aws-sdk-transfer 1.124.0 → 1.126.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b784650660aea0c741744e453d30f592d31daf9854f7d06164e6c566ae994c1
-  data.tar.gz: 7eeb88821f36911df7452fa7841fbe071c08c3410d3ec5566965d6f27270169f
+  metadata.gz: d1df52bc978db54835398b6858546e00ff56afd0da0bda6a085f59431833180c
+  data.tar.gz: 83d4351227c5b47abfb2e9f3caa0ab93e18011934d7912ccc33dde3c09287780
 SHA512:
-  metadata.gz: 37f21127fc01283dd766f9ebff6b602c03edc029ba0fc53a1d3a91b550ef0fd985a6106b2c06394869e922ed4e51a54822fdfc47383cb54993a8598b1abc6a15
-  data.tar.gz: d0d01800c0671491c5c1e07ec81e4f18da87560aca068ecaaba92971431482a82ac0830d505abcffb763f6005a63c67c8c776514ff592a5820f7627978e08862
+  metadata.gz: 02cd26659b5fc26a6356db28261c3ddcda1f7458cf21c98d36586bfa537ebdcba3e1fcbdc3beb87e0f46b06d9494416d5f7b3796d0addf5ff4108bd6afc99bdd
+  data.tar.gz: e4176fb34c01d59c72fe10d3d9f82cdd0a618dcfe6161187ece9acbe9dc6bad0d658e765207e764ba56d6002e785da0c766374e2034f56032b13d3d32762bb9f

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.126.0 (2025-10-14)
+------------------
+
+* Feature - SFTP connectors now support routing connections via customers' VPC. This enables connections to remote servers that are only accessible in a customer's VPC environment, and to servers that are accessible over the internet but need connections coming from an IP address in a customer VPC's CIDR range.
+
+1.125.0 (2025-09-30)
+------------------
+
+* Feature - Add support for updating server identity provider type
+
 1.124.0 (2025-08-26)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.124.0
+1.126.0

data/lib/aws-sdk-transfer/client.rb

@@ -830,9 +830,14 @@ module Aws::Transfer
     # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configure-as2-connector.html
     # [2]: https://docs.aws.amazon.com/transfer/latest/userguide/configure-sftp-connector.html
     #
-    # @option params [required, String] :url
+    # @option params [String] :url
     #   The URL of the partner's AS2 or SFTP endpoint.
     #
+    #   When creating AS2 connectors or service-managed SFTP connectors
+    #   (connectors without egress configuration), you must provide a URL to
+    #   specify the remote server endpoint. For VPC Lattice type connectors,
+    #   the URL must be null.
+    #
     # @option params [Types::As2ConnectorConfig] :as_2_config
     #   A structure that contains the parameters for an AS2 connector object.
     #
@@ -886,6 +891,12 @@ module Aws::Transfer
     # @option params [String] :security_policy_name
     #   Specifies the name of the security policy for the connector.
     #
+    # @option params [Types::ConnectorEgressConfig] :egress_config
+    #   Specifies the egress configuration for the connector, which determines
+    #   how traffic is routed from the connector to the SFTP server. When set
+    #   to VPC, enables routing through customer VPCs using VPC\_LATTICE for
+    #   private connectivity.
+    #
     # @return [Types::CreateConnectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateConnectorResponse#connector_id #connector_id} => String
@@ -893,7 +904,7 @@ module Aws::Transfer
     # @example Request syntax with placeholder values
     #
     #   resp = client.create_connector({
-    #     url: "Url", # required
+    #     url: "Url",
     #     as_2_config: {
     #       local_profile_id: "ProfileId",
     #       partner_profile_id: "ProfileId",
@@ -920,6 +931,12 @@ module Aws::Transfer
     #       max_concurrent_connections: 1,
     #     },
     #     security_policy_name: "ConnectorSecurityPolicyName",
+    #     egress_config: {
+    #       vpc_lattice: {
+    #         resource_configuration_arn: "VpcLatticeResourceConfigurationArn", # required
+    #         port_number: 1,
+    #       },
+    #     },
     #   })
     #
     # @example Response structure
@@ -1220,6 +1237,14 @@ module Aws::Transfer
     # @option params [Types::ProtocolDetails] :protocol_details
     #   The protocol settings that are configured for your server.
     #
+    #   <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
+    #   of Transfer Family servers, as this increases costs and can cause
+    #   performance issues, including reduced connection limits for FTPS. For
+    #   more details, see [ Avoid placing NLBs and NATs in front of Transfer
+    #   Family][1].
+    #
+    #    </note>
+    #
     #   * To indicate passive mode (for FTP and FTPS protocols), use the
     #     `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such
     #     as the external IP address of a firewall, router, or load balancer.
@@ -1241,6 +1266,10 @@ module Aws::Transfer
     #   * `As2Transports` indicates the transport method for the AS2 messages.
     #     Currently, only HTTP is supported.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
+    #
     # @option params [String] :security_policy_name
     #   Specifies the name of the security policy for the server.
     #
@@ -1278,7 +1307,11 @@ module Aws::Transfer
     #
     # @option params [Types::S3StorageOptions] :s3_storage_options
     #   Specifies whether or not performance for your Amazon S3 directories is
-    #   optimized. This is disabled by default.
+    #   optimized.
+    #
+    #   * If using the console, this is enabled by default.
+    #
+    #   * If using the API or CLI, this is disabled by default.
     #
     #   By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
     #   you enable this option, you would then need to explicitly set the
@@ -2288,6 +2321,14 @@ module Aws::Transfer
 
