CfnServerPropsMixin
- class aws_cdk.mixins_preview.aws_transfer.mixins.CfnServerPropsMixin(props, *, strategy=None)
Bases:
MixinInstantiates an auto-scaling virtual server based on the selected file transfer protocol in AWS .
When you make updates to your file transfer protocol-enabled server or when you work with users, use the service-generated
ServerIdproperty that is assigned to the newly created server.- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-server.html
- CloudformationResource:
AWS::Transfer::Server
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_transfer import mixins as transfer_mixins cfn_server_props_mixin = transfer_mixins.CfnServerPropsMixin(transfer_mixins.CfnServerMixinProps( certificate="certificate", domain="domain", endpoint_details=transfer_mixins.CfnServerPropsMixin.EndpointDetailsProperty( address_allocation_ids=["addressAllocationIds"], security_group_ids=["securityGroupIds"], subnet_ids=["subnetIds"], vpc_endpoint_id="vpcEndpointId", vpc_id="vpcId" ), endpoint_type="endpointType", identity_provider_details=transfer_mixins.CfnServerPropsMixin.IdentityProviderDetailsProperty( directory_id="directoryId", function="function", invocation_role="invocationRole", sftp_authentication_methods="sftpAuthenticationMethods", url="url" ), identity_provider_type="identityProviderType", ip_address_type="ipAddressType", logging_role="loggingRole", post_authentication_login_banner="postAuthenticationLoginBanner", pre_authentication_login_banner="preAuthenticationLoginBanner", protocol_details=transfer_mixins.CfnServerPropsMixin.ProtocolDetailsProperty( as2_transports=["as2Transports"], passive_ip="passiveIp", set_stat_option="setStatOption", tls_session_resumption_mode="tlsSessionResumptionMode" ), protocols=["protocols"], s3_storage_options=transfer_mixins.CfnServerPropsMixin.S3StorageOptionsProperty( directory_listing_optimization="directoryListingOptimization" ), security_policy_name="securityPolicyName", structured_log_destinations=["structuredLogDestinations"], tags=[CfnTag( key="key", value="value" )], workflow_details=transfer_mixins.CfnServerPropsMixin.WorkflowDetailsProperty( on_partial_upload=[transfer_mixins.CfnServerPropsMixin.WorkflowDetailProperty( execution_role="executionRole", workflow_id="workflowId" )], on_upload=[transfer_mixins.CfnServerPropsMixin.WorkflowDetailProperty( execution_role="executionRole", workflow_id="workflowId" )] ) ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::Transfer::Server.- Parameters:
props (
Union[CfnServerMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['certificate', 'domain', 'endpointDetails', 'endpointType', 'identityProviderDetails', 'identityProviderType', 'ipAddressType', 'loggingRole', 'postAuthenticationLoginBanner', 'preAuthenticationLoginBanner', 'protocolDetails', 'protocols', 's3StorageOptions', 'securityPolicyName', 'structuredLogDestinations', 'tags', 'workflowDetails']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
EndpointDetailsProperty
- class CfnServerPropsMixin.EndpointDetailsProperty(*, address_allocation_ids=None, security_group_ids=None, subnet_ids=None, vpc_endpoint_id=None, vpc_id=None)
Bases:
objectThe virtual private cloud (VPC) endpoint settings that are configured for your server.
When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC’s default security groups are automatically assigned to your endpoint.
