aws-sdk-transfer 1.18.0 → 1.23.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 817a17e5fcffdf0551b0c71dd1735c64abab55b680d288358132c50e14710bd4
-  data.tar.gz: 69647344335c5ed1146cdde5e1e805f38ceb6be887e9c75bd0f93085c51b76a3
+  metadata.gz: 1501e1563bf7f9af211fa870cd288173b03ea5fb6a76ff76d91b75fc0edbad09
+  data.tar.gz: aedfc9f789f4ce46dfde7f0c107aba5720ae654d9d248fcd8cfa46ff2ee7c0dc
 SHA512:
-  metadata.gz: a5e08fc016c7955517c0d1807edb7a55fe24b19bac9c36324a1c5a26823fbe19b46e340dbe7fc15a65d1d0ab09b5b04f0426b6d3e220dc30124af6ab87472a7b
-  data.tar.gz: c1e66815900dc1fba13250ac3b0197ce2fc245495df0069d97f37b9bf5c9ea6ece3f5255f902361ed3026461eef4bf143f90348a7d79ab43f6cce235b826773d
+  metadata.gz: 8eec295cbaaca3cfb99daff5a8c36de76127f32e4f0af4bf6b039c28fd222986704f575d1b10b1064d29d4fadbc75fa27bb386fb11500730431e4282d3d2f6d6
+  data.tar.gz: f9790503c56f0d7cd4f9231baffb09fc35428ff6460f3e3b6d786c10518726fe2a9146eb0048484e179ca820efa1170707cdfb2045a0956b29cae7536511530b

data/lib/aws-sdk-transfer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -45,6 +47,6 @@ require_relative 'aws-sdk-transfer/customizations'
 # @service
 module Aws::Transfer
 
-  GEM_VERSION = '1.18.0'
+  GEM_VERSION = '1.23.0'
 
 end

data/lib/aws-sdk-transfer/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -24,6 +26,7 @@ require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
 require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
+require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
@@ -69,6 +72,7 @@ module Aws::Transfer
     add_plugin(Aws::Plugins::ClientMetricsPlugin)
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
+    add_plugin(Aws::Plugins::HttpChecksum)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
 
@@ -105,7 +109,7 @@ module Aws::Transfer
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
     #     used to determine the service `:endpoint`. When not passed,
-    #     a default `:region` is search for in the following locations:
+    #     a default `:region` is searched for in the following locations:
     #
     #     * `Aws.config[:region]`
     #     * `ENV['AWS_REGION']`
@@ -161,7 +165,7 @@ module Aws::Transfer
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
-    #     to test endpoints. This should be avalid HTTP(S) URI.
+    #     to test or custom endpoints. This should be a valid HTTP(S) URI.
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -176,7 +180,7 @@ module Aws::Transfer
     #     requests fetching endpoints information. Defaults to 60 sec.
     #
     #   @option options [Boolean] :endpoint_discovery (false)
-    #     When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
+    #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
@@ -328,6 +332,41 @@ module Aws::Transfer
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
     #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key sizes
+    #   are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
+    #
     # @option params [Types::EndpointDetails] :endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are configured
     #   for your file transfer protocol-enabled server. When you host your
@@ -339,24 +378,32 @@ module Aws::Transfer
     # @option params [String] :endpoint_type
     #   The type of VPC endpoint that you want your file transfer
     #   protocol-enabled server to connect to. You can choose to connect to
-    #   the public internet or a virtual private cloud (VPC) endpoint. With a
-    #   VPC endpoint, you can restrict access to your server and resources
-    #   only within your VPC.
+    #   the public internet or a VPC endpoint. With a VPC endpoint, you can
+    #   restrict access to your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With this
+    #   endpoint type, you have the option to directly associate up to three
+    #   Elastic IPv4 addresses (BYO IP included) with your server's endpoint
+    #   and use VPC security groups to restrict traffic by the client's
+    #   public IP address. This is not possible with `EndpointType` set to
+    #   `VPC_ENDPOINT`.
+    #
+    #    </note>
     #
     # @option params [String] :host_key
-    #   The RSA private key as generated by the `ssh-keygen -N "" -f
+    #   The RSA private key as generated by the `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key` command.
     #
     #   If you aren't planning to migrate existing users from an existing
     #   SFTP-enabled server to a new server, don't update the host key.
     #   Accidentally changing a server's host key can be disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS Transfer
-    #   Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #
     # @option params [Types::IdentityProviderDetails] :identity_provider_details
     #   Required when `IdentityProviderType` is set to `API_GATEWAY`. Accepts
@@ -382,13 +429,29 @@ module Aws::Transfer
     #   transfer protocol client can connect to your server's endpoint. The
     #   available protocols are:
     #
-    #   * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over
-    #     SSH
+    #   * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
+    #     over SSH
     #
-    #   * File Transfer Protocol Secure (FTPS): File transfer with TLS
+    #   * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
     #     encryption
     #
-    #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
+    #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your server
+    #   when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the `EndpointType`
+    #   must be `VPC` and the `IdentityProviderType` must be `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set to
+    #   `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
     #
     # @option params [Array<Types::Tag>] :tags
     #   Key-value pairs that can be used to group and search for file transfer
@@ -451,7 +514,8 @@ module Aws::Transfer
     #   The landing directory (folder) for a user when they log in to the file
     #   transfer protocol-enabled server using the client.
     #
-    #   An example is `your-Amazon-S3-bucket-name>/home/username`.