     # Describes the certificate that's identified by the `CertificateId`.
     #
+    # <note markdown="1"> Transfer Family automatically publishes a Amazon CloudWatch metric
+    # called `DaysUntilExpiry` for imported certificates. This metric tracks
+    # the number of days until the certificate expires based on the
+    # `InactiveDate`. The metric is available in the `AWS/Transfer`
+    # namespace and includes the `CertificateId` as a dimension.
+    #
+    #  </note>
+    #
     # @option params [required, String] :certificate_id
     #   An array of identifiers for the imported certificates. You use this
     #   identifier for working with profiles and partner profiles.
@@ -2372,6 +2413,11 @@ module Aws::Transfer
     #   resp.connector.service_managed_egress_ip_addresses #=> Array
     #   resp.connector.service_managed_egress_ip_addresses[0] #=> String
     #   resp.connector.security_policy_name #=> String
+    #   resp.connector.egress_config.vpc_lattice.resource_configuration_arn #=> String
+    #   resp.connector.egress_config.vpc_lattice.port_number #=> Integer
+    #   resp.connector.egress_type #=> String, one of "SERVICE_MANAGED", "VPC_LATTICE"
+    #   resp.connector.error_message #=> String
+    #   resp.connector.status #=> String, one of "ACTIVE", "ERRORED", "PENDING"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeConnector AWS API Documentation
     #
@@ -2897,11 +2943,33 @@ module Aws::Transfer
     # You can import both the certificate and its chain in the `Certificate`
     # parameter.
     #
+    # After importing a certificate, Transfer Family automatically creates a
+    # Amazon CloudWatch metric called `DaysUntilExpiry` that tracks the
+    # number of days until the certificate expires. The metric is based on
+    # the `InactiveDate` parameter and is published daily in the
+    # `AWS/Transfer` namespace.
+    #
+    # It can take up to a full day after importing a certificate for
+    # Transfer Family to emit the `DaysUntilExpiry` metric to your account.
+    #
     # <note markdown="1"> If you use the `Certificate` parameter to upload both the certificate
     # and its chain, don't use the `CertificateChain` parameter.
     #
     #  </note>
     #
+    # **CloudWatch monitoring**
+    #
+    # The `DaysUntilExpiry` metric includes the following specifications:
+    #
+    # * **Units:** Count (days)
+    #
+    # * **Dimensions:** `CertificateId` (always present), `Description` (if
+    #   provided during certificate import)
+    #
+    # * **Statistics:** Minimum, Maximum, Average
+    #
+    # * **Frequency:** Published daily
+    #
     # @option params [required, String] :usage
     #   Specifies how this certificate is used. It can be used in the
     #   following ways:
@@ -4745,6 +4813,11 @@ module Aws::Transfer
     # @option params [String] :url
     #   The URL of the partner's AS2 or SFTP endpoint.
     #
+    #   When creating AS2 connectors or service-managed SFTP connectors
+    #   (connectors without egress configuration), you must provide a URL to
+    #   specify the remote server endpoint. For VPC Lattice type connectors,
+    #   the URL must be null.
+    #
     # @option params [Types::As2ConnectorConfig] :as_2_config
     #   A structure that contains the parameters for an AS2 connector object.
     #
@@ -4794,6 +4867,11 @@ module Aws::Transfer
     # @option params [String] :security_policy_name
     #   Specifies the name of the security policy for the connector.
     #
+    # @option params [Types::UpdateConnectorEgressConfig] :egress_config
+    #   Updates the egress configuration for the connector, allowing you to
+    #   modify how traffic is routed from the connector to the SFTP server.
+    #   Changes to VPC configuration may require connector restart.
+    #
     # @return [Types::UpdateConnectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateConnectorResponse#connector_id #connector_id} => String
@@ -4823,6 +4901,12 @@ module Aws::Transfer
     #       max_concurrent_connections: 1,
     #     },
     #     security_policy_name: "ConnectorSecurityPolicyName",
+    #     egress_config: {
+    #       vpc_lattice: {
+    #         resource_configuration_arn: "VpcLatticeResourceConfigurationArn",
+    #         port_number: 1,
+    #       },
+    #     },
     #   })
     #
     # @example Response structure
@@ -4962,6 +5046,14 @@ module Aws::Transfer
     # @option params [Types::ProtocolDetails] :protocol_details
     #   The protocol settings that are configured for your server.
     #
+    #   <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
+    #   of Transfer Family servers, as this increases costs and can cause
+    #   performance issues, including reduced connection limits for FTPS. For
+    #   more details, see [ Avoid placing NLBs and NATs in front of Transfer
+    #   Family][1].
+    #
+    #    </note>
+    #
     #   * To indicate passive mode (for FTP and FTPS protocols), use the
     #     `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such
     #     as the external IP address of a firewall, router, or load balancer.
@@ -4983,6 +5075,10 @@ module Aws::Transfer
     #   * `As2Transports` indicates the transport method for the AS2 messages.
     #     Currently, only HTTP is supported.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
+    #
     # @option params [Types::EndpointDetails] :endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are configured
     #   for your server. When you host your endpoint within your VPC, you can
@@ -5167,7 +5263,11 @@ module Aws::Transfer
     #
     # @option params [Types::S3StorageOptions] :s3_storage_options
     #   Specifies whether or not performance for your Amazon S3 directories is
-    #   optimized. This is disabled by default.
+    #   optimized.
+    #
+    #   * If using the console, this is enabled by default.
+    #
+    #   * If using the API or CLI, this is disabled by default.
     #
     #   By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
     #   you enable this option, you would then need to explicitly set the
@@ -5196,6 +5296,28 @@ module Aws::Transfer
     #
     #   [1]: https://docs.aws.amazon.com/transfer/latest/APIReference/API_EndpointDetails.html
     #
+    # @option params [String] :identity_provider_type
+    #   The mode of authentication for a server. The default value is
+    #   `SERVICE_MANAGED`, which allows you to store and access user
+    #   credentials within the Transfer Family service.
+    #
+    #   Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
+    #   groups in Directory Service for Microsoft Active Directory or
+    #   Microsoft Active Directory in your on-premises environment or in
+    #   Amazon Web Services using AD Connector. This option also requires you
+    #   to provide a Directory ID by using the `IdentityProviderDetails`
+    #   parameter.
+    #
+    #   Use the `API_GATEWAY` value to integrate with an identity provider of
+    #   your choosing. The `API_GATEWAY` setting requires you to provide an
+    #   Amazon API Gateway endpoint URL to call for authentication by using
+    #   the `IdentityProviderDetails` parameter.
+    #
+    #   Use the `AWS_LAMBDA` value to directly use an Lambda function as your
+    #   identity provider. If you choose this value, you must specify the ARN
+    #   for the Lambda function in the `Function` parameter for the
+    #   `IdentityProviderDetails` data type.
+    #
     # @return [Types::UpdateServerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateServerResponse#server_id #server_id} => String
@@ -5251,6 +5373,7 @@ module Aws::Transfer
     #       directory_listing_optimization: "ENABLED", # accepts ENABLED, DISABLED
     #     },
     #     ip_address_type: "IPV4", # accepts IPV4, DUALSTACK
+    #     identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY, AWS_DIRECTORY_SERVICE, AWS_LAMBDA
     #   })
     #
     # @example Response structure
@@ -5550,7 +5673,7 @@ module Aws::Transfer
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-transfer'
-      context[:gem_version] = '1.124.0'
+      context[:gem_version] = '1.126.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-transfer/client_api.rb

