aws-sdk-transfer 1.124.0 → 1.126.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b784650660aea0c741744e453d30f592d31daf9854f7d06164e6c566ae994c1
4
- data.tar.gz: 7eeb88821f36911df7452fa7841fbe071c08c3410d3ec5566965d6f27270169f
3
+ metadata.gz: d1df52bc978db54835398b6858546e00ff56afd0da0bda6a085f59431833180c
4
+ data.tar.gz: 83d4351227c5b47abfb2e9f3caa0ab93e18011934d7912ccc33dde3c09287780
5
5
  SHA512:
6
- metadata.gz: 37f21127fc01283dd766f9ebff6b602c03edc029ba0fc53a1d3a91b550ef0fd985a6106b2c06394869e922ed4e51a54822fdfc47383cb54993a8598b1abc6a15
7
- data.tar.gz: d0d01800c0671491c5c1e07ec81e4f18da87560aca068ecaaba92971431482a82ac0830d505abcffb763f6005a63c67c8c776514ff592a5820f7627978e08862
6
+ metadata.gz: 02cd26659b5fc26a6356db28261c3ddcda1f7458cf21c98d36586bfa537ebdcba3e1fcbdc3beb87e0f46b06d9494416d5f7b3796d0addf5ff4108bd6afc99bdd
7
+ data.tar.gz: e4176fb34c01d59c72fe10d3d9f82cdd0a618dcfe6161187ece9acbe9dc6bad0d658e765207e764ba56d6002e785da0c766374e2034f56032b13d3d32762bb9f
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.126.0 (2025-10-14)
5
+ ------------------
6
+
7
+ * Feature - SFTP connectors now support routing connections via customers' VPC. This enables connections to remote servers that are only accessible in a customer's VPC environment, and to servers that are accessible over the internet but need connections coming from an IP address in a customer VPC's CIDR range.
8
+
9
+ 1.125.0 (2025-09-30)
10
+ ------------------
11
+
12
+ * Feature - Add support for updating server identity provider type
13
+
4
14
  1.124.0 (2025-08-26)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.124.0
1
+ 1.126.0
@@ -830,9 +830,14 @@ module Aws::Transfer
830
830
  # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configure-as2-connector.html
831
831
  # [2]: https://docs.aws.amazon.com/transfer/latest/userguide/configure-sftp-connector.html
832
832
  #
833
- # @option params [required, String] :url
833
+ # @option params [String] :url
834
834
  # The URL of the partner's AS2 or SFTP endpoint.
835
835
  #
836
+ # When creating AS2 connectors or service-managed SFTP connectors
837
+ # (connectors without egress configuration), you must provide a URL to
838
+ # specify the remote server endpoint. For VPC Lattice type connectors,
839
+ # the URL must be null.
840
+ #
836
841
  # @option params [Types::As2ConnectorConfig] :as_2_config
837
842
  # A structure that contains the parameters for an AS2 connector object.
838
843
  #
@@ -886,6 +891,12 @@ module Aws::Transfer
886
891
  # @option params [String] :security_policy_name
887
892
  # Specifies the name of the security policy for the connector.
888
893
  #
894
+ # @option params [Types::ConnectorEgressConfig] :egress_config
895
+ # Specifies the egress configuration for the connector, which determines
896
+ # how traffic is routed from the connector to the SFTP server. When set
897
+ # to VPC, enables routing through customer VPCs using VPC\_LATTICE for
898
+ # private connectivity.
899
+ #
889
900
  # @return [Types::CreateConnectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
890
901
  #
891
902
  # * {Types::CreateConnectorResponse#connector_id #connector_id} => String
@@ -893,7 +904,7 @@ module Aws::Transfer
893
904
  # @example Request syntax with placeholder values
894
905
  #
895
906
  # resp = client.create_connector({
896
- # url: "Url", # required
907
+ # url: "Url",
897
908
  # as_2_config: {
898
909
  # local_profile_id: "ProfileId",
899
910
  # partner_profile_id: "ProfileId",
@@ -920,6 +931,12 @@ module Aws::Transfer
920
931
  # max_concurrent_connections: 1,
921
932
  # },
922
933
  # security_policy_name: "ConnectorSecurityPolicyName",
934
+ # egress_config: {
935
+ # vpc_lattice: {
936
+ # resource_configuration_arn: "VpcLatticeResourceConfigurationArn", # required
937
+ # port_number: 1,
938
+ # },
939
+ # },
923
940
  # })
924
941
  #
925
942
  # @example Response structure
@@ -1220,6 +1237,14 @@ module Aws::Transfer
1220
1237
  # @option params [Types::ProtocolDetails] :protocol_details
1221
1238
  # The protocol settings that are configured for your server.
1222
1239
  #
1240
+ # <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
1241
+ # of Transfer Family servers, as this increases costs and can cause
1242
+ # performance issues, including reduced connection limits for FTPS. For
1243
+ # more details, see [ Avoid placing NLBs and NATs in front of Transfer
1244
+ # Family][1].
1245
+ #
1246
+ # </note>
1247
+ #
1223
1248
  # * To indicate passive mode (for FTP and FTPS protocols), use the
1224
1249
  # `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such
1225
1250
  # as the external IP address of a firewall, router, or load balancer.
@@ -1241,6 +1266,10 @@ module Aws::Transfer
1241
1266
  # * `As2Transports` indicates the transport method for the AS2 messages.
1242
1267
  # Currently, only HTTP is supported.
1243
1268
  #
1269
+ #
1270
+ #
1271
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
1272
+ #
1244
1273
  # @option params [String] :security_policy_name
1245
1274
  # Specifies the name of the security policy for the server.
1246
1275
  #
@@ -1278,7 +1307,11 @@ module Aws::Transfer
1278
1307
  #
1279
1308
  # @option params [Types::S3StorageOptions] :s3_storage_options
1280
1309
  # Specifies whether or not performance for your Amazon S3 directories is
1281
- # optimized. This is disabled by default.
1310
+ # optimized.
1311
+ #
1312
+ # * If using the console, this is enabled by default.
1313
+ #
1314
+ # * If using the API or CLI, this is disabled by default.
1282
1315
  #
1283
1316
  # By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
1284
1317
  # you enable this option, you would then need to explicitly set the
@@ -2288,6 +2321,14 @@ module Aws::Transfer
2288
2321
 