+    #   An example is <i>
+    #   <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
     #
     # @option params [String] :home_directory_type
     #   The type of landing directory (folder) you want your users' home
@@ -468,8 +532,8 @@ module Aws::Transfer
     #   You will need to specify the "`Entry`" and "`Target`" pair, where
     #   `Entry` shows how the path is made visible and `Target` is the actual
     #   Amazon S3 path. If you only specify a target, it will be displayed as
-    #   is. You will need to also make sure that your AWS IAM Role provides
-    #   access to paths in `Target`. The following is an example.
+    #   is. You will need to also make sure that your IAM role provides access
+    #   to paths in `Target`. The following is an example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry": "your-personal-report.pdf",
     #   "Target": "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \}
@@ -503,8 +567,8 @@ module Aws::Transfer
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.
@@ -1110,12 +1174,6 @@ module Aws::Transfer
     #   protocol-enabled server. That server's user authentication method is
     #   tested with a user name and password.
     #
-    # @option params [required, String] :user_name
-    #   The name of the user account to be tested.
-    #
-    # @option params [String] :user_password
-    #   The password of the user account to be tested.
-    #
     # @option params [String] :server_protocol
     #   The type of file transfer protocol to be tested.
     #
@@ -1127,6 +1185,15 @@ module Aws::Transfer
     #
     #   * File Transfer Protocol (FTP)
     #
+    # @option params [String] :source_ip
+    #   The source IP address of the user account to be tested.
+    #
+    # @option params [required, String] :user_name
+    #   The name of the user account to be tested.
+    #
+    # @option params [String] :user_password
+    #   The password of the user account to be tested.
+    #
     # @return [Types::TestIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::TestIdentityProviderResponse#response #response} => String
@@ -1138,9 +1205,10 @@ module Aws::Transfer
     #
     #   resp = client.test_identity_provider({
     #     server_id: "ServerId", # required
+    #     server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
+    #     source_ip: "SourceIp",
     #     user_name: "UserName", # required
     #     user_password: "UserPassword",
-    #     server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
     #   })
     #
     # @example Response structure
@@ -1203,6 +1271,41 @@ module Aws::Transfer
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
     #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key sizes
+    #   are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
+    #
     # @option params [Types::EndpointDetails] :endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are configured
     #   for your file transfer protocol-enabled server. With a VPC endpoint,
@@ -1213,11 +1316,20 @@ module Aws::Transfer
     # @option params [String] :endpoint_type
     #   The type of endpoint that you want your file transfer protocol-enabled
     #   server to connect to. You can choose to connect to the public internet
-    #   or a VPC endpoint. With a VPC endpoint, your server isn't accessible
-    #   over the public internet.
+    #   or a VPC endpoint. With a VPC endpoint, you can restrict access to
+    #   your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With this
+    #   endpoint type, you have the option to directly associate up to three
+    #   Elastic IPv4 addresses (BYO IP included) with your server's endpoint
+    #   and use VPC security groups to restrict traffic by the client's
+    #   public IP address. This is not possible with `EndpointType` set to
+    #   `VPC_ENDPOINT`.
+    #
+    #    </note>
     #
     # @option params [String] :host_key
-    #   The RSA private key as generated by `ssh-keygen -N "" -f
+    #   The RSA private key as generated by `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key`.
     #
     #   If you aren't planning to migrate existing users from an existing
@@ -1225,12 +1337,12 @@ module Aws::Transfer
     #   the host key. Accidentally changing a server's host key can be
     #   disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS Transfer
-    #   Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #
     # @option params [Types::IdentityProviderDetails] :identity_provider_details
     #   An array containing all of the information required to call a
@@ -1254,6 +1366,22 @@ module Aws::Transfer
     #
     #   * File Transfer Protocol (FTP): Unencrypted file transfer
     #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your server
+    #   when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the `EndpointType`
+    #   must be `VPC` and the `IdentityProviderType` must be `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set to
+    #   `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
+    #
     # @option params [required, String] :server_id
     #   A system-assigned unique identifier for a file transfer
     #   protocol-enabled server instance that the user account is assigned to.
@@ -1325,8 +1453,8 @@ module Aws::Transfer
     #   You will need to specify the "`Entry`" and "`Target`" pair, where
     #   `Entry` shows how the path is made visible and `Target` is the actual
     #   Amazon S3 path. If you only specify a target, it will be displayed as
-    #   is. You will need to also make sure that your AWS IAM Role provides
-    #   access to paths in `Target`. The following is an example.