@@ -38,10 +38,15 @@ module Aws::Transfer
     CertificateUsageType = Shapes::StringShape.new(name: 'CertificateUsageType')
     CompressionEnum = Shapes::StringShape.new(name: 'CompressionEnum')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
+    ConnectorEgressConfig = Shapes::UnionShape.new(name: 'ConnectorEgressConfig')
+    ConnectorEgressType = Shapes::StringShape.new(name: 'ConnectorEgressType')
+    ConnectorErrorMessage = Shapes::StringShape.new(name: 'ConnectorErrorMessage')
     ConnectorFileTransferResult = Shapes::StructureShape.new(name: 'ConnectorFileTransferResult')
     ConnectorFileTransferResults = Shapes::ListShape.new(name: 'ConnectorFileTransferResults')
     ConnectorId = Shapes::StringShape.new(name: 'ConnectorId')
     ConnectorSecurityPolicyName = Shapes::StringShape.new(name: 'ConnectorSecurityPolicyName')
+    ConnectorStatus = Shapes::StringShape.new(name: 'ConnectorStatus')
+    ConnectorVpcLatticeEgressConfig = Shapes::StructureShape.new(name: 'ConnectorVpcLatticeEgressConfig')
     CopyStepDetails = Shapes::StructureShape.new(name: 'CopyStepDetails')
     CreateAccessRequest = Shapes::StructureShape.new(name: 'CreateAccessRequest')
     CreateAccessResponse = Shapes::StructureShape.new(name: 'CreateAccessResponse')
@@ -110,6 +115,8 @@ module Aws::Transfer
     DescribedAgreement = Shapes::StructureShape.new(name: 'DescribedAgreement')
     DescribedCertificate = Shapes::StructureShape.new(name: 'DescribedCertificate')
     DescribedConnector = Shapes::StructureShape.new(name: 'DescribedConnector')
+    DescribedConnectorEgressConfig = Shapes::UnionShape.new(name: 'DescribedConnectorEgressConfig')
+    DescribedConnectorVpcLatticeEgressConfig = Shapes::StructureShape.new(name: 'DescribedConnectorVpcLatticeEgressConfig')
     DescribedExecution = Shapes::StructureShape.new(name: 'DescribedExecution')
     DescribedHostKey = Shapes::StructureShape.new(name: 'DescribedHostKey')
     DescribedIdentityCenterConfig = Shapes::StructureShape.new(name: 'DescribedIdentityCenterConfig')
@@ -302,6 +309,7 @@ module Aws::Transfer
     SftpConnectorHostKey = Shapes::StringShape.new(name: 'SftpConnectorHostKey')
     SftpConnectorTrustedHostKey = Shapes::StringShape.new(name: 'SftpConnectorTrustedHostKey')
     SftpConnectorTrustedHostKeyList = Shapes::ListShape.new(name: 'SftpConnectorTrustedHostKeyList')
+    SftpPort = Shapes::IntegerShape.new(name: 'SftpPort')
     SigningAlg = Shapes::StringShape.new(name: 'SigningAlg')
     SourceFileLocation = Shapes::StringShape.new(name: 'SourceFileLocation')
     SourceIp = Shapes::StringShape.new(name: 'SourceIp')
@@ -349,8 +357,10 @@ module Aws::Transfer
     UpdateAgreementResponse = Shapes::StructureShape.new(name: 'UpdateAgreementResponse')
     UpdateCertificateRequest = Shapes::StructureShape.new(name: 'UpdateCertificateRequest')
     UpdateCertificateResponse = Shapes::StructureShape.new(name: 'UpdateCertificateResponse')
+    UpdateConnectorEgressConfig = Shapes::UnionShape.new(name: 'UpdateConnectorEgressConfig')
     UpdateConnectorRequest = Shapes::StructureShape.new(name: 'UpdateConnectorRequest')
     UpdateConnectorResponse = Shapes::StructureShape.new(name: 'UpdateConnectorResponse')
+    UpdateConnectorVpcLatticeEgressConfig = Shapes::StructureShape.new(name: 'UpdateConnectorVpcLatticeEgressConfig')
     UpdateHostKeyRequest = Shapes::StructureShape.new(name: 'UpdateHostKeyRequest')
     UpdateHostKeyResponse = Shapes::StructureShape.new(name: 'UpdateHostKeyResponse')
     UpdateProfileRequest = Shapes::StructureShape.new(name: 'UpdateProfileRequest')
@@ -372,6 +382,7 @@ module Aws::Transfer
     UserPassword = Shapes::StringShape.new(name: 'UserPassword')
     VpcEndpointId = Shapes::StringShape.new(name: 'VpcEndpointId')
     VpcId = Shapes::StringShape.new(name: 'VpcId')
+    VpcLatticeResourceConfigurationArn = Shapes::StringShape.new(name: 'VpcLatticeResourceConfigurationArn')
     WebAppAccessEndpoint = Shapes::StringShape.new(name: 'WebAppAccessEndpoint')
     WebAppEndpoint = Shapes::StringShape.new(name: 'WebAppEndpoint')
     WebAppEndpointPolicy = Shapes::StringShape.new(name: 'WebAppEndpointPolicy')
@@ -415,6 +426,12 @@ module Aws::Transfer
     ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
     ConflictException.struct_class = Types::ConflictException
 
+    ConnectorEgressConfig.add_member(:vpc_lattice, Shapes::ShapeRef.new(shape: ConnectorVpcLatticeEgressConfig, location_name: "VpcLattice"))
+    ConnectorEgressConfig.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    ConnectorEgressConfig.add_member_subclass(:vpc_lattice, Types::ConnectorEgressConfig::VpcLattice)
+    ConnectorEgressConfig.add_member_subclass(:unknown, Types::ConnectorEgressConfig::Unknown)
+    ConnectorEgressConfig.struct_class = Types::ConnectorEgressConfig
+
     ConnectorFileTransferResult.add_member(:file_path, Shapes::ShapeRef.new(shape: FilePath, required: true, location_name: "FilePath"))
     ConnectorFileTransferResult.add_member(:status_code, Shapes::ShapeRef.new(shape: TransferTableStatus, required: true, location_name: "StatusCode"))
     ConnectorFileTransferResult.add_member(:failure_code, Shapes::ShapeRef.new(shape: FailureCode, location_name: "FailureCode"))
@@ -423,6 +440,10 @@ module Aws::Transfer
 
     ConnectorFileTransferResults.member = Shapes::ShapeRef.new(shape: ConnectorFileTransferResult)
 
+    ConnectorVpcLatticeEgressConfig.add_member(:resource_configuration_arn, Shapes::ShapeRef.new(shape: VpcLatticeResourceConfigurationArn, required: true, location_name: "ResourceConfigurationArn"))
+    ConnectorVpcLatticeEgressConfig.add_member(:port_number, Shapes::ShapeRef.new(shape: SftpPort, location_name: "PortNumber"))
+    ConnectorVpcLatticeEgressConfig.struct_class = Types::ConnectorVpcLatticeEgressConfig
+
     CopyStepDetails.add_member(:name, Shapes::ShapeRef.new(shape: WorkflowStepName, location_name: "Name"))
     CopyStepDetails.add_member(:destination_file_location, Shapes::ShapeRef.new(shape: InputFileLocation, location_name: "DestinationFileLocation"))
     CopyStepDetails.add_member(:overwrite_existing, Shapes::ShapeRef.new(shape: OverwriteExisting, location_name: "OverwriteExisting"))
@@ -459,13 +480,14 @@ module Aws::Transfer
     CreateAgreementResponse.add_member(:agreement_id, Shapes::ShapeRef.new(shape: AgreementId, required: true, location_name: "AgreementId"))
     CreateAgreementResponse.struct_class = Types::CreateAgreementResponse
 
-    CreateConnectorRequest.add_member(:url, Shapes::ShapeRef.new(shape: Url, required: true, location_name: "Url"))
+    CreateConnectorRequest.add_member(:url, Shapes::ShapeRef.new(shape: Url, location_name: "Url"))
     CreateConnectorRequest.add_member(:as_2_config, Shapes::ShapeRef.new(shape: As2ConnectorConfig, location_name: "As2Config"))
     CreateConnectorRequest.add_member(:access_role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "AccessRole"))
     CreateConnectorRequest.add_member(:logging_role, Shapes::ShapeRef.new(shape: Role, location_name: "LoggingRole"))
     CreateConnectorRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
     CreateConnectorRequest.add_member(:sftp_config, Shapes::ShapeRef.new(shape: SftpConnectorConfig, location_name: "SftpConfig"))
     CreateConnectorRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: ConnectorSecurityPolicyName, location_name: "SecurityPolicyName"))
+    CreateConnectorRequest.add_member(:egress_config, Shapes::ShapeRef.new(shape: ConnectorEgressConfig, location_name: "EgressConfig"))
     CreateConnectorRequest.struct_class = Types::CreateConnectorRequest
 