2289
2322
  # Describes the certificate that's identified by the `CertificateId`.
2290
2323
  #
2324
+ # <note markdown="1"> Transfer Family automatically publishes a Amazon CloudWatch metric
2325
+ # called `DaysUntilExpiry` for imported certificates. This metric tracks
2326
+ # the number of days until the certificate expires based on the
2327
+ # `InactiveDate`. The metric is available in the `AWS/Transfer`
2328
+ # namespace and includes the `CertificateId` as a dimension.
2329
+ #
2330
+ # </note>
2331
+ #
2291
2332
  # @option params [required, String] :certificate_id
2292
2333
  # An array of identifiers for the imported certificates. You use this
2293
2334
  # identifier for working with profiles and partner profiles.
@@ -2372,6 +2413,11 @@ module Aws::Transfer
2372
2413
  # resp.connector.service_managed_egress_ip_addresses #=> Array
2373
2414
  # resp.connector.service_managed_egress_ip_addresses[0] #=> String
2374
2415
  # resp.connector.security_policy_name #=> String
2416
+ # resp.connector.egress_config.vpc_lattice.resource_configuration_arn #=> String
2417
+ # resp.connector.egress_config.vpc_lattice.port_number #=> Integer
2418
+ # resp.connector.egress_type #=> String, one of "SERVICE_MANAGED", "VPC_LATTICE"
2419
+ # resp.connector.error_message #=> String
2420
+ # resp.connector.status #=> String, one of "ACTIVE", "ERRORED", "PENDING"
2375
2421
  #
2376
2422
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeConnector AWS API Documentation
2377
2423
  #
@@ -2897,11 +2943,33 @@ module Aws::Transfer
2897
2943
  # You can import both the certificate and its chain in the `Certificate`
2898
2944
  # parameter.
2899
2945
  #
2946
+ # After importing a certificate, Transfer Family automatically creates a
2947
+ # Amazon CloudWatch metric called `DaysUntilExpiry` that tracks the
2948
+ # number of days until the certificate expires. The metric is based on
2949
+ # the `InactiveDate` parameter and is published daily in the
2950
+ # `AWS/Transfer` namespace.
2951
+ #
2952
+ # It can take up to a full day after importing a certificate for
2953
+ # Transfer Family to emit the `DaysUntilExpiry` metric to your account.
2954
+ #
2900
2955
  # <note markdown="1"> If you use the `Certificate` parameter to upload both the certificate
2901
2956
  # and its chain, don't use the `CertificateChain` parameter.
2902
2957
  #
2903
2958
  # </note>
2904
2959
  #
2960
+ # **CloudWatch monitoring**
2961
+ #
2962
+ # The `DaysUntilExpiry` metric includes the following specifications:
2963
+ #
2964
+ # * **Units:** Count (days)
2965
+ #
2966
+ # * **Dimensions:** `CertificateId` (always present), `Description` (if
2967
+ # provided during certificate import)
2968
+ #
2969
+ # * **Statistics:** Minimum, Maximum, Average
2970
+ #
2971
+ # * **Frequency:** Published daily
2972
+ #
2905
2973
  # @option params [required, String] :usage
2906
2974
  # Specifies how this certificate is used. It can be used in the
2907
2975
  # following ways:
@@ -4745,6 +4813,11 @@ module Aws::Transfer
4745
4813
  # @option params [String] :url
4746
4814
  # The URL of the partner's AS2 or SFTP endpoint.
4747
4815
  #
4816
+ # When creating AS2 connectors or service-managed SFTP connectors
4817
+ # (connectors without egress configuration), you must provide a URL to
4818
+ # specify the remote server endpoint. For VPC Lattice type connectors,
4819
+ # the URL must be null.
4820
+ #
4748
4821
  # @option params [Types::As2ConnectorConfig] :as_2_config
4749
4822
  # A structure that contains the parameters for an AS2 connector object.
4750
4823
  #
@@ -4794,6 +4867,11 @@ module Aws::Transfer
4794
4867
  # @option params [String] :security_policy_name
4795
4868
  # Specifies the name of the security policy for the connector.
4796
4869
  #
4870
+ # @option params [Types::UpdateConnectorEgressConfig] :egress_config
4871
+ # Updates the egress configuration for the connector, allowing you to
4872
+ # modify how traffic is routed from the connector to the SFTP server.
4873
+ # Changes to VPC configuration may require connector restart.
4874
+ #
4797
4875
  # @return [Types::UpdateConnectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4798
4876
  #
4799
4877
  # * {Types::UpdateConnectorResponse#connector_id #connector_id} => String
@@ -4823,6 +4901,12 @@ module Aws::Transfer
4823
4901
  # max_concurrent_connections: 1,
4824
4902
  # },
4825
4903
  # security_policy_name: "ConnectorSecurityPolicyName",
4904
+ # egress_config: {
4905
+ # vpc_lattice: {
4906
+ # resource_configuration_arn: "VpcLatticeResourceConfigurationArn",
4907
+ # port_number: 1,
4908
+ # },
4909
+ # },
4826
4910
  # })
4827
4911
  #
4828
4912
  # @example Response structure
@@ -4962,6 +5046,14 @@ module Aws::Transfer
4962
5046
  # @option params [Types::ProtocolDetails] :protocol_details
4963
5047
  # The protocol settings that are configured for your server.
4964
5048
  #
5049
+ # <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
5050
+ # of Transfer Family servers, as this increases costs and can cause
5051
+ # performance issues, including reduced connection limits for FTPS. For
5052
+ # more details, see [ Avoid placing NLBs and NATs in front of Transfer
5053
+ # Family][1].
5054
+ #
5055
+ # </note>
5056
+ #
4965
5057
  # * To indicate passive mode (for FTP and FTPS protocols), use the
4966
5058
  # `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such
4967
5059
  # as the external IP address of a firewall, router, or load balancer.
@@ -4983,6 +5075,10 @@ module Aws::Transfer
4983
5075
  # * `As2Transports` indicates the transport method for the AS2 messages.
4984
5076
  # Currently, only HTTP is supported.
4985
5077
  #
5078
+ #
5079
+ #
5080
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
5081
+ #
4986
5082
  # @option params [Types::EndpointDetails] :endpoint_details
4987
5083
  # The virtual private cloud (VPC) endpoint settings that are configured
4988
5084
  # for your server. When you host your endpoint within your VPC, you can
@@ -5167,7 +5263,11 @@ module Aws::Transfer
5167
5263
  #
5168
5264
  # @option params [Types::S3StorageOptions] :s3_storage_options
5169
5265
  # Specifies whether or not performance for your Amazon S3 directories is
5170
- # optimized. This is disabled by default.
5266
+ # optimized.
5267
+ #
5268
+ # * If using the console, this is enabled by default.
5269
+ #
5270
+ # * If using the API or CLI, this is disabled by default.
5171
5271
  #
5172
5272
  # By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
5173
5273
  # you enable this option, you would then need to explicitly set the
@@ -5196,6 +5296,28 @@ module Aws::Transfer
5196
5296
  #
5197
5297
  # [1]: https://docs.aws.amazon.com/transfer/latest/APIReference/API_EndpointDetails.html
5198
5298
  #
5299
+ # @option params [String] :identity_provider_type
5300
+ # The mode of authentication for a server. The default value is
5301
+ # `SERVICE_MANAGED`, which allows you to store and access user
5302
+ # credentials within the Transfer Family service.
5303
+ #
5304
+ # Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
5305
+ # groups in Directory Service for Microsoft Active Directory or
5306
+ # Microsoft Active Directory in your on-premises environment or in
5307
+ # Amazon Web Services using AD Connector. This option also requires you
5308
+ # to provide a Directory ID by using the `IdentityProviderDetails`
5309
+ # parameter.
5310
+ #
5311
+ # Use the `API_GATEWAY` value to integrate with an identity provider of
5312
+ # your choosing. The `API_GATEWAY` setting requires you to provide an
5313
+ # Amazon API Gateway endpoint URL to call for authentication by using
5314
+ # the `IdentityProviderDetails` parameter.
5315
+ #
5316
+ # Use the `AWS_LAMBDA` value to directly use an Lambda function as your
5317
+ # identity provider. If you choose this value, you must specify the ARN
5318
+ # for the Lambda function in the `Function` parameter for the
5319
+ # `IdentityProviderDetails` data type.
5320
+ #
5199
5321
  # @return [Types::UpdateServerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5200
5322
  #
5201
5323
  # * {Types::UpdateServerResponse#server_id #server_id} => String
@@ -5251,6 +5373,7 @@ module Aws::Transfer
5251
5373
  # directory_listing_optimization: "ENABLED", # accepts ENABLED, DISABLED
5252
5374
  # },
5253
5375
  # ip_address_type: "IPV4", # accepts IPV4, DUALSTACK
5376
+ # identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY, AWS_DIRECTORY_SERVICE, AWS_LAMBDA
5254
5377
  # })
5255
5378
  #
5256
5379
  # @example Response structure
@@ -5550,7 +5673,7 @@ module Aws::Transfer
5550
5673
  tracer: tracer
5551
5674
  )
5552
5675
  context[:gem_name] = 'aws-sdk-transfer'
5553
- context[:gem_version] = '1.124.0'
5676
+ context[:gem_version] = '1.126.0'
5554
5677
  Seahorse::Client::Request.new(handlers, context)
5555
5678
  end
5556
5679
 