- Parameters:
address_allocation_ids (
Optional[Sequence[str]]) – A list of address allocation IDs that are required to attach an Elastic IP address to your server’s endpoint. An address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from theallocationIdfield from the Amazon EC2 Address data type. One way to retrieve this value is by calling the EC2 DescribeAddresses API. This parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see Create an internet-facing endpoint for your server . .. epigraph:: This property can only be set as follows: -EndpointTypemust be set toVPC- The Transfer Family server must be offline. - You cannot set this parameter for Transfer Family servers that use the FTP protocol. - The server must already haveSubnetIdspopulated (SubnetIdsandAddressAllocationIdscannot be updated simultaneously). -AddressAllocationIdscan’t contain duplicates, and must be equal in length toSubnetIds. For example, if you have three subnet IDs, you must also specify three address allocation IDs. - Call theUpdateServerAPI to set or change this parameter. - You can’t set address allocation IDs for servers that have anIpAddressTypeset toDUALSTACKYou can only set this property ifIpAddressTypeis set toIPV4.security_group_ids (
Optional[Sequence[str]]) – A list of security groups IDs that are available to attach to your server’s endpoint. .. epigraph:: WhileSecurityGroupIdsappears in the response syntax for consistency withCreateServerandUpdateServeroperations, this field is not populated inDescribeServerresponses. Security groups are managed at the VPC endpoint level and can be modified outside of the Transfer Family service. To retrieve current security group information, use the EC2DescribeVpcEndpointsAPI with theVpcEndpointIdreturned in the response. This property can only be set whenEndpointTypeis set toVPC. You can edit theSecurityGroupIdsproperty in the UpdateServer API only if you are changing theEndpointTypefromPUBLICorVPC_ENDPOINTtoVPC. To change security groups associated with your server’s VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API.subnet_ids (
Optional[Sequence[str]]) – A list of subnet IDs that are required to host your server endpoint in your VPC. .. epigraph:: This property can only be set whenEndpointTypeis set toVPC.vpc_endpoint_id (
Optional[str]) – The ID of the VPC endpoint. .. epigraph:: This property can only be set whenEndpointTypeis set toVPC_ENDPOINT.vpc_id (
Optional[str]) – The VPC ID of the virtual private cloud in which the server’s endpoint will be hosted. .. epigraph:: This property can only be set whenEndpointTypeis set toVPC.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_transfer import mixins as transfer_mixins endpoint_details_property = transfer_mixins.CfnServerPropsMixin.EndpointDetailsProperty( address_allocation_ids=["addressAllocationIds"], security_group_ids=["securityGroupIds"], subnet_ids=["subnetIds"], vpc_endpoint_id="vpcEndpointId", vpc_id="vpcId" )
Attributes
- address_allocation_ids
A list of address allocation IDs that are required to attach an Elastic IP address to your server’s endpoint.
An address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the
allocationIdfield from the Amazon EC2 Address data type. One way to retrieve this value is by calling the EC2 DescribeAddresses API.This parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see Create an internet-facing endpoint for your server . .. epigraph:
This property can only be set as follows: - ``EndpointType`` must be set to ``VPC`` - The Transfer Family server must be offline. - You cannot set this parameter for Transfer Family servers that use the FTP protocol. - The server must already have ``SubnetIds`` populated ( ``SubnetIds`` and ``AddressAllocationIds`` cannot be updated simultaneously). - ``AddressAllocationIds`` can't contain duplicates, and must be equal in length to ``SubnetIds`` . For example, if you have three subnet IDs, you must also specify three address allocation IDs. - Call the ``UpdateServer`` API to set or change this parameter. - You can't set address allocation IDs for servers that have an ``IpAddressType`` set to ``DUALSTACK`` You can only set this property if ``IpAddressType`` is set to ``IPV4`` .
- security_group_ids
A list of security groups IDs that are available to attach to your server’s endpoint.
While
SecurityGroupIdsappears in the response syntax for consistency withCreateServerandUpdateServeroperations, this field is not populated inDescribeServerresponses. Security groups are managed at the VPC endpoint level and can be modified outside of the Transfer Family service. To retrieve current security group information, use the EC2DescribeVpcEndpointsAPI with theVpcEndpointIdreturned in the response.This property can only be set when
EndpointTypeis set toVPC.You can edit the
SecurityGroupIdsproperty in the UpdateServer API only if you are changing theEndpointTypefromPUBLICorVPC_ENDPOINTtoVPC. To change security groups associated with your server’s VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API.
- subnet_ids
A list of subnet IDs that are required to host your server endpoint in your VPC.
This property can only be set when
EndpointTypeis set toVPC.
- vpc_endpoint_id
The ID of the VPC endpoint.
This property can only be set when
EndpointTypeis set toVPC_ENDPOINT.
- vpc_id
The VPC ID of the virtual private cloud in which the server’s endpoint will be hosted.
This property can only be set when
EndpointTypeis set toVPC.
