Contact Us | Stratusphere FinOps | StratusGrid Home | Blog

terraform-aws-transfer-server-custom-idp

GitHub: StratusGrid/terraform-aws-transfer-server-custom-idp

This Terraform module will create a custom identity provider based on AWS Secrets (managed by AWS Secret Manager) for the AWS Transfer Familiy.

Example Usage:

Create a SFTP server with the custom identity provider.

module "transfer-server-custom-idp" {
  name_prefix = var.name_prefix
  source  = "StratusGrid/transfer-server-custom-idp/aws"
  version = "1.1.0"

  region = var.region
}

---

To create any user to connect to this AWS Transfer server, use this other module

Resources

Name	Type
aws_api_gateway_account.sftp	resource
aws_api_gateway_deployment.sftp	resource
aws_api_gateway_integration.sftp	resource
aws_api_gateway_integration_response.sftp_response	resource
aws_api_gateway_method.get	resource
aws_api_gateway_method_response.response_200	resource
aws_api_gateway_method_settings.get	resource
aws_api_gateway_model.userconfig	resource
aws_api_gateway_resource.config	resource
aws_api_gateway_resource.serverid	resource
aws_api_gateway_resource.servers	resource
aws_api_gateway_resource.username	resource
aws_api_gateway_resource.users	resource
aws_api_gateway_rest_api.sftp	resource
aws_api_gateway_stage.prod	resource
aws_cloudwatch_log_group.custom_log_group	resource
aws_iam_role.cloudwatch	resource
aws_iam_role.sftp_lambda_role	resource
aws_iam_role.sftp_transfer_server	resource
aws_iam_role.sftp_transfer_server_invocation	resource
aws_iam_role_policy.cloudwatch	resource
aws_iam_role_policy.sftp_lambda_role_policy	resource
aws_iam_role_policy.sftp_transfer_server	resource
aws_iam_role_policy.sftp_transfer_server_invocation	resource
aws_iam_role_policy_attachment.attach_cloudwatch_log_access	resource
aws_iam_role_policy_attachment.sftp_lambda_role	resource
aws_lambda_function.sftp	resource
aws_lambda_permission.apigw_lambda	resource
aws_transfer_server.sftp_transfer_server	resource

Inputs

Name	Description	Type	Default	Required
apigw_caching_enable	Bool to enable the cache in the APIGW	bool	false	no
custom_log_group	Bool to determine if a customer cloudwatch log group is used	bool	false	no
custom_log_group_name	String to use as a custom log group name	string	""	no
input_tags	Map of tags to apply to resources	map(string)	{}	no
name_prefix	String to use as prefix on object names	string	n/a	yes
name_suffix	String to append to object names. This is optional, so start with dash if using	string	""	no
python_runtime	Python version used for lambda function	string	"python3.7"	no
region	AWS Region	string	n/a	yes
secrets_prefix	Prefix used to create AWS Secrets	string	"SFTP"	no
server_loggroup_arns	List of LogGroup arns for Transfer Server	list(any)	[]	no
xray_enabled	Bool to determine if Xray tracing is enabled	bool	false	no

Outputs

Name	Description
invoke_url	URL used for REST API invovation
lambda_role	The name of role the Lambda used to access secrets. Used to add additional permissions as needed.
rest_api_http_method	REST API calling method
rest_api_id	ID of the REST API
rest_api_stage_name	Name used for the stage of API
transfer_server_id	The Server ID of the Transfer Server (e.g., s-12345678)

---

Note: Manual changes to the README will be overwritten when the documentation is updated. To update the documentation, run terraform-docs -c .config/.terraform-docs.yml .