCommand

Describes the web app customization object that's identified by WebAppId.

DescribeWorkflowCommand

Describes the specified workflow.

ImportCertificateCommand

Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles.

ImportHostKeyCommand

Adds a host key to the server that's specified by the ServerId parameter.

ImportSshPublicKeyCommand

Adds a Secure Shell (SSH) public key to a Transfer Family user identified by a UserName value assigned to the specific file transfer protocol-enabled server, identified by ServerId.

The response returns the UserName value, the ServerId value, and the name of the SshPublicKeyId.

ListAccessesCommand

Lists the details for all the accesses you have on your server.

ListAgreementsCommand

Returns a list of the agreements for the server that's identified by the ServerId that you supply. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing agreements from where you left off.

ListCertificatesCommand

Returns a list of the current certificates that have been imported into Transfer Family. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for the NextToken parameter, you can supply that value to continue listing certificates from where you left off.

ListConnectorsCommand

Lists the connectors for the specified Region.

ListExecutionsCommand

Lists all in-progress executions for the specified workflow.

If the specified workflow ID cannot be found, ListExecutions returns a ResourceNotFound exception.

ListFileTransferResultsCommand

Returns real-time updates and detailed information on the status of each individual file being transferred in a specific file transfer operation. You specify the file transfer by providing its ConnectorId and its TransferId.

File transfer results are available up to 7 days after an operation has been requested.

ListHostKeysCommand

Returns a list of host keys for the server that's specified by the ServerId parameter.

ListProfilesCommand

Returns a list of the profiles for your system. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing profiles from where you left off.

ListSecurityPoliciesCommand

Lists the security policies that are attached to your servers and SFTP connectors. For more information about security policies, see Working with security policies for servers  or Working with security policies for SFTP connectors .

ListServersCommand

Lists the file transfer protocol-enabled servers that are associated with your Amazon Web Services account.

ListTagsForResourceCommand

Lists all of the tags associated with the Amazon Resource Name (ARN) that you specify. The resource can be a user, server, or role.

ListUsersCommand

Lists the users for a file transfer protocol-enabled server that you specify by passing the ServerId parameter.

ListWebAppsCommand

Lists all web apps associated with your Amazon Web Services account for your current region.

ListWorkflowsCommand

Lists all workflows associated with your Amazon Web Services account for your current region.

SendWorkflowStepStateCommand

Sends a callback for asynchronous custom steps.

The ExecutionId, WorkflowId, and Token are passed to the target resource during execution of a custom step of a workflow. You must include those with their callback as well as providing a status.

StartDirectoryListingCommand

Retrieves a list of the contents of a directory from a remote SFTP server. You specify the connector ID, the output path, and the remote directory path. You can also specify the optional MaxItems value to control the maximum number of items that are listed from the remote directory. This API returns a list of all files and directories in the remote directory (up to the maximum value), but does not return files or folders in sub-directories. That is, it only returns a list of files and directories one-level deep.

After you receive the listing file, you can provide the files that you want to transfer to the RetrieveFilePaths parameter of the StartFileTransfer API call.

The naming convention for the output file is connector-ID-listing-ID.json. The output file contains the following information:

  • filePath: the complete path of a remote file, relative to the directory of the listing request for your SFTP connector on the remote server.

  • modifiedTimestamp: the last time the file was modified, in UTC time format. This field is optional. If the remote file attributes don't contain a timestamp, it is omitted from the file listing.

  • size: the size of the file, in bytes. This field is optional. If the remote file attributes don't contain a file size, it is omitted from the file listing.

  • path: the complete path of a remote directory, relative to the directory of the listing request for your SFTP connector on the remote server.

  • truncated: a flag indicating whether the list output contains all of the items contained in the remote directory or not. If your Truncated output value is true, you can increase the value provided in the optional max-items input attribute to be able to list more items (up to the maximum allowed list size of 10,000 items).

StartFileTransferCommand

Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.

  • For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.

  • For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:

    • If you are transferring file from a partner's SFTP server to Amazon Web Services storage, you specify one or more RetrieveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.

    • If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.

StartServerCommand

Changes the state of a file transfer protocol-enabled server from OFFLINE to ONLINE. It has no impact on a server that is already ONLINE. An ONLINE server can accept and process file transfer jobs.

The state of STARTING indicates that the server is in an intermediate state, either not fully able to respond, or not fully online. The values of START_FAILED can indicate an error condition.

No response is returned from this call.

StopServerCommand

Changes the state of a file transfer protocol-enabled server from ONLINE to OFFLINE. An OFFLINE server cannot accept and process file transfer jobs. Information tied to your server, such as server and user properties, are not affected by stopping your server.

Stopping the server does not reduce or impact your file transfer protocol endpoint billing; you must delete the server to stop being billed.

The state of STOPPING indicates that the server is in an intermediate state, either not fully able to respond, or not fully offline. The values of STOP_FAILED can indicate an error condition.

No response is returned from this call.

TagResourceCommand

Attaches a key-value pair to a resource, as identified by its Amazon Resource Name (ARN). Resources are users, servers, roles, and other entities.

There is no response returned from this call.

TestConnectionCommand

Tests whether your SFTP connector is set up successfully. We highly recommend that you call this operation to test your ability to transfer files between local Amazon Web Services storage and a trading partner's SFTP server.