IdentityProviderDetailsProperty
- class CfnServerPropsMixin.IdentityProviderDetailsProperty(*, directory_id=None, function=None, invocation_role=None, sftp_authentication_methods=None, url=None)
Bases:
objectRequired when
IdentityProviderTypeis set toAWS_DIRECTORY_SERVICE,AWS _LAMBDAorAPI_GATEWAY.Accepts an array containing all of the information required to use a directory in
AWS_DIRECTORY_SERVICEor invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified whenIdentityProviderTypeis set toSERVICE_MANAGED.- Parameters:
directory_id (
Optional[str]) – The identifier of the AWS Directory Service directory that you want to use as your identity provider.function (
Optional[str]) – The ARN for a Lambda function to use for the Identity provider.invocation_role (
Optional[str]) – This parameter is only applicable if yourIdentityProviderTypeisAPI_GATEWAY. Provides the type ofInvocationRoleused to authenticate the user account.sftp_authentication_methods (
Optional[str]) – For SFTP-enabled servers, and for custom identity providers only , you can specify whether to authenticate using a password, SSH key pair, or both. -PASSWORD- users must provide their password to connect. -PUBLIC_KEY- users must provide their private key to connect. -PUBLIC_KEY_OR_PASSWORD- users can authenticate with either their password or their key. This is the default value. -PUBLIC_KEY_AND_PASSWORD- users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails.url (
Optional[str]) – Provides the location of the service endpoint used to authenticate users.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_transfer import mixins as transfer_mixins identity_provider_details_property = transfer_mixins.CfnServerPropsMixin.IdentityProviderDetailsProperty( directory_id="directoryId", function="function", invocation_role="invocationRole", sftp_authentication_methods="sftpAuthenticationMethods", url="url" )
Attributes
- directory_id
The identifier of the AWS Directory Service directory that you want to use as your identity provider.
- function
The ARN for a Lambda function to use for the Identity provider.
- invocation_role
This parameter is only applicable if your
IdentityProviderTypeisAPI_GATEWAY.Provides the type of
InvocationRoleused to authenticate the user account.
- sftp_authentication_methods
For SFTP-enabled servers, and for custom identity providers only , you can specify whether to authenticate using a password, SSH key pair, or both.
PASSWORD- users must provide their password to connect.PUBLIC_KEY- users must provide their private key to connect.PUBLIC_KEY_OR_PASSWORD- users can authenticate with either their password or their key. This is the default value.PUBLIC_KEY_AND_PASSWORD- users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails.
- url
Provides the location of the service endpoint used to authenticate users.
ProtocolDetailsProperty
- class CfnServerPropsMixin.ProtocolDetailsProperty(*, as2_transports=None, passive_ip=None, set_stat_option=None, tls_session_resumption_mode=None)
Bases:
objectThe protocol settings that are configured for your server.
Avoid placing Network Load Balancers (NLBs) or NAT gateways in front of AWS Transfer Family servers, as this increases costs and can cause performance issues, including reduced connection limits for FTPS. For more details, see Avoid placing NLBs and NATs in front of AWS Transfer Family .
To indicate passive mode (for FTP and FTPS protocols), use the
PassiveIpparameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.To ignore the error that is generated when the client attempts to use the
SETSTATcommand on a file that you are uploading to an Amazon S3 bucket, use theSetStatOptionparameter. To have the AWS Transfer Family server ignore theSETSTATcommand and upload files without needing to make any changes to your SFTP client, set the value toENABLE_NO_OP. If you set theSetStatOptionparameter toENABLE_NO_OP, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making aSETSTATcall.To determine whether your AWS Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the
TlsSessionResumptionModeparameter.As2Transportsindicates the transport method for the AS2 messages. Currently, only HTTP is supported.
