github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/transfer/server.go

// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***

package transfer

import (
	"context"
	"reflect"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// Provides a AWS Transfer Server resource.
//
// > **NOTE on AWS IAM permissions:** If the `endpointType` is set to `VPC`, the `ec2:DescribeVpcEndpoints` and `ec2:ModifyVpcEndpoint` [actions](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions) are used.
//
// > **NOTE:** Use the `transfer.Tag` resource to manage the system tags used for [custom hostnames](https://docs.aws.amazon.com/transfer/latest/userguide/requirements-dns.html#tag-custom-hostname-cdk).
//
// ## Example Usage
//
// ### Basic
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
//				Tags: pulumi.StringMap{
//					"Name": pulumi.String("Example"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Security Policy Name
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
//				SecurityPolicyName: pulumi.String("TransferSecurityPolicy-2020-06"),
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### VPC Endpoint
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
//				EndpointType: pulumi.String("VPC"),
//				EndpointDetails: &transfer.ServerEndpointDetailsArgs{
//					AddressAllocationIds: pulumi.StringArray{
//						exampleAwsEip.Id,
//					},
//					SubnetIds: pulumi.StringArray{
//						exampleAwsSubnet.Id,
//					},
//					VpcId: pulumi.Any(exampleAwsVpc.Id),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### AWS Directory authentication
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
//				IdentityProviderType: pulumi.String("AWS_DIRECTORY_SERVICE"),
//				DirectoryId:          pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### AWS Lambda authentication
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
//				IdentityProviderType: pulumi.String("AWS_LAMBDA"),
//				Function:             pulumi.Any(exampleAwsLambdaIdentityProvider.Arn),
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Protocols
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"fmt"
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
//				EndpointType: pulumi.String("VPC"),
//				EndpointDetails: &transfer.ServerEndpointDetailsArgs{
//					SubnetIds: pulumi.StringArray{
//						exampleAwsSubnet.Id,
//					},
//					VpcId: pulumi.Any(exampleAwsVpc.Id),
//				},
//				Protocols: pulumi.StringArray{
//					pulumi.String("FTP"),
//					pulumi.String("FTPS"),
//				},
//				Certificate:          pulumi.Any(exampleAwsAcmCertificate.Arn),
//				IdentityProviderType: pulumi.String("API_GATEWAY"),
//				Url:                  pulumi.String(fmt.Sprintf("%v%v", exampleAwsApiGatewayDeployment.InvokeUrl, exampleAwsApiGatewayResource.Path)),
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Using Structured Logging Destinations
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"fmt"
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			transfer, err := cloudwatch.NewLogGroup(ctx, "transfer", &cloudwatch.LogGroupArgs{
//				NamePrefix: pulumi.String("transfer_test_"),
//			})
//			if err != nil {
//				return err
//			}
//			transferAssumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
//				Statements: []iam.GetPolicyDocumentStatement{
//					{
//						Effect: pulumi.StringRef("Allow"),
//						Principals: []iam.GetPolicyDocumentStatementPrincipal{
//							{
//								Type: "Service",
//								Identifiers: []string{
//									"transfer.amazonaws.com",
//								},
//							},
//						},
//						Actions: []string{
//							"sts:AssumeRole",
//						},
//					},
//				},
//			}, nil)
//			if err != nil {
//				return err
//			}
//			iamForTransfer, err := iam.NewRole(ctx, "iam_for_transfer", &iam.RoleArgs{
//				NamePrefix:       pulumi.String("iam_for_transfer_"),
//				AssumeRolePolicy: pulumi.String(transferAssumeRole.Json),
//				ManagedPolicyArns: pulumi.StringArray{
//					pulumi.String("arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = transfer.NewServer(ctx, "transfer", &transfer.ServerArgs{
//				EndpointType: pulumi.String("PUBLIC"),
//				LoggingRole:  iamForTransfer.Arn,
//				Protocols: pulumi.StringArray{
//					pulumi.String("SFTP"),
//				},
//				StructuredLogDestinations: pulumi.StringArray{
//					transfer.Arn.ApplyT(func(arn string) (string, error) {
//						return fmt.Sprintf("%v:*", arn), nil
//					}).(pulumi.StringOutput),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ## Import
//
// Using `pulumi import`, import Transfer Servers using the server `id`. For example:
//
// ```sh
// $ pulumi import aws:transfer/server:Server example s-12345678
// ```
// Certain resource arguments, such as `host_key`, cannot be read via the API and imported into the provider. This provider will display a difference for these arguments the first run after import if declared in the provider configuration for an imported resource.
type Server struct {
	pulumi.CustomResourceState

