createUser method
Creates a user and associates them with an existing file transfer
protocol-enabled server. You can only create and associate users with
servers that have the IdentityProviderType set to
SERVICE_MANAGED. Using parameters for
CreateUser, you can specify the user name, set the home
directory, store the user's public key, and assign the user's AWS Identity
and Access Management (IAM) role. You can also optionally add a scope-down
policy, and assign metadata with tags that can be used to group and search
for users.
May throw ServiceUnavailableException. May throw InternalServiceError. May throw InvalidRequestException. May throw ResourceExistsException. May throw ResourceNotFoundException.
Parameter role :
The IAM role that controls your users' access to your Amazon S3 bucket.
The policies attached to this role will determine the level of access you
want to provide your users when transferring files into and out of your
Amazon S3 bucket or buckets. The IAM role should also contain a trust
relationship that allows the server to access your resources when
servicing your users' transfer requests.
Parameter serverId :
A system-assigned unique identifier for a server instance. This is the
specific server that you added your user to.
Parameter userName :
A unique string that identifies a user and is associated with a as
specified by the ServerId. This user name must be a minimum
of 3 and a maximum of 100 characters long. The following are valid
characters: a-z, A-Z, 0-9, underscore '_', hyphen '-', period '.', and at
sign '@'. The user name can't start with a hyphen, period, or at sign.
Parameter homeDirectory :
The landing directory (folder) for a user when they log in to the server
using the client.
An example is
your-Amazon-S3-bucket-name>/home/username .
Parameter homeDirectoryMappings :
Logical directory mappings that specify what Amazon S3 paths and keys
should be visible to your user and how you want to make them visible. You
will need to specify the "Entry" and "Target"
pair, where Entry shows how the path is made visible and
Target is the actual Amazon S3 path. If you only specify a
target, it will be displayed as is. You will need to also make sure that
your IAM role provides access to paths in Target. The
following is an example.
' "/bucket2/documentation", { "Entry": "your-personal-report.pdf",
"Target": "/bucket3/customized-reports/${transfer:UserName}.pdf" }
'
In most cases, you can use this value instead of the scope-down policy to
lock your user down to the designated home directory ("chroot"). To do
this, you can set Entry to '/' and set Target to
the HomeDirectory parameter value.
Parameter homeDirectoryType :
The type of landing directory (folder) you want your users' home directory
to be when they log into the server. If you set it to PATH,
the user will see the absolute Amazon S3 bucket paths as is in their file
transfer protocol clients. If you set it LOGICAL, you will
need to provide mappings in the HomeDirectoryMappings for how
you want to make Amazon S3 paths visible to your users.
Parameter policy :
A scope-down policy for your user so you can use the same IAM role across
multiple users. This policy scopes down user access to portions of their
Amazon S3 bucket. Variables that you can use inside this policy include
${Transfer:UserName}, ${Transfer:HomeDirectory},
and ${Transfer:HomeBucket}.
For an example of a scope-down policy, see Creating a scope-down policy.
For more information, see AssumeRole in the AWS Security Token Service API Reference.
Parameter sshPublicKeyBody :
The public portion of the Secure Shell (SSH) key used to authenticate the
user to the server.
Parameter tags :
Key-value pairs that can be used to group and search for users. Tags are
metadata attached to users for any purpose.
Implementation
Future<CreateUserResponse> createUser({
required String role,
required String serverId,
required String userName,
String? homeDirectory,
List<HomeDirectoryMapEntry>? homeDirectoryMappings,
HomeDirectoryType? homeDirectoryType,
String? policy,
String? sshPublicKeyBody,
List<Tag>? tags,
}) async {
ArgumentError.checkNotNull(role, 'role');
_s.validateStringLength(
'role',
role,
20,
2048,
isRequired: true,
);
ArgumentError.checkNotNull(serverId, 'serverId');
_s.validateStringLength(
'serverId',
serverId,
19,
19,
isRequired: true,
);
ArgumentError.checkNotNull(userName, 'userName');
_s.validateStringLength(
'userName',
userName,
3,
100,
isRequired: true,
);
_s.validateStringLength(
'homeDirectory',
homeDirectory,
0,
1024,
);
_s.validateStringLength(
'policy',
policy,
0,
2048,
);
_s.validateStringLength(
'sshPublicKeyBody',
sshPublicKeyBody,
0,
2048,
);
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'TransferService.CreateUser'
};
final jsonResponse = await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'Role': role,
'ServerId': serverId,
'UserName': userName,
if (homeDirectory != null) 'HomeDirectory': homeDirectory,
if (homeDirectoryMappings != null)
'HomeDirectoryMappings': homeDirectoryMappings,
if (homeDirectoryType != null)
'HomeDirectoryType': homeDirectoryType.toValue(),
if (policy != null) 'Policy': policy,
if (sshPublicKeyBody != null) 'SshPublicKeyBody': sshPublicKeyBody,
if (tags != null) 'Tags': tags,
},
);
return CreateUserResponse.fromJson(jsonResponse.body);
}