aws-sdk-transfer 1.19.0 → 1.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -25,14 +27,18 @@ module Aws::Transfer
25
27
  DeleteServerRequest = Shapes::StructureShape.new(name: 'DeleteServerRequest')
26
28
  DeleteSshPublicKeyRequest = Shapes::StructureShape.new(name: 'DeleteSshPublicKeyRequest')
27
29
  DeleteUserRequest = Shapes::StructureShape.new(name: 'DeleteUserRequest')
30
+ DescribeSecurityPolicyRequest = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyRequest')
31
+ DescribeSecurityPolicyResponse = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyResponse')
28
32
  DescribeServerRequest = Shapes::StructureShape.new(name: 'DescribeServerRequest')
29
33
  DescribeServerResponse = Shapes::StructureShape.new(name: 'DescribeServerResponse')
30
34
  DescribeUserRequest = Shapes::StructureShape.new(name: 'DescribeUserRequest')
31
35
  DescribeUserResponse = Shapes::StructureShape.new(name: 'DescribeUserResponse')
36
+ DescribedSecurityPolicy = Shapes::StructureShape.new(name: 'DescribedSecurityPolicy')
32
37
  DescribedServer = Shapes::StructureShape.new(name: 'DescribedServer')
33
38
  DescribedUser = Shapes::StructureShape.new(name: 'DescribedUser')
34
39
  EndpointDetails = Shapes::StructureShape.new(name: 'EndpointDetails')
35
40
  EndpointType = Shapes::StringShape.new(name: 'EndpointType')
41
+ Fips = Shapes::BooleanShape.new(name: 'Fips')
36
42
  HomeDirectory = Shapes::StringShape.new(name: 'HomeDirectory')
37
43
  HomeDirectoryMapEntry = Shapes::StructureShape.new(name: 'HomeDirectoryMapEntry')
38
44
  HomeDirectoryMappings = Shapes::ListShape.new(name: 'HomeDirectoryMappings')
@@ -46,6 +52,8 @@ module Aws::Transfer
46
52
  InternalServiceError = Shapes::StructureShape.new(name: 'InternalServiceError')
47
53
  InvalidNextTokenException = Shapes::StructureShape.new(name: 'InvalidNextTokenException')
48
54
  InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
55
+ ListSecurityPoliciesRequest = Shapes::StructureShape.new(name: 'ListSecurityPoliciesRequest')
56
+ ListSecurityPoliciesResponse = Shapes::StructureShape.new(name: 'ListSecurityPoliciesResponse')
49
57
  ListServersRequest = Shapes::StructureShape.new(name: 'ListServersRequest')
50
58
  ListServersResponse = Shapes::StructureShape.new(name: 'ListServersResponse')
51
59
  ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
@@ -72,9 +80,14 @@ module Aws::Transfer
72
80
  Response = Shapes::StringShape.new(name: 'Response')
73
81
  RetryAfterSeconds = Shapes::StringShape.new(name: 'RetryAfterSeconds')
74
82
  Role = Shapes::StringShape.new(name: 'Role')
83
+ SecurityPolicyName = Shapes::StringShape.new(name: 'SecurityPolicyName')
84
+ SecurityPolicyNames = Shapes::ListShape.new(name: 'SecurityPolicyNames')
85
+ SecurityPolicyOption = Shapes::StringShape.new(name: 'SecurityPolicyOption')
86
+ SecurityPolicyOptions = Shapes::ListShape.new(name: 'SecurityPolicyOptions')
75
87
  ServerId = Shapes::StringShape.new(name: 'ServerId')
76
88
  ServiceErrorMessage = Shapes::StringShape.new(name: 'ServiceErrorMessage')
77
89
  ServiceUnavailableException = Shapes::StructureShape.new(name: 'ServiceUnavailableException')
90
+ SourceIp = Shapes::StringShape.new(name: 'SourceIp')
78
91
  SshPublicKey = Shapes::StructureShape.new(name: 'SshPublicKey')
79
92
  SshPublicKeyBody = Shapes::StringShape.new(name: 'SshPublicKeyBody')
80
93
  SshPublicKeyCount = Shapes::IntegerShape.new(name: 'SshPublicKeyCount')
@@ -123,6 +136,7 @@ module Aws::Transfer
123
136
  CreateServerRequest.add_member(:identity_provider_type, Shapes::ShapeRef.new(shape: IdentityProviderType, location_name: "IdentityProviderType"))
124
137
  CreateServerRequest.add_member(:logging_role, Shapes::ShapeRef.new(shape: Role, location_name: "LoggingRole"))
125
138
  CreateServerRequest.add_member(:protocols, Shapes::ShapeRef.new(shape: Protocols, location_name: "Protocols"))
139
+ CreateServerRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, location_name: "SecurityPolicyName"))
126
140
  CreateServerRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
127
141
  CreateServerRequest.struct_class = Types::CreateServerRequest
128
142
 
@@ -156,6 +170,12 @@ module Aws::Transfer
156
170
  DeleteUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
157
171
  DeleteUserRequest.struct_class = Types::DeleteUserRequest
158
172
 
173
+ DescribeSecurityPolicyRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
174
+ DescribeSecurityPolicyRequest.struct_class = Types::DescribeSecurityPolicyRequest
175
+
176
+ DescribeSecurityPolicyResponse.add_member(:security_policy, Shapes::ShapeRef.new(shape: DescribedSecurityPolicy, required: true, location_name: "SecurityPolicy"))
177
+ DescribeSecurityPolicyResponse.struct_class = Types::DescribeSecurityPolicyResponse
178
+
159
179
  DescribeServerRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
160
180
  DescribeServerRequest.struct_class = Types::DescribeServerRequest
161
181
 
@@ -170,6 +190,14 @@ module Aws::Transfer
170
190
  DescribeUserResponse.add_member(:user, Shapes::ShapeRef.new(shape: DescribedUser, required: true, location_name: "User"))
171
191
  DescribeUserResponse.struct_class = Types::DescribeUserResponse
172
192
 
193
+ DescribedSecurityPolicy.add_member(:fips, Shapes::ShapeRef.new(shape: Fips, location_name: "Fips"))
194
+ DescribedSecurityPolicy.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
195
+ DescribedSecurityPolicy.add_member(:ssh_ciphers, Shapes::ShapeRef.new(shape: SecurityPolicyOptions, location_name: "SshCiphers"))
196
+ DescribedSecurityPolicy.add_member(:ssh_kexs, Shapes::ShapeRef.new(shape: SecurityPolicyOptions, location_name: "SshKexs"))
197
+ DescribedSecurityPolicy.add_member(:ssh_macs, Shapes::ShapeRef.new(shape: SecurityPolicyOptions, location_name: "SshMacs"))
198
+ DescribedSecurityPolicy.add_member(:tls_ciphers, Shapes::ShapeRef.new(shape: SecurityPolicyOptions, location_name: "TlsCiphers"))
199
+ DescribedSecurityPolicy.struct_class = Types::DescribedSecurityPolicy
200
+
173
201
  DescribedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
174
202
  DescribedServer.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
175
203
  DescribedServer.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
@@ -179,6 +207,7 @@ module Aws::Transfer
179
207
  DescribedServer.add_member(:identity_provider_type, Shapes::ShapeRef.new(shape: IdentityProviderType, location_name: "IdentityProviderType"))
180
208
  DescribedServer.add_member(:logging_role, Shapes::ShapeRef.new(shape: Role, location_name: "LoggingRole"))
181
209
  DescribedServer.add_member(:protocols, Shapes::ShapeRef.new(shape: Protocols, location_name: "Protocols"))
210
+ DescribedServer.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, location_name: "SecurityPolicyName"))
182
211
  DescribedServer.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, location_name: "ServerId"))
183
212
  DescribedServer.add_member(:state, Shapes::ShapeRef.new(shape: State, location_name: "State"))
184
213
  DescribedServer.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
@@ -231,6 +260,14 @@ module Aws::Transfer
231
260
  InvalidRequestException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
232
261
  InvalidRequestException.struct_class = Types::InvalidRequestException
233
262
 