	// Amazon Resource Name (ARN) of Transfer Server
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when `protocols` is set to `FTPS`
	Certificate pulumi.StringPtrOutput `pulumi:"certificate"`
	// The directory service ID of the directory service you want to connect to with an `identityProviderType` of `AWS_DIRECTORY_SERVICE`.
	DirectoryId pulumi.StringPtrOutput `pulumi:"directoryId"`
	// The domain of the storage system that is used for file transfers. Valid values are: `S3` and `EFS`. The default value is `S3`.
	Domain pulumi.StringPtrOutput `pulumi:"domain"`
	// The endpoint of the Transfer Server (e.g., `s-12345678.server.transfer.REGION.amazonaws.com`)
	Endpoint pulumi.StringOutput `pulumi:"endpoint"`
	// The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See `endpointDetails` block below for details.
	EndpointDetails ServerEndpointDetailsPtrOutput `pulumi:"endpointDetails"`
	// The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC` (or `VPC_ENDPOINT`), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`.  Defaults to `PUBLIC`.
	EndpointType pulumi.StringPtrOutput `pulumi:"endpointType"`
	// A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identityProviderType`.
	ForceDestroy pulumi.BoolPtrOutput `pulumi:"forceDestroy"`
	// The ARN for a lambda function to use for the Identity provider.
	Function pulumi.StringPtrOutput `pulumi:"function"`
	// RSA, ECDSA, or ED25519 private key (e.g., as generated by the `ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key`, `ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key` or `ssh-keygen -t ed25519 -N "" -f my-new-server-key` commands).
	HostKey pulumi.StringPtrOutput `pulumi:"hostKey"`
	// This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the `ssh-keygen -l -E md5 -f my-new-server-key` command.
	HostKeyFingerprint pulumi.StringOutput `pulumi:"hostKeyFingerprint"`
	// The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using `AWS_DIRECTORY_SERVICE` will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the `AWS_LAMBDA` value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the `function` argument.
	IdentityProviderType pulumi.StringPtrOutput `pulumi:"identityProviderType"`
	// Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identityProviderType` of `API_GATEWAY`.
	InvocationRole pulumi.StringPtrOutput `pulumi:"invocationRole"`
	// Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
	LoggingRole pulumi.StringPtrOutput `pulumi:"loggingRole"`
	// Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
	PostAuthenticationLoginBanner pulumi.StringPtrOutput `pulumi:"postAuthenticationLoginBanner"`
	// Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
	PreAuthenticationLoginBanner pulumi.StringPtrOutput `pulumi:"preAuthenticationLoginBanner"`
	// The protocol settings that are configured for your server. See `protocolDetails` block below for details.
	ProtocolDetails ServerProtocolDetailsOutput `pulumi:"protocolDetails"`
	// Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to `SFTP` . The available protocols are:
	Protocols pulumi.StringArrayOutput `pulumi:"protocols"`
	// Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See `s3StorageOptions` block below for details.
	S3StorageOptions ServerS3StorageOptionsOutput `pulumi:"s3StorageOptions"`
	// Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
	// * `TransferSecurityPolicy-2024-01`
	// * `TransferSecurityPolicy-2023-05`
	// * `TransferSecurityPolicy-2022-03`
	// * `TransferSecurityPolicy-2020-06`
	// * `TransferSecurityPolicy-2018-11`
	// * `TransferSecurityPolicy-FIPS-2024-01`
	// * `TransferSecurityPolicy-FIPS-2023-05`
	// * `TransferSecurityPolicy-FIPS-2020-06`
	// * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
	// * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
	SecurityPolicyName pulumi.StringPtrOutput `pulumi:"securityPolicyName"`
	// A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
	StructuredLogDestinations pulumi.StringArrayOutput `pulumi:"structuredLogDestinations"`
	// A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
	// URL of the service endpoint used to authenticate users with an `identityProviderType` of `API_GATEWAY`.
	Url pulumi.StringPtrOutput `pulumi:"url"`
	// Specifies the workflow details. See `workflowDetails` block below for details.
	WorkflowDetails ServerWorkflowDetailsPtrOutput `pulumi:"workflowDetails"`
}