@@ -38,10 +38,15 @@ module Aws::Transfer
38
38
  CertificateUsageType = Shapes::StringShape.new(name: 'CertificateUsageType')
39
39
  CompressionEnum = Shapes::StringShape.new(name: 'CompressionEnum')
40
40
  ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
41
+ ConnectorEgressConfig = Shapes::UnionShape.new(name: 'ConnectorEgressConfig')
42
+ ConnectorEgressType = Shapes::StringShape.new(name: 'ConnectorEgressType')
43
+ ConnectorErrorMessage = Shapes::StringShape.new(name: 'ConnectorErrorMessage')
41
44
  ConnectorFileTransferResult = Shapes::StructureShape.new(name: 'ConnectorFileTransferResult')
42
45
  ConnectorFileTransferResults = Shapes::ListShape.new(name: 'ConnectorFileTransferResults')
43
46
  ConnectorId = Shapes::StringShape.new(name: 'ConnectorId')
44
47
  ConnectorSecurityPolicyName = Shapes::StringShape.new(name: 'ConnectorSecurityPolicyName')
48
+ ConnectorStatus = Shapes::StringShape.new(name: 'ConnectorStatus')
49
+ ConnectorVpcLatticeEgressConfig = Shapes::StructureShape.new(name: 'ConnectorVpcLatticeEgressConfig')
45
50
  CopyStepDetails = Shapes::StructureShape.new(name: 'CopyStepDetails')
46
51
  CreateAccessRequest = Shapes::StructureShape.new(name: 'CreateAccessRequest')
47
52
  CreateAccessResponse = Shapes::StructureShape.new(name: 'CreateAccessResponse')
@@ -110,6 +115,8 @@ module Aws::Transfer
110
115
  DescribedAgreement = Shapes::StructureShape.new(name: 'DescribedAgreement')
111
116
  DescribedCertificate = Shapes::StructureShape.new(name: 'DescribedCertificate')
112
117
  DescribedConnector = Shapes::StructureShape.new(name: 'DescribedConnector')
118
+ DescribedConnectorEgressConfig = Shapes::UnionShape.new(name: 'DescribedConnectorEgressConfig')
119
+ DescribedConnectorVpcLatticeEgressConfig = Shapes::StructureShape.new(name: 'DescribedConnectorVpcLatticeEgressConfig')
113
120
  DescribedExecution = Shapes::StructureShape.new(name: 'DescribedExecution')
114
121
  DescribedHostKey = Shapes::StructureShape.new(name: 'DescribedHostKey')
115
122
  DescribedIdentityCenterConfig = Shapes::StructureShape.new(name: 'DescribedIdentityCenterConfig')
@@ -302,6 +309,7 @@ module Aws::Transfer
302
309
  SftpConnectorHostKey = Shapes::StringShape.new(name: 'SftpConnectorHostKey')
303
310
  SftpConnectorTrustedHostKey = Shapes::StringShape.new(name: 'SftpConnectorTrustedHostKey')
304
311
  SftpConnectorTrustedHostKeyList = Shapes::ListShape.new(name: 'SftpConnectorTrustedHostKeyList')
312
+ SftpPort = Shapes::IntegerShape.new(name: 'SftpPort')
305
313
  SigningAlg = Shapes::StringShape.new(name: 'SigningAlg')
306
314
  SourceFileLocation = Shapes::StringShape.new(name: 'SourceFileLocation')
307
315
  SourceIp = Shapes::StringShape.new(name: 'SourceIp')
@@ -349,8 +357,10 @@ module Aws::Transfer
349
357
  UpdateAgreementResponse = Shapes::StructureShape.new(name: 'UpdateAgreementResponse')
350
358
  UpdateCertificateRequest = Shapes::StructureShape.new(name: 'UpdateCertificateRequest')
351
359
  UpdateCertificateResponse = Shapes::StructureShape.new(name: 'UpdateCertificateResponse')
360
+ UpdateConnectorEgressConfig = Shapes::UnionShape.new(name: 'UpdateConnectorEgressConfig')
352
361
  UpdateConnectorRequest = Shapes::StructureShape.new(name: 'UpdateConnectorRequest')
353
362
  UpdateConnectorResponse = Shapes::StructureShape.new(name: 'UpdateConnectorResponse')
363
+ UpdateConnectorVpcLatticeEgressConfig = Shapes::StructureShape.new(name: 'UpdateConnectorVpcLatticeEgressConfig')
354
364
  UpdateHostKeyRequest = Shapes::StructureShape.new(name: 'UpdateHostKeyRequest')
355
365
  UpdateHostKeyResponse = Shapes::StructureShape.new(name: 'UpdateHostKeyResponse')
356
366
  UpdateProfileRequest = Shapes::StructureShape.new(name: 'UpdateProfileRequest')
@@ -372,6 +382,7 @@ module Aws::Transfer
372
382
  UserPassword = Shapes::StringShape.new(name: 'UserPassword')
373
383
  VpcEndpointId = Shapes::StringShape.new(name: 'VpcEndpointId')
374
384
  VpcId = Shapes::StringShape.new(name: 'VpcId')
385
+ VpcLatticeResourceConfigurationArn = Shapes::StringShape.new(name: 'VpcLatticeResourceConfigurationArn')
375
386
  WebAppAccessEndpoint = Shapes::StringShape.new(name: 'WebAppAccessEndpoint')
376
387
  WebAppEndpoint = Shapes::StringShape.new(name: 'WebAppEndpoint')
377
388
  WebAppEndpointPolicy = Shapes::StringShape.new(name: 'WebAppEndpointPolicy')
@@ -415,6 +426,12 @@ module Aws::Transfer
415
426
  ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
416
427
  ConflictException.struct_class = Types::ConflictException
417
428
 
429
+ ConnectorEgressConfig.add_member(:vpc_lattice, Shapes::ShapeRef.new(shape: ConnectorVpcLatticeEgressConfig, location_name: "VpcLattice"))
430
+ ConnectorEgressConfig.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
431
+ ConnectorEgressConfig.add_member_subclass(:vpc_lattice, Types::ConnectorEgressConfig::VpcLattice)
432
+ ConnectorEgressConfig.add_member_subclass(:unknown, Types::ConnectorEgressConfig::Unknown)
433
+ ConnectorEgressConfig.struct_class = Types::ConnectorEgressConfig
434
+
418
435
  ConnectorFileTransferResult.add_member(:file_path, Shapes::ShapeRef.new(shape: FilePath, required: true, location_name: "FilePath"))
419
436
  ConnectorFileTransferResult.add_member(:status_code, Shapes::ShapeRef.new(shape: TransferTableStatus, required: true, location_name: "StatusCode"))
420
437
  ConnectorFileTransferResult.add_member(:failure_code, Shapes::ShapeRef.new(shape: FailureCode, location_name: "FailureCode"))
@@ -423,6 +440,10 @@ module Aws::Transfer
423
440
 
424
441
  ConnectorFileTransferResults.member = Shapes::ShapeRef.new(shape: ConnectorFileTransferResult)
425
442
 
443
+ ConnectorVpcLatticeEgressConfig.add_member(:resource_configuration_arn, Shapes::ShapeRef.new(shape: VpcLatticeResourceConfigurationArn, required: true, location_name: "ResourceConfigurationArn"))
444
+ ConnectorVpcLatticeEgressConfig.add_member(:port_number, Shapes::ShapeRef.new(shape: SftpPort, location_name: "PortNumber"))
445
+ ConnectorVpcLatticeEgressConfig.struct_class = Types::ConnectorVpcLatticeEgressConfig
446
+
426
447
  CopyStepDetails.add_member(:name, Shapes::ShapeRef.new(shape: WorkflowStepName, location_name: "Name"))
427
448
  CopyStepDetails.add_member(:destination_file_location, Shapes::ShapeRef.new(shape: InputFileLocation, location_name: "DestinationFileLocation"))
428
449
  CopyStepDetails.add_member(:overwrite_existing, Shapes::ShapeRef.new(shape: OverwriteExisting, location_name: "OverwriteExisting"))
@@ -459,13 +480,14 @@ module Aws::Transfer
459
480
  CreateAgreementResponse.add_member(:agreement_id, Shapes::ShapeRef.new(shape: AgreementId, required: true, location_name: "AgreementId"))
460
481
  CreateAgreementResponse.struct_class = Types::CreateAgreementResponse
461
482
 
462
- CreateConnectorRequest.add_member(:url, Shapes::ShapeRef.new(shape: Url, required: true, location_name: "Url"))
483
+ CreateConnectorRequest.add_member(:url, Shapes::ShapeRef.new(shape: Url, location_name: "Url"))
463
484
  CreateConnectorRequest.add_member(:as_2_config, Shapes::ShapeRef.new(shape: As2ConnectorConfig, location_name: "As2Config"))
464
485
  CreateConnectorRequest.add_member(:access_role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "AccessRole"))
465
486
  CreateConnectorRequest.add_member(:logging_role, Shapes::ShapeRef.new(shape: Role, location_name: "LoggingRole"))
466
487
  CreateConnectorRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
467
488
  CreateConnectorRequest.add_member(:sftp_config, Shapes::ShapeRef.new(shape: SftpConnectorConfig, location_name: "SftpConfig"))
468
489
  CreateConnectorRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: ConnectorSecurityPolicyName, location_name: "SecurityPolicyName"))
490
+ CreateConnectorRequest.add_member(:egress_config, Shapes::ShapeRef.new(shape: ConnectorEgressConfig, location_name: "EgressConfig"))
469
491
  CreateConnectorRequest.struct_class = Types::CreateConnectorRequest
470
492
 