+    #   is. You will need to also make sure that your IAM role provides access
+    #   to paths in `Target`. The following is an example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry": "your-personal-report.pdf",
     #   "Target": "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \}
@@ -1350,19 +1478,18 @@ module Aws::Transfer
     #
     # @option params [String] :policy
     #   Allows you to supply a scope-down policy for your user so you can use
-    #   the same AWS Identity and Access Management (IAM) role across multiple
-    #   users. The policy scopes down user access to portions of your Amazon
-    #   S3 bucket. Variables you can use inside this policy include
-    #   `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
-    #   `$\{Transfer:HomeBucket\}`.
+    #   the same IAM role across multiple users. The policy scopes down user
+    #   access to portions of your Amazon S3 bucket. Variables you can use
+    #   inside this policy include `$\{Transfer:UserName\}`,
+    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
     #
     #   <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
     #   JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.
@@ -1444,7 +1571,7 @@ module Aws::Transfer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-transfer'
-      context[:gem_version] = '1.18.0'
+      context[:gem_version] = '1.23.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-transfer/client_api.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -75,6 +77,7 @@ module Aws::Transfer
     ServerId = Shapes::StringShape.new(name: 'ServerId')
     ServiceErrorMessage = Shapes::StringShape.new(name: 'ServiceErrorMessage')
     ServiceUnavailableException = Shapes::StructureShape.new(name: 'ServiceUnavailableException')
+    SourceIp = Shapes::StringShape.new(name: 'SourceIp')
     SshPublicKey = Shapes::StructureShape.new(name: 'SshPublicKey')
     SshPublicKeyBody = Shapes::StringShape.new(name: 'SshPublicKeyBody')
     SshPublicKeyCount = Shapes::IntegerShape.new(name: 'SshPublicKeyCount')
@@ -323,9 +326,10 @@ module Aws::Transfer
     Tags.member = Shapes::ShapeRef.new(shape: Tag)
 
     TestIdentityProviderRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    TestIdentityProviderRequest.add_member(:server_protocol, Shapes::ShapeRef.new(shape: Protocol, location_name: "ServerProtocol"))
+    TestIdentityProviderRequest.add_member(:source_ip, Shapes::ShapeRef.new(shape: SourceIp, location_name: "SourceIp"))
     TestIdentityProviderRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
     TestIdentityProviderRequest.add_member(:user_password, Shapes::ShapeRef.new(shape: UserPassword, location_name: "UserPassword"))
-    TestIdentityProviderRequest.add_member(:server_protocol, Shapes::ShapeRef.new(shape: Protocol, location_name: "ServerProtocol"))
     TestIdentityProviderRequest.struct_class = Types::TestIdentityProviderRequest
 
     TestIdentityProviderResponse.add_member(:response, Shapes::ShapeRef.new(shape: Response, location_name: "Response"))

data/lib/aws-sdk-transfer/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-transfer/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-transfer/types.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -17,6 +19,7 @@ module Aws::Transfer
     #
     class AccessDeniedException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -31,6 +34,7 @@ module Aws::Transfer
     #
     class ConflictException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -65,6 +69,41 @@ module Aws::Transfer
     # @!attribute [rw] certificate
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
+    #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key
+    #   sizes are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
     #   @return [String]
     #
     # @!attribute [rw] endpoint_details
@@ -79,25 +118,33 @@ module Aws::Transfer
     # @!attribute [rw] endpoint_type
     #   The type of VPC endpoint that you want your file transfer
     #   protocol-enabled server to connect to. You can choose to connect to
-    #   the public internet or a virtual private cloud (VPC) endpoint. With
-    #   a VPC endpoint, you can restrict access to your server and resources
-    #   only within your VPC.
+    #   the public internet or a VPC endpoint. With a VPC endpoint, you can
+    #   restrict access to your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With
+    #   this endpoint type, you have the option to directly associate up to
+    #   three Elastic IPv4 addresses (BYO IP included) with your server's
+    #   endpoint and use VPC security groups to restrict traffic by the
+    #   client's public IP address. This is not possible with
+    #   `EndpointType` set to `VPC_ENDPOINT`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] host_key
-    #   The RSA private key as generated by the `ssh-keygen -N "" -f
+    #   The RSA private key as generated by the `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key` command.
     #
     #   If you aren't planning to migrate existing users from an existing
     #   SFTP-enabled server to a new server, don't update the host key.
     #   Accidentally changing a server's host key can be disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS
-    #   Transfer Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_details
@@ -128,13 +175,30 @@ module Aws::Transfer
     #   file transfer protocol client can connect to your server's
     #   endpoint. The available protocols are:
     #
-    #   * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer
+    #   * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
     #     over SSH
     #
-    #   * File Transfer Protocol Secure (FTPS): File transfer with TLS
+    #   * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
     #     encryption
     #
-    #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
+    #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your server
+    #   when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the
+    #   `EndpointType` must be `VPC` and the `IdentityProviderType` must be
+    #   `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
+    #   to `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
     #   @return [Array<String>]
     #
     # @!attribute [rw] tags
@@ -154,6 +218,7 @@ module Aws::Transfer
       :logging_role,
       :protocols,
       :tags)
+      SENSITIVE = [:host_key]
       include Aws::Structure
     end
 
@@ -166,6 +231,7 @@ module Aws::Transfer
     #
     class CreateServerResponse < Struct.new(
       :server_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -198,7 +264,8 @@ module Aws::Transfer
     #   The landing directory (folder) for a user when they log in to the
     #   file transfer protocol-enabled server using the client.
     #
-    #   An example is `your-Amazon-S3-bucket-name>/home/username`.