263
+ ListSecurityPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
264
+ ListSecurityPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
265
+ ListSecurityPoliciesRequest.struct_class = Types::ListSecurityPoliciesRequest
266
+
267
+ ListSecurityPoliciesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
268
+ ListSecurityPoliciesResponse.add_member(:security_policy_names, Shapes::ShapeRef.new(shape: SecurityPolicyNames, required: true, location_name: "SecurityPolicyNames"))
269
+ ListSecurityPoliciesResponse.struct_class = Types::ListSecurityPoliciesResponse
270
+
234
271
  ListServersRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
235
272
  ListServersRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
236
273
  ListServersRequest.struct_class = Types::ListServersRequest
@@ -292,6 +329,10 @@ module Aws::Transfer
292
329
  ResourceNotFoundException.add_member(:resource_type, Shapes::ShapeRef.new(shape: ResourceType, required: true, location_name: "ResourceType"))
293
330
  ResourceNotFoundException.struct_class = Types::ResourceNotFoundException
294
331
 
332
+ SecurityPolicyNames.member = Shapes::ShapeRef.new(shape: SecurityPolicyName)
333
+
334
+ SecurityPolicyOptions.member = Shapes::ShapeRef.new(shape: SecurityPolicyOption)
335
+
295
336
  ServiceUnavailableException.add_member(:message, Shapes::ShapeRef.new(shape: ServiceErrorMessage, location_name: "Message"))
296
337
  ServiceUnavailableException.struct_class = Types::ServiceUnavailableException
297
338
 
@@ -323,9 +364,10 @@ module Aws::Transfer
323
364
  Tags.member = Shapes::ShapeRef.new(shape: Tag)
324
365
 
325
366
  TestIdentityProviderRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
367
+ TestIdentityProviderRequest.add_member(:server_protocol, Shapes::ShapeRef.new(shape: Protocol, location_name: "ServerProtocol"))
368
+ TestIdentityProviderRequest.add_member(:source_ip, Shapes::ShapeRef.new(shape: SourceIp, location_name: "SourceIp"))
326
369
  TestIdentityProviderRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
327
370
  TestIdentityProviderRequest.add_member(:user_password, Shapes::ShapeRef.new(shape: UserPassword, location_name: "UserPassword"))
328
- TestIdentityProviderRequest.add_member(:server_protocol, Shapes::ShapeRef.new(shape: Protocol, location_name: "ServerProtocol"))
329
371
  TestIdentityProviderRequest.struct_class = Types::TestIdentityProviderRequest
330
372
 
331
373
  TestIdentityProviderResponse.add_member(:response, Shapes::ShapeRef.new(shape: Response, location_name: "Response"))
@@ -348,6 +390,7 @@ module Aws::Transfer
348
390
  UpdateServerRequest.add_member(:identity_provider_details, Shapes::ShapeRef.new(shape: IdentityProviderDetails, location_name: "IdentityProviderDetails"))
349
391
  UpdateServerRequest.add_member(:logging_role, Shapes::ShapeRef.new(shape: NullableRole, location_name: "LoggingRole"))
350
392
  UpdateServerRequest.add_member(:protocols, Shapes::ShapeRef.new(shape: Protocols, location_name: "Protocols"))
393
+ UpdateServerRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, location_name: "SecurityPolicyName"))
351
394
  UpdateServerRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
352
395
  UpdateServerRequest.struct_class = Types::UpdateServerRequest
353
396
 
@@ -452,6 +495,18 @@ module Aws::Transfer
452
495
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
453
496
  end)
454
497
 
498
+ api.add_operation(:describe_security_policy, Seahorse::Model::Operation.new.tap do |o|
499
+ o.name = "DescribeSecurityPolicy"
500
+ o.http_method = "POST"
501
+ o.http_request_uri = "/"
502
+ o.input = Shapes::ShapeRef.new(shape: DescribeSecurityPolicyRequest)
503
+ o.output = Shapes::ShapeRef.new(shape: DescribeSecurityPolicyResponse)
504
+ o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
505
+ o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
506
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
507
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
508
+ end)
509
+
455
510
  api.add_operation(:describe_server, Seahorse::Model::Operation.new.tap do |o|
456
511
  o.name = "DescribeServer"
457
512
  o.http_method = "POST"
@@ -490,6 +545,24 @@ module Aws::Transfer
490
545
  o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
491
546
  end)
492
547
 
548
+ api.add_operation(:list_security_policies, Seahorse::Model::Operation.new.tap do |o|
549
+ o.name = "ListSecurityPolicies"
550
+ o.http_method = "POST"
551
+ o.http_request_uri = "/"
552
+ o.input = Shapes::ShapeRef.new(shape: ListSecurityPoliciesRequest)
553
+ o.output = Shapes::ShapeRef.new(shape: ListSecurityPoliciesResponse)
554
+ o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
555
+ o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
556
+ o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
557
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
558
+ o[:pager] = Aws::Pager.new(
559
+ limit_key: "max_results",
560
+ tokens: {
561
+ "next_token" => "next_token"
562
+ }
563
+ )
564
+ end)
565
+
493
566
  api.add_operation(:list_servers, Seahorse::Model::Operation.new.tap do |o|
494
567
  o.name = "ListServers"
495
568
  o.http_method = "POST"
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -17,6 +19,7 @@ module Aws::Transfer
17
19
  #
18
20
  class AccessDeniedException < Struct.new(
19
21
  :message)
22
+ SENSITIVE = []
20
23
  include Aws::Structure
21
24
  end
22
25
 
@@ -31,6 +34,7 @@ module Aws::Transfer
31
34
  #
32
35
  class ConflictException < Struct.new(
33
36
  :message)
37
+ SENSITIVE = []
34
38
  include Aws::Structure
35
39
  end
36
40
 