     CreateConnectorResponse.add_member(:connector_id, Shapes::ShapeRef.new(shape: ConnectorId, required: true, location_name: "ConnectorId"))
@@ -740,8 +762,22 @@ module Aws::Transfer
     DescribedConnector.add_member(:sftp_config, Shapes::ShapeRef.new(shape: SftpConnectorConfig, location_name: "SftpConfig"))
     DescribedConnector.add_member(:service_managed_egress_ip_addresses, Shapes::ShapeRef.new(shape: ServiceManagedEgressIpAddresses, location_name: "ServiceManagedEgressIpAddresses"))
     DescribedConnector.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: ConnectorSecurityPolicyName, location_name: "SecurityPolicyName"))
+    DescribedConnector.add_member(:egress_config, Shapes::ShapeRef.new(shape: DescribedConnectorEgressConfig, location_name: "EgressConfig"))
+    DescribedConnector.add_member(:egress_type, Shapes::ShapeRef.new(shape: ConnectorEgressType, required: true, location_name: "EgressType"))
+    DescribedConnector.add_member(:error_message, Shapes::ShapeRef.new(shape: ConnectorErrorMessage, location_name: "ErrorMessage"))
+    DescribedConnector.add_member(:status, Shapes::ShapeRef.new(shape: ConnectorStatus, required: true, location_name: "Status"))
     DescribedConnector.struct_class = Types::DescribedConnector
 
+    DescribedConnectorEgressConfig.add_member(:vpc_lattice, Shapes::ShapeRef.new(shape: DescribedConnectorVpcLatticeEgressConfig, location_name: "VpcLattice"))
+    DescribedConnectorEgressConfig.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    DescribedConnectorEgressConfig.add_member_subclass(:vpc_lattice, Types::DescribedConnectorEgressConfig::VpcLattice)
+    DescribedConnectorEgressConfig.add_member_subclass(:unknown, Types::DescribedConnectorEgressConfig::Unknown)
+    DescribedConnectorEgressConfig.struct_class = Types::DescribedConnectorEgressConfig
+
+    DescribedConnectorVpcLatticeEgressConfig.add_member(:resource_configuration_arn, Shapes::ShapeRef.new(shape: VpcLatticeResourceConfigurationArn, required: true, location_name: "ResourceConfigurationArn"))
+    DescribedConnectorVpcLatticeEgressConfig.add_member(:port_number, Shapes::ShapeRef.new(shape: SftpPort, location_name: "PortNumber"))
+    DescribedConnectorVpcLatticeEgressConfig.struct_class = Types::DescribedConnectorVpcLatticeEgressConfig
+
     DescribedExecution.add_member(:execution_id, Shapes::ShapeRef.new(shape: ExecutionId, location_name: "ExecutionId"))
     DescribedExecution.add_member(:initial_file_location, Shapes::ShapeRef.new(shape: FileLocation, location_name: "InitialFileLocation"))
     DescribedExecution.add_member(:service_metadata, Shapes::ShapeRef.new(shape: ServiceMetadata, location_name: "ServiceMetadata"))
@@ -1399,6 +1435,12 @@ module Aws::Transfer
     UpdateCertificateResponse.add_member(:certificate_id, Shapes::ShapeRef.new(shape: CertificateId, required: true, location_name: "CertificateId"))
     UpdateCertificateResponse.struct_class = Types::UpdateCertificateResponse
 
+    UpdateConnectorEgressConfig.add_member(:vpc_lattice, Shapes::ShapeRef.new(shape: UpdateConnectorVpcLatticeEgressConfig, location_name: "VpcLattice"))
+    UpdateConnectorEgressConfig.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    UpdateConnectorEgressConfig.add_member_subclass(:vpc_lattice, Types::UpdateConnectorEgressConfig::VpcLattice)
+    UpdateConnectorEgressConfig.add_member_subclass(:unknown, Types::UpdateConnectorEgressConfig::Unknown)
+    UpdateConnectorEgressConfig.struct_class = Types::UpdateConnectorEgressConfig
+
     UpdateConnectorRequest.add_member(:connector_id, Shapes::ShapeRef.new(shape: ConnectorId, required: true, location_name: "ConnectorId"))
     UpdateConnectorRequest.add_member(:url, Shapes::ShapeRef.new(shape: Url, location_name: "Url"))
     UpdateConnectorRequest.add_member(:as_2_config, Shapes::ShapeRef.new(shape: As2ConnectorConfig, location_name: "As2Config"))
@@ -1406,11 +1448,16 @@ module Aws::Transfer
     UpdateConnectorRequest.add_member(:logging_role, Shapes::ShapeRef.new(shape: Role, location_name: "LoggingRole"))
     UpdateConnectorRequest.add_member(:sftp_config, Shapes::ShapeRef.new(shape: SftpConnectorConfig, location_name: "SftpConfig"))
     UpdateConnectorRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: ConnectorSecurityPolicyName, location_name: "SecurityPolicyName"))
+    UpdateConnectorRequest.add_member(:egress_config, Shapes::ShapeRef.new(shape: UpdateConnectorEgressConfig, location_name: "EgressConfig"))
     UpdateConnectorRequest.struct_class = Types::UpdateConnectorRequest
 
     UpdateConnectorResponse.add_member(:connector_id, Shapes::ShapeRef.new(shape: ConnectorId, required: true, location_name: "ConnectorId"))
     UpdateConnectorResponse.struct_class = Types::UpdateConnectorResponse
 
+    UpdateConnectorVpcLatticeEgressConfig.add_member(:resource_configuration_arn, Shapes::ShapeRef.new(shape: VpcLatticeResourceConfigurationArn, location_name: "ResourceConfigurationArn"))
+    UpdateConnectorVpcLatticeEgressConfig.add_member(:port_number, Shapes::ShapeRef.new(shape: SftpPort, location_name: "PortNumber"))
+    UpdateConnectorVpcLatticeEgressConfig.struct_class = Types::UpdateConnectorVpcLatticeEgressConfig
+
     UpdateHostKeyRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
     UpdateHostKeyRequest.add_member(:host_key_id, Shapes::ShapeRef.new(shape: HostKeyId, required: true, location_name: "HostKeyId"))
     UpdateHostKeyRequest.add_member(:description, Shapes::ShapeRef.new(shape: HostKeyDescription, required: true, location_name: "Description"))
@@ -1443,6 +1490,7 @@ module Aws::Transfer
     UpdateServerRequest.add_member(:structured_log_destinations, Shapes::ShapeRef.new(shape: StructuredLogDestinations, location_name: "StructuredLogDestinations"))
     UpdateServerRequest.add_member(:s3_storage_options, Shapes::ShapeRef.new(shape: S3StorageOptions, location_name: "S3StorageOptions"))
     UpdateServerRequest.add_member(:ip_address_type, Shapes::ShapeRef.new(shape: IpAddressType, location_name: "IpAddressType"))
+    UpdateServerRequest.add_member(:identity_provider_type, Shapes::ShapeRef.new(shape: IdentityProviderType, location_name: "IdentityProviderType"))
     UpdateServerRequest.struct_class = Types::UpdateServerRequest
 
     UpdateServerResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))

data/lib/aws-sdk-transfer/endpoint_parameters.rb

@@ -13,22 +13,22 @@ module Aws::Transfer
   # @!attribute region
   #   The AWS region used to dispatch the request.
   #
-  #   @return [String]
+  #   @return [string]
   #
   # @!attribute use_dual_stack
   #   When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
   #
-  #   @return [Boolean]
+  #   @return [boolean]
   #
   # @!attribute use_fips
   #   When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
   #
-  #   @return [Boolean]
+  #   @return [boolean]
   #
   # @!attribute endpoint
   #   Override the endpoint used to send this request
   #
-  #   @return [String]
+  #   @return [string]
   #
   EndpointParameters = Struct.new(
     :region,

data/lib/aws-sdk-transfer/types.rb

@@ -159,6 +159,32 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # Configuration structure that defines how traffic is routed from the
+    # connector to the SFTP server. Contains VPC Lattice settings when using
+    # VPC\_LATTICE egress type for private connectivity through customer
+    # VPCs.
+    #
+    # @note ConnectorEgressConfig is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @!attribute [rw] vpc_lattice
+    #   VPC\_LATTICE configuration for routing connector traffic through
+    #   customer VPCs. Enables private connectivity to SFTP servers without
+    #   requiring public internet access or complex network configurations.
+    #   @return [Types::ConnectorVpcLatticeEgressConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ConnectorEgressConfig AWS API Documentation
+    #
+    class ConnectorEgressConfig < Struct.new(
+      :vpc_lattice,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class VpcLattice < ConnectorEgressConfig; end
+      class Unknown < ConnectorEgressConfig; end
+    end
+
     # A structure that contains the details for files transferred using an
     # SFTP connector, during a single transfer.
     #
@@ -192,6 +218,33 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # VPC\_LATTICE egress configuration that specifies the Resource
+    # Configuration ARN and port for connecting to SFTP servers through
+    # customer VPCs. Requires a valid Resource Configuration with
+    # appropriate network access.
+    #
+    # @!attribute [rw] resource_configuration_arn
+    #   ARN of the VPC\_LATTICE Resource Configuration that defines the
+    #   target SFTP server location. Must point to a valid Resource
+    #   Configuration in the customer's VPC with appropriate network
+    #   connectivity to the SFTP server.
+    #   @return [String]
+    #
+    # @!attribute [rw] port_number
+    #   Port number for connecting to the SFTP server through VPC\_LATTICE.
+    #   Defaults to 22 if not specified. Must match the port on which the
+    #   target SFTP server is listening.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ConnectorVpcLatticeEgressConfig AWS API Documentation
+    #
+    class ConnectorVpcLatticeEgressConfig < Struct.new(
+      :resource_configuration_arn,
+      :port_number)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Each step type has its own `StepDetails` structure.
     #
     # @!attribute [rw] name
@@ -567,6 +620,11 @@ module Aws::Transfer
 
