AWS::Transfer::Server - HostKey

derekmurawsky commented 4 years ago

AWS::Transfer::Server-HostKey

2. Scope of request

Currently cloudformation supports creating a transfer server, but it does not allow a host key to be provided. It should support specifying a host key much like AWS::Transfer::User supports SshPublicKey.

3. Expected behavior

{
  "Type" : "AWS::Transfer::Server",
  "Properties" : {
      "Certificate" : String,
      "EndpointDetails" : EndpointDetails,
      "EndpointType" : String,
      "HostKey": String,
      "IdentityProviderDetails" : IdentityProviderDetails,
      "IdentityProviderType" : String,
      "LoggingRole" : String,
      "Protocols" : [ Protocol, ... ],
      "Tags" : [ Tag, ... ]
    }
}

Feel free to describe other desired and relevant implementation details.

Suggested Specific Test Cases

Common use case: pass HostKey parameter as a string, or as a !Ref
Note this is a sensitive piece of information and will likely be stored in parameter store or secrets manager
This can be changed, but will impact significant users. Perhaps a warning, as exists in the UI, would be advisable?

5. Helpful Links to speed up research and evaluation

AWS API Spec that supports the host key
Current cloudformation documentation for transfer server

Category: Migration & Transfer

myahl-uncomn commented 1 year ago

Any update on this? This has been "Coming Soon" for almost two years.

daleking commented 1 year ago

We are also waiting on this more so that it can flow through to CDK. Requirement is to be able to specify existing host keys when setting up a new service to maintain continuity or at a minimum being able to autogenerate host keys other than type RSA on service creation.

ilons commented 10 months ago

This was an unexpected issue to hit! Since (creating / importing and) specifying an existing host key for a new server would be required for migrating to AWS Transfer server, either from another solution or a different AWS Transfer sever is vital not to impact existing users, I would expect this to be in place.

This can today be done using the UI, and I would expect the same functionality through CloudFormation for it to be usable.

aws-cloudformation / cloudformation-coverage-roadmap