@@ -54,6 +58,7 @@ module Aws::Transfer
54
58
  # identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY
55
59
  # logging_role: "Role",
56
60
  # protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
61
+ # security_policy_name: "SecurityPolicyName",
57
62
  # tags: [
58
63
  # {
59
64
  # key: "TagKey", # required
@@ -65,6 +70,41 @@ module Aws::Transfer
65
70
  # @!attribute [rw] certificate
66
71
  # The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
67
72
  # certificate. Required when `Protocols` is set to `FTPS`.
73
+ #
74
+ # To request a new public certificate, see [Request a public
75
+ # certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
76
+ #
77
+ # To import an existing certificate into ACM, see [Importing
78
+ # certificates into ACM][2] in the <i> AWS Certificate Manager User
79
+ # Guide</i>.
80
+ #
81
+ # To request a private certificate to use FTPS through private IP
82
+ # addresses, see [Request a private certificate][3] in the <i> AWS
83
+ # Certificate Manager User Guide</i>.
84
+ #
85
+ # Certificates with the following cryptographic algorithms and key
86
+ # sizes are supported:
87
+ #
88
+ # * 2048-bit RSA (RSA\_2048)
89
+ #
90
+ # * 4096-bit RSA (RSA\_4096)
91
+ #
92
+ # * Elliptic Prime Curve 256 bit (EC\_prime256v1)
93
+ #
94
+ # * Elliptic Prime Curve 384 bit (EC\_secp384r1)
95
+ #
96
+ # * Elliptic Prime Curve 521 bit (EC\_secp521r1)
97
+ #
98
+ # <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
99
+ # with FQDN or IP address specified and information about the issuer.
100
+ #
101
+ # </note>
102
+ #
103
+ #
104
+ #
105
+ # [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
106
+ # [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
107
+ # [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
68
108
  # @return [String]
69
109
  #
70
110
  # @!attribute [rw] endpoint_details
@@ -79,25 +119,33 @@ module Aws::Transfer
79
119
  # @!attribute [rw] endpoint_type
80
120
  # The type of VPC endpoint that you want your file transfer
81
121
  # protocol-enabled server to connect to. You can choose to connect to
82
- # the public internet or a virtual private cloud (VPC) endpoint. With
83
- # a VPC endpoint, you can restrict access to your server and resources
84
- # only within your VPC.
122
+ # the public internet or a VPC endpoint. With a VPC endpoint, you can
123
+ # restrict access to your server and resources only within your VPC.
124
+ #
125
+ # <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With
126
+ # this endpoint type, you have the option to directly associate up to
127
+ # three Elastic IPv4 addresses (BYO IP included) with your server's
128
+ # endpoint and use VPC security groups to restrict traffic by the
129
+ # client's public IP address. This is not possible with
130
+ # `EndpointType` set to `VPC_ENDPOINT`.
131
+ #
132
+ # </note>
85
133
  # @return [String]
86
134
  #
87
135
  # @!attribute [rw] host_key
88
- # The RSA private key as generated by the `ssh-keygen -N "" -f
136
+ # The RSA private key as generated by the `ssh-keygen -N "" -m PEM -f
89
137
  # my-new-server-key` command.
90
138
  #
91
139
  # If you aren't planning to migrate existing users from an existing
92
140
  # SFTP-enabled server to a new server, don't update the host key.
93
141
  # Accidentally changing a server's host key can be disruptive.
94
142
  #
95
- # For more information, see [Changing the Host Key for Your AWS
96
- # Transfer Family Server][1] in the *AWS Transfer Family User Guide*.
143
+ # For more information, see [Change the host key for your SFTP-enabled
144
+ # server][1] in the *AWS Transfer Family User Guide*.
97
145
  #
98
146
  #
99
147
  #
100
- # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
148
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
101
149
  # @return [String]
102
150
  #
103
151
  # @!attribute [rw] identity_provider_details
@@ -128,15 +176,38 @@ module Aws::Transfer
128
176
  # file transfer protocol client can connect to your server's
129
177
  # endpoint. The available protocols are:
130
178
  #
131
- # * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer
179
+ # * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
132
180
  # over SSH
133
181
  #
134
- # * File Transfer Protocol Secure (FTPS): File transfer with TLS
182
+ # * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
135
183
  # encryption
136
184
  #
137
- # * File Transfer Protocol (FTP): Unencrypted file transfer
185
+ # * `FTP` (File Transfer Protocol): Unencrypted file transfer
186
+ #
187
+ # <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
188
+ # Certificate Manager (ACM) which will be used to identify your file
189
+ # transfer protocol-enabled server when clients connect to it over
190
+ # FTPS.
191
+ #
192
+ # If `Protocol` includes either `FTP` or `FTPS`, then the
193
+ # `EndpointType` must be `VPC` and the `IdentityProviderType` must be
194
+ # `API_GATEWAY`.
195
+ #
196
+ # If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
197
+ # associated.
198
+ #
199
+ # If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
200
+ # to `PUBLIC` and the `IdentityProviderType` can be set to
201
+ # `SERVICE_MANAGED`.
202
+ #
203
+ # </note>
138
204
  # @return [Array<String>]
139
205
  #
206
+ # @!attribute [rw] security_policy_name
207
+ # Specifies the name of the security policy that is attached to the
208
+ # server.
209
+ # @return [String]
210
+ #
140
211
  # @!attribute [rw] tags
141
212
  # Key-value pairs that can be used to group and search for file
142
213
  # transfer protocol-enabled servers.
@@ -153,7 +224,9 @@ module Aws::Transfer
153
224
  :identity_provider_type,
154
225
  :logging_role,
155
226
  :protocols,
227
+ :security_policy_name,
156
228
  :tags)
229
+ SENSITIVE = [:host_key]
157
230
  include Aws::Structure
158
231
  end
159
232
 
@@ -166,6 +239,7 @@ module Aws::Transfer
166
239
  #
167
240
  class CreateServerResponse < Struct.new(
168
241
  :server_id)
242
+ SENSITIVE = []
169
243
  include Aws::Structure
170
244
  end
171
245
 
@@ -198,7 +272,8 @@ module Aws::Transfer
198
272
  # The landing directory (folder) for a user when they log in to the
199
273
  # file transfer protocol-enabled server using the client.
200
274
  #
201
- # An example is `your-Amazon-S3-bucket-name>/home/username`.
275
+ # An example is <i>
276
+ # <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
202
277
  # @return [String]
203
278
  #
204
279
  # @!attribute [rw] home_directory_type
@@ -217,8 +292,8 @@ module Aws::Transfer
217
292
  # visible. You will need to specify the "`Entry`" and "`Target`"
218
293
  # pair, where `Entry` shows how the path is made visible and `Target`
219
294
  # is the actual Amazon S3 path. If you only specify a target, it will
220
- # be displayed as is. You will need to also make sure that your AWS
221
- # IAM Role provides access to paths in `Target`. The following is an
295
+ # be displayed as is. You will need to also make sure that your IAM
296
+ # role provides access to paths in `Target`. The following is an
222
297
  # example.
223
298
  #
224
299
  # `'[ "/bucket2/documentation", \{ "Entry":
@@ -232,7 +307,7 @@ module Aws::Transfer
232
307
  #
233
308
  # <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
234
309
  # S3, the entry will be ignored. As a workaround, you can use the
235
- # Amazon S3 api to create 0 byte objects as place holders for your
310
+ # Amazon S3 API to create 0 byte objects as place holders for your
236
311
  # directory. If using the CLI, use the `s3api` call instead of `s3` so
237
312
  # you can use the put-object operation. For example, you use the
238
313
  # following: `aws s3api put-object --bucket bucketname --key
@@ -254,8 +329,8 @@ module Aws::Transfer
254
329
  # You save the policy as a JSON blob and pass it in the `Policy`
255
330
  # argument.
256
331
  #
257
- # For an example of a scope-down policy, see [Creating a Scope-Down
258
- # Policy][1].
332
+ # For an example of a scope-down policy, see [Creating a scope-down
333
+ # policy][1].
259
334
  #
260
335
  # For more information, see [AssumeRole][2] in the *AWS Security Token
261
336
  # Service API Reference*.
@@ -297,9 +372,10 @@ module Aws::Transfer
297
372
  # @!attribute [rw] user_name
298
373
  # A unique string that identifies a user and is associated with a file
299
374
  # transfer protocol-enabled server as specified by the `ServerId`.
300
- # This user name must be a minimum of 3 and a maximum of 32 characters
301
- # long. The following are valid characters: a-z, A-Z, 0-9, underscore,
302
- # and hyphen. The user name can't start with a hyphen.
375
+ # This user name must be a minimum of 3 and a maximum of 100
376
+ # characters long. The following are valid characters: a-z, A-Z, 0-9,
377
+ # underscore '\_', hyphen '-', period '.', and at sign '@'.
378
+ # The user name can't start with a hyphen, period, and at sign.
303
379
  # @return [String]
304
380
  #
305
381
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateUserRequest AWS API Documentation
@@ -314,6 +390,7 @@ module Aws::Transfer
314
390
  :ssh_public_key_body,
315
391
  :tags,
316
392
  :user_name)
393
+ SENSITIVE = []
317
394
  include Aws::Structure
318
395
  end
319
396
 
@@ -332,6 +409,7 @@ module Aws::Transfer
332
409
  class CreateUserResponse < Struct.new(
333
410
  :server_id,
334
411
  :user_name)
412
+ SENSITIVE = []
335
413
  include Aws::Structure
336
414
  end
337
415
 
@@ -351,6 +429,7 @@ module Aws::Transfer
351
429
  #
352
430
  class DeleteServerRequest < Struct.new(
353
431
  :server_id)
432
+ SENSITIVE = []
354
433
  include Aws::Structure
355
434
  end
356
435
 
