steampipe plugin install awssteampipe plugin install aws

Table: aws_transfer_server - Query AWS Transfer for SFTP Servers using SQL

The AWS Transfer for SFTP service provides a secure way to transfer files into and out of AWS S3 buckets using the Secure Shell (SSH) File Transfer Protocol (SFTP). It integrates with existing authentication systems, and provides DNS routing with Amazon Route 53. This simplifies the migration of file transfer workflows to AWS, while protecting business processes and data.

Table Usage Guide

The aws_transfer_server table in Steampipe provides you with information about SFTP servers within AWS Transfer for SFTP. This table allows you, as a DevOps engineer, to query server-specific details, including server configurations, endpoint details, and associated metadata. You can utilize this table to gather insights on SFTP servers, such as server states, user counts, endpoint types, and more. The schema outlines the various attributes of the SFTP server for you, including the server ID, ARN, endpoint type, logging role, and associated tags.

Examples

Basic info

Explore which AWS transfer servers are being used, identifying their associated domains and the types of identity providers and endpoints they utilize. This allows for better management and configuration of data transfer processes.

select
  server_id,
  domain,
  identity_provider_type,
  endpoint_type
from
  aws_transfer_server;

select
  server_id,
  domain,
  identity_provider_type,
  endpoint_type
from
  aws_transfer_server;

List servers that are currently OFFLINE

Identify instances where AWS Transfer servers are currently offline. This query can be useful to quickly pinpoint servers that may need attention or troubleshooting.

select
  server_id,
  domain,
  identity_provider_type,
  endpoint_type,
  state
from
  aws_transfer_server
where
  state = 'OFFLINE';

select
  server_id,
  domain,
  identity_provider_type,
  endpoint_type,
  state
from
  aws_transfer_server
where
  state = 'OFFLINE';

Sort servers descending by user count

Analyze your servers to understand which ones are most heavily utilized by users. This aids in resource allocation and capacity planning by highlighting servers with the highest user count.

select
  server_id,
  user_count
from
  aws_transfer_server
order by
  user_count desc;

select
  server_id,
  user_count
from
  aws_transfer_server
order by
  user_count desc;

List workflows on upload event

Discover the segments that have workflows triggered by an upload event in your AWS Transfer Servers. This can be useful for understanding and managing the actions that take place when data is uploaded to your servers.

select
  server_id,
  domain,
  identity_provider_type,
  endpoint_type,
  workflow_details ->> 'OnUpload' as on_upload_workflow
from
  aws_transfer_server;

select
  server_id,
  domain,
  identity_provider_type,
  endpoint_type,
  json_extract(workflow_details, '$.OnUpload') as on_upload_workflow
from
  aws_transfer_server;

List structured destination CloudWatch groups

Explore which AWS Transfer servers are configured to send structured logs to specific destinations. This can help in managing and monitoring file transfers more effectively.

select
  server_id,
  domain,
  identity_provider_type,
  endpoint_type,
  structured_log_destinations
from
  aws_transfer_server;

select
  server_id,
  domain,
  identity_provider_type,
  endpoint_type,
  structured_log_destinations
from
  aws_transfer_server;

Get certificate details for servers

Explore which servers have specific certificate details and statuses to understand their key algorithms. This is useful in assessing security configurations and ensuring proper server-certificate associations.

select
  s.server_id,
  c.certificate_arn,
  c.status as certificate_status,
  c.key_algorithm
from
  aws_transfer_server as s,
  aws_acm_certificate as c
where
  s.certificate = c.certificate_arn;

select
  s.server_id,
  c.certificate_arn,
  c.status as certificate_status,
  c.key_algorithm
from
  aws_transfer_server as s,
  aws_acm_certificate as c
where
  s.certificate = c.certificate_arn;

Schema for aws_transfer_server

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The Amazon Resource Name (ARN) for the server.
certificate	text		Specifies the ARN of the Amazon Web ServicesCertificate Manager (ACM) certificate.
domain	text		Specifies the domain of the storage system that is used for file transfers.
endpoint_details	jsonb		The virtual private cloud (VPC) endpoint settings that are configured for your server.
endpoint_type	text		Specifies the type of VPC endpoint that your server is connected to.
host_key_fingerprint	text		Specifies the Base64-encoded SHA256 fingerprint of the server's host key.
identity_provider_details	jsonb		Specifies information to call a customer-supplied authentication API.
identity_provider_type	text		The mode of authentication for a server.
logging_role	text		The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
post_authentication_login_banner	text		Specifies a string to display when users connect to a server. This string is displayed after the user authenticates.
pre_authentication_login_banner	text		Specifies a string to display when users connect to a server. This string is displayed before the user authenticates.
protocol_details	jsonb		The protocol settings that are configured for your server.
protocols	jsonb		Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint.
region	text		The AWS Region in which the resource is located.
security_policy_name	text		Specifies the name of the security policy that is attached to the server.
server_id	text	=	The system-assigned unique identifier for the server.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
state	text		The condition of the server that was described.
structured_log_destinations	jsonb		Specifies the log groups to which your server logs are sent.
tags	jsonb		A map of tags for the resource.
title	text		Title of the resource.
user_count	bigint		Specifies the number of users that are assigned to a server.
workflow_details	jsonb		Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_transfer_server