471
493
  CreateConnectorResponse.add_member(:connector_id, Shapes::ShapeRef.new(shape: ConnectorId, required: true, location_name: "ConnectorId"))
@@ -740,8 +762,22 @@ module Aws::Transfer
740
762
  DescribedConnector.add_member(:sftp_config, Shapes::ShapeRef.new(shape: SftpConnectorConfig, location_name: "SftpConfig"))
741
763
  DescribedConnector.add_member(:service_managed_egress_ip_addresses, Shapes::ShapeRef.new(shape: ServiceManagedEgressIpAddresses, location_name: "ServiceManagedEgressIpAddresses"))
742
764
  DescribedConnector.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: ConnectorSecurityPolicyName, location_name: "SecurityPolicyName"))
765
+ DescribedConnector.add_member(:egress_config, Shapes::ShapeRef.new(shape: DescribedConnectorEgressConfig, location_name: "EgressConfig"))
766
+ DescribedConnector.add_member(:egress_type, Shapes::ShapeRef.new(shape: ConnectorEgressType, required: true, location_name: "EgressType"))
767
+ DescribedConnector.add_member(:error_message, Shapes::ShapeRef.new(shape: ConnectorErrorMessage, location_name: "ErrorMessage"))
768
+ DescribedConnector.add_member(:status, Shapes::ShapeRef.new(shape: ConnectorStatus, required: true, location_name: "Status"))
743
769
  DescribedConnector.struct_class = Types::DescribedConnector
744
770
 
771
+ DescribedConnectorEgressConfig.add_member(:vpc_lattice, Shapes::ShapeRef.new(shape: DescribedConnectorVpcLatticeEgressConfig, location_name: "VpcLattice"))
772
+ DescribedConnectorEgressConfig.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
773
+ DescribedConnectorEgressConfig.add_member_subclass(:vpc_lattice, Types::DescribedConnectorEgressConfig::VpcLattice)
774
+ DescribedConnectorEgressConfig.add_member_subclass(:unknown, Types::DescribedConnectorEgressConfig::Unknown)
775
+ DescribedConnectorEgressConfig.struct_class = Types::DescribedConnectorEgressConfig
776
+
777
+ DescribedConnectorVpcLatticeEgressConfig.add_member(:resource_configuration_arn, Shapes::ShapeRef.new(shape: VpcLatticeResourceConfigurationArn, required: true, location_name: "ResourceConfigurationArn"))
778
+ DescribedConnectorVpcLatticeEgressConfig.add_member(:port_number, Shapes::ShapeRef.new(shape: SftpPort, location_name: "PortNumber"))
779
+ DescribedConnectorVpcLatticeEgressConfig.struct_class = Types::DescribedConnectorVpcLatticeEgressConfig
780
+
745
781
  DescribedExecution.add_member(:execution_id, Shapes::ShapeRef.new(shape: ExecutionId, location_name: "ExecutionId"))
746
782
  DescribedExecution.add_member(:initial_file_location, Shapes::ShapeRef.new(shape: FileLocation, location_name: "InitialFileLocation"))
747
783
  DescribedExecution.add_member(:service_metadata, Shapes::ShapeRef.new(shape: ServiceMetadata, location_name: "ServiceMetadata"))
@@ -1399,6 +1435,12 @@ module Aws::Transfer
1399
1435
  UpdateCertificateResponse.add_member(:certificate_id, Shapes::ShapeRef.new(shape: CertificateId, required: true, location_name: "CertificateId"))
1400
1436
  UpdateCertificateResponse.struct_class = Types::UpdateCertificateResponse
1401
1437
 
1438
+ UpdateConnectorEgressConfig.add_member(:vpc_lattice, Shapes::ShapeRef.new(shape: UpdateConnectorVpcLatticeEgressConfig, location_name: "VpcLattice"))
1439
+ UpdateConnectorEgressConfig.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
1440
+ UpdateConnectorEgressConfig.add_member_subclass(:vpc_lattice, Types::UpdateConnectorEgressConfig::VpcLattice)
1441
+ UpdateConnectorEgressConfig.add_member_subclass(:unknown, Types::UpdateConnectorEgressConfig::Unknown)
1442
+ UpdateConnectorEgressConfig.struct_class = Types::UpdateConnectorEgressConfig
1443
+
1402
1444
  UpdateConnectorRequest.add_member(:connector_id, Shapes::ShapeRef.new(shape: ConnectorId, required: true, location_name: "ConnectorId"))
1403
1445
  UpdateConnectorRequest.add_member(:url, Shapes::ShapeRef.new(shape: Url, location_name: "Url"))
1404
1446
  UpdateConnectorRequest.add_member(:as_2_config, Shapes::ShapeRef.new(shape: As2ConnectorConfig, location_name: "As2Config"))
@@ -1406,11 +1448,16 @@ module Aws::Transfer
1406
1448
  UpdateConnectorRequest.add_member(:logging_role, Shapes::ShapeRef.new(shape: Role, location_name: "LoggingRole"))
1407
1449
  UpdateConnectorRequest.add_member(:sftp_config, Shapes::ShapeRef.new(shape: SftpConnectorConfig, location_name: "SftpConfig"))
1408
1450
  UpdateConnectorRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: ConnectorSecurityPolicyName, location_name: "SecurityPolicyName"))
1451
+ UpdateConnectorRequest.add_member(:egress_config, Shapes::ShapeRef.new(shape: UpdateConnectorEgressConfig, location_name: "EgressConfig"))
1409
1452
  UpdateConnectorRequest.struct_class = Types::UpdateConnectorRequest
1410
1453
 
1411
1454
  UpdateConnectorResponse.add_member(:connector_id, Shapes::ShapeRef.new(shape: ConnectorId, required: true, location_name: "ConnectorId"))
1412
1455
  UpdateConnectorResponse.struct_class = Types::UpdateConnectorResponse
1413
1456
 
1457
+ UpdateConnectorVpcLatticeEgressConfig.add_member(:resource_configuration_arn, Shapes::ShapeRef.new(shape: VpcLatticeResourceConfigurationArn, location_name: "ResourceConfigurationArn"))
1458
+ UpdateConnectorVpcLatticeEgressConfig.add_member(:port_number, Shapes::ShapeRef.new(shape: SftpPort, location_name: "PortNumber"))
1459
+ UpdateConnectorVpcLatticeEgressConfig.struct_class = Types::UpdateConnectorVpcLatticeEgressConfig
1460
+
1414
1461
  UpdateHostKeyRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
1415
1462
  UpdateHostKeyRequest.add_member(:host_key_id, Shapes::ShapeRef.new(shape: HostKeyId, required: true, location_name: "HostKeyId"))
1416
1463
  UpdateHostKeyRequest.add_member(:description, Shapes::ShapeRef.new(shape: HostKeyDescription, required: true, location_name: "Description"))
@@ -1443,6 +1490,7 @@ module Aws::Transfer
1443
1490
  UpdateServerRequest.add_member(:structured_log_destinations, Shapes::ShapeRef.new(shape: StructuredLogDestinations, location_name: "StructuredLogDestinations"))
1444
1491
  UpdateServerRequest.add_member(:s3_storage_options, Shapes::ShapeRef.new(shape: S3StorageOptions, location_name: "S3StorageOptions"))
1445
1492
  UpdateServerRequest.add_member(:ip_address_type, Shapes::ShapeRef.new(shape: IpAddressType, location_name: "IpAddressType"))
1493
+ UpdateServerRequest.add_member(:identity_provider_type, Shapes::ShapeRef.new(shape: IdentityProviderType, location_name: "IdentityProviderType"))
1446
1494
  UpdateServerRequest.struct_class = Types::UpdateServerRequest
1447
1495
 
1448
1496
  UpdateServerResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
@@ -13,22 +13,22 @@ module Aws::Transfer
13
13
  # @!attribute region
14
14
  # The AWS region used to dispatch the request.
15
15
  #
16
- # @return [String]
16
+ # @return [string]
17
17
  #
18
18
  # @!attribute use_dual_stack
19
19
  # When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
20
20
  #
21
- # @return [Boolean]
21
+ # @return [boolean]
22
22
  #
23
23
  # @!attribute use_fips
24
24
  # When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
25
25
  #
26
- # @return [Boolean]
26
+ # @return [boolean]
27
27
  #
28
28
  # @!attribute endpoint
29
29
  # Override the endpoint used to send this request
30
30
  #
31
- # @return [String]
31
+ # @return [string]
32
32
  #
33
33
  EndpointParameters = Struct.new(
34
34
  :region,
@@ -159,6 +159,32 @@ module Aws::Transfer
159
159
  include Aws::Structure
160
160
  end
161
161
 