- Parameters:
as2_transports (
Optional[Sequence[str]]) – List ofAs2Transportobjects.passive_ip (
Optional[str]) –Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:
aws transfer update-server --protocol-details PassiveIp=0.0.0.0Replace0.0.0.0in the example above with the actual IP address you want to use. .. epigraph:: If you change thePassiveIpvalue, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family . Additionally, avoid placing Network Load Balancers (NLBs) or NAT gateways in front of AWS Transfer Family servers. This configuration increases costs and can cause performance issues. When NLBs or NATs are in the communication path, Transfer Family cannot accurately recognize client IP addresses, which impacts connection sharding and limits FTPS servers to only 300 simultaneous connections instead of 10,000. If you must use an NLB, use port 21 for health checks and enable TLS session resumption by settingTlsSessionResumptionMode = ENFORCED. For optimal performance, migrate to VPC endpoints with Elastic IP addresses instead of using NLBs. For more details, see Avoid placing NLBs and NATs in front of AWS Transfer Family . Special values TheAUTOand0.0.0.0are special values for thePassiveIpparameter. The valuePassiveIp=AUTOis assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response.PassiveIp=0.0.0.0has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using thePassiveIpparameter. This reduces the effectiveness of having High Availability. In this case, you can specifyPassiveIp=0.0.0.0. This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support thePassiveIp=0.0.0.0response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports thePassiveIp=0.0.0.0response.set_stat_option (
Optional[str]) – Use theSetStatOptionto ignore the error that is generated when the client attempts to useSETSTATon a file you are uploading to an S3 bucket. Some SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such asSETSTATwhen uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded. Set the value toENABLE_NO_OPto have the Transfer Family server ignore theSETSTATcommand, and upload files without needing to make any changes to your SFTP client. While theSetStatOptionENABLE_NO_OPsetting ignores the error, it does generate a log entry in Amazon CloudWatch Logs, so you can determine when the client is making aSETSTATcall. .. epigraph:: If you want to preserve the original timestamp for your file, and modify other file attributes usingSETSTAT, you can use Amazon EFS as backend storage with Transfer Family.tls_session_resumption_mode (
Optional[str]) – A property used with Transfer Family servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session.TlsSessionResumptionModedetermines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available duringCreateServerandUpdateServercalls. If aTlsSessionResumptionModevalue is not specified duringCreateServer, it is set toENFORCEDby default. -DISABLED: the server does not process TLS session resumption client requests and creates a new TLS session for each request. -ENABLED: the server processes and accepts clients that are performing TLS session resumption. The server doesn’t reject client data connections that do not perform the TLS session resumption client processing. -ENFORCED: the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value toENFORCED, test your clients. .. epigraph:: Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don’t perform the protocol negotiation. To determine whether or not you can use theENFORCEDvalue, you need to test your clients.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_transfer import mixins as transfer_mixins protocol_details_property = transfer_mixins.CfnServerPropsMixin.ProtocolDetailsProperty( as2_transports=["as2Transports"], passive_ip="passiveIp", set_stat_option="setStatOption", tls_session_resumption_mode="tlsSessionResumptionMode" )
Attributes
- as2_transports
List of
As2Transportobjects.
- passive_ip
Indicates passive mode, for FTP and FTPS protocols.
Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:
aws transfer update-server --protocol-details PassiveIp=0.0.0.0Replace
0.0.0.0in the example above with the actual IP address you want to use. .. epigraph:If you change the ``PassiveIp`` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see `Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family <https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/>`_ . Additionally, avoid placing Network Load Balancers (NLBs) or NAT gateways in front of AWS Transfer Family servers. This configuration increases costs and can cause performance issues. When NLBs or NATs are in the communication path, Transfer Family cannot accurately recognize client IP addresses, which impacts connection sharding and limits FTPS servers to only 300 simultaneous connections instead of 10,000. If you must use an NLB, use port 21 for health checks and enable TLS session resumption by setting ``TlsSessionResumptionMode = ENFORCED`` . For optimal performance, migrate to VPC endpoints with Elastic IP addresses instead of using NLBs. For more details, see `Avoid placing NLBs and NATs in front of AWS Transfer Family <https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations>`_ .
Special values
The
AUTOand0.0.0.0are special values for thePassiveIpparameter. The valuePassiveIp=AUTOis assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response.PassiveIp=0.0.0.0has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using thePassiveIpparameter. This reduces the effectiveness of having High Availability. In this case, you can specifyPassiveIp=0.0.0.0. This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support thePassiveIp=0.0.0.0response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports thePassiveIp=0.0.0.0response.
- set_stat_option
Use the
SetStatOptionto ignore the error that is generated when the client attempts to useSETSTATon a file you are uploading to an S3 bucket.Some SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such as
SETSTATwhen uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded.Set the value to
ENABLE_NO_OPto have the Transfer Family server ignore theSETSTATcommand, and upload files without needing to make any changes to your SFTP client. While theSetStatOptionENABLE_NO_OPsetting ignores the error, it does generate a log entry in Amazon CloudWatch Logs, so you can determine when the client is making aSETSTATcall. .. epigraph:If you want to preserve the original timestamp for your file, and modify other file attributes using ``SETSTAT`` , you can use Amazon EFS as backend storage with Transfer Family.
- tls_session_resumption_mode
A property used with Transfer Family servers that use the FTPS protocol.
TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session.
TlsSessionResumptionModedetermines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available duringCreateServerandUpdateServercalls. If aTlsSessionResumptionModevalue is not specified duringCreateServer, it is set toENFORCEDby default.DISABLED: the server does not process TLS session resumption client requests and creates a new TLS session for each request.ENABLED: the server processes and accepts clients that are performing TLS session resumption. The server doesn’t reject client data connections that do not perform the TLS session resumption client processing.ENFORCED: the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value toENFORCED, test your clients.
Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don’t perform the protocol negotiation. To determine whether or not you can use the
ENFORCEDvalue, you need to test your clients.
S3StorageOptionsProperty
- class CfnServerPropsMixin.S3StorageOptionsProperty(*, directory_listing_optimization=None)
Bases:
objectThe Amazon S3 storage options that are configured for your server.
- Parameters:
directory_listing_optimization (
Optional[str]) – Specifies whether or not performance for your Amazon S3 directories is optimized. - If using the console, this is enabled by default. - If using the API or CLI, this is disabled by default. By default, home directory mappings have aTYPEofDIRECTORY. If you enable this option, you would then need to explicitly set theHomeDirectoryMapEntryTypetoFILEif you want a mapping to have a file target.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_transfer import mixins as transfer_mixins s3_storage_options_property = transfer_mixins.CfnServerPropsMixin.S3StorageOptionsProperty( directory_listing_optimization="directoryListingOptimization" )
Attributes
- directory_listing_optimization
Specifies whether or not performance for your Amazon S3 directories is optimized.
If using the console, this is enabled by default.
If using the API or CLI, this is disabled by default.
By default, home directory mappings have a
TYPEofDIRECTORY. If you enable this option, you would then need to explicitly set theHomeDirectoryMapEntryTypetoFILEif you want a mapping to have a file target.
WorkflowDetailProperty
- class CfnServerPropsMixin.WorkflowDetailProperty(*, execution_role=None, workflow_id=None)
Bases:
objectSpecifies the workflow ID for the workflow to assign and the execution role that’s used for executing the workflow.
In addition to a workflow to execute when a file is uploaded completely,
WorkflowDetailscan also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects.- Parameters:
execution_role (
Optional[str]) – Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.workflow_id (
Optional[str]) – A unique identifier for the workflow.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_transfer import mixins as transfer_mixins workflow_detail_property = transfer_mixins.CfnServerPropsMixin.WorkflowDetailProperty( execution_role="executionRole", workflow_id="workflowId" )
Attributes
- execution_role
Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources.
- workflow_id
A unique identifier for the workflow.
WorkflowDetailsProperty
- class CfnServerPropsMixin.WorkflowDetailsProperty(*, on_partial_upload=None, on_upload=None)
Bases:
objectContainer for the
WorkflowDetaildata type.It is used by actions that trigger a workflow to begin execution.
- Parameters:
on_partial_upload (
Union[IResolvable,Sequence[Union[IResolvable,WorkflowDetailProperty,Dict[str,Any]]],None]) – A trigger that starts a workflow if a file is only partially uploaded. You can attach a workflow to a server that executes whenever there is a partial upload. A partial upload occurs when a file is open when the session disconnects. .. epigraph::OnPartialUploadcan contain a maximum of oneWorkflowDetailobject.on_upload (
Union[IResolvable,Sequence[Union[IResolvable,WorkflowDetailProperty,Dict[str,Any]]],None]) – A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. To remove an associated workflow from a server, you can provide an emptyOnUploadobject, as in the following example.aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{"OnUpload":[]}'.. epigraph::OnUploadcan contain a maximum of oneWorkflowDetailobject.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_transfer import mixins as transfer_mixins workflow_details_property = transfer_mixins.CfnServerPropsMixin.WorkflowDetailsProperty( on_partial_upload=[transfer_mixins.CfnServerPropsMixin.WorkflowDetailProperty( execution_role="executionRole", workflow_id="workflowId" )], on_upload=[transfer_mixins.CfnServerPropsMixin.WorkflowDetailProperty( execution_role="executionRole", workflow_id="workflowId" )] )
Attributes
- on_partial_upload
A trigger that starts a workflow if a file is only partially uploaded.
You can attach a workflow to a server that executes whenever there is a partial upload.
A partial upload occurs when a file is open when the session disconnects. .. epigraph:
``OnPartialUpload`` can contain a maximum of one ``WorkflowDetail`` object.
- on_upload
the workflow begins to execute after a file is uploaded.
To remove an associated workflow from a server, you can provide an empty
OnUploadobject, as in the following example.aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{"OnUpload":[]}'.. epigraph:``OnUpload`` can contain a maximum of one ``WorkflowDetail`` object.
- See:
- Type:
A trigger that starts a workflow