TestIdentityProviderCommand

If the IdentityProviderType of a file transfer protocol-enabled server is AWS_DIRECTORY_SERVICE or API_Gateway, tests whether your identity provider is set up successfully. We highly recommend that you call this operation to test your authentication method as soon as you create your server. By doing so, you can troubleshoot issues with the identity provider integration to ensure that your users can successfully use the service.

The ServerId and UserName parameters are required. The ServerProtocol, SourceIp, and UserPassword are all optional.

Note the following:

  • You cannot use TestIdentityProvider if the IdentityProviderType of your server is SERVICE_MANAGED.

  • TestIdentityProvider does not work with keys: it only accepts passwords.

  • TestIdentityProvider can test the password operation for a custom Identity Provider that handles keys and passwords.

  • If you provide any incorrect values for any parameters, the Response field is empty.

  • If you provide a server ID for a server that uses service-managed users, you get an error:

    An error occurred (InvalidRequestException) when calling the TestIdentityProvider operation: s-server-ID not configured for external auth

  • If you enter a Server ID for the --server-id parameter that does not identify an actual Transfer server, you receive the following error:

    An error occurred (ResourceNotFoundException) when calling the TestIdentityProvider operation: Unknown server.

    It is possible your sever is in a different region. You can specify a region by adding the following: --region region-code, such as --region us-east-2 to specify a server in US East (Ohio).

UntagResourceCommand

Detaches a key-value pair from a resource, as identified by its Amazon Resource Name (ARN). Resources are users, servers, roles, and other entities.

No response is returned from this call.

UpdateAccessCommand

Allows you to update parameters for the access specified in the ServerID and ExternalID parameters.

UpdateAgreementCommand

Updates some of the parameters for an existing agreement. Provide the AgreementId and the ServerId for the agreement that you want to update, along with the new values for the parameters to update.

UpdateCertificateCommand

Updates the active and inactive dates for a certificate.

UpdateConnectorCommand

Updates some of the parameters for an existing connector. Provide the ConnectorId for the connector that you want to update, along with the new values for the parameters to update.

UpdateHostKeyCommand

Updates the description for the host key that's specified by the ServerId and HostKeyId parameters.

UpdateProfileCommand

Updates some of the parameters for an existing profile. Provide the ProfileId for the profile that you want to update, along with the new values for the parameters to update.

UpdateServerCommand

Updates the file transfer protocol-enabled server's properties after that server has been created.

The UpdateServer call returns the ServerId of the server you updated.

UpdateUserCommand

Assigns new properties to a user. Parameters you pass modify any or all of the following: the home directory, role, and policy for the UserName and ServerId you specify.

The response returns the ServerId and the UserName for the updated user.

In the console, you can select Restricted when you create or update a user. This ensures that the user can't access anything outside of their home directory. The programmatic way to configure this behavior is to update the user. Set their HomeDirectoryType to LOGICAL, and specify HomeDirectoryMappings with Entry as root (/) and Target as their home directory.

For example, if the user's home directory is /test/admin-user, the following command updates the user so that their configuration in the console shows the Restricted flag as selected.

aws transfer update-user --server-id <server-id> --user-name admin-user --home-directory-type LOGICAL --home-directory-mappings "[{"Entry":"/", "Target":"/test/admin-user"}]"

UpdateWebAppCommand

Assigns new properties to a web app. You can modify the access point, identity provider details, and the web app units.

UpdateWebAppCustomizationCommand

Assigns new customization properties to a web app. You can modify the icon file, logo file, and title.

TransferClient Configuration

Parameter
Type
Description
defaultsMode
Optional
DefaultsMode | Provider<DefaultsMode>
The @smithy/smithy-client#DefaultsMode that will be used to determine how certain default configuration options are resolved in the SDK.
disableHostPrefix
Optional
boolean
Disable dynamically changing the endpoint of the client based on the hostPrefix trait of an operation.
extensions
Optional
RuntimeExtension[]
Optional extensions
logger
Optional
Logger
Optional logger for logging debug/info/warn/error.
maxAttempts
Optional
number | Provider<number>
Value for how many times a request will be made at most in case of retry.
profile
Optional
string
Setting a client profile is similar to setting a value for the AWS_PROFILE environment variable. Setting a profile on a client in code only affects the single client instance, unlike AWS_PROFILE.When set, and only for environments where an AWS configuration file exists, fields configurable by this file will be retrieved from the specified profile within that file. Conflicting code configuration and environment variables will still have higher priority.For client credential resolution that involves checking the AWS configuration file, the client's profile (this value) will be used unless a different profile is set in the credential provider options.
region
Optional
string | Provider<string>
The AWS region to which this client will send requests
requestHandler
Optional
__HttpHandlerUserInput
The HTTP handler to use or its constructor options. Fetch in browser and Https in Nodejs.
retryMode
Optional
string | Provider<string>
Specifies which retry algorithm to use.
useDualstackEndpoint
Optional
boolean | Provider<boolean>
Enables IPv6/IPv4 dualstack endpoint.
useFipsEndpoint
Optional
boolean | Provider<boolean>
Enables FIPS compatible endpoints.
Additional config fields are described in the full configuration type: TransferClientConfig