162
+ # Configuration structure that defines how traffic is routed from the
163
+ # connector to the SFTP server. Contains VPC Lattice settings when using
164
+ # VPC\_LATTICE egress type for private connectivity through customer
165
+ # VPCs.
166
+ #
167
+ # @note ConnectorEgressConfig is a union - when making an API calls you must set exactly one of the members.
168
+ #
169
+ # @!attribute [rw] vpc_lattice
170
+ # VPC\_LATTICE configuration for routing connector traffic through
171
+ # customer VPCs. Enables private connectivity to SFTP servers without
172
+ # requiring public internet access or complex network configurations.
173
+ # @return [Types::ConnectorVpcLatticeEgressConfig]
174
+ #
175
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ConnectorEgressConfig AWS API Documentation
176
+ #
177
+ class ConnectorEgressConfig < Struct.new(
178
+ :vpc_lattice,
179
+ :unknown)
180
+ SENSITIVE = []
181
+ include Aws::Structure
182
+ include Aws::Structure::Union
183
+
184
+ class VpcLattice < ConnectorEgressConfig; end
185
+ class Unknown < ConnectorEgressConfig; end
186
+ end
187
+
162
188
  # A structure that contains the details for files transferred using an
163
189
  # SFTP connector, during a single transfer.
164
190
  #
@@ -192,6 +218,33 @@ module Aws::Transfer
192
218
  include Aws::Structure
193
219
  end
194
220
 
221
+ # VPC\_LATTICE egress configuration that specifies the Resource
222
+ # Configuration ARN and port for connecting to SFTP servers through
223
+ # customer VPCs. Requires a valid Resource Configuration with
224
+ # appropriate network access.
225
+ #
226
+ # @!attribute [rw] resource_configuration_arn
227
+ # ARN of the VPC\_LATTICE Resource Configuration that defines the
228
+ # target SFTP server location. Must point to a valid Resource
229
+ # Configuration in the customer's VPC with appropriate network
230
+ # connectivity to the SFTP server.
231
+ # @return [String]
232
+ #
233
+ # @!attribute [rw] port_number
234
+ # Port number for connecting to the SFTP server through VPC\_LATTICE.
235
+ # Defaults to 22 if not specified. Must match the port on which the
236
+ # target SFTP server is listening.
237
+ # @return [Integer]
238
+ #
239
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ConnectorVpcLatticeEgressConfig AWS API Documentation
240
+ #
241
+ class ConnectorVpcLatticeEgressConfig < Struct.new(
242
+ :resource_configuration_arn,
243
+ :port_number)
244
+ SENSITIVE = []
245
+ include Aws::Structure
246
+ end
247
+
195
248
  # Each step type has its own `StepDetails` structure.
196
249
  #
197
250
  # @!attribute [rw] name
@@ -567,6 +620,11 @@ module Aws::Transfer
567
620
 