// NewServer registers a new resource with the given unique name, arguments, and options.
func NewServer(ctx *pulumi.Context,
	name string, args *ServerArgs, opts ...pulumi.ResourceOption) (*Server, error) {
	if args == nil {
		args = &ServerArgs{}
	}

	if args.HostKey != nil {
		args.HostKey = pulumi.ToSecret(args.HostKey).(pulumi.StringPtrInput)
	}
	if args.PostAuthenticationLoginBanner != nil {
		args.PostAuthenticationLoginBanner = pulumi.ToSecret(args.PostAuthenticationLoginBanner).(pulumi.StringPtrInput)
	}
	if args.PreAuthenticationLoginBanner != nil {
		args.PreAuthenticationLoginBanner = pulumi.ToSecret(args.PreAuthenticationLoginBanner).(pulumi.StringPtrInput)
	}
	secrets := pulumi.AdditionalSecretOutputs([]string{
		"hostKey",
		"postAuthenticationLoginBanner",
		"preAuthenticationLoginBanner",
	})
	opts = append(opts, secrets)
	opts = internal.PkgResourceDefaultOpts(opts)
	var resource Server
	err := ctx.RegisterResource("aws:transfer/server:Server", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetServer gets an existing Server resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetServer(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServerState, opts ...pulumi.ResourceOption) (*Server, error) {
	var resource Server
	err := ctx.ReadResource("aws:transfer/server:Server", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering Server resources.
type serverState struct {
	// Amazon Resource Name (ARN) of Transfer Server
	Arn *string `pulumi:"arn"`
	// The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when `protocols` is set to `FTPS`
	Certificate *string `pulumi:"certificate"`
	// The directory service ID of the directory service you want to connect to with an `identityProviderType` of `AWS_DIRECTORY_SERVICE`.
	DirectoryId *string `pulumi:"directoryId"`
	// The domain of the storage system that is used for file transfers. Valid values are: `S3` and `EFS`. The default value is `S3`.
	Domain *string `pulumi:"domain"`
	// The endpoint of the Transfer Server (e.g., `s-12345678.server.transfer.REGION.amazonaws.com`)
	Endpoint *string `pulumi:"endpoint"`
	// The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See `endpointDetails` block below for details.
	EndpointDetails *ServerEndpointDetails `pulumi:"endpointDetails"`
	// The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC` (or `VPC_ENDPOINT`), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`.  Defaults to `PUBLIC`.
	EndpointType *string `pulumi:"endpointType"`
	// A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identityProviderType`.
	ForceDestroy *bool `pulumi:"forceDestroy"`
	// The ARN for a lambda function to use for the Identity provider.
	Function *string `pulumi:"function"`
	// RSA, ECDSA, or ED25519 private key (e.g., as generated by the `ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key`, `ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key` or `ssh-keygen -t ed25519 -N "" -f my-new-server-key` commands).
	HostKey *string `pulumi:"hostKey"`
	// This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the `ssh-keygen -l -E md5 -f my-new-server-key` command.
	HostKeyFingerprint *string `pulumi:"hostKeyFingerprint"`
	// The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using `AWS_DIRECTORY_SERVICE` will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the `AWS_LAMBDA` value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the `function` argument.
	IdentityProviderType *string `pulumi:"identityProviderType"`
	// Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identityProviderType` of `API_GATEWAY`.
	InvocationRole *string `pulumi:"invocationRole"`
	// Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
	LoggingRole *string `pulumi:"loggingRole"`
	// Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
	PostAuthenticationLoginBanner *string `pulumi:"postAuthenticationLoginBanner"`
	// Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
	PreAuthenticationLoginBanner *string `pulumi:"preAuthenticationLoginBanner"`
	// The protocol settings that are configured for your server. See `protocolDetails` block below for details.
	ProtocolDetails *ServerProtocolDetails `pulumi:"protocolDetails"`
	// Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to `SFTP` . The available protocols are:
	Protocols []string `pulumi:"protocols"`
	// Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See `s3StorageOptions` block below for details.
	S3StorageOptions *ServerS3StorageOptions `pulumi:"s3StorageOptions"`
	// Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
	// * `TransferSecurityPolicy-2024-01`
	// * `TransferSecurityPolicy-2023-05`
	// * `TransferSecurityPolicy-2022-03`
	// * `TransferSecurityPolicy-2020-06`
	// * `TransferSecurityPolicy-2018-11`
	// * `TransferSecurityPolicy-FIPS-2024-01`
	// * `TransferSecurityPolicy-FIPS-2023-05`
	// * `TransferSecurityPolicy-FIPS-2020-06`
	// * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
	// * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
	SecurityPolicyName *string `pulumi:"securityPolicyName"`
	// A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
	StructuredLogDestinations []string `pulumi:"structuredLogDestinations"`
	// A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags map[string]string `pulumi:"tags"`
	// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll map[string]string `pulumi:"tagsAll"`
	// URL of the service endpoint used to authenticate users with an `identityProviderType` of `API_GATEWAY`.
	Url *string `pulumi:"url"`
	// Specifies the workflow details. See `workflowDetails` block below for details.
	WorkflowDetails *ServerWorkflowDetails `pulumi:"workflowDetails"`
}