@@ -383,6 +462,7 @@ module Aws::Transfer
383
462
  :server_id,
384
463
  :ssh_public_key_id,
385
464
  :user_name)
465
+ SENSITIVE = []
386
466
  include Aws::Structure
387
467
  end
388
468
 
@@ -409,6 +489,39 @@ module Aws::Transfer
409
489
  class DeleteUserRequest < Struct.new(
410
490
  :server_id,
411
491
  :user_name)
492
+ SENSITIVE = []
493
+ include Aws::Structure
494
+ end
495
+
496
+ # @note When making an API call, you may pass DescribeSecurityPolicyRequest
497
+ # data as a hash:
498
+ #
499
+ # {
500
+ # security_policy_name: "SecurityPolicyName", # required
501
+ # }
502
+ #
503
+ # @!attribute [rw] security_policy_name
504
+ # Specifies the name of the security policy that is attached to the
505
+ # server.
506
+ # @return [String]
507
+ #
508
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeSecurityPolicyRequest AWS API Documentation
509
+ #
510
+ class DescribeSecurityPolicyRequest < Struct.new(
511
+ :security_policy_name)
512
+ SENSITIVE = []
513
+ include Aws::Structure
514
+ end
515
+
516
+ # @!attribute [rw] security_policy
517
+ # An array containing the properties of the security policy.
518
+ # @return [Types::DescribedSecurityPolicy]
519
+ #
520
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeSecurityPolicyResponse AWS API Documentation
521
+ #
522
+ class DescribeSecurityPolicyResponse < Struct.new(
523
+ :security_policy)
524
+ SENSITIVE = []
412
525
  include Aws::Structure
413
526
  end
414
527
 
@@ -428,6 +541,7 @@ module Aws::Transfer
428
541
  #
429
542
  class DescribeServerRequest < Struct.new(
430
543
  :server_id)
544
+ SENSITIVE = []
431
545
  include Aws::Structure
432
546
  end
433
547
 
@@ -440,6 +554,7 @@ module Aws::Transfer
440
554
  #
441
555
  class DescribeServerResponse < Struct.new(
442
556
  :server)
557
+ SENSITIVE = []
443
558
  include Aws::Structure
444
559
  end
445
560
 
@@ -468,6 +583,7 @@ module Aws::Transfer
468
583
  class DescribeUserRequest < Struct.new(
469
584
  :server_id,
470
585
  :user_name)
586
+ SENSITIVE = []
471
587
  include Aws::Structure
472
588
  end
473
589
 
@@ -486,40 +602,92 @@ module Aws::Transfer
486
602
  class DescribeUserResponse < Struct.new(
487
603
  :server_id,
488
604
  :user)
605
+ SENSITIVE = []
606
+ include Aws::Structure
607
+ end
608
+
609
+ # Describes the properties of a security policy that was specified. For
610
+ # more information about security policies, see [Working with security
611
+ # policies][1].
612
+ #
613
+ #
614
+ #
615
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html
616
+ #
617
+ # @!attribute [rw] fips
618
+ # Specifies whether this policy enables Federal Information Processing
619
+ # Standards (FIPS).
620
+ # @return [Boolean]
621
+ #
622
+ # @!attribute [rw] security_policy_name
623
+ # Specifies the name of the security policy that is attached to the
624
+ # server.
625
+ # @return [String]
626
+ #
627
+ # @!attribute [rw] ssh_ciphers
628
+ # Specifies the enabled Secure Shell (SSH) cipher encryption
629
+ # algorithms in the security policy that is attached to the server.
630
+ # @return [Array<String>]
631
+ #
632
+ # @!attribute [rw] ssh_kexs
633
+ # Specifies the enabled SSH key exchange (KEX) encryption algorithms
634
+ # in the security policy that is attached to the server.
635
+ # @return [Array<String>]
636
+ #
637
+ # @!attribute [rw] ssh_macs
638
+ # Specifies the enabled SSH message authentication code (MAC)
639
+ # encryption algorithms in the security policy that is attached to the
640
+ # server.
641
+ # @return [Array<String>]
642
+ #
643
+ # @!attribute [rw] tls_ciphers
644
+ # Specifies the enabled Transport Layer Security (TLS) cipher
645
+ # encryption algorithms in the security policy that is attached to the
646
+ # server.
647
+ # @return [Array<String>]
648
+ #
649
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedSecurityPolicy AWS API Documentation
650
+ #
651
+ class DescribedSecurityPolicy < Struct.new(
652
+ :fips,
653
+ :security_policy_name,
654
+ :ssh_ciphers,
655
+ :ssh_kexs,
656
+ :ssh_macs,
657
+ :tls_ciphers)
658
+ SENSITIVE = []
489
659
  include Aws::Structure
490
660
  end
491
661
 