568
621
  # @!attribute [rw] url
569
622
  # The URL of the partner's AS2 or SFTP endpoint.
623
+ #
624
+ # When creating AS2 connectors or service-managed SFTP connectors
625
+ # (connectors without egress configuration), you must provide a URL to
626
+ # specify the remote server endpoint. For VPC Lattice type connectors,
627
+ # the URL must be null.
570
628
  # @return [String]
571
629
  #
572
630
  # @!attribute [rw] as_2_config
@@ -631,6 +689,13 @@ module Aws::Transfer
631
689
  # Specifies the name of the security policy for the connector.
632
690
  # @return [String]
633
691
  #
692
+ # @!attribute [rw] egress_config
693
+ # Specifies the egress configuration for the connector, which
694
+ # determines how traffic is routed from the connector to the SFTP
695
+ # server. When set to VPC, enables routing through customer VPCs using
696
+ # VPC\_LATTICE for private connectivity.
697
+ # @return [Types::ConnectorEgressConfig]
698
+ #
634
699
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateConnectorRequest AWS API Documentation
635
700
  #
636
701
  class CreateConnectorRequest < Struct.new(
@@ -640,7 +705,8 @@ module Aws::Transfer
640
705
  :logging_role,
641
706
  :tags,
642
707
  :sftp_config,
643
- :security_policy_name)
708
+ :security_policy_name,
709
+ :egress_config)
644
710
  SENSITIVE = []
645
711
  include Aws::Structure
646
712
  end
@@ -944,6 +1010,14 @@ module Aws::Transfer
944
1010
  # @!attribute [rw] protocol_details
945
1011
  # The protocol settings that are configured for your server.
946
1012
  #
1013
+ # <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
1014
+ # of Transfer Family servers, as this increases costs and can cause
1015
+ # performance issues, including reduced connection limits for FTPS.
1016
+ # For more details, see [ Avoid placing NLBs and NATs in front of
1017
+ # Transfer Family][1].
1018
+ #
1019
+ # </note>
1020
+ #
947
1021
  # * To indicate passive mode (for FTP and FTPS protocols), use the
948
1022
  # `PassiveIp` parameter. Enter a single dotted-quad IPv4 address,
949
1023
  # such as the external IP address of a firewall, router, or load
@@ -965,6 +1039,10 @@ module Aws::Transfer
965
1039
  #
966
1040
  # * `As2Transports` indicates the transport method for the AS2
967
1041
  # messages. Currently, only HTTP is supported.
1042
+ #
1043
+ #
1044
+ #
1045
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
968
1046
  # @return [Types::ProtocolDetails]
969
1047
  #
970
1048
  # @!attribute [rw] security_policy_name
@@ -1008,7 +1086,11 @@ module Aws::Transfer
1008
1086
  #
1009
1087
  # @!attribute [rw] s3_storage_options
1010
1088
  # Specifies whether or not performance for your Amazon S3 directories
1011
- # is optimized. This is disabled by default.
1089
+ # is optimized.
1090
+ #
1091
+ # * If using the console, this is enabled by default.
1092
+ #
1093
+ # * If using the API or CLI, this is disabled by default.
1012
1094
  #
1013
1095
  # By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
1014
1096
  # you enable this option, you would then need to explicitly set the
@@ -2514,6 +2596,11 @@ module Aws::Transfer
2514
2596
  #
2515
2597
  # @!attribute [rw] url
2516
2598
  # The URL of the partner's AS2 or SFTP endpoint.
2599
+ #
2600
+ # When creating AS2 connectors or service-managed SFTP connectors
2601
+ # (connectors without egress configuration), you must provide a URL to
2602
+ # specify the remote server endpoint. For VPC Lattice type connectors,
2603
+ # the URL must be null.
2517
2604
  # @return [String]
2518
2605
  #
2519
2606
  # @!attribute [rw] as_2_config
@@ -2582,6 +2669,33 @@ module Aws::Transfer
2582
2669
  # The text name of the security policy for the specified connector.
2583
2670
  # @return [String]
2584
2671
  #
2672
+ # @!attribute [rw] egress_config
2673
+ # Current egress configuration of the connector, showing how traffic
2674
+ # is routed to the SFTP server. Contains VPC Lattice settings when
2675
+ # using VPC\_LATTICE egress type.
2676
+ #
2677
+ # When using the VPC\_LATTICE egress type, Transfer Family uses a
2678
+ # managed Service Network to simplify the resource sharing process.
2679
+ # @return [Types::DescribedConnectorEgressConfig]
2680
+ #
2681
+ # @!attribute [rw] egress_type
2682
+ # Type of egress configuration for the connector. SERVICE\_MANAGED
2683
+ # uses Transfer Family managed NAT gateways, while VPC\_LATTICE routes
2684
+ # traffic through customer VPCs using VPC Lattice.
2685
+ # @return [String]
2686
+ #
2687
+ # @!attribute [rw] error_message
2688
+ # Error message providing details when the connector is in ERRORED
2689
+ # status. Contains information to help troubleshoot connector creation
2690
+ # or operation failures.
2691
+ # @return [String]
2692
+ #
2693
+ # @!attribute [rw] status
2694
+ # Current status of the connector. PENDING indicates creation/update
2695
+ # in progress, ACTIVE means ready for operations, and ERRORED
2696
+ # indicates a failure requiring attention.
2697
+ # @return [String]
2698
+ #
2585
2699
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedConnector AWS API Documentation
2586
2700
  #
2587
2701
  class DescribedConnector < Struct.new(
@@ -2594,7 +2708,61 @@ module Aws::Transfer
2594
2708
  :tags,
2595
2709
  :sftp_config,
2596
2710
  :service_managed_egress_ip_addresses,
2597
- :security_policy_name)
2711
+ :security_policy_name,
2712
+ :egress_config,
2713
+ :egress_type,
2714
+ :error_message,
2715
+ :status)
2716
+ SENSITIVE = []
2717
+ include Aws::Structure
2718
+ end
2719
+
2720
+ # Response structure containing the current egress configuration details
2721
+ # for the connector. Shows how traffic is currently routed from the
2722
+ # connector to the SFTP server.
2723
+ #
2724
+ # @note DescribedConnectorEgressConfig is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of DescribedConnectorEgressConfig corresponding to the set member.
2725
+ #
2726
+ # @!attribute [rw] vpc_lattice
2727
+ # VPC\_LATTICE configuration details in the response, showing the
2728
+ # current Resource Configuration ARN and port settings for VPC-based
2729
+ # connectivity.
2730
+ # @return [Types::DescribedConnectorVpcLatticeEgressConfig]
2731
+ #
2732
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedConnectorEgressConfig AWS API Documentation
2733
+ #
2734
+ class DescribedConnectorEgressConfig < Struct.new(
2735
+ :vpc_lattice,
2736
+ :unknown)
2737
+ SENSITIVE = []
2738
+ include Aws::Structure
2739
+ include Aws::Structure::Union
2740
+
2741
+ class VpcLattice < DescribedConnectorEgressConfig; end
2742
+ class Unknown < DescribedConnectorEgressConfig; end
2743
+ end
2744
+
2745
+ # VPC\_LATTICE egress configuration details in the response, containing
2746
+ # the Resource Configuration ARN and port number currently configured
2747
+ # for the connector.
2748
+ #
2749
+ # @!attribute [rw] resource_configuration_arn
2750
+ # ARN of the VPC\_LATTICE Resource Configuration currently used by the
2751
+ # connector. This Resource Configuration defines the network path to
2752
+ # the SFTP server through the customer's VPC.
2753
+ # @return [String]
2754
+ #
2755
+ # @!attribute [rw] port_number
2756
+ # Port number currently configured for SFTP connections through
2757
+ # VPC\_LATTICE. Shows the port on which the connector attempts to
2758
+ # connect to the target SFTP server.
2759
+ # @return [Integer]
2760
+ #
2761
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedConnectorVpcLatticeEgressConfig AWS API Documentation
2762
+ #
2763
+ class DescribedConnectorVpcLatticeEgressConfig < Struct.new(
2764
+ :resource_configuration_arn,
2765
+ :port_number)
2598
2766
  SENSITIVE = []
2599
2767
  include Aws::Structure
2600
2768
  end
@@ -2893,6 +3061,14 @@ module Aws::Transfer
2893
3061
  # @!attribute [rw] protocol_details
2894
3062
  # The protocol settings that are configured for your server.
2895
3063
  #
3064
+ # <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
3065
+ # of Transfer Family servers, as this increases costs and can cause
3066
+ # performance issues, including reduced connection limits for FTPS.
3067
+ # For more details, see [ Avoid placing NLBs and NATs in front of
3068
+ # Transfer Family][1].
3069
+ #
3070
+ # </note>
3071
+ #
2896
3072
  # * To indicate passive mode (for FTP and FTPS protocols), use the
2897
3073
  # `PassiveIp` parameter. Enter a single dotted-quad IPv4 address,
2898
3074
  # such as the external IP address of a firewall, router, or load
@@ -2914,6 +3090,10 @@ module Aws::Transfer
2914
3090
  #
2915
3091
  # * `As2Transports` indicates the transport method for the AS2
2916
3092
  # messages. Currently, only HTTP is supported.
3093
+ #
3094
+ #
3095
+ #
3096
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
2917
3097
  # @return [Types::ProtocolDetails]
2918
3098
  #
2919
3099
  # @!attribute [rw] domain
@@ -3103,7 +3283,11 @@ module Aws::Transfer
3103
3283
  #
3104
3284
  # @!attribute [rw] s3_storage_options
3105
3285
  # Specifies whether or not performance for your Amazon S3 directories
3106
- # is optimized. This is disabled by default.
3286
+ # is optimized.
3287
+ #
3288
+ # * If using the console, this is enabled by default.
3289
+ #
3290
+ # * If using the API or CLI, this is disabled by default.
3107
3291
  #
3108
3292
  # By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
3109
3293
  # you enable this option, you would then need to explicitly set the
@@ -3589,7 +3773,15 @@ module Aws::Transfer
3589
3773
  # A list of security groups IDs that are available to attach to your
3590
3774
  # server's endpoint.
3591
3775
  #
3592
- # <note markdown="1"> This property can only be set when `EndpointType` is set to `VPC`.
3776
+ # <note markdown="1"> While `SecurityGroupIds` appears in the response syntax for
3777
+ # consistency with `CreateServer` and `UpdateServer` operations, this
3778
+ # field is not populated in `DescribeServer` responses. Security
3779
+ # groups are managed at the VPC endpoint level and can be modified
3780
+ # outside of the Transfer Family service. To retrieve current security
3781
+ # group information, use the EC2 `DescribeVpcEndpoints` API with the
3782
+ # `VpcEndpointId` returned in the response.
3783
+ #
3784
+ # This property can only be set when `EndpointType` is set to `VPC`.
3593
3785
  #
3594
3786
  # You can edit the `SecurityGroupIds` property in the
3595
3787
  # [UpdateServer][1] API only if you are changing the `EndpointType`
@@ -4988,6 +5180,11 @@ module Aws::Transfer
4988
5180
  #
4989
5181
  # @!attribute [rw] url
4990
5182
  # The URL of the partner's AS2 or SFTP endpoint.
5183
+ #
5184
+ # When creating AS2 connectors or service-managed SFTP connectors
5185
+ # (connectors without egress configuration), you must provide a URL to
5186
+ # specify the remote server endpoint. For VPC Lattice type connectors,
5187
+ # the URL must be null.
4991
5188
  # @return [String]
4992
5189
  #
4993
5190
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedConnector AWS API Documentation
@@ -5424,6 +5621,18 @@ module Aws::Transfer
5424
5621
  # [Configuring your FTPS server behind a firewall or NAT with Transfer
5425
5622
  # Family][1].
5426
5623
  #
5624
+ # Additionally, avoid placing Network Load Balancers (NLBs) or NAT
5625
+ # gateways in front of Transfer Family servers. This configuration
5626
+ # increases costs and can cause performance issues. When NLBs or NATs
5627
+ # are in the communication path, Transfer Family cannot accurately
5628
+ # recognize client IP addresses, which impacts connection sharding and
5629
+ # limits FTPS servers to only 300 simultaneous connections instead of
5630
+ # 10,000. If you must use an NLB, use port 21 for health checks and
5631
+ # enable TLS session resumption by setting `TlsSessionResumptionMode =
5632
+ # ENFORCED`. For optimal performance, migrate to VPC endpoints with
5633
+ # Elastic IP addresses instead of using NLBs. For more details, see [
5634
+ # Avoid placing NLBs and NATs in front of Transfer Family][2].
5635
+ #
5427
5636
  # </note>
5428
5637
  #
5429
5638
  # *Special values*
@@ -5447,6 +5656,7 @@ module Aws::Transfer
5447
5656
  #
5448
5657
  #
5449
5658
  # [1]: http://aws.amazon.com/blogs/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/
5659
+ # [2]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
5450
5660
  # @return [String]
5451
5661
  #
5452
5662
  # @!attribute [rw] tls_session_resumption_mode
@@ -5642,7 +5852,11 @@ module Aws::Transfer
5642
5852
  #
5643
5853
  # @!attribute [rw] directory_listing_optimization
5644
5854
  # Specifies whether or not performance for your Amazon S3 directories
5645
- # is optimized. This is disabled by default.
5855
+ # is optimized.
5856
+ #
5857
+ # * If using the console, this is enabled by default.
5858
+ #
5859
+ # * If using the API or CLI, this is disabled by default.
5646
5860
  #
5647
5861
  # By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
5648
5862
  # you enable this option, you would then need to explicitly set the
@@ -5770,6 +5984,12 @@ module Aws::Transfer
5770
5984
  #
5771
5985
  # </note>
5772
5986
  #
5987
+ # When creating connectors with egress config (VPC\_LATTICE type
5988
+ # connectors), since host name is not something we can verify, the
5989
+ # only accepted trusted host key format is `key-type key-body` without
5990
+ # the host name. For example: `ssh-rsa
5991
+ # AAAAB3Nza...<long-string-for-public-key>`
5992
+ #
5773
5993
  # The three standard SSH public key format elements are `<key type>`,
5774
5994
  # `<body base64>`, and an optional `<comment>`, with spaces between
5775
5995
  # each element. Specify only the `<key type>` and `<body base64>`: do
@@ -5792,17 +6012,27 @@ module Aws::Transfer
5792
6012
  #
5793
6013
  # This prints the public host key to standard output.
5794
6014
  #
5795
- # `ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key`
6015
+ # `ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key>`
5796
6016
  #
5797
6017
  # Copy and paste this string into the `TrustedHostKeys` field for the
5798
6018
  # `create-connector` command or into the **Trusted host keys** field
5799
6019
  # in the console.
6020
+ #
6021
+ # For VPC Lattice type connectors (VPC\_LATTICE), remove the hostname
6022
+ # from the key and use only the `key-type key-body` format. In this
6023
+ # example, it should be: `ssh-rsa
6024
+ # AAAAB3Nza...<long-string-for-public-key>`
5800
6025
  # @return [Array<String>]
5801
6026
  #
5802
6027
  # @!attribute [rw] max_concurrent_connections
5803
6028
  # Specify the number of concurrent connections that your connector
5804
- # creates to the remote server. The default value is `5` (this is also
5805
- # the maximum value allowed).
6029
+ # creates to the remote server. The default value is `1`. The maximum
6030
+ # values is `5`.
6031
+ #
6032
+ # <note markdown="1"> If you are using the Amazon Web Services Management Console, the
6033
+ # default value is `5`.
6034
+ #
6035
+ # </note>
5806
6036
  #
5807
6037
  # This parameter specifies the number of active connections that your
5808
6038
  # connector can establish with the remote server at the same time.
@@ -6668,12 +6898,42 @@ module Aws::Transfer
6668
6898
  include Aws::Structure
6669
6899
  end
6670
6900
 
