Use a template to create a demo Transfer Family AS2 stack
We supply a self-contained, AWS CloudFormation template to quickly create an AS2-enabled Transfer Family server. The template configures the server with a public Amazon VPC endpoint, certificates, local and partner profiles, an agreement, and a connector.
Before using this template, note the following:
-
If you create a stack from this template, you will be billed for the AWS resources that are used.
-
The template creates multiple certificates and places them in AWS Secrets Manager to store them securely. You can delete these certificates from Secrets Manager if you want, because you're charged for using this service. Deleting these certificates in Secrets Manager doesn't delete them from the Transfer Family server. Therefore, the functionality of the demo stack isn't affected. However, for certificates that you're going to use with a production AS2 server, you might want to use Secrets Manager to manage and periodically rotate your stored certificates.
-
We recommend that you use the template as a base only, and mainly for demonstration purposes. If you want to use this demo stack in production, we recommend that you modify the template's YAML code to create a more robust stack. For example, create production-level certificates, and create an AWS Lambda function that you can use in production.
To create an AS2-enabled Transfer Family server from a CloudFormation template
-
Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation
. -
In the left navigation pane, choose Stacks.
-
Choose Create stack, and then choose With new resources (standard).
-
In the Prerequisite - Prepare template section, choose Choose an existing template.
-
Copy this link, AS2 demo template
, and paste it into the Amazon S3 URL field. -
Choose Next.
-
On the Specify stack details page, name your stack, and then specify the following parameters:
-
Under AS2, enter values for Local AS2 ID and Partner AS2 ID, or accept the defaults,
local
andpartner
, respectively. -
Under Network, enter a value for Security group ingress CIDR IP, or accept the default,
0.0.0.0/0
.Note
This value, in CIDR format, specifies which IP addresses are allowed for incoming traffic to the AS2 server. The default value,
0.0.0.0/0
, allows all IP addresses. -
Under General, enter a value for Prefix, or accept the default,
transfer-as2
. This prefix is placed before any resource names that are created by the stack. For example, if you use the default prefix, your Amazon S3 bucket is namedtransfer-as2-
.amzn-s3-demo-bucket
-
-
Choose Next. On the Configure stack options page, choose Next again.
-
Review the details for the stack that you're creating, and then choose Create stack.
Note
At the bottom of the page, under Capabilities, you must acknowledge that AWS CloudFormation might create AWS Identity and Access Management (IAM) resources.
After the stack is created, you can send a test AS2 message from the partner server to your local Transfer Family server by using the AWS Command Line Interface (AWS CLI). A sample AWS CLI command for sending a test message is created along with all of the other resources in the stack.
To use this sample command, go to the Outputs tab of your stack, and copy the TransferExampleAs2Command. You can then run the command by using the AWS CLI. If you haven't already installed the AWS CLI, see Installing or updating the latest version of the AWS CLI in the AWS Command Line Interface User Guide.
The sample command has the following format:
aws s3api put-object --bucket
amzn-s3-demo-bucket
--key test.txt && aws transfer start-file-transfer --regionaws-region
--connector-idTransferConnectorId
--send-file-paths /amzn-s3-demo-bucket
/test.txt
Note
Your version of this command contains the actual values for the
and
amzn-s3-demo-bucket
resources in
your stack.TransferConnectorId
This sample command consists of two separate commands that are chained together by
using the &&
string.
The first command creates a new, empty text file in your bucket:
aws s3api put-object --bucket
amzn-s3-demo-bucket
--key test.txt
Then, the second command uses the connector to send the file from the partner profile to the local profile. The Transfer Family server has an agreement set up that allows the local profile to accept messages from the partner profile.
aws transfer start-file-transfer --region
aws-region
--connector-idTransferConnectorId
--send-file-paths /amzn-s3-demo-bucket
/test.txt
After you run the command, you can go to your Amazon S3 bucket
(
) and view the
contents. If the command is successful, you should see the following objects in your
bucket:amzn-s3-demo-bucket
-
processed/
– This folder contains a JSON file that describes the transferred file and the MDN response. -
processing/
– This folder temporarily contains files as they are being processed, but after a transfer is completed, this folder should be empty. -
– This folder is named based on your Transfer Family server ID. It containsserver-id
/from-
(this folder is dynamically named, based on the partner's AS2 ID), which itself containspartner
failed/
,processed/
, andprocessing/
folders. The/
folder contains a copy of the transferred text file, and the corresponding JSON and MDN files.server-id
/from-partner
/processed/ -
test.txt
– This object is the (empty) file that was transferred.