492
662
  # Describes the properties of a file transfer protocol-enabled server
493
- # that was specified. Information returned includes the following: the
494
- # server Amazon Resource Name (ARN), the authentication configuration
495
- # and type, the logging role, the server ID and state, and assigned tags
496
- # or metadata.
663
+ # that was specified.
497
664
  #
498
665
  # @!attribute [rw] arn
499
- # Specifies the unique Amazon Resource Name (ARN) for a file transfer
500
- # protocol-enabled server to be described.
666
+ # Specifies the unique Amazon Resource Name (ARN) of the file transfer
667
+ # protocol-enabled server.
501
668
  # @return [String]
502
669
  #
503
670
  # @!attribute [rw] certificate
504
- # The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
505
- # certificate. Required when `Protocols` is set to `FTPS`.
671
+ # Specifies the ARN of the AWS Certificate Manager (ACM) certificate.
672
+ # Required when `Protocols` is set to `FTPS`.
506
673
  # @return [String]
507
674
  #
508
675
  # @!attribute [rw] endpoint_details
509
- # The virtual private cloud (VPC) endpoint settings that you
676
+ # Specifies the virtual private cloud (VPC) endpoint settings that you
510
677
  # configured for your file transfer protocol-enabled server.
511
678
  # @return [Types::EndpointDetails]
512
679
  #
513
680
  # @!attribute [rw] endpoint_type
514
- # The type of endpoint that your file transfer protocol-enabled server
515
- # is connected to. If your server is connected to a VPC endpoint, your
516
- # server isn't accessible over the public internet.
681
+ # Defines the type of endpoint that your file transfer
682
+ # protocol-enabled server is connected to. If your server is connected
683
+ # to a VPC endpoint, your server isn't accessible over the public
684
+ # internet.
517
685
  # @return [String]
518
686
  #
519
687
  # @!attribute [rw] host_key_fingerprint
520
- # Contains the message-digest algorithm (MD5) hash of a file transfer
521
- # protocol-enabled server's host key. This value is equivalent to the
522
- # output of the `ssh-keygen -l -E md5 -f my-new-server-key` command.
688
+ # Specifies the Base64-encoded SHA256 fingerprint of the server's
689
+ # host key. This value is equivalent to the output of the `ssh-keygen
690
+ # -l -f my-new-server-key` command.
523
691
  # @return [String]
524
692
  #
525
693
  # @!attribute [rw] identity_provider_details
@@ -529,19 +697,19 @@ module Aws::Transfer
529
697
  # @return [Types::IdentityProviderDetails]
530
698
  #
531
699
  # @!attribute [rw] identity_provider_type
532
- # Defines the mode of authentication method enabled for this service.
533
- # A value of `SERVICE_MANAGED` means that you are using this file
534
- # transfer protocol-enabled server to store and access user
700
+ # Specifies the mode of authentication method enabled for this
701
+ # service. A value of `SERVICE_MANAGED` means that you are using this
702
+ # file transfer protocol-enabled server to store and access user
535
703
  # credentials within the service. A value of `API_GATEWAY` indicates
536
704
  # that you have integrated an API Gateway endpoint that will be
537
705
  # invoked for authenticating your user into the service.
538
706
  # @return [String]
539
707
  #
540
708
  # @!attribute [rw] logging_role
541
- # An AWS Identity and Access Management (IAM) entity that allows a
542
- # file transfer protocol-enabled server to turn on Amazon CloudWatch
543
- # logging for Amazon S3 events. When set, user activity can be viewed
544
- # in your CloudWatch logs.
709
+ # Specifies the AWS Identity and Access Management (IAM) role that
710
+ # allows a file transfer protocol-enabled server to turn on Amazon
711
+ # CloudWatch logging for Amazon S3 events. When set, user activity can
712
+ # be viewed in your CloudWatch logs.
545
713
  # @return [String]
546
714
  #
547
715
  # @!attribute [rw] protocols
@@ -549,25 +717,30 @@ module Aws::Transfer
549
717
  # file transfer protocol client can connect to your server's
550
718
  # endpoint. The available protocols are:
551
719
  #
552
- # * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer
720
+ # * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
553
721
  # over SSH
554
722
  #
555
- # * File Transfer Protocol Secure (FTPS): File transfer with TLS
723
+ # * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
556
724
  # encryption
557
725
  #
558
- # * File Transfer Protocol (FTP): Unencrypted file transfer
726
+ # * `FTP` (File Transfer Protocol): Unencrypted file transfer
559
727
  # @return [Array<String>]
560
728
  #
729
+ # @!attribute [rw] security_policy_name
730
+ # Specifies the name of the security policy that is attached to the
731
+ # server.
732
+ # @return [String]
733
+ #
561
734
  # @!attribute [rw] server_id
562
- # Unique system-assigned identifier for a file transfer
735
+ # Specifies the unique system-assigned identifier for a file transfer
563
736
  # protocol-enabled server that you instantiate.
564
737
  # @return [String]
565
738
  #
566
739
  # @!attribute [rw] state
567
- # The condition of a file transfer protocol-enabled server for the
568
- # server that was described. A value of `ONLINE` indicates that the
569
- # server can accept jobs and transfer files. A `State` value of
570
- # `OFFLINE` means that the server cannot perform file transfer
740
+ # Specifies the condition of a file transfer protocol-enabled server
741
+ # for the server that was described. A value of `ONLINE` indicates
742
+ # that the server can accept jobs and transfer files. A `State` value
743
+ # of `OFFLINE` means that the server cannot perform file transfer
571
744
  # operations.
572
745
  #
573
746
  # The states of `STARTING` and `STOPPING` indicate that the server is
@@ -577,13 +750,13 @@ module Aws::Transfer
577
750
  # @return [String]
578
751
  #
579
752
  # @!attribute [rw] tags
580
- # Contains the key-value pairs that you can use to search for and
753
+ # Specifies the key-value pairs that you can use to search for and
581
754
  # group file transfer protocol-enabled servers that were assigned to
582
755
  # the server that was described.
583
756
  # @return [Array<Types::Tag>]
584
757
  #
585
758
  # @!attribute [rw] user_count
586
- # The number of users that are assigned to a file transfer
759
+ # Specifies the number of users that are assigned to a file transfer
587
760
  # protocol-enabled server you specified with the `ServerId`.
588
761
  # @return [Integer]
589
762
  #
@@ -599,35 +772,38 @@ module Aws::Transfer
599
772
  :identity_provider_type,
600
773
  :logging_role,
601
774
  :protocols,
775
+ :security_policy_name,
602
776
  :server_id,
603
777
  :state,
604
778
  :tags,
605
779
  :user_count)
780
+ SENSITIVE = []
606
781
  include Aws::Structure
607
782
  end
608
783
 
609
- # Returns properties of the user that you want to describe.
784
+ # Describes the properties of a user that was specified.
610
785
  #
611
786
  # @!attribute [rw] arn
612
- # Contains the unique Amazon Resource Name (ARN) for the user that was
613
- # requested to be described.
787
+ # Specifies the unique Amazon Resource Name (ARN) for the user that
788
+ # was requested to be described.
614
789
  # @return [String]
615
790
  #
616
791
  # @!attribute [rw] home_directory
617
792
  # Specifies the landing directory (or folder), which is the location
618
- # that files are written to or read from in an Amazon S3 bucket for
619
- # the described user. An example is `/your s3 bucket
620
- # name/home/username `.
793
+ # that files are written to or read from in an Amazon S3 bucket, for
794
+ # the described user. An example is <i>
795
+ # <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
621
796
  # @return [String]
622
797
  #
623
798
  # @!attribute [rw] home_directory_mappings
624
- # Logical directory mappings that you specified for what Amazon S3
799
+ # Specifies the logical directory mappings that specify what Amazon S3
625
800
  # paths and keys should be visible to your user and how you want to
626
801
  # make them visible. You will need to specify the "`Entry`" and
627
802
  # "`Target`" pair, where `Entry` shows how the path is made visible
628
803
  # and `Target` is the actual Amazon S3 path. If you only specify a
629
804
  # target, it will be displayed as is. You will need to also make sure
630
- # that your AWS IAM Role provides access to paths in `Target`.
805
+ # that your AWS Identity and Access Management (IAM) role provides
806
+ # access to paths in `Target`.
631
807
  #
632
808
  # In most cases, you can use this value instead of the scope-down
633
809
  # policy to lock your user down to the designated home directory
@@ -636,13 +812,13 @@ module Aws::Transfer
636
812
  # @return [Array<Types::HomeDirectoryMapEntry>]
637
813
  #
638
814
  # @!attribute [rw] home_directory_type
639
- # The type of landing directory (folder) you mapped for your users to
640
- # see when they log into the file transfer protocol-enabled server. If
641
- # you set it to `PATH`, the user will see the absolute Amazon S3
642
- # bucket paths as is in their file transfer protocol clients. If you
643
- # set it `LOGICAL`, you will need to provide mappings in the
644
- # `HomeDirectoryMappings` for how you want to make Amazon S3 paths
645
- # visible to your users.
815
+ # Specifies the type of landing directory (folder) you mapped for your
816
+ # users to see when they log into the file transfer protocol-enabled
817
+ # server. If you set it to `PATH`, the user will see the absolute
818
+ # Amazon S3 bucket paths as is in their file transfer protocol
819
+ # clients. If you set it `LOGICAL`, you will need to provide mappings
820
+ # in the `HomeDirectoryMappings` for how you want to make Amazon S3
821
+ # paths visible to your users.
646
822
  # @return [String]
647
823
  #
648
824
  # @!attribute [rw] policy
@@ -660,20 +836,20 @@ module Aws::Transfer
660
836
  # @return [String]
661
837
  #
662
838
  # @!attribute [rw] ssh_public_keys
663
- # Contains the public key portion of the Secure Shell (SSH) keys
839
+ # Specifies the public key portion of the Secure Shell (SSH) keys
664
840
  # stored for the described user.
665
841
  # @return [Array<Types::SshPublicKey>]
666
842
  #
667
843
  # @!attribute [rw] tags
668
- # Contains the key-value pairs for the user requested. Tag can be used
669
- # to search for and group users for a variety of purposes.
844
+ # Specifies the key-value pairs for the user requested. Tag can be
845
+ # used to search for and group users for a variety of purposes.
670
846
  # @return [Array<Types::Tag>]
671
847
  #
672
848
  # @!attribute [rw] user_name
673
- # The name of the user that was requested to be described. User names
674
- # are used for authentication purposes. This is the string that will
675
- # be used by your user when they log in to your file transfer
676
- # protocol-enabled server.
849
+ # Specifies the name of the user that was requested to be described.
850
+ # User names are used for authentication purposes. This is the string
851
+ # that will be used by your user when they log in to your file
852
+ # transfer protocol-enabled server.
677
853
  # @return [String]
678
854
  #
679
855
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedUser AWS API Documentation
@@ -688,6 +864,7 @@ module Aws::Transfer
688
864
  :ssh_public_keys,
689
865
  :tags,
690
866
  :user_name)
867
+ SENSITIVE = []
691
868
  include Aws::Structure
692
869
  end
693
870
 