type ServerState struct {
	// Amazon Resource Name (ARN) of Transfer Server
	Arn pulumi.StringPtrInput
	// The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when `protocols` is set to `FTPS`
	Certificate pulumi.StringPtrInput
	// The directory service ID of the directory service you want to connect to with an `identityProviderType` of `AWS_DIRECTORY_SERVICE`.
	DirectoryId pulumi.StringPtrInput
	// The domain of the storage system that is used for file transfers. Valid values are: `S3` and `EFS`. The default value is `S3`.
	Domain pulumi.StringPtrInput
	// The endpoint of the Transfer Server (e.g., `s-12345678.server.transfer.REGION.amazonaws.com`)
	Endpoint pulumi.StringPtrInput
	// The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See `endpointDetails` block below for details.
	EndpointDetails ServerEndpointDetailsPtrInput
	// The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC` (or `VPC_ENDPOINT`), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`.  Defaults to `PUBLIC`.
	EndpointType pulumi.StringPtrInput
	// A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identityProviderType`.
	ForceDestroy pulumi.BoolPtrInput
	// The ARN for a lambda function to use for the Identity provider.
	Function pulumi.StringPtrInput
	// RSA, ECDSA, or ED25519 private key (e.g., as generated by the `ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key`, `ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key` or `ssh-keygen -t ed25519 -N "" -f my-new-server-key` commands).
	HostKey pulumi.StringPtrInput
	// This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the `ssh-keygen -l -E md5 -f my-new-server-key` command.
	HostKeyFingerprint pulumi.StringPtrInput
	// The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using `AWS_DIRECTORY_SERVICE` will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the `AWS_LAMBDA` value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the `function` argument.
	IdentityProviderType pulumi.StringPtrInput
	// Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identityProviderType` of `API_GATEWAY`.
	InvocationRole pulumi.StringPtrInput
	// Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
	LoggingRole pulumi.StringPtrInput
	// Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
	PostAuthenticationLoginBanner pulumi.StringPtrInput
	// Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
	PreAuthenticationLoginBanner pulumi.StringPtrInput
	// The protocol settings that are configured for your server. See `protocolDetails` block below for details.
	ProtocolDetails ServerProtocolDetailsPtrInput
	// Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to `SFTP` . The available protocols are:
	Protocols pulumi.StringArrayInput
	// Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See `s3StorageOptions` block below for details.
	S3StorageOptions ServerS3StorageOptionsPtrInput
	// Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
	// * `TransferSecurityPolicy-2024-01`
	// * `TransferSecurityPolicy-2023-05`
	// * `TransferSecurityPolicy-2022-03`
	// * `TransferSecurityPolicy-2020-06`
	// * `TransferSecurityPolicy-2018-11`
	// * `TransferSecurityPolicy-FIPS-2024-01`
	// * `TransferSecurityPolicy-FIPS-2023-05`
	// * `TransferSecurityPolicy-FIPS-2020-06`
	// * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
	// * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
	SecurityPolicyName pulumi.StringPtrInput
	// A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
	StructuredLogDestinations pulumi.StringArrayInput
	// A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapInput
	// URL of the service endpoint used to authenticate users with an `identityProviderType` of `API_GATEWAY`.
	Url pulumi.StringPtrInput
	// Specifies the workflow details. See `workflowDetails` block below for details.
	WorkflowDetails ServerWorkflowDetailsPtrInput
}