     # @!attribute [rw] url
     #   The URL of the partner's AS2 or SFTP endpoint.
+    #
+    #   When creating AS2 connectors or service-managed SFTP connectors
+    #   (connectors without egress configuration), you must provide a URL to
+    #   specify the remote server endpoint. For VPC Lattice type connectors,
+    #   the URL must be null.
     #   @return [String]
     #
     # @!attribute [rw] as_2_config
@@ -631,6 +689,13 @@ module Aws::Transfer
     #   Specifies the name of the security policy for the connector.
     #   @return [String]
     #
+    # @!attribute [rw] egress_config
+    #   Specifies the egress configuration for the connector, which
+    #   determines how traffic is routed from the connector to the SFTP
+    #   server. When set to VPC, enables routing through customer VPCs using
+    #   VPC\_LATTICE for private connectivity.
+    #   @return [Types::ConnectorEgressConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateConnectorRequest AWS API Documentation
     #
     class CreateConnectorRequest < Struct.new(
@@ -640,7 +705,8 @@ module Aws::Transfer
       :logging_role,
       :tags,
       :sftp_config,
-      :security_policy_name)
+      :security_policy_name,
+      :egress_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -944,6 +1010,14 @@ module Aws::Transfer
     # @!attribute [rw] protocol_details
     #   The protocol settings that are configured for your server.
     #
+    #   <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
+    #   of Transfer Family servers, as this increases costs and can cause
+    #   performance issues, including reduced connection limits for FTPS.
+    #   For more details, see [ Avoid placing NLBs and NATs in front of
+    #   Transfer Family][1].
+    #
+    #    </note>
+    #
     #   * To indicate passive mode (for FTP and FTPS protocols), use the
     #     `PassiveIp` parameter. Enter a single dotted-quad IPv4 address,
     #     such as the external IP address of a firewall, router, or load
@@ -965,6 +1039,10 @@ module Aws::Transfer
     #
     #   * `As2Transports` indicates the transport method for the AS2
     #     messages. Currently, only HTTP is supported.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
     #   @return [Types::ProtocolDetails]
     #
     # @!attribute [rw] security_policy_name
@@ -1008,7 +1086,11 @@ module Aws::Transfer
     #
     # @!attribute [rw] s3_storage_options
     #   Specifies whether or not performance for your Amazon S3 directories
-    #   is optimized. This is disabled by default.
+    #   is optimized.
+    #
+    #   * If using the console, this is enabled by default.
+    #
+    #   * If using the API or CLI, this is disabled by default.
     #
     #   By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
     #   you enable this option, you would then need to explicitly set the
@@ -2514,6 +2596,11 @@ module Aws::Transfer
     #
     # @!attribute [rw] url
     #   The URL of the partner's AS2 or SFTP endpoint.
+    #
+    #   When creating AS2 connectors or service-managed SFTP connectors
+    #   (connectors without egress configuration), you must provide a URL to
+    #   specify the remote server endpoint. For VPC Lattice type connectors,
+    #   the URL must be null.
     #   @return [String]
     #
     # @!attribute [rw] as_2_config
@@ -2582,6 +2669,33 @@ module Aws::Transfer
     #   The text name of the security policy for the specified connector.
     #   @return [String]
     #
+    # @!attribute [rw] egress_config
+    #   Current egress configuration of the connector, showing how traffic
+    #   is routed to the SFTP server. Contains VPC Lattice settings when
+    #   using VPC\_LATTICE egress type.
+    #
+    #   When using the VPC\_LATTICE egress type, Transfer Family uses a
+    #   managed Service Network to simplify the resource sharing process.
+    #   @return [Types::DescribedConnectorEgressConfig]
+    #
+    # @!attribute [rw] egress_type
+    #   Type of egress configuration for the connector. SERVICE\_MANAGED
+    #   uses Transfer Family managed NAT gateways, while VPC\_LATTICE routes
+    #   traffic through customer VPCs using VPC Lattice.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_message
+    #   Error message providing details when the connector is in ERRORED
+    #   status. Contains information to help troubleshoot connector creation
+    #   or operation failures.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   Current status of the connector. PENDING indicates creation/update
+    #   in progress, ACTIVE means ready for operations, and ERRORED
+    #   indicates a failure requiring attention.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedConnector AWS API Documentation
     #
     class DescribedConnector < Struct.new(
@@ -2594,7 +2708,61 @@ module Aws::Transfer
       :tags,
       :sftp_config,
       :service_managed_egress_ip_addresses,
-      :security_policy_name)
+      :security_policy_name,
+      :egress_config,
+      :egress_type,
+      :error_message,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Response structure containing the current egress configuration details
+    # for the connector. Shows how traffic is currently routed from the
+    # connector to the SFTP server.
+    #
+    # @note DescribedConnectorEgressConfig is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of DescribedConnectorEgressConfig corresponding to the set member.
+    #
+    # @!attribute [rw] vpc_lattice
+    #   VPC\_LATTICE configuration details in the response, showing the
+    #   current Resource Configuration ARN and port settings for VPC-based
+    #   connectivity.
+    #   @return [Types::DescribedConnectorVpcLatticeEgressConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedConnectorEgressConfig AWS API Documentation
+    #
+    class DescribedConnectorEgressConfig < Struct.new(
+      :vpc_lattice,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class VpcLattice < DescribedConnectorEgressConfig; end
+      class Unknown < DescribedConnectorEgressConfig; end
+    end
+
+    # VPC\_LATTICE egress configuration details in the response, containing
+    # the Resource Configuration ARN and port number currently configured
+    # for the connector.
+    #
+    # @!attribute [rw] resource_configuration_arn
+    #   ARN of the VPC\_LATTICE Resource Configuration currently used by the
+    #   connector. This Resource Configuration defines the network path to
+    #   the SFTP server through the customer's VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] port_number
+    #   Port number currently configured for SFTP connections through
+    #   VPC\_LATTICE. Shows the port on which the connector attempts to
+    #   connect to the target SFTP server.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedConnectorVpcLatticeEgressConfig AWS API Documentation
+    #
+    class DescribedConnectorVpcLatticeEgressConfig < Struct.new(
+      :resource_configuration_arn,
+      :port_number)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2893,6 +3061,14 @@ module Aws::Transfer
     # @!attribute [rw] protocol_details
     #   The protocol settings that are configured for your server.
     #
+    #   <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
+    #   of Transfer Family servers, as this increases costs and can cause
+    #   performance issues, including reduced connection limits for FTPS.
+    #   For more details, see [ Avoid placing NLBs and NATs in front of
+    #   Transfer Family][1].
+    #
+    #    </note>
+    #
     #   * To indicate passive mode (for FTP and FTPS protocols), use the
     #     `PassiveIp` parameter. Enter a single dotted-quad IPv4 address,
     #     such as the external IP address of a firewall, router, or load
@@ -2914,6 +3090,10 @@ module Aws::Transfer
     #
     #   * `As2Transports` indicates the transport method for the AS2
     #     messages. Currently, only HTTP is supported.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
     #   @return [Types::ProtocolDetails]
     #
     # @!attribute [rw] domain
@@ -3103,7 +3283,11 @@ module Aws::Transfer
     #
     # @!attribute [rw] s3_storage_options
     #   Specifies whether or not performance for your Amazon S3 directories
-    #   is optimized. This is disabled by default.
+    #   is optimized.
+    #
+    #   * If using the console, this is enabled by default.
+    #
+    #   * If using the API or CLI, this is disabled by default.
     #
     #   By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
     #   you enable this option, you would then need to explicitly set the
@@ -3589,7 +3773,15 @@ module Aws::Transfer
     #   A list of security groups IDs that are available to attach to your
     #   server's endpoint.
     #
-    #   <note markdown="1"> This property can only be set when `EndpointType` is set to `VPC`.
+    #   <note markdown="1"> While `SecurityGroupIds` appears in the response syntax for
+    #   consistency with `CreateServer` and `UpdateServer` operations, this
+    #   field is not populated in `DescribeServer` responses. Security
+    #   groups are managed at the VPC endpoint level and can be modified
+    #   outside of the Transfer Family service. To retrieve current security
+    #   group information, use the EC2 `DescribeVpcEndpoints` API with the
+    #   `VpcEndpointId` returned in the response.
+    #
+    #    This property can only be set when `EndpointType` is set to `VPC`.
     #
     #    You can edit the `SecurityGroupIds` property in the
     #   [UpdateServer][1] API only if you are changing the `EndpointType`
@@ -4988,6 +5180,11 @@ module Aws::Transfer
     #
     # @!attribute [rw] url
     #   The URL of the partner's AS2 or SFTP endpoint.
+    #
+    #   When creating AS2 connectors or service-managed SFTP connectors
+    #   (connectors without egress configuration), you must provide a URL to
+    #   specify the remote server endpoint. For VPC Lattice type connectors,
+    #   the URL must be null.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedConnector AWS API Documentation
@@ -5424,6 +5621,18 @@ module Aws::Transfer
     #   [Configuring your FTPS server behind a firewall or NAT with Transfer
     #   Family][1].
     #
+    #    Additionally, avoid placing Network Load Balancers (NLBs) or NAT
+    #   gateways in front of Transfer Family servers. This configuration
+    #   increases costs and can cause performance issues. When NLBs or NATs
