Skip to content

Resource: awsTransferSshKey

Provides a AWS Transfer User SSH Key resource.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsTransferServerExample = new aws.transferServer.TransferServer(
  this,
  "example",
  {
    identityProviderType: "SERVICE_MANAGED",
    tags: {
      NAME: "tf-acc-test-transfer-server",
    },
  }
);
const dataAwsIamPolicyDocumentAssumeRole =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
    this,
    "assume_role",
    {
      statement: [
        {
          actions: ["sts:AssumeRole"],
          effect: "Allow",
          principals: [
            {
              identifiers: ["transfer.amazonaws.com"],
              type: "Service",
            },
          ],
        },
      ],
    }
  );
const dataAwsIamPolicyDocumentExample =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example_2", {
    statement: [
      {
        actions: ["s3:*"],
        effect: "Allow",
        resources: ["*"],
        sid: "AllowFullAccesstoS3",
      },
    ],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentExample.overrideLogicalId("example");
const awsIamRoleExample = new aws.iamRole.IamRole(this, "example_3", {
  assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
  name: "tf-test-transfer-user-iam-role",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRoleExample.overrideLogicalId("example");
const awsIamRolePolicyExample = new aws.iamRolePolicy.IamRolePolicy(
  this,
  "example_4",
  {
    name: "tf-test-transfer-user-iam-policy",
    policy: dataAwsIamPolicyDocumentExample.json,
    role: awsIamRoleExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRolePolicyExample.overrideLogicalId("example");
const awsTransferUserExample = new aws.transferUser.TransferUser(
  this,
  "example_5",
  {
    role: awsIamRoleExample.arn,
    serverId: awsTransferServerExample.id,
    tags: {
      NAME: "tftestuser",
    },
    userName: "tftestuser",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsTransferUserExample.overrideLogicalId("example");
const awsTransferSshKeyExample = new aws.transferSshKey.TransferSshKey(
  this,
  "example_6",
  {
    body: "... SSH key ...",
    serverId: awsTransferServerExample.id,
    userName: awsTransferUserExample.userName,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsTransferSshKeyExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • serverId - (Requirement) The Server ID of the Transfer Server (e.g., s12345678)
  • userName - (Requirement) The name of the user account that is assigned to one or more servers.
  • body - (Requirement) The public key portion of an SSH key pair.

Attributes Reference

No additional attributes are exported.

Import

Transfer SSH Public Key can be imported using the serverId and userName and sshPublicKeyId separated by /.

$ terraform import aws_transfer_ssh_key.bar s-12345678/test-username/key-12345