+    #   An example is <i>
+    #   <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
@@ -217,8 +284,8 @@ module Aws::Transfer
     #   visible. You will need to specify the "`Entry`" and "`Target`"
     #   pair, where `Entry` shows how the path is made visible and `Target`
     #   is the actual Amazon S3 path. If you only specify a target, it will
-    #   be displayed as is. You will need to also make sure that your AWS
-    #   IAM Role provides access to paths in `Target`. The following is an
+    #   be displayed as is. You will need to also make sure that your IAM
+    #   role provides access to paths in `Target`. The following is an
     #   example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry":
@@ -254,8 +321,8 @@ module Aws::Transfer
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.
@@ -314,6 +381,7 @@ module Aws::Transfer
       :ssh_public_key_body,
       :tags,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -332,6 +400,7 @@ module Aws::Transfer
     class CreateUserResponse < Struct.new(
       :server_id,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -351,6 +420,7 @@ module Aws::Transfer
     #
     class DeleteServerRequest < Struct.new(
       :server_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -383,6 +453,7 @@ module Aws::Transfer
       :server_id,
       :ssh_public_key_id,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -409,6 +480,7 @@ module Aws::Transfer
     class DeleteUserRequest < Struct.new(
       :server_id,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -428,6 +500,7 @@ module Aws::Transfer
     #
     class DescribeServerRequest < Struct.new(
       :server_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -440,6 +513,7 @@ module Aws::Transfer
     #
     class DescribeServerResponse < Struct.new(
       :server)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -468,6 +542,7 @@ module Aws::Transfer
     class DescribeUserRequest < Struct.new(
       :server_id,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -486,14 +561,17 @@ module Aws::Transfer
     class DescribeUserResponse < Struct.new(
       :server_id,
       :user)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # Describes the properties of a file transfer protocol-enabled server
     # that was specified. Information returned includes the following: the
-    # server Amazon Resource Name (ARN), the authentication configuration
-    # and type, the logging role, the server ID and state, and assigned tags
-    # or metadata.
+    # server Amazon Resource Name (ARN), the certificate ARN (if the FTPS
+    # protocol was selected), the endpoint type and details, the
+    # authentication configuration and type, the logging role, the file
+    # transfer protocol or protocols, the server ID and state, and assigned
+    # tags or metadata.
     #
     # @!attribute [rw] arn
     #   Specifies the unique Amazon Resource Name (ARN) for a file transfer
@@ -501,25 +579,26 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] certificate
-    #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
-    #   certificate. Required when `Protocols` is set to `FTPS`.
+    #   Specifies the ARN of the AWS Certificate Manager (ACM) certificate.
+    #   Required when `Protocols` is set to `FTPS`.
     #   @return [String]
     #
     # @!attribute [rw] endpoint_details
-    #   The virtual private cloud (VPC) endpoint settings that you
+    #   Specifies the virtual private cloud (VPC) endpoint settings that you
     #   configured for your file transfer protocol-enabled server.
     #   @return [Types::EndpointDetails]
     #
     # @!attribute [rw] endpoint_type
-    #   The type of endpoint that your file transfer protocol-enabled server
-    #   is connected to. If your server is connected to a VPC endpoint, your
-    #   server isn't accessible over the public internet.
+    #   Defines the type of endpoint that your file transfer
+    #   protocol-enabled server is connected to. If your server is connected
+    #   to a VPC endpoint, your server isn't accessible over the public
+    #   internet.
     #   @return [String]
     #
     # @!attribute [rw] host_key_fingerprint
-    #   Contains the message-digest algorithm (MD5) hash of a file transfer
-    #   protocol-enabled server's host key. This value is equivalent to the
-    #   output of the `ssh-keygen -l -E md5 -f my-new-server-key` command.
+    #   Specifies the Base64-encoded SHA256 fingerprint of the server's
+    #   host key. This value is equivalent to the output of the `ssh-keygen
+    #   -l -f my-new-server-key` command.
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_details
@@ -529,19 +608,19 @@ module Aws::Transfer
     #   @return [Types::IdentityProviderDetails]
     #
     # @!attribute [rw] identity_provider_type
-    #   Defines the mode of authentication method enabled for this service.
-    #   A value of `SERVICE_MANAGED` means that you are using this file
-    #   transfer protocol-enabled server to store and access user
+    #   Specifies the mode of authentication method enabled for this
+    #   service. A value of `SERVICE_MANAGED` means that you are using this
+    #   file transfer protocol-enabled server to store and access user
     #   credentials within the service. A value of `API_GATEWAY` indicates
     #   that you have integrated an API Gateway endpoint that will be
     #   invoked for authenticating your user into the service.
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   An AWS Identity and Access Management (IAM) entity that allows a
-    #   file transfer protocol-enabled server to turn on Amazon CloudWatch
-    #   logging for Amazon S3 events. When set, user activity can be viewed
-    #   in your CloudWatch logs.