6901
+ # Structure for updating the egress configuration of an existing
6902
+ # connector. Allows modification of how traffic is routed from the
6903
+ # connector to the SFTP server, including VPC\_LATTICE settings.
6904
+ #
6905
+ # @note UpdateConnectorEgressConfig is a union - when making an API calls you must set exactly one of the members.
6906
+ #
6907
+ # @!attribute [rw] vpc_lattice
6908
+ # VPC\_LATTICE configuration updates for the connector. Use this to
6909
+ # modify the Resource Configuration ARN or port number for VPC-based
6910
+ # connectivity.
6911
+ # @return [Types::UpdateConnectorVpcLatticeEgressConfig]
6912
+ #
6913
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateConnectorEgressConfig AWS API Documentation
6914
+ #
6915
+ class UpdateConnectorEgressConfig < Struct.new(
6916
+ :vpc_lattice,
6917
+ :unknown)
6918
+ SENSITIVE = []
6919
+ include Aws::Structure
6920
+ include Aws::Structure::Union
6921
+
6922
+ class VpcLattice < UpdateConnectorEgressConfig; end
6923
+ class Unknown < UpdateConnectorEgressConfig; end
6924
+ end
6925
+
6671
6926
  # @!attribute [rw] connector_id
6672
6927
  # The unique identifier for the connector.
6673
6928
  # @return [String]
6674
6929
  #
6675
6930
  # @!attribute [rw] url
6676
6931
  # The URL of the partner's AS2 or SFTP endpoint.
6932
+ #
6933
+ # When creating AS2 connectors or service-managed SFTP connectors
6934
+ # (connectors without egress configuration), you must provide a URL to
6935
+ # specify the remote server endpoint. For VPC Lattice type connectors,
6936
+ # the URL must be null.
6677
6937
  # @return [String]
6678
6938
  #
6679
6939
  # @!attribute [rw] as_2_config
@@ -6733,6 +6993,12 @@ module Aws::Transfer
6733
6993
  # Specifies the name of the security policy for the connector.
6734
6994
  # @return [String]
6735
6995
  #
6996
+ # @!attribute [rw] egress_config
6997
+ # Updates the egress configuration for the connector, allowing you to
6998
+ # modify how traffic is routed from the connector to the SFTP server.
6999
+ # Changes to VPC configuration may require connector restart.
7000
+ # @return [Types::UpdateConnectorEgressConfig]
7001
+ #
6736
7002
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateConnectorRequest AWS API Documentation
6737
7003
  #
6738
7004
  class UpdateConnectorRequest < Struct.new(
@@ -6742,7 +7008,8 @@ module Aws::Transfer
6742
7008
  :access_role,
6743
7009
  :logging_role,
6744
7010
  :sftp_config,
6745
- :security_policy_name)
7011
+ :security_policy_name,
7012
+ :egress_config)
6746
7013
  SENSITIVE = []
6747
7014
  include Aws::Structure
6748
7015
  end
@@ -6760,6 +7027,31 @@ module Aws::Transfer
6760
7027
  include Aws::Structure
6761
7028
  end
6762
7029
 
7030
+ # VPC\_LATTICE egress configuration updates for modifying how the
7031
+ # connector routes traffic through customer VPCs. Changes to these
7032
+ # settings may require connector restart to take effect.
7033
+ #
7034
+ # @!attribute [rw] resource_configuration_arn
7035
+ # Updated ARN of the VPC\_LATTICE Resource Configuration. Use this to
7036
+ # change the target SFTP server location or modify the network path
7037
+ # through the customer's VPC infrastructure.
7038
+ # @return [String]
7039
+ #
7040
+ # @!attribute [rw] port_number
7041
+ # Updated port number for SFTP connections through VPC\_LATTICE.
7042
+ # Change this if the target SFTP server port has been modified or if
7043
+ # connecting to a different server endpoint.
7044
+ # @return [Integer]
7045
+ #
7046
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateConnectorVpcLatticeEgressConfig AWS API Documentation
7047
+ #
7048
+ class UpdateConnectorVpcLatticeEgressConfig < Struct.new(
7049
+ :resource_configuration_arn,
7050
+ :port_number)
7051
+ SENSITIVE = []
7052
+ include Aws::Structure
7053
+ end
7054
+
6763
7055
  # @!attribute [rw] server_id
6764
7056
  # The identifier of the server that contains the host key that you are
6765
7057
  # updating.
@@ -6876,6 +7168,14 @@ module Aws::Transfer
6876
7168
  # @!attribute [rw] protocol_details
6877
7169
  # The protocol settings that are configured for your server.
6878
7170
  #
7171
+ # <note markdown="1"> Avoid placing Network Load Balancers (NLBs) or NAT gateways in front
7172
+ # of Transfer Family servers, as this increases costs and can cause
7173
+ # performance issues, including reduced connection limits for FTPS.
7174
+ # For more details, see [ Avoid placing NLBs and NATs in front of
7175
+ # Transfer Family][1].
7176
+ #
7177
+ # </note>
7178
+ #
6879
7179
  # * To indicate passive mode (for FTP and FTPS protocols), use the
6880
7180
  # `PassiveIp` parameter. Enter a single dotted-quad IPv4 address,
6881
7181
  # such as the external IP address of a firewall, router, or load
@@ -6897,6 +7197,10 @@ module Aws::Transfer
6897
7197
  #
6898
7198
  # * `As2Transports` indicates the transport method for the AS2
6899
7199
  # messages. Currently, only HTTP is supported.
7200
+ #
7201
+ #
7202
+ #
7203
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations
6900
7204
  # @return [Types::ProtocolDetails]
6901
7205
  #
6902
7206
  # @!attribute [rw] endpoint_details
@@ -7095,7 +7399,11 @@ module Aws::Transfer
7095
7399
  #
7096
7400
  # @!attribute [rw] s3_storage_options
7097
7401
  # Specifies whether or not performance for your Amazon S3 directories
7098
- # is optimized. This is disabled by default.
7402
+ # is optimized.
7403
+ #
7404
+ # * If using the console, this is enabled by default.
7405
+ #
7406
+ # * If using the API or CLI, this is disabled by default.
7099
7407
  #
7100
7408
  # By default, home directory mappings have a `TYPE` of `DIRECTORY`. If
7101
7409
  # you enable this option, you would then need to explicitly set the
@@ -7128,6 +7436,29 @@ module Aws::Transfer
7128
7436
  # [1]: https://docs.aws.amazon.com/transfer/latest/APIReference/API_EndpointDetails.html
7129
7437
  # @return [String]
7130
7438
  #
7439
+ # @!attribute [rw] identity_provider_type
7440
+ # The mode of authentication for a server. The default value is
7441
+ # `SERVICE_MANAGED`, which allows you to store and access user
7442
+ # credentials within the Transfer Family service.
7443
+ #
7444
+ # Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
7445
+ # groups in Directory Service for Microsoft Active Directory or
7446
+ # Microsoft Active Directory in your on-premises environment or in
7447
+ # Amazon Web Services using AD Connector. This option also requires
7448
+ # you to provide a Directory ID by using the `IdentityProviderDetails`
7449
+ # parameter.
7450
+ #
7451
+ # Use the `API_GATEWAY` value to integrate with an identity provider
7452
+ # of your choosing. The `API_GATEWAY` setting requires you to provide
7453
+ # an Amazon API Gateway endpoint URL to call for authentication by
7454
+ # using the `IdentityProviderDetails` parameter.
7455
+ #
7456
+ # Use the `AWS_LAMBDA` value to directly use an Lambda function as
7457
+ # your identity provider. If you choose this value, you must specify
7458
+ # the ARN for the Lambda function in the `Function` parameter for the
7459
+ # `IdentityProviderDetails` data type.
7460
+ # @return [String]
7461
+ #
7131
7462
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateServerRequest AWS API Documentation
7132
7463
  #
7133
7464
  class UpdateServerRequest < Struct.new(
@@ -7146,7 +7477,8 @@ module Aws::Transfer
7146
7477
  :workflow_details,
7147
7478
  :structured_log_destinations,
7148
7479
  :s3_storage_options,
7149
- :ip_address_type)
7480
+ :ip_address_type,
7481
+ :identity_provider_type)
7150
7482
  SENSITIVE = [:host_key]
7151
7483
  include Aws::Structure
7152
7484
  end
@@ -55,7 +55,7 @@ module Aws::Transfer
55
55
  autoload :EndpointProvider, 'aws-sdk-transfer/endpoint_provider'
56
56
  autoload :Endpoints, 'aws-sdk-transfer/endpoints'
57
57
 