func (ServerState) ElementType() reflect.Type {
	return reflect.TypeOf((*serverState)(nil)).Elem()
}

type serverArgs struct {
	// The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when `protocols` is set to `FTPS`
	Certificate *string `pulumi:"certificate"`
	// The directory service ID of the directory service you want to connect to with an `identityProviderType` of `AWS_DIRECTORY_SERVICE`.
	DirectoryId *string `pulumi:"directoryId"`
	// The domain of the storage system that is used for file transfers. Valid values are: `S3` and `EFS`. The default value is `S3`.
	Domain *string `pulumi:"domain"`
	// The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See `endpointDetails` block below for details.
	EndpointDetails *ServerEndpointDetails `pulumi:"endpointDetails"`
	// The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC` (or `VPC_ENDPOINT`), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`.  Defaults to `PUBLIC`.
	EndpointType *string `pulumi:"endpointType"`
	// A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identityProviderType`.
	ForceDestroy *bool `pulumi:"forceDestroy"`
	// The ARN for a lambda function to use for the Identity provider.
	Function *string `pulumi:"function"`
	// RSA, ECDSA, or ED25519 private key (e.g., as generated by the `ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key`, `ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key` or `ssh-keygen -t ed25519 -N "" -f my-new-server-key` commands).
	HostKey *string `pulumi:"hostKey"`
	// The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using `AWS_DIRECTORY_SERVICE` will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the `AWS_LAMBDA` value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the `function` argument.
	IdentityProviderType *string `pulumi:"identityProviderType"`
	// Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identityProviderType` of `API_GATEWAY`.
	InvocationRole *string `pulumi:"invocationRole"`
	// Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
	LoggingRole *string `pulumi:"loggingRole"`
	// Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
	PostAuthenticationLoginBanner *string `pulumi:"postAuthenticationLoginBanner"`
	// Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
	PreAuthenticationLoginBanner *string `pulumi:"preAuthenticationLoginBanner"`
	// The protocol settings that are configured for your server. See `protocolDetails` block below for details.
	ProtocolDetails *ServerProtocolDetails `pulumi:"protocolDetails"`
	// Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to `SFTP` . The available protocols are:
	Protocols []string `pulumi:"protocols"`
	// Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See `s3StorageOptions` block below for details.
	S3StorageOptions *ServerS3StorageOptions `pulumi:"s3StorageOptions"`
	// Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
	// * `TransferSecurityPolicy-2024-01`
	// * `TransferSecurityPolicy-2023-05`
	// * `TransferSecurityPolicy-2022-03`
	// * `TransferSecurityPolicy-2020-06`
	// * `TransferSecurityPolicy-2018-11`
	// * `TransferSecurityPolicy-FIPS-2024-01`
	// * `TransferSecurityPolicy-FIPS-2023-05`
	// * `TransferSecurityPolicy-FIPS-2020-06`
	// * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
	// * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
	SecurityPolicyName *string `pulumi:"securityPolicyName"`
	// A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
	StructuredLogDestinations []string `pulumi:"structuredLogDestinations"`
	// A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags map[string]string `pulumi:"tags"`
	// URL of the service endpoint used to authenticate users with an `identityProviderType` of `API_GATEWAY`.
	Url *string `pulumi:"url"`
	// Specifies the workflow details. See `workflowDetails` block below for details.
	WorkflowDetails *ServerWorkflowDetails `pulumi:"workflowDetails"`
}