+    #   Specifies the AWS Identity and Access Management (IAM) role that
+    #   allows a file transfer protocol-enabled server to turn on Amazon
+    #   CloudWatch logging for Amazon S3 events. When set, user activity can
+    #   be viewed in your CloudWatch logs.
     #   @return [String]
     #
     # @!attribute [rw] protocols
@@ -549,25 +628,25 @@ module Aws::Transfer
     #   file transfer protocol client can connect to your server's
     #   endpoint. The available protocols are:
     #
-    #   * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer
+    #   * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
     #     over SSH
     #
-    #   * File Transfer Protocol Secure (FTPS): File transfer with TLS
+    #   * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
     #     encryption
     #
-    #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
     #   @return [Array<String>]
     #
     # @!attribute [rw] server_id
-    #   Unique system-assigned identifier for a file transfer
+    #   Specifies the unique system-assigned identifier for a file transfer
     #   protocol-enabled server that you instantiate.
     #   @return [String]
     #
     # @!attribute [rw] state
-    #   The condition of a file transfer protocol-enabled server for the
-    #   server that was described. A value of `ONLINE` indicates that the
-    #   server can accept jobs and transfer files. A `State` value of
-    #   `OFFLINE` means that the server cannot perform file transfer
+    #   Specifies the condition of a file transfer protocol-enabled server
+    #   for the server that was described. A value of `ONLINE` indicates
+    #   that the server can accept jobs and transfer files. A `State` value
+    #   of `OFFLINE` means that the server cannot perform file transfer
     #   operations.
     #
     #   The states of `STARTING` and `STOPPING` indicate that the server is
@@ -577,13 +656,13 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   Contains the key-value pairs that you can use to search for and
+    #   Specifies the key-value pairs that you can use to search for and
     #   group file transfer protocol-enabled servers that were assigned to
     #   the server that was described.
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] user_count
-    #   The number of users that are assigned to a file transfer
+    #   Specifies the number of users that are assigned to a file transfer
     #   protocol-enabled server you specified with the `ServerId`.
     #   @return [Integer]
     #
@@ -603,31 +682,33 @@ module Aws::Transfer
       :state,
       :tags,
       :user_count)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # Returns properties of the user that you want to describe.
     #
     # @!attribute [rw] arn
-    #   Contains the unique Amazon Resource Name (ARN) for the user that was
-    #   requested to be described.
+    #   Specifies the unique Amazon Resource Name (ARN) for the user that
+    #   was requested to be described.
     #   @return [String]
     #
     # @!attribute [rw] home_directory
     #   Specifies the landing directory (or folder), which is the location
-    #   that files are written to or read from in an Amazon S3 bucket for
-    #   the described user. An example is `/your s3 bucket
-    #   name/home/username `.
+    #   that files are written to or read from in an Amazon S3 bucket, for
+    #   the described user. An example is <i>
+    #   <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_mappings
-    #   Logical directory mappings that you specified for what Amazon S3
+    #   Specifies the logical directory mappings that specify what Amazon S3
     #   paths and keys should be visible to your user and how you want to
     #   make them visible. You will need to specify the "`Entry`" and
     #   "`Target`" pair, where `Entry` shows how the path is made visible
     #   and `Target` is the actual Amazon S3 path. If you only specify a
     #   target, it will be displayed as is. You will need to also make sure
-    #   that your AWS IAM Role provides access to paths in `Target`.
+    #   that your AWS Identity and Access Management (IAM) role provides
+    #   access to paths in `Target`.
     #
     #   In most cases, you can use this value instead of the scope-down
     #   policy to lock your user down to the designated home directory
@@ -636,13 +717,13 @@ module Aws::Transfer
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you mapped for your users to
-    #   see when they log into the file transfer protocol-enabled server. If
-    #   you set it to `PATH`, the user will see the absolute Amazon S3
-    #   bucket paths as is in their file transfer protocol clients. If you
-    #   set it `LOGICAL`, you will need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 paths
-    #   visible to your users.
+    #   Specifies the type of landing directory (folder) you mapped for your
+    #   users to see when they log into the file transfer protocol-enabled
+    #   server. If you set it to `PATH`, the user will see the absolute
+    #   Amazon S3 bucket paths as is in their file transfer protocol
+    #   clients. If you set it `LOGICAL`, you will need to provide mappings
+    #   in the `HomeDirectoryMappings` for how you want to make Amazon S3
+    #   paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] policy
@@ -660,20 +741,20 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_keys
-    #   Contains the public key portion of the Secure Shell (SSH) keys
+    #   Specifies the public key portion of the Secure Shell (SSH) keys
     #   stored for the described user.
     #   @return [Array<Types::SshPublicKey>]
     #
     # @!attribute [rw] tags
-    #   Contains the key-value pairs for the user requested. Tag can be used
-    #   to search for and group users for a variety of purposes.
+    #   Specifies the key-value pairs for the user requested. Tag can be
+    #   used to search for and group users for a variety of purposes.