@@ -720,15 +897,28 @@ module Aws::Transfer
720
897
  # @!attribute [rw] subnet_ids
721
898
  # A list of subnet IDs that are required to host your file transfer
722
899
  # protocol-enabled server endpoint in your VPC.
900
+ #
901
+ # <note markdown="1"> This property can only be used when `EndpointType` is set to `VPC`.
902
+ #
903
+ # </note>
723
904
  # @return [Array<String>]
724
905
  #
725
906
  # @!attribute [rw] vpc_endpoint_id
726
907
  # The ID of the VPC endpoint.
908
+ #
909
+ # <note markdown="1"> This property can only be used when `EndpointType` is set to
910
+ # `VPC_ENDPOINT`.
911
+ #
912
+ # </note>
727
913
  # @return [String]
728
914
  #
729
915
  # @!attribute [rw] vpc_id
730
916
  # The VPC ID of the VPC in which a file transfer protocol-enabled
731
917
  # server's endpoint will be hosted.
918
+ #
919
+ # <note markdown="1"> This property can only be used when `EndpointType` is set to `VPC`.
920
+ #
921
+ # </note>
732
922
  # @return [String]
733
923
  #
734
924
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/EndpointDetails AWS API Documentation
@@ -738,10 +928,11 @@ module Aws::Transfer
738
928
  :subnet_ids,
739
929
  :vpc_endpoint_id,
740
930
  :vpc_id)
931
+ SENSITIVE = []
741
932
  include Aws::Structure
742
933
  end
743
934
 
744
- # Represents an object that contains entries and a targets for
935
+ # Represents an object that contains entries and targets for
745
936
  # `HomeDirectoryMappings`.
746
937
  #
747
938
  # @note When making an API call, you may pass HomeDirectoryMapEntry
@@ -765,6 +956,7 @@ module Aws::Transfer
765
956
  class HomeDirectoryMapEntry < Struct.new(
766
957
  :entry,
767
958
  :target)
959
+ SENSITIVE = []
768
960
  include Aws::Structure
769
961
  end
770
962
 
@@ -781,7 +973,7 @@ module Aws::Transfer
781
973
  # }
782
974
  #
783
975
  # @!attribute [rw] url
784
- # Contains the location of the service endpoint used to authenticate
976
+ # Provides the location of the service endpoint used to authenticate
785
977
  # users.
786
978
  # @return [String]
787
979
  #
@@ -795,6 +987,7 @@ module Aws::Transfer
795
987
  class IdentityProviderDetails < Struct.new(
796
988
  :url,
797
989
  :invocation_role)
990
+ SENSITIVE = []
798
991
  include Aws::Structure
799
992
  end
800
993
 
@@ -827,6 +1020,7 @@ module Aws::Transfer
827
1020
  :server_id,
828
1021
  :ssh_public_key_body,
829
1022
  :user_name)
1023
+ SENSITIVE = []
830
1024
  include Aws::Structure
831
1025
  end
832
1026
 
@@ -854,6 +1048,7 @@ module Aws::Transfer
854
1048
  :server_id,
855
1049
  :ssh_public_key_id,
856
1050
  :user_name)
1051
+ SENSITIVE = []
857
1052
  include Aws::Structure
858
1053
  end
859
1054
 
@@ -867,6 +1062,7 @@ module Aws::Transfer
867
1062
  #
868
1063
  class InternalServiceError < Struct.new(
869
1064
  :message)
1065
+ SENSITIVE = []
870
1066
  include Aws::Structure
871
1067
  end
872
1068
 
@@ -879,6 +1075,7 @@ module Aws::Transfer
879
1075
  #
880
1076
  class InvalidNextTokenException < Struct.new(
881
1077
  :message)
1078
+ SENSITIVE = []
882
1079
  include Aws::Structure
883
1080
  end
884
1081
 
@@ -891,6 +1088,56 @@ module Aws::Transfer
891
1088
  #
892
1089
  class InvalidRequestException < Struct.new(
893
1090
  :message)
1091
+ SENSITIVE = []
1092
+ include Aws::Structure
1093
+ end
1094
+
1095
+ # @note When making an API call, you may pass ListSecurityPoliciesRequest
1096
+ # data as a hash:
1097
+ #
1098
+ # {
1099
+ # max_results: 1,
1100
+ # next_token: "NextToken",
1101
+ # }
1102
+ #
1103
+ # @!attribute [rw] max_results
1104
+ # Specifies the number of security policies to return as a response to
1105
+ # the `ListSecurityPolicies` query.
1106
+ # @return [Integer]
1107
+ #
1108
+ # @!attribute [rw] next_token
1109
+ # When additional results are obtained from the `ListSecurityPolicies`
1110
+ # command, a `NextToken` parameter is returned in the output. You can
1111
+ # then pass the `NextToken` parameter in a subsequent command to
1112
+ # continue listing additional security policies.
1113
+ # @return [String]
1114
+ #
1115
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListSecurityPoliciesRequest AWS API Documentation
1116
+ #
1117
+ class ListSecurityPoliciesRequest < Struct.new(
1118
+ :max_results,
1119
+ :next_token)
1120
+ SENSITIVE = []
1121
+ include Aws::Structure
1122
+ end
1123
+
1124
+ # @!attribute [rw] next_token
1125
+ # When you can get additional results from the `ListSecurityPolicies`
1126
+ # operation, a `NextToken` parameter is returned in the output. In a
1127
+ # following command, you can pass in the `NextToken` parameter to
1128
+ # continue listing security policies.
1129
+ # @return [String]
1130
+ #
1131
+ # @!attribute [rw] security_policy_names
1132
+ # An array of security policies that were listed.
1133
+ # @return [Array<String>]
1134
+ #
1135
+ # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListSecurityPoliciesResponse AWS API Documentation
1136
+ #
1137
+ class ListSecurityPoliciesResponse < Struct.new(
1138
+ :next_token,
1139
+ :security_policy_names)
1140
+ SENSITIVE = []
894
1141
  include Aws::Structure
895
1142
  end
896
1143
 
@@ -908,7 +1155,7 @@ module Aws::Transfer
908
1155
  # @return [Integer]
909
1156
  #
910
1157
  # @!attribute [rw] next_token
911
- # When additional results are obtained from the`ListServers` command,
1158
+ # When additional results are obtained from the `ListServers` command,
912
1159
  # a `NextToken` parameter is returned in the output. You can then pass
913
1160
  # the `NextToken` parameter in a subsequent command to continue
914
1161
  # listing additional file transfer protocol-enabled servers.
@@ -919,6 +1166,7 @@ module Aws::Transfer
919
1166
  class ListServersRequest < Struct.new(
920
1167
  :max_results,
921
1168
  :next_token)
1169
+ SENSITIVE = []
922
1170
  include Aws::Structure
923
1171
  end
924
1172
 
@@ -938,6 +1186,7 @@ module Aws::Transfer
938
1186
  class ListServersResponse < Struct.new(
939
1187
  :next_token,
940
1188
  :servers)
1189
+ SENSITIVE = []
941
1190
  include Aws::Structure
942
1191
  end
943
1192
 
@@ -974,6 +1223,7 @@ module Aws::Transfer
974
1223
  :arn,
975
1224
  :max_results,
976
1225
  :next_token)
1226
+ SENSITIVE = []
977
1227
  include Aws::Structure
978
1228
  end
979
1229
 
@@ -1000,6 +1250,7 @@ module Aws::Transfer
1000
1250
  :arn,
1001
1251
  :next_token,
1002
1252
  :tags)
1253
+ SENSITIVE = []
1003
1254
  include Aws::Structure
1004
1255
  end
1005
1256
 