+    #   are in the communication path, Transfer Family cannot accurately
+    #   recognize client IP addresses, which impacts connection sharding and
+    #   limits FTPS servers to only 300 simultaneous connections instead of
+    #   10,000. If you must use an NLB, use port 21 for health checks and
+    #   enable TLS session resumption by setting `TlsSessionResumptionMode =
+    #   ENFORCED`. For optimal performance, migrate to VPC endpoints with
+    #   Elastic IP addresses instead of using NLBs. For more details, see [
+    #   Avoid placing NLBs and NATs in front of Transfer Family][2].
+    #
     #    </note>
     #
     #   *Special values*
@@ -5447,6 +5656,7 @@ module Aws::Transfer
     #
     #
     #   [1]: http://aws.amazon.com/blogs/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/
+    #   [2]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
     #   @return [String]
     #
     # @!attribute [rw] tls_session_resumption_mode
@@ -5642,7 +5852,11 @@ module Aws::Transfer
     #
     # @!attribute [rw] directory_listing_optimization
     #   Specifies whether or not performance for your Amazon S3 directories
-    #   is optimized. This is disabled by default.
+    #   is optimized.
+    #
+    #   * If using the console, this is enabled by default.
+    #
+    #   * If using the API or CLI, this is disabled by default.
     #
     #   By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
     #   you enable this option, you would then need to explicitly set the
@@ -5770,6 +5984,12 @@ module Aws::Transfer
     #
     #    </note>
     #
+    #   When creating connectors with egress config (VPC\_LATTICE type
+    #   connectors), since host name is not something we can verify, the
+    #   only accepted trusted host key format is `key-type key-body` without
+    #   the host name. For example: `ssh-rsa
+    #   AAAAB3Nza...<long-string-for-public-key>`
+    #
     #   The three standard SSH public key format elements are `<key type>`,
     #   `<body base64>`, and an optional `<comment>`, with spaces between
     #   each element. Specify only the `<key type>` and `<body base64>`: do
@@ -5792,17 +6012,27 @@ module Aws::Transfer
     #
     #   This prints the public host key to standard output.
     #
-    #   `ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key`
+    #   `ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key>`
     #
     #   Copy and paste this string into the `TrustedHostKeys` field for the
     #   `create-connector` command or into the **Trusted host keys** field
     #   in the console.
+    #
+    #   For VPC Lattice type connectors (VPC\_LATTICE), remove the hostname
+    #   from the key and use only the `key-type key-body` format. In this
+    #   example, it should be: `ssh-rsa
+    #   AAAAB3Nza...<long-string-for-public-key>`
     #   @return [Array<String>]
     #
     # @!attribute [rw] max_concurrent_connections
     #   Specify the number of concurrent connections that your connector
-    #   creates to the remote server. The default value is `5` (this is also
-    #   the maximum value allowed).
+    #   creates to the remote server. The default value is `1`. The maximum
+    #   values is `5`.
+    #
+    #   <note markdown="1"> If you are using the Amazon Web Services Management Console, the
+    #   default value is `5`.
+    #
+    #    </note>
     #
     #   This parameter specifies the number of active connections that your
     #   connector can establish with the remote server at the same time.
@@ -6668,12 +6898,42 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # Structure for updating the egress configuration of an existing
+    # connector. Allows modification of how traffic is routed from the
+    # connector to the SFTP server, including VPC\_LATTICE settings.
+    #
+    # @note UpdateConnectorEgressConfig is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @!attribute [rw] vpc_lattice
+    #   VPC\_LATTICE configuration updates for the connector. Use this to
+    #   modify the Resource Configuration ARN or port number for VPC-based
+    #   connectivity.
+    #   @return [Types::UpdateConnectorVpcLatticeEgressConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateConnectorEgressConfig AWS API Documentation
+    #
+    class UpdateConnectorEgressConfig < Struct.new(
+      :vpc_lattice,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class VpcLattice < UpdateConnectorEgressConfig; end
+      class Unknown < UpdateConnectorEgressConfig; end
+    end
+
     # @!attribute [rw] connector_id
     #   The unique identifier for the connector.
     #   @return [String]
     #
     # @!attribute [rw] url
     #   The URL of the partner's AS2 or SFTP endpoint.
+    #
+    #   When creating AS2 connectors or service-managed SFTP connectors
+    #   (connectors without egress configuration), you must provide a URL to
+    #   specify the remote server endpoint. For VPC Lattice type connectors,
+    #   the URL must be null.
     #   @return [String]
     #
     # @!attribute [rw] as_2_config
@@ -6733,6 +6993,12 @@ module Aws::Transfer
     #   Specifies the name of the security policy for the connector.
     #   @return [String]
     #
+    # @!attribute [rw] egress_config
+    #   Updates the egress configuration for the connector, allowing you to
+    #   modify how traffic is routed from the connector to the SFTP server.
+    #   Changes to VPC configuration may require connector restart.
+    #   @return [Types::UpdateConnectorEgressConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateConnectorRequest AWS API Documentation
     #
     class UpdateConnectorRequest < Struct.new(
@@ -6742,7 +7008,8 @@ module Aws::Transfer
       :access_role,
       :logging_role,
       :sftp_config,
-      :security_policy_name)
+      :security_policy_name,
+      :egress_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6760,6 +7027,31 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # VPC\_LATTICE egress configuration updates for modifying how the
+    # connector routes traffic through customer VPCs. Changes to these
+    # settings may require connector restart to take effect.
+    #
+    # @!attribute [rw] resource_configuration_arn
+    #   Updated ARN of the VPC\_LATTICE Resource Configuration. Use this to
+    #   change the target SFTP server location or modify the network path
+    #   through the customer's VPC infrastructure.
+    #   @return [String]
+    #
+    # @!attribute [rw] port_number
+    #   Updated port number for SFTP connections through VPC\_LATTICE.
+    #   Change this if the target SFTP server port has been modified or if
+    #   connecting to a different server endpoint.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateConnectorVpcLatticeEgressConfig AWS API Documentation
+    #
+    class UpdateConnectorVpcLatticeEgressConfig < Struct.new(
+      :resource_configuration_arn,
+      :port_number)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] server_id
     #   The identifier of the server that contains the host key that you are
     #   updating.
@@ -6876,6 +7168,14 @@ module Aws::Transfer
     # @!attribute [rw] protocol_details
     #   The protocol settings that are configured for your server.
     #
+    #   <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
+    #   of Transfer Family servers, as this increases costs and can cause
+    #   performance issues, including reduced connection limits for FTPS.
+    #   For more details, see [ Avoid placing NLBs and NATs in front of
+    #   Transfer Family][1].
+    #
+    #    </note>
+    #
     #   * To indicate passive mode (for FTP and FTPS protocols), use the
     #     `PassiveIp` parameter. Enter a single dotted-quad IPv4 address,
     #     such as the external IP address of a firewall, router, or load
@@ -6897,6 +7197,10 @@ module Aws::Transfer
     #
     #   * `As2Transports` indicates the transport method for the AS2
     #     messages. Currently, only HTTP is supported.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
     #   @return [Types::ProtocolDetails]
     #
     # @!attribute [rw] endpoint_details
@@ -7095,7 +7399,11 @@ module Aws::Transfer
     #
     # @!attribute [rw] s3_storage_options
     #   Specifies whether or not performance for your Amazon S3 directories
-    #   is optimized. This is disabled by default.
+    #   is optimized.
+    #
+    #   * If using the console, this is enabled by default.
+    #
+    #   * If using the API or CLI, this is disabled by default.
     #
     #   By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
     #   you enable this option, you would then need to explicitly set the
@@ -7128,6 +7436,29 @@ module Aws::Transfer
     #   [1]: https://docs.aws.amazon.com/transfer/latest/APIReference/API_EndpointDetails.html
     #   @return [String]
     #
+    # @!attribute [rw] identity_provider_type
+    #   The mode of authentication for a server. The default value is
+    #   `SERVICE_MANAGED`, which allows you to store and access user
+    #   credentials within the Transfer Family service.
+    #
+    #   Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
+    #   groups in Directory Service for Microsoft Active Directory or
+    #   Microsoft Active Directory in your on-premises environment or in
+    #   Amazon Web Services using AD Connector. This option also requires
+    #   you to provide a Directory ID by using the `IdentityProviderDetails`
+    #   parameter.
+    #
+    #   Use the `API_GATEWAY` value to integrate with an identity provider
+    #   of your choosing. The `API_GATEWAY` setting requires you to provide
+    #   an Amazon API Gateway endpoint URL to call for authentication by
+    #   using the `IdentityProviderDetails` parameter.
+    #
+    #   Use the `AWS_LAMBDA` value to directly use an Lambda function as
+    #   your identity provider. If you choose this value, you must specify
+    #   the ARN for the Lambda function in the `Function` parameter for the
+    #   `IdentityProviderDetails` data type.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateServerRequest AWS API Documentation
     #
     class UpdateServerRequest < Struct.new(
@@ -7146,7 +7477,8 @@ module Aws::Transfer
       :workflow_details,
       :structured_log_destinations,
       :s3_storage_options,
-      :ip_address_type)
+      :ip_address_type,
+      :identity_provider_type)
       SENSITIVE = [:host_key]
       include Aws::Structure
     end