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] user_name
-    #   The name of the user that was requested to be described. User names
-    #   are used for authentication purposes. This is the string that will
-    #   be used by your user when they log in to your file transfer
-    #   protocol-enabled server.
+    #   Specifies the name of the user that was requested to be described.
+    #   User names are used for authentication purposes. This is the string
+    #   that will be used by your user when they log in to your file
+    #   transfer protocol-enabled server.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedUser AWS API Documentation
@@ -688,6 +769,7 @@ module Aws::Transfer
       :ssh_public_keys,
       :tags,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -720,15 +802,28 @@ module Aws::Transfer
     # @!attribute [rw] subnet_ids
     #   A list of subnet IDs that are required to host your file transfer
     #   protocol-enabled server endpoint in your VPC.
+    #
+    #   <note markdown="1"> This property can only be used when `EndpointType` is set to `VPC`.
+    #
+    #    </note>
     #   @return [Array<String>]
     #
     # @!attribute [rw] vpc_endpoint_id
     #   The ID of the VPC endpoint.
+    #
+    #   <note markdown="1"> This property can only be used when `EndpointType` is set to
+    #   `VPC_ENDPOINT`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] vpc_id
     #   The VPC ID of the VPC in which a file transfer protocol-enabled
     #   server's endpoint will be hosted.
+    #
+    #   <note markdown="1"> This property can only be used when `EndpointType` is set to `VPC`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/EndpointDetails AWS API Documentation
@@ -738,6 +833,7 @@ module Aws::Transfer
       :subnet_ids,
       :vpc_endpoint_id,
       :vpc_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -765,6 +861,7 @@ module Aws::Transfer
     class HomeDirectoryMapEntry < Struct.new(
       :entry,
       :target)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -781,7 +878,7 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] url
-    #   Contains the location of the service endpoint used to authenticate
+    #   Provides the location of the service endpoint used to authenticate
     #   users.
     #   @return [String]
     #
@@ -795,6 +892,7 @@ module Aws::Transfer
     class IdentityProviderDetails < Struct.new(
       :url,
       :invocation_role)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -827,6 +925,7 @@ module Aws::Transfer
       :server_id,
       :ssh_public_key_body,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -854,6 +953,7 @@ module Aws::Transfer
       :server_id,
       :ssh_public_key_id,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -867,6 +967,7 @@ module Aws::Transfer
     #
     class InternalServiceError < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -879,6 +980,7 @@ module Aws::Transfer
     #
     class InvalidNextTokenException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -891,6 +993,7 @@ module Aws::Transfer
     #
     class InvalidRequestException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -919,6 +1022,7 @@ module Aws::Transfer
     class ListServersRequest < Struct.new(
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -938,6 +1042,7 @@ module Aws::Transfer
     class ListServersResponse < Struct.new(
       :next_token,
       :servers)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -974,6 +1079,7 @@ module Aws::Transfer
       :arn,
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1000,6 +1106,7 @@ module Aws::Transfer
       :arn,
       :next_token,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1035,6 +1142,7 @@ module Aws::Transfer
       :max_results,
       :next_token,
       :server_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1061,6 +1169,7 @@ module Aws::Transfer
       :next_token,
       :server_id,
       :users)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1068,37 +1177,38 @@ module Aws::Transfer
     # specified.
     #
     # @!attribute [rw] arn
-    #   The unique Amazon Resource Name (ARN) for a file transfer
+    #   Specifies the unique Amazon Resource Name (ARN) for a file transfer
     #   protocol-enabled server to be listed.
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_type
-    #   The authentication method used to validate a user for a file
-    #   transfer protocol-enabled server that was specified. This can
+    #   Specifies the authentication method used to validate a user for a
+    #   file transfer protocol-enabled server that was specified. This can
     #   include Secure Shell (SSH), user name and password combinations, or
     #   your own custom authentication method. Valid values include
     #   `SERVICE_MANAGED` or `API_GATEWAY`.
     #   @return [String]
     #
     # @!attribute [rw] endpoint_type
-    #   The type of VPC endpoint that your file transfer protocol-enabled
-    #   server is connected to. If your server is connected to a VPC
-    #   endpoint, your server isn't accessible over the public internet.
+    #   Specifies the type of VPC endpoint that your file transfer
+    #   protocol-enabled server is connected to. If your server is connected
+    #   to a VPC endpoint, your server isn't accessible over the public
+    #   internet.
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   The AWS Identity and Access Management (IAM) entity that allows a
-    #   file transfer protocol-enabled server to turn on Amazon CloudWatch
-    #   logging.
+    #   Specifies the AWS Identity and Access Management (IAM) role that
+    #   allows a file transfer protocol-enabled server to turn on Amazon
+    #   CloudWatch logging.