// The set of arguments for constructing a Server resource.
type ServerArgs struct {
	// The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when `protocols` is set to `FTPS`
	Certificate pulumi.StringPtrInput
	// The directory service ID of the directory service you want to connect to with an `identityProviderType` of `AWS_DIRECTORY_SERVICE`.
	DirectoryId pulumi.StringPtrInput
	// The domain of the storage system that is used for file transfers. Valid values are: `S3` and `EFS`. The default value is `S3`.
	Domain pulumi.StringPtrInput
	// The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See `endpointDetails` block below for details.
	EndpointDetails ServerEndpointDetailsPtrInput
	// The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC` (or `VPC_ENDPOINT`), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`.  Defaults to `PUBLIC`.
	EndpointType pulumi.StringPtrInput
	// A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identityProviderType`.
	ForceDestroy pulumi.BoolPtrInput
	// The ARN for a lambda function to use for the Identity provider.
	Function pulumi.StringPtrInput
	// RSA, ECDSA, or ED25519 private key (e.g., as generated by the `ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key`, `ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key` or `ssh-keygen -t ed25519 -N "" -f my-new-server-key` commands).
	HostKey pulumi.StringPtrInput
	// The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using `AWS_DIRECTORY_SERVICE` will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the `AWS_LAMBDA` value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the `function` argument.
	IdentityProviderType pulumi.StringPtrInput
	// Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identityProviderType` of `API_GATEWAY`.
	InvocationRole pulumi.StringPtrInput
	// Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
	LoggingRole pulumi.StringPtrInput
	// Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
	PostAuthenticationLoginBanner pulumi.StringPtrInput
	// Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
	PreAuthenticationLoginBanner pulumi.StringPtrInput
	// The protocol settings that are configured for your server. See `protocolDetails` block below for details.
	ProtocolDetails ServerProtocolDetailsPtrInput
	// Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to `SFTP` . The available protocols are:
	Protocols pulumi.StringArrayInput
	// Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See `s3StorageOptions` block below for details.
	S3StorageOptions ServerS3StorageOptionsPtrInput
	// Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
	// * `TransferSecurityPolicy-2024-01`
	// * `TransferSecurityPolicy-2023-05`
	// * `TransferSecurityPolicy-2022-03`
	// * `TransferSecurityPolicy-2020-06`
	// * `TransferSecurityPolicy-2018-11`
	// * `TransferSecurityPolicy-FIPS-2024-01`
	// * `TransferSecurityPolicy-FIPS-2023-05`
	// * `TransferSecurityPolicy-FIPS-2020-06`
	// * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
	// * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
	SecurityPolicyName pulumi.StringPtrInput
	// A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
	StructuredLogDestinations pulumi.StringArrayInput
	// A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// URL of the service endpoint used to authenticate users with an `identityProviderType` of `API_GATEWAY`.
	Url pulumi.StringPtrInput
	// Specifies the workflow details. See `workflowDetails` block below for details.
	WorkflowDetails ServerWorkflowDetailsPtrInput
}

func (ServerArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*serverArgs)(nil)).Elem()
}

type ServerInput interface {
	pulumi.Input

	ToServerOutput() ServerOutput
	ToServerOutputWithContext(ctx context.Context) ServerOutput
}

func (*Server) ElementType() reflect.Type {
	return reflect.TypeOf((**Server)(nil)).Elem()
}

func (i *Server) ToServerOutput() ServerOutput {
	return i.ToServerOutputWithContext(context.Background())
}

func (i *Server) ToServerOutputWithContext(ctx context.Context) ServerOutput {
	return pulumi.ToOutputWithContext(ctx, i).(ServerOutput)
}

// ServerArrayInput is an input type that accepts ServerArray and ServerArrayOutput values.
// You can construct a concrete instance of `ServerArrayInput` via:
//
//	ServerArray{ ServerArgs{...} }
type ServerArrayInput interface {
	pulumi.Input

	ToServerArrayOutput() ServerArrayOutput
	ToServerArrayOutputWithContext(context.Context) ServerArrayOutput
}

type ServerArray []ServerInput

func (ServerArray) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*Server)(nil)).Elem()
}

func (i ServerArray) ToServerArrayOutput() ServerArrayOutput {
	return i.ToServerArrayOutputWithContext(context.Background())
}

func (i ServerArray) ToServerArrayOutputWithContext(ctx context.Context) ServerArrayOutput {
	return pulumi.ToOutputWithContext(ctx, i).(ServerArrayOutput)
}

// ServerMapInput is an input type that accepts ServerMap and ServerMapOutput values.
// You can construct a concrete instance of `ServerMapInput` via:
//
//	ServerMap{ "key": ServerArgs{...} }
type ServerMapInput interface {
	pulumi.Input

