--- title: Getting Started with Datadog description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog --- # aws_transfer_connector{% #aws_transfer_connector %} ## `access_role`{% #access_role %} **Type**: `STRING`**Provider name**: `AccessRole`**Description**: Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use. For AS2 connectors With AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths`. We use the file's parent directory (for example, for `–send-file-paths /bucket/dir/file.txt`, parent directory is `/bucket/dir/`) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer`. If you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key. For SFTP connectors Make sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to Secrets Manager. ## `account_id`{% #account_id %} **Type**: `STRING` ## `arn`{% #arn %} **Type**: `STRING`**Provider name**: `Arn`**Description**: The unique Amazon Resource Name (ARN) for the connector. ## `as2_config`{% #as2_config %} **Type**: `STRUCT`**Provider name**: `As2Config`**Description**: A structure that contains the parameters for an AS2 connector object. - `basic_auth_secret_id`**Type**: `STRING`**Provider name**: `BasicAuthSecretId`**Description**: Provides Basic authentication support to the AS2 Connectors API. To use Basic authentication, you must provide the name or Amazon Resource Name (ARN) of a secret in Secrets Manager. The default value for this parameter is `null`, which indicates that Basic authentication is not enabled for the connector. If the connector should use Basic authentication, the secret needs to be in the following format: `{ "Username": "user-name", "Password": "user-password" }` Replace `user-name` and `user-password` with the credentials for the actual user that is being authenticated. Note the following: - You are storing these credentials in Secrets Manager, not passing them directly into this API. - If you are using the API, SDKs, or CloudFormation to configure your connector, then you must create the secret before you can enable Basic authentication. However, if you are using the Amazon Web Services management console, you can have the system create the secret for you. If you have previously enabled Basic authentication for a connector, you can disable it by using the `UpdateConnector` API call. For example, if you are using the CLI, you can run the following command to remove Basic authentication: `update-connector –connector-id my-connector-id –as2-config 'BasicAuthSecretId=""'` - `compression`**Type**: `STRING`**Provider name**: `Compression`**Description**: Specifies whether the AS2 file is compressed. - `encryption_algorithm`**Type**: `STRING`**Provider name**: `EncryptionAlgorithm`**Description**: The algorithm that is used to encrypt the file. Note the following: - Do not use the `DES_EDE3_CBC` algorithm unless you must support a legacy client that requires it, as it is a weak encryption algorithm. - You can only specify `NONE` if the URL for your connector uses HTTPS. Using HTTPS ensures that no traffic is sent in clear text. - `local_profile_id`**Type**: `STRING`**Provider name**: `LocalProfileId`**Description**: A unique identifier for the AS2 local profile. - `mdn_response`**Type**: `STRING`**Provider name**: `MdnResponse`**Description**: Used for outbound requests (from an Transfer Family server to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous. Specify either of the following values: - `SYNC`: The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not). - `NONE`: Specifies that no MDN response is required. - `mdn_signing_algorithm`**Type**: `STRING`**Provider name**: `MdnSigningAlgorithm`**Description**: The signing algorithm for the MDN response.If set to DEFAULT (or not set at all), the value for `SigningAlgorithm` is used. - `message_subject`**Type**: `STRING`**Provider name**: `MessageSubject`**Description**: Used as the `Subject` HTTP header attribute in AS2 messages that are being sent with the connector. - `partner_profile_id`**Type**: `STRING`**Provider name**: `PartnerProfileId`**Description**: A unique identifier for the partner profile for the connector. - `preserve_content_type`**Type**: `STRING`**Provider name**: `PreserveContentType`**Description**: Allows you to use the Amazon S3 `Content-Type` that is associated with objects in S3 instead of having the content type mapped based on the file extension. This parameter is enabled by default when you create an AS2 connector from the console, but disabled by default when you create an AS2 connector by calling the API directly. - `signing_algorithm`**Type**: `STRING`**Provider name**: `SigningAlgorithm`**Description**: The algorithm that is used to sign the AS2 messages sent with the connector. ## `connector_id`{% #connector_id %} **Type**: `STRING`**Provider name**: `ConnectorId`**Description**: The unique identifier for the connector. ## `logging_role`{% #logging_role %} **Type**: `STRING`**Provider name**: `LoggingRole`**Description**: The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs. ## `security_policy_name`{% #security_policy_name %} **Type**: `STRING`**Provider name**: `SecurityPolicyName`**Description**: The text name of the security policy for the specified connector. ## `service_managed_egress_ip_addresses`{% #service_managed_egress_ip_addresses %} **Type**: `UNORDERED_LIST_STRING`**Provider name**: `ServiceManagedEgressIpAddresses`**Description**: The list of egress IP addresses of this connector. These IP addresses are assigned automatically when you create the connector. ## `sftp_config`{% #sftp_config %} **Type**: `STRUCT`**Provider name**: `SftpConfig`**Description**: A structure that contains the parameters for an SFTP connector object. - `trusted_host_keys`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `TrustedHostKeys`**Description**: The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the `ssh-keyscan` command against the SFTP server to retrieve the necessary key. The three standard SSH public key format elements are ``, ``, and an optional ``, with spaces between each element. Specify only the `` and ``: do not enter the `` portion of the key. For the trusted host key, Transfer Family accepts RSA and ECDSA keys. - For RSA keys, the `` string is `ssh-rsa`. - For ECDSA keys, the `` string is either `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, or `ecdsa-sha2-nistp521`, depending on the size of the key you generated. Run this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com`. `ssh-keyscan ftp.host.com` This prints the public host key to standard output. `ftp.host.com ssh-rsa AAAAB3Nza…