     #   @return [String]
     #
     # @!attribute [rw] server_id
-    #   The unique system assigned identifier for a file transfer
+    #   Specifies the unique system assigned identifier for a file transfer
     #   protocol-enabled servers that were listed.
     #   @return [String]
     #
     # @!attribute [rw] state
-    #   Describes the condition of a file transfer protocol-enabled server
+    #   Specifies the condition of a file transfer protocol-enabled server
     #   for the server that was described. A value of `ONLINE` indicates
     #   that the server can accept jobs and transfer files. A `State` value
     #   of `OFFLINE` means that the server cannot perform file transfer
@@ -1111,9 +1221,8 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] user_count
-    #   A numeric value that indicates the number of users that are assigned
-    #   to a file transfer protocol-enabled server you specified with the
-    #   `ServerId`.
+    #   Specifies the number of users that are assigned to a file transfer
+    #   protocol-enabled server you specified with the `ServerId`.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedServer AWS API Documentation
@@ -1126,14 +1235,15 @@ module Aws::Transfer
       :server_id,
       :state,
       :user_count)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # Returns properties of the user that you specify.
     #
     # @!attribute [rw] arn
-    #   The unique Amazon Resource Name (ARN) for the user that you want to
-    #   learn about.
+    #   Provides the unique Amazon Resource Name (ARN) for the user that you
+    #   want to learn about.
     #   @return [String]
     #
     # @!attribute [rw] home_directory
@@ -1142,29 +1252,31 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you mapped for your users'
-    #   home directory. If you set it to `PATH`, the user will see the
-    #   absolute Amazon S3 bucket paths as is in their file transfer
+    #   Specifies the type of landing directory (folder) you mapped for your
+    #   users' home directory. If you set it to `PATH`, the user will see
+    #   the absolute Amazon S3 bucket paths as is in their file transfer
     #   protocol clients. If you set it `LOGICAL`, you will need to provide
     #   mappings in the `HomeDirectoryMappings` for how you want to make
     #   Amazon S3 paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] role
-    #   The role in use by this user. A *role* is an AWS Identity and Access
-    #   Management (IAM) entity that, in this case, allows a file transfer
-    #   protocol-enabled server to act on a user's behalf. It allows the
-    #   server to inherit the trust relationship that enables that user to
-    #   perform file operations to their Amazon S3 bucket.
+    #   Specifies the role that is in use by this user. A *role* is an AWS
+    #   Identity and Access Management (IAM) entity that, in this case,
+    #   allows a file transfer protocol-enabled server to act on a user's
+    #   behalf. It allows the server to inherit the trust relationship that
+    #   enables that user to perform file operations to their Amazon S3
+    #   bucket.
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_key_count
-    #   The number of SSH public keys stored for the user you specified.
+    #   Specifies the number of SSH public keys stored for the user you
+    #   specified.
     #   @return [Integer]
     #
     # @!attribute [rw] user_name
-    #   The name of the user whose ARN was specified. User names are used
-    #   for authentication purposes.
+    #   Specifies the name of the user whose ARN was specified. User names
+    #   are used for authentication purposes.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedUser AWS API Documentation
@@ -1176,6 +1288,7 @@ module Aws::Transfer
       :role,
       :ssh_public_key_count,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1196,6 +1309,7 @@ module Aws::Transfer
       :message,
       :resource,
       :resource_type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1217,6 +1331,7 @@ module Aws::Transfer
       :message,
       :resource,
       :resource_type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1230,6 +1345,7 @@ module Aws::Transfer
     #
     class ServiceUnavailableException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1241,16 +1357,18 @@ module Aws::Transfer
     # public key associated with their user name on a specific server.
     #
     # @!attribute [rw] date_imported
-    #   The date that the public key was added to the user account.
+    #   Specifies the date that the public key was added to the user
+    #   account.
     #   @return [Time]
     #
     # @!attribute [rw] ssh_public_key_body
-    #   The content of the SSH public key as specified by the `PublicKeyId`.
+    #   Specifies the content of the SSH public key as specified by the
+    #   `PublicKeyId`.
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_key_id
-    #   The `SshPublicKeyId` parameter contains the identifier of the public
-    #   key.
+    #   Specifies the `SshPublicKeyId` parameter contains the identifier of
+    #   the public key.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/SshPublicKey AWS API Documentation
@@ -1259,6 +1377,7 @@ module Aws::Transfer
       :date_imported,
       :ssh_public_key_body,
       :ssh_public_key_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1278,6 +1397,7 @@ module Aws::Transfer
     #
     class StartServerRequest < Struct.new(
       :server_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1297,6 +1417,7 @@ module Aws::Transfer
     #
     class StopServerRequest < Struct.new(
       :server_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1329,6 +1450,7 @@ module Aws::Transfer
     class Tag < Struct.new(
       :key,
       :value)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1361,6 +1483,7 @@ module Aws::Transfer
     class TagResourceRequest < Struct.new(
       :arn,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1369,9 +1492,10 @@ module Aws::Transfer
     #
     #       {
     #         server_id: "ServerId", # required
+    #         server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
+    #         source_ip: "SourceIp",
     #         user_name: "UserName", # required
     #         user_password: "UserPassword",
-    #         server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
     #       }
     #
     # @!attribute [rw] server_id
@@ -1380,14 +1504,6 @@ module Aws::Transfer
     #   is tested with a user name and password.
     #   @return [String]
     #
-    # @!attribute [rw] user_name
-    #   The name of the user account to be tested.