	ToServerMapOutput() ServerMapOutput
	ToServerMapOutputWithContext(context.Context) ServerMapOutput
}

type ServerMap map[string]ServerInput

func (ServerMap) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*Server)(nil)).Elem()
}

func (i ServerMap) ToServerMapOutput() ServerMapOutput {
	return i.ToServerMapOutputWithContext(context.Background())
}

func (i ServerMap) ToServerMapOutputWithContext(ctx context.Context) ServerMapOutput {
	return pulumi.ToOutputWithContext(ctx, i).(ServerMapOutput)
}

type ServerOutput struct{ *pulumi.OutputState }

func (ServerOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**Server)(nil)).Elem()
}

func (o ServerOutput) ToServerOutput() ServerOutput {
	return o
}

func (o ServerOutput) ToServerOutputWithContext(ctx context.Context) ServerOutput {
	return o
}

// Amazon Resource Name (ARN) of Transfer Server
func (o ServerOutput) Arn() pulumi.StringOutput {
	return o.ApplyT(func(v *Server) pulumi.StringOutput { return v.Arn }).(pulumi.StringOutput)
}

// The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when `protocols` is set to `FTPS`
func (o ServerOutput) Certificate() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.Certificate }).(pulumi.StringPtrOutput)
}

// The directory service ID of the directory service you want to connect to with an `identityProviderType` of `AWS_DIRECTORY_SERVICE`.
func (o ServerOutput) DirectoryId() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.DirectoryId }).(pulumi.StringPtrOutput)
}

// The domain of the storage system that is used for file transfers. Valid values are: `S3` and `EFS`. The default value is `S3`.
func (o ServerOutput) Domain() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.Domain }).(pulumi.StringPtrOutput)
}

// The endpoint of the Transfer Server (e.g., `s-12345678.server.transfer.REGION.amazonaws.com`)
func (o ServerOutput) Endpoint() pulumi.StringOutput {
	return o.ApplyT(func(v *Server) pulumi.StringOutput { return v.Endpoint }).(pulumi.StringOutput)
}

// The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. See `endpointDetails` block below for details.
func (o ServerOutput) EndpointDetails() ServerEndpointDetailsPtrOutput {
	return o.ApplyT(func(v *Server) ServerEndpointDetailsPtrOutput { return v.EndpointDetails }).(ServerEndpointDetailsPtrOutput)
}

// The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC` (or `VPC_ENDPOINT`), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`.  Defaults to `PUBLIC`.
func (o ServerOutput) EndpointType() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.EndpointType }).(pulumi.StringPtrOutput)
}

// A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identityProviderType`.
func (o ServerOutput) ForceDestroy() pulumi.BoolPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.BoolPtrOutput { return v.ForceDestroy }).(pulumi.BoolPtrOutput)
}

// The ARN for a lambda function to use for the Identity provider.
func (o ServerOutput) Function() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.Function }).(pulumi.StringPtrOutput)
}

// RSA, ECDSA, or ED25519 private key (e.g., as generated by the `ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key`, `ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key` or `ssh-keygen -t ed25519 -N "" -f my-new-server-key` commands).
func (o ServerOutput) HostKey() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.HostKey }).(pulumi.StringPtrOutput)
}

// This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the `ssh-keygen -l -E md5 -f my-new-server-key` command.
func (o ServerOutput) HostKeyFingerprint() pulumi.StringOutput {
	return o.ApplyT(func(v *Server) pulumi.StringOutput { return v.HostKeyFingerprint }).(pulumi.StringOutput)
}

// The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. Using `AWS_DIRECTORY_SERVICE` will allow for authentication against AWS Managed Active Directory or Microsoft Active Directory in your on-premises environment, or in AWS using AD Connectors. Use the `AWS_LAMBDA` value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the `function` argument.
func (o ServerOutput) IdentityProviderType() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.IdentityProviderType }).(pulumi.StringPtrOutput)
}

// Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identityProviderType` of `API_GATEWAY`.
func (o ServerOutput) InvocationRole() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.InvocationRole }).(pulumi.StringPtrOutput)
}

// Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.
func (o ServerOutput) LoggingRole() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.LoggingRole }).(pulumi.StringPtrOutput)
}

// Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
func (o ServerOutput) PostAuthenticationLoginBanner() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.PostAuthenticationLoginBanner }).(pulumi.StringPtrOutput)
}

// Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
func (o ServerOutput) PreAuthenticationLoginBanner() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.PreAuthenticationLoginBanner }).(pulumi.StringPtrOutput)
}

// The protocol settings that are configured for your server. See `protocolDetails` block below for details.
func (o ServerOutput) ProtocolDetails() ServerProtocolDetailsOutput {
	return o.ApplyT(func(v *Server) ServerProtocolDetailsOutput { return v.ProtocolDetails }).(ServerProtocolDetailsOutput)
}

// Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to `SFTP` . The available protocols are:
func (o ServerOutput) Protocols() pulumi.StringArrayOutput {
	return o.ApplyT(func(v *Server) pulumi.StringArrayOutput { return v.Protocols }).(pulumi.StringArrayOutput)
}

// Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. See `s3StorageOptions` block below for details.
func (o ServerOutput) S3StorageOptions() ServerS3StorageOptionsOutput {
	return o.ApplyT(func(v *Server) ServerS3StorageOptionsOutput { return v.S3StorageOptions }).(ServerS3StorageOptionsOutput)
}

// Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
// * `TransferSecurityPolicy-2024-01`
// * `TransferSecurityPolicy-2023-05`
// * `TransferSecurityPolicy-2022-03`
// * `TransferSecurityPolicy-2020-06`
// * `TransferSecurityPolicy-2018-11`
// * `TransferSecurityPolicy-FIPS-2024-01`
// * `TransferSecurityPolicy-FIPS-2023-05`
// * `TransferSecurityPolicy-FIPS-2020-06`
// * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
// * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
func (o ServerOutput) SecurityPolicyName() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.SecurityPolicyName }).(pulumi.StringPtrOutput)
}

// A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
func (o ServerOutput) StructuredLogDestinations() pulumi.StringArrayOutput {
	return o.ApplyT(func(v *Server) pulumi.StringArrayOutput { return v.StructuredLogDestinations }).(pulumi.StringArrayOutput)
}

// A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
func (o ServerOutput) Tags() pulumi.StringMapOutput {
	return o.ApplyT(func(v *Server) pulumi.StringMapOutput { return v.Tags }).(pulumi.StringMapOutput)
}

// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
//
// Deprecated: Please use `tags` instead.
func (o ServerOutput) TagsAll() pulumi.StringMapOutput {
	return o.ApplyT(func(v *Server) pulumi.StringMapOutput { return v.TagsAll }).(pulumi.StringMapOutput)
}

// URL of the service endpoint used to authenticate users with an `identityProviderType` of `API_GATEWAY`.
func (o ServerOutput) Url() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Server) pulumi.StringPtrOutput { return v.Url }).(pulumi.StringPtrOutput)
}

// Specifies the workflow details. See `workflowDetails` block below for details.
func (o ServerOutput) WorkflowDetails() ServerWorkflowDetailsPtrOutput {
	return o.ApplyT(func(v *Server) ServerWorkflowDetailsPtrOutput { return v.WorkflowDetails }).(ServerWorkflowDetailsPtrOutput)
}

type ServerArrayOutput struct{ *pulumi.OutputState }

func (ServerArrayOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*Server)(nil)).Elem()
}

func (o ServerArrayOutput) ToServerArrayOutput() ServerArrayOutput {
	return o
}

func (o ServerArrayOutput) ToServerArrayOutputWithContext(ctx context.Context) ServerArrayOutput {
	return o
}

func (o ServerArrayOutput) Index(i pulumi.IntInput) ServerOutput {
	return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Server {
		return vs[0].([]*Server)[vs[1].(int)]
	}).(ServerOutput)
}

type ServerMapOutput struct{ *pulumi.OutputState }

func (ServerMapOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*Server)(nil)).Elem()
}

func (o ServerMapOutput) ToServerMapOutput() ServerMapOutput {
	return o
}

func (o ServerMapOutput) ToServerMapOutputWithContext(ctx context.Context) ServerMapOutput {
	return o
}

func (o ServerMapOutput) MapIndex(k pulumi.StringInput) ServerOutput {
	return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Server {
		return vs[0].(map[string]*Server)[vs[1].(string)]
	}).(ServerOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*ServerInput)(nil)).Elem(), &Server{})
	pulumi.RegisterInputType(reflect.TypeOf((*ServerArrayInput)(nil)).Elem(), ServerArray{})
	pulumi.RegisterInputType(reflect.TypeOf((*ServerMapInput)(nil)).Elem(), ServerMap{})
	pulumi.RegisterOutputType(ServerOutput{})
	pulumi.RegisterOutputType(ServerArrayOutput{})
	pulumi.RegisterOutputType(ServerMapOutput{})
}