@@ -1035,6 +1286,7 @@ module Aws::Transfer
1035
1286
  :max_results,
1036
1287
  :next_token,
1037
1288
  :server_id)
1289
+ SENSITIVE = []
1038
1290
  include Aws::Structure
1039
1291
  end
1040
1292
 
@@ -1061,6 +1313,7 @@ module Aws::Transfer
1061
1313
  :next_token,
1062
1314
  :server_id,
1063
1315
  :users)
1316
+ SENSITIVE = []
1064
1317
  include Aws::Structure
1065
1318
  end
1066
1319
 
@@ -1068,37 +1321,38 @@ module Aws::Transfer
1068
1321
  # specified.
1069
1322
  #
1070
1323
  # @!attribute [rw] arn
1071
- # The unique Amazon Resource Name (ARN) for a file transfer
1324
+ # Specifies the unique Amazon Resource Name (ARN) for a file transfer
1072
1325
  # protocol-enabled server to be listed.
1073
1326
  # @return [String]
1074
1327
  #
1075
1328
  # @!attribute [rw] identity_provider_type
1076
- # The authentication method used to validate a user for a file
1077
- # transfer protocol-enabled server that was specified. This can
1329
+ # Specifies the authentication method used to validate a user for a
1330
+ # file transfer protocol-enabled server that was specified. This can
1078
1331
  # include Secure Shell (SSH), user name and password combinations, or
1079
1332
  # your own custom authentication method. Valid values include
1080
1333
  # `SERVICE_MANAGED` or `API_GATEWAY`.
1081
1334
  # @return [String]
1082
1335
  #
1083
1336
  # @!attribute [rw] endpoint_type
1084
- # The type of VPC endpoint that your file transfer protocol-enabled
1085
- # server is connected to. If your server is connected to a VPC
1086
- # endpoint, your server isn't accessible over the public internet.
1337
+ # Specifies the type of VPC endpoint that your file transfer
1338
+ # protocol-enabled server is connected to. If your server is connected
1339
+ # to a VPC endpoint, your server isn't accessible over the public
1340
+ # internet.
1087
1341
  # @return [String]
1088
1342
  #
1089
1343
  # @!attribute [rw] logging_role
1090
- # The AWS Identity and Access Management (IAM) entity that allows a
1091
- # file transfer protocol-enabled server to turn on Amazon CloudWatch
1092
- # logging.
1344
+ # Specifies the AWS Identity and Access Management (IAM) role that
1345
+ # allows a file transfer protocol-enabled server to turn on Amazon
1346
+ # CloudWatch logging.
1093
1347
  # @return [String]
1094
1348
  #
1095
1349
  # @!attribute [rw] server_id
1096
- # The unique system assigned identifier for a file transfer
1350
+ # Specifies the unique system assigned identifier for a file transfer
1097
1351
  # protocol-enabled servers that were listed.
1098
1352
  # @return [String]
1099
1353
  #
1100
1354
  # @!attribute [rw] state
1101
- # Describes the condition of a file transfer protocol-enabled server
1355
+ # Specifies the condition of a file transfer protocol-enabled server
1102
1356
  # for the server that was described. A value of `ONLINE` indicates
1103
1357
  # that the server can accept jobs and transfer files. A `State` value
1104
1358
  # of `OFFLINE` means that the server cannot perform file transfer
@@ -1111,9 +1365,8 @@ module Aws::Transfer
1111
1365
  # @return [String]
1112
1366
  #
1113
1367
  # @!attribute [rw] user_count
1114
- # A numeric value that indicates the number of users that are assigned
1115
- # to a file transfer protocol-enabled server you specified with the
1116
- # `ServerId`.
1368
+ # Specifies the number of users that are assigned to a file transfer
1369
+ # protocol-enabled server you specified with the `ServerId`.
1117
1370
  # @return [Integer]
1118
1371
  #
1119
1372
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedServer AWS API Documentation
@@ -1126,14 +1379,15 @@ module Aws::Transfer
1126
1379
  :server_id,
1127
1380
  :state,
1128
1381
  :user_count)
1382
+ SENSITIVE = []
1129
1383
  include Aws::Structure
1130
1384
  end
1131
1385
 
1132
1386
  # Returns properties of the user that you specify.
1133
1387
  #
1134
1388
  # @!attribute [rw] arn
1135
- # The unique Amazon Resource Name (ARN) for the user that you want to
1136
- # learn about.
1389
+ # Provides the unique Amazon Resource Name (ARN) for the user that you
1390
+ # want to learn about.
1137
1391
  # @return [String]
1138
1392
  #
1139
1393
  # @!attribute [rw] home_directory
@@ -1142,29 +1396,31 @@ module Aws::Transfer
1142
1396
  # @return [String]
1143
1397
  #
1144
1398
  # @!attribute [rw] home_directory_type
1145
- # The type of landing directory (folder) you mapped for your users'
1146
- # home directory. If you set it to `PATH`, the user will see the
1147
- # absolute Amazon S3 bucket paths as is in their file transfer
1399
+ # Specifies the type of landing directory (folder) you mapped for your
1400
+ # users' home directory. If you set it to `PATH`, the user will see
1401
+ # the absolute Amazon S3 bucket paths as is in their file transfer
1148
1402
  # protocol clients. If you set it `LOGICAL`, you will need to provide
1149
1403
  # mappings in the `HomeDirectoryMappings` for how you want to make
1150
1404
  # Amazon S3 paths visible to your users.
1151
1405
  # @return [String]
1152
1406
  #
1153
1407
  # @!attribute [rw] role
1154
- # The role in use by this user. A *role* is an AWS Identity and Access
1155
- # Management (IAM) entity that, in this case, allows a file transfer
1156
- # protocol-enabled server to act on a user's behalf. It allows the
1157
- # server to inherit the trust relationship that enables that user to
1158
- # perform file operations to their Amazon S3 bucket.
1408
+ # Specifies the role that is in use by this user. A *role* is an AWS
1409
+ # Identity and Access Management (IAM) entity that, in this case,
1410
+ # allows a file transfer protocol-enabled server to act on a user's
1411
+ # behalf. It allows the server to inherit the trust relationship that
1412
+ # enables that user to perform file operations to their Amazon S3
1413
+ # bucket.
1159
1414
  # @return [String]
1160
1415
  #
1161
1416
  # @!attribute [rw] ssh_public_key_count
1162
- # The number of SSH public keys stored for the user you specified.
1417
+ # Specifies the number of SSH public keys stored for the user you
1418
+ # specified.
1163
1419
  # @return [Integer]
1164
1420
  #
1165
1421
  # @!attribute [rw] user_name
1166
- # The name of the user whose ARN was specified. User names are used
1167
- # for authentication purposes.
1422
+ # Specifies the name of the user whose ARN was specified. User names
1423
+ # are used for authentication purposes.
1168
1424
  # @return [String]
1169
1425
  #
1170
1426
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedUser AWS API Documentation
@@ -1176,6 +1432,7 @@ module Aws::Transfer
1176
1432
  :role,
1177
1433
  :ssh_public_key_count,
1178
1434
  :user_name)
1435
+ SENSITIVE = []
1179
1436
  include Aws::Structure
1180
1437
  end
1181
1438
 
@@ -1196,6 +1453,7 @@ module Aws::Transfer
1196
1453
  :message,
1197
1454
  :resource,
1198
1455
  :resource_type)
1456
+ SENSITIVE = []
1199
1457
  include Aws::Structure
1200
1458
  end
1201
1459
 
@@ -1217,6 +1475,7 @@ module Aws::Transfer
1217
1475
  :message,
1218
1476
  :resource,
1219
1477
  :resource_type)
1478
+ SENSITIVE = []
1220
1479
  include Aws::Structure
1221
1480
  end
1222
1481
 