-    #   @return [String]
-    #
-    # @!attribute [rw] user_password
-    #   The password of the user account to be tested.
-    #   @return [String]
-    #
     # @!attribute [rw] server_protocol
     #   The type of file transfer protocol to be tested.
     #
@@ -1400,13 +1516,27 @@ module Aws::Transfer
     #   * File Transfer Protocol (FTP)
     #   @return [String]
     #
+    # @!attribute [rw] source_ip
+    #   The source IP address of the user account to be tested.
+    #   @return [String]
+    #
+    # @!attribute [rw] user_name
+    #   The name of the user account to be tested.
+    #   @return [String]
+    #
+    # @!attribute [rw] user_password
+    #   The password of the user account to be tested.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/TestIdentityProviderRequest AWS API Documentation
     #
     class TestIdentityProviderRequest < Struct.new(
       :server_id,
+      :server_protocol,
+      :source_ip,
       :user_name,
-      :user_password,
-      :server_protocol)
+      :user_password)
+      SENSITIVE = [:user_password]
       include Aws::Structure
     end
 
@@ -1433,6 +1563,7 @@ module Aws::Transfer
       :status_code,
       :message,
       :url)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1447,6 +1578,7 @@ module Aws::Transfer
     #
     class ThrottlingException < Struct.new(
       :retry_after_seconds)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1475,6 +1607,7 @@ module Aws::Transfer
     class UntagResourceRequest < Struct.new(
       :arn,
       :tag_keys)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1503,6 +1636,41 @@ module Aws::Transfer
     # @!attribute [rw] certificate
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
+    #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key
+    #   sizes are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
     #   @return [String]
     #
     # @!attribute [rw] endpoint_details
@@ -1517,12 +1685,21 @@ module Aws::Transfer
     # @!attribute [rw] endpoint_type
     #   The type of endpoint that you want your file transfer
     #   protocol-enabled server to connect to. You can choose to connect to
-    #   the public internet or a VPC endpoint. With a VPC endpoint, your
-    #   server isn't accessible over the public internet.
+    #   the public internet or a VPC endpoint. With a VPC endpoint, you can
+    #   restrict access to your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With
+    #   this endpoint type, you have the option to directly associate up to
+    #   three Elastic IPv4 addresses (BYO IP included) with your server's
+    #   endpoint and use VPC security groups to restrict traffic by the
+    #   client's public IP address. This is not possible with
+    #   `EndpointType` set to `VPC_ENDPOINT`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] host_key
-    #   The RSA private key as generated by `ssh-keygen -N "" -f
+    #   The RSA private key as generated by `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key`.
     #
     #   If you aren't planning to migrate existing users from an existing
@@ -1530,12 +1707,12 @@ module Aws::Transfer
     #   the host key. Accidentally changing a server's host key can be
     #   disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS
-    #   Transfer Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_details
@@ -1561,6 +1738,23 @@ module Aws::Transfer
     #     encryption
     #
     #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your server
+    #   when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the
+    #   `EndpointType` must be `VPC` and the `IdentityProviderType` must be
+    #   `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
+    #   to `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
     #   @return [Array<String>]
     #
     # @!attribute [rw] server_id
@@ -1580,6 +1774,7 @@ module Aws::Transfer
       :logging_role,
       :protocols,
       :server_id)
+      SENSITIVE = [:host_key]
       include Aws::Structure
     end
 
@@ -1592,6 +1787,7 @@ module Aws::Transfer
     #
     class UpdateServerResponse < Struct.new(
       :server_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1637,8 +1833,8 @@ module Aws::Transfer
     #   visible. You will need to specify the "`Entry`" and "`Target`"
     #   pair, where `Entry` shows how the path is made visible and `Target`
     #   is the actual Amazon S3 path. If you only specify a target, it will
-    #   be displayed as is. You will need to also make sure that your AWS
-    #   IAM Role provides access to paths in `Target`. The following is an
+    #   be displayed as is. You will need to also make sure that your IAM
+    #   role provides access to paths in `Target`. The following is an
     #   example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry":
@@ -1664,19 +1860,18 @@ module Aws::Transfer
     #
     # @!attribute [rw] policy
     #   Allows you to supply a scope-down policy for your user so you can
-    #   use the same AWS Identity and Access Management (IAM) role across
-    #   multiple users. The policy scopes down user access to portions of
-    #   your Amazon S3 bucket. Variables you can use inside this policy
-    #   include `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
-    #   `$\{Transfer:HomeBucket\}`.
+    #   use the same IAM role across multiple users. The policy scopes down
+    #   user access to portions of your Amazon S3 bucket. Variables you can
+    #   use inside this policy include `$\{Transfer:UserName\}`,
+    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
     #
     #   <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
     #   JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.
@@ -1724,6 +1919,7 @@ module Aws::Transfer
       :role,
       :server_id,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1747,6 +1943,7 @@ module Aws::Transfer
     class UpdateUserResponse < Struct.new(
       :server_id,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end