data/lib/aws-sdk-transfer.rb

@@ -55,7 +55,7 @@ module Aws::Transfer
   autoload :EndpointProvider, 'aws-sdk-transfer/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-transfer/endpoints'
 
-  GEM_VERSION = '1.124.0'
+  GEM_VERSION = '1.126.0'
 
 end
 

data/sig/client.rbs

@@ -144,7 +144,7 @@ module Aws
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Transfer/Client.html#create_connector-instance_method
       def create_connector: (
-                              url: ::String,
+                              ?url: ::String,
                               ?as_2_config: {
                                 local_profile_id: ::String?,
                                 partner_profile_id: ::String?,
@@ -170,7 +170,13 @@ module Aws
                                 trusted_host_keys: Array[::String]?,
                                 max_concurrent_connections: ::Integer?
                               },
-                              ?security_policy_name: ::String
+                              ?security_policy_name: ::String,
+                              ?egress_config: {
+                                vpc_lattice: {
+                                  resource_configuration_arn: ::String,
+                                  port_number: ::Integer?
+                                }?
+                              }
                             ) -> _CreateConnectorResponseSuccess
                           | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateConnectorResponseSuccess
 
@@ -1116,7 +1122,13 @@ module Aws
                                 trusted_host_keys: Array[::String]?,
                                 max_concurrent_connections: ::Integer?
                               },
-                              ?security_policy_name: ::String
+                              ?security_policy_name: ::String,
+                              ?egress_config: {
+                                vpc_lattice: {
+                                  resource_configuration_arn: ::String?,
+                                  port_number: ::Integer?
+                                }?
+                              }
                             ) -> _UpdateConnectorResponseSuccess
                           | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateConnectorResponseSuccess
 
@@ -1197,7 +1209,8 @@ module Aws
                            ?s3_storage_options: {
                              directory_listing_optimization: ("ENABLED" | "DISABLED")?
                            },
-                           ?ip_address_type: ("IPV4" | "DUALSTACK")
+                           ?ip_address_type: ("IPV4" | "DUALSTACK"),
+                           ?identity_provider_type: ("SERVICE_MANAGED" | "API_GATEWAY" | "AWS_DIRECTORY_SERVICE" | "AWS_LAMBDA")
                          ) -> _UpdateServerResponseSuccess
                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateServerResponseSuccess
 

data/sig/types.rbs

@@ -32,6 +32,17 @@ module Aws::Transfer
       SENSITIVE: []
     end
 
+    class ConnectorEgressConfig
+      attr_accessor vpc_lattice: Types::ConnectorVpcLatticeEgressConfig
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class VpcLattice < ConnectorEgressConfig
+      end
+      class Unknown < ConnectorEgressConfig
+      end
+    end
+
     class ConnectorFileTransferResult
       attr_accessor file_path: ::String
       attr_accessor status_code: ("QUEUED" | "IN_PROGRESS" | "COMPLETED" | "FAILED")
@@ -40,6 +51,12 @@ module Aws::Transfer
       SENSITIVE: []
     end
 
+    class ConnectorVpcLatticeEgressConfig
+      attr_accessor resource_configuration_arn: ::String
+      attr_accessor port_number: ::Integer
+      SENSITIVE: []
+    end
+
     class CopyStepDetails
       attr_accessor name: ::String
       attr_accessor destination_file_location: Types::InputFileLocation
@@ -94,6 +111,7 @@ module Aws::Transfer
       attr_accessor tags: ::Array[Types::Tag]
       attr_accessor sftp_config: Types::SftpConnectorConfig
       attr_accessor security_policy_name: ::String
+      attr_accessor egress_config: Types::ConnectorEgressConfig
       SENSITIVE: []
     end
 
@@ -482,6 +500,27 @@ module Aws::Transfer
       attr_accessor sftp_config: Types::SftpConnectorConfig
       attr_accessor service_managed_egress_ip_addresses: ::Array[::String]
       attr_accessor security_policy_name: ::String
+      attr_accessor egress_config: Types::DescribedConnectorEgressConfig
+      attr_accessor egress_type: ("SERVICE_MANAGED" | "VPC_LATTICE")
+      attr_accessor error_message: ::String
+      attr_accessor status: ("ACTIVE" | "ERRORED" | "PENDING")
+      SENSITIVE: []
+    end
+
+    class DescribedConnectorEgressConfig
+      attr_accessor vpc_lattice: Types::DescribedConnectorVpcLatticeEgressConfig
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class VpcLattice < DescribedConnectorEgressConfig
+      end
+      class Unknown < DescribedConnectorEgressConfig
+      end
+    end
+
+    class DescribedConnectorVpcLatticeEgressConfig
+      attr_accessor resource_configuration_arn: ::String
+      attr_accessor port_number: ::Integer
       SENSITIVE: []
     end
 
@@ -1304,6 +1343,17 @@ module Aws::Transfer
       SENSITIVE: []
     end
 
+    class UpdateConnectorEgressConfig
+      attr_accessor vpc_lattice: Types::UpdateConnectorVpcLatticeEgressConfig
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class VpcLattice < UpdateConnectorEgressConfig
+      end
+      class Unknown < UpdateConnectorEgressConfig
+      end
+    end
+
     class UpdateConnectorRequest
       attr_accessor connector_id: ::String
       attr_accessor url: ::String
@@ -1312,6 +1362,7 @@ module Aws::Transfer
       attr_accessor logging_role: ::String
       attr_accessor sftp_config: Types::SftpConnectorConfig
       attr_accessor security_policy_name: ::String
+      attr_accessor egress_config: Types::UpdateConnectorEgressConfig
       SENSITIVE: []
     end
 
@@ -1320,6 +1371,12 @@ module Aws::Transfer
       SENSITIVE: []
     end
 
+    class UpdateConnectorVpcLatticeEgressConfig
+      attr_accessor resource_configuration_arn: ::String
+      attr_accessor port_number: ::Integer
+      SENSITIVE: []
+    end
+
     class UpdateHostKeyRequest
       attr_accessor server_id: ::String
       attr_accessor host_key_id: ::String
@@ -1361,6 +1418,7 @@ module Aws::Transfer
       attr_accessor structured_log_destinations: ::Array[::String]
       attr_accessor s3_storage_options: Types::S3StorageOptions
       attr_accessor ip_address_type: ("IPV4" | "DUALSTACK")
+      attr_accessor identity_provider_type: ("SERVICE_MANAGED" | "API_GATEWAY" | "AWS_DIRECTORY_SERVICE" | "AWS_LAMBDA")
       SENSITIVE: [:host_key]
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-transfer
 version: !ruby/object:Gem::Version
-  version: 1.124.0
+  version: 1.126.0
 platform: ruby
 authors:
 - Amazon Web Services