58
- GEM_VERSION = '1.124.0'
58
+ GEM_VERSION = '1.126.0'
59
59
 
60
60
  end
61
61
 
data/sig/client.rbs CHANGED
@@ -144,7 +144,7 @@ module Aws
144
144
  end
145
145
  # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Transfer/Client.html#create_connector-instance_method
146
146
  def create_connector: (
147
- url: ::String,
147
+ ?url: ::String,
148
148
  ?as_2_config: {
149
149
  local_profile_id: ::String?,
150
150
  partner_profile_id: ::String?,
@@ -170,7 +170,13 @@ module Aws
170
170
  trusted_host_keys: Array[::String]?,
171
171
  max_concurrent_connections: ::Integer?
172
172
  },
173
- ?security_policy_name: ::String
173
+ ?security_policy_name: ::String,
174
+ ?egress_config: {
175
+ vpc_lattice: {
176
+ resource_configuration_arn: ::String,
177
+ port_number: ::Integer?
178
+ }?
179
+ }
174
180
  ) -> _CreateConnectorResponseSuccess
175
181
  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateConnectorResponseSuccess
176
182
 
@@ -1116,7 +1122,13 @@ module Aws
1116
1122
  trusted_host_keys: Array[::String]?,
1117
1123
  max_concurrent_connections: ::Integer?
1118
1124
  },
1119
- ?security_policy_name: ::String
1125
+ ?security_policy_name: ::String,
1126
+ ?egress_config: {
1127
+ vpc_lattice: {
1128
+ resource_configuration_arn: ::String?,
1129
+ port_number: ::Integer?
1130
+ }?
1131
+ }
1120
1132
  ) -> _UpdateConnectorResponseSuccess
1121
1133
  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateConnectorResponseSuccess
1122
1134
 
@@ -1197,7 +1209,8 @@ module Aws
1197
1209
  ?s3_storage_options: {
1198
1210
  directory_listing_optimization: ("ENABLED" | "DISABLED")?
1199
1211
  },
1200
- ?ip_address_type: ("IPV4" | "DUALSTACK")
1212
+ ?ip_address_type: ("IPV4" | "DUALSTACK"),
1213
+ ?identity_provider_type: ("SERVICE_MANAGED" | "API_GATEWAY" | "AWS_DIRECTORY_SERVICE" | "AWS_LAMBDA")
1201
1214
  ) -> _UpdateServerResponseSuccess
1202
1215
  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateServerResponseSuccess
1203
1216
 
data/sig/types.rbs CHANGED
@@ -32,6 +32,17 @@ module Aws::Transfer
32
32
  SENSITIVE: []
33
33
  end
34
34
 
35
+ class ConnectorEgressConfig
36
+ attr_accessor vpc_lattice: Types::ConnectorVpcLatticeEgressConfig
37
+ attr_accessor unknown: untyped
38
+ SENSITIVE: []
39
+
40
+ class VpcLattice < ConnectorEgressConfig
41
+ end
42
+ class Unknown < ConnectorEgressConfig
43
+ end
44
+ end
45
+
35
46
  class ConnectorFileTransferResult
36
47
  attr_accessor file_path: ::String
37
48
  attr_accessor status_code: ("QUEUED" | "IN_PROGRESS" | "COMPLETED" | "FAILED")
@@ -40,6 +51,12 @@ module Aws::Transfer
40
51
  SENSITIVE: []
41
52
  end
42
53
 
54
+ class ConnectorVpcLatticeEgressConfig
55
+ attr_accessor resource_configuration_arn: ::String
56
+ attr_accessor port_number: ::Integer
57
+ SENSITIVE: []
58
+ end
59
+
43
60
  class CopyStepDetails
44
61
  attr_accessor name: ::String
45
62
  attr_accessor destination_file_location: Types::InputFileLocation
@@ -94,6 +111,7 @@ module Aws::Transfer
94
111
  attr_accessor tags: ::Array[Types::Tag]
95
112
  attr_accessor sftp_config: Types::SftpConnectorConfig
96
113
  attr_accessor security_policy_name: ::String
114
+ attr_accessor egress_config: Types::ConnectorEgressConfig
97
115
  SENSITIVE: []
98
116
  end
99
117
 
@@ -482,6 +500,27 @@ module Aws::Transfer
482
500
  attr_accessor sftp_config: Types::SftpConnectorConfig
483
501
  attr_accessor service_managed_egress_ip_addresses: ::Array[::String]
484
502
  attr_accessor security_policy_name: ::String
503
+ attr_accessor egress_config: Types::DescribedConnectorEgressConfig
504
+ attr_accessor egress_type: ("SERVICE_MANAGED" | "VPC_LATTICE")
505
+ attr_accessor error_message: ::String
506
+ attr_accessor status: ("ACTIVE" | "ERRORED" | "PENDING")
507
+ SENSITIVE: []
508
+ end
509
+
510
+ class DescribedConnectorEgressConfig
511
+ attr_accessor vpc_lattice: Types::DescribedConnectorVpcLatticeEgressConfig
512
+ attr_accessor unknown: untyped
513
+ SENSITIVE: []
514
+
515
+ class VpcLattice < DescribedConnectorEgressConfig
516
+ end
517
+ class Unknown < DescribedConnectorEgressConfig
518
+ end
519
+ end
520
+
521
+ class DescribedConnectorVpcLatticeEgressConfig
522
+ attr_accessor resource_configuration_arn: ::String
523
+ attr_accessor port_number: ::Integer
485
524
  SENSITIVE: []
486
525
  end
487
526
 
@@ -1304,6 +1343,17 @@ module Aws::Transfer
1304
1343
  SENSITIVE: []
1305
1344
  end
1306
1345
 
1346
+ class UpdateConnectorEgressConfig
1347
+ attr_accessor vpc_lattice: Types::UpdateConnectorVpcLatticeEgressConfig
1348
+ attr_accessor unknown: untyped
1349
+ SENSITIVE: []
1350
+
1351
+ class VpcLattice < UpdateConnectorEgressConfig
1352
+ end
1353
+ class Unknown < UpdateConnectorEgressConfig
1354
+ end
1355
+ end
1356
+
1307
1357
  class UpdateConnectorRequest
1308
1358
  attr_accessor connector_id: ::String
1309
1359
  attr_accessor url: ::String
@@ -1312,6 +1362,7 @@ module Aws::Transfer
1312
1362
  attr_accessor logging_role: ::String
1313
1363
  attr_accessor sftp_config: Types::SftpConnectorConfig
1314
1364
  attr_accessor security_policy_name: ::String
1365
+ attr_accessor egress_config: Types::UpdateConnectorEgressConfig
1315
1366
  SENSITIVE: []
1316
1367
  end
1317
1368
 
@@ -1320,6 +1371,12 @@ module Aws::Transfer
1320
1371
  SENSITIVE: []
1321
1372
  end
1322
1373
 
1374
+ class UpdateConnectorVpcLatticeEgressConfig
1375
+ attr_accessor resource_configuration_arn: ::String
1376
+ attr_accessor port_number: ::Integer
1377
+ SENSITIVE: []
1378
+ end
1379
+
1323
1380
  class UpdateHostKeyRequest
1324
1381
  attr_accessor server_id: ::String
1325
1382
  attr_accessor host_key_id: ::String
@@ -1361,6 +1418,7 @@ module Aws::Transfer
1361
1418
  attr_accessor structured_log_destinations: ::Array[::String]
1362
1419
  attr_accessor s3_storage_options: Types::S3StorageOptions
1363
1420
  attr_accessor ip_address_type: ("IPV4" | "DUALSTACK")
1421
+ attr_accessor identity_provider_type: ("SERVICE_MANAGED" | "API_GATEWAY" | "AWS_DIRECTORY_SERVICE" | "AWS_LAMBDA")
1364
1422
  SENSITIVE: [:host_key]
1365
1423
  end
1366
1424
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-transfer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.124.0
4
+ version: 1.126.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services