AWS::Transfer::Connector SftpConfig - AWS CloudFormation

AWS::Transfer::Connector SftpConfig

A structure that contains the parameters for an SFTP connector object.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "TrustedHostKeys" : [ String, ... ], "UserSecretId" : String }

YAML

TrustedHostKeys: - String UserSecretId: String

Properties

TrustedHostKeys

The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the ssh-keyscan command against the SFTP server to retrieve the necessary key.

The three standard SSH public key format elements are <key type>, <body base64>, and an optional <comment>, with spaces between each element. Specify only the <key type> and <body base64>: do not enter the <comment> portion of the key.

For the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys.

  • For RSA keys, the <key type> string is ssh-rsa.

  • For ECDSA keys, the <key type> string is either ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521, depending on the size of the key you generated.

Run this command to retrieve the SFTP server host key, where your SFTP server name is ftp.host.com.

ssh-keyscan ftp.host.com

This prints the public host key to standard output.

ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key

Copy and paste this string into the TrustedHostKeys field for the create-connector command or into the Trusted host keys field in the console.

Required: No

Type: Array of String

Maximum: 10

Update requires: No interruption

UserSecretId

The identifier for the secret (in AWS Secrets Manager) that contains the SFTP user's private key, password, or both. The identifier must be the Amazon Resource Name (ARN) of the secret.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: No interruption