@@ -1230,6 +1489,7 @@ module Aws::Transfer
1230
1489
  #
1231
1490
  class ServiceUnavailableException < Struct.new(
1232
1491
  :message)
1492
+ SENSITIVE = []
1233
1493
  include Aws::Structure
1234
1494
  end
1235
1495
 
@@ -1241,16 +1501,18 @@ module Aws::Transfer
1241
1501
  # public key associated with their user name on a specific server.
1242
1502
  #
1243
1503
  # @!attribute [rw] date_imported
1244
- # The date that the public key was added to the user account.
1504
+ # Specifies the date that the public key was added to the user
1505
+ # account.
1245
1506
  # @return [Time]
1246
1507
  #
1247
1508
  # @!attribute [rw] ssh_public_key_body
1248
- # The content of the SSH public key as specified by the `PublicKeyId`.
1509
+ # Specifies the content of the SSH public key as specified by the
1510
+ # `PublicKeyId`.
1249
1511
  # @return [String]
1250
1512
  #
1251
1513
  # @!attribute [rw] ssh_public_key_id
1252
- # The `SshPublicKeyId` parameter contains the identifier of the public
1253
- # key.
1514
+ # Specifies the `SshPublicKeyId` parameter contains the identifier of
1515
+ # the public key.
1254
1516
  # @return [String]
1255
1517
  #
1256
1518
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/SshPublicKey AWS API Documentation
@@ -1259,6 +1521,7 @@ module Aws::Transfer
1259
1521
  :date_imported,
1260
1522
  :ssh_public_key_body,
1261
1523
  :ssh_public_key_id)
1524
+ SENSITIVE = []
1262
1525
  include Aws::Structure
1263
1526
  end
1264
1527
 
@@ -1278,6 +1541,7 @@ module Aws::Transfer
1278
1541
  #
1279
1542
  class StartServerRequest < Struct.new(
1280
1543
  :server_id)
1544
+ SENSITIVE = []
1281
1545
  include Aws::Structure
1282
1546
  end
1283
1547
 
@@ -1297,6 +1561,7 @@ module Aws::Transfer
1297
1561
  #
1298
1562
  class StopServerRequest < Struct.new(
1299
1563
  :server_id)
1564
+ SENSITIVE = []
1300
1565
  include Aws::Structure
1301
1566
  end
1302
1567
 
@@ -1329,6 +1594,7 @@ module Aws::Transfer
1329
1594
  class Tag < Struct.new(
1330
1595
  :key,
1331
1596
  :value)
1597
+ SENSITIVE = []
1332
1598
  include Aws::Structure
1333
1599
  end
1334
1600
 
@@ -1361,6 +1627,7 @@ module Aws::Transfer
1361
1627
  class TagResourceRequest < Struct.new(
1362
1628
  :arn,
1363
1629
  :tags)
1630
+ SENSITIVE = []
1364
1631
  include Aws::Structure
1365
1632
  end
1366
1633
 
@@ -1369,9 +1636,10 @@ module Aws::Transfer
1369
1636
  #
1370
1637
  # {
1371
1638
  # server_id: "ServerId", # required
1639
+ # server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
1640
+ # source_ip: "SourceIp",
1372
1641
  # user_name: "UserName", # required
1373
1642
  # user_password: "UserPassword",
1374
- # server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
1375
1643
  # }
1376
1644
  #
1377
1645
  # @!attribute [rw] server_id
@@ -1380,14 +1648,6 @@ module Aws::Transfer
1380
1648
  # is tested with a user name and password.
1381
1649
  # @return [String]
1382
1650
  #
1383
- # @!attribute [rw] user_name
1384
- # The name of the user account to be tested.
1385
- # @return [String]
1386
- #
1387
- # @!attribute [rw] user_password
1388
- # The password of the user account to be tested.
1389
- # @return [String]
1390
- #
1391
1651
  # @!attribute [rw] server_protocol
1392
1652
  # The type of file transfer protocol to be tested.
1393
1653
  #
@@ -1400,13 +1660,27 @@ module Aws::Transfer
1400
1660
  # * File Transfer Protocol (FTP)
1401
1661
  # @return [String]
1402
1662
  #
1663
+ # @!attribute [rw] source_ip
1664
+ # The source IP address of the user account to be tested.
1665
+ # @return [String]
1666
+ #
1667
+ # @!attribute [rw] user_name
1668
+ # The name of the user account to be tested.
1669
+ # @return [String]
1670
+ #
1671
+ # @!attribute [rw] user_password
1672
+ # The password of the user account to be tested.
1673
+ # @return [String]
1674
+ #
1403
1675
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/TestIdentityProviderRequest AWS API Documentation
1404
1676
  #
1405
1677
  class TestIdentityProviderRequest < Struct.new(
1406
1678
  :server_id,
1679
+ :server_protocol,
1680
+ :source_ip,
1407
1681
  :user_name,
1408
- :user_password,
1409
- :server_protocol)
1682
+ :user_password)
1683
+ SENSITIVE = [:user_password]
1410
1684
  include Aws::Structure
1411
1685
  end
1412
1686
 
@@ -1433,6 +1707,7 @@ module Aws::Transfer
1433
1707
  :status_code,
1434
1708
  :message,
1435
1709
  :url)
1710
+ SENSITIVE = []
1436
1711
  include Aws::Structure
1437
1712
  end
1438
1713
 
@@ -1447,6 +1722,7 @@ module Aws::Transfer
1447
1722
  #
1448
1723
  class ThrottlingException < Struct.new(
1449
1724
  :retry_after_seconds)
1725
+ SENSITIVE = []
1450
1726
  include Aws::Structure
1451
1727
  end
1452
1728
 
@@ -1475,6 +1751,7 @@ module Aws::Transfer
1475
1751
  class UntagResourceRequest < Struct.new(
1476
1752
  :arn,
1477
1753
  :tag_keys)
1754
+ SENSITIVE = []
1478
1755
  include Aws::Structure
1479
1756
  end
1480
1757
 
@@ -1497,12 +1774,48 @@ module Aws::Transfer
1497
1774
  # },
1498
1775
  # logging_role: "NullableRole",
1499
1776
  # protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
1777
+ # security_policy_name: "SecurityPolicyName",
1500
1778
  # server_id: "ServerId", # required
1501
1779
  # }
1502
1780
  #
1503
1781
  # @!attribute [rw] certificate
1504
1782
  # The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
1505
1783
  # certificate. Required when `Protocols` is set to `FTPS`.
1784
+ #
1785
+ # To request a new public certificate, see [Request a public
1786
+ # certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
1787
+ #
1788
+ # To import an existing certificate into ACM, see [Importing
1789
+ # certificates into ACM][2] in the <i> AWS Certificate Manager User
1790
+ # Guide</i>.
1791
+ #
1792
+ # To request a private certificate to use FTPS through private IP
1793
+ # addresses, see [Request a private certificate][3] in the <i> AWS
1794
+ # Certificate Manager User Guide</i>.
1795
+ #
1796
+ # Certificates with the following cryptographic algorithms and key
1797
+ # sizes are supported:
1798
+ #
1799
+ # * 2048-bit RSA (RSA\_2048)
1800
+ #
1801
+ # * 4096-bit RSA (RSA\_4096)
1802
+ #
1803
+ # * Elliptic Prime Curve 256 bit (EC\_prime256v1)
1804
+ #
1805
+ # * Elliptic Prime Curve 384 bit (EC\_secp384r1)
1806
+ #
1807
+ # * Elliptic Prime Curve 521 bit (EC\_secp521r1)
1808
+ #
1809
+ # <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
1810
+ # with FQDN or IP address specified and information about the issuer.
1811
+ #
1812
+ # </note>
1813
+ #
1814
+ #
1815
+ #
1816
+ # [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
1817
+ # [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
1818
+ # [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
1506
1819
  # @return [String]
1507
1820
  #
1508
1821
  # @!attribute [rw] endpoint_details
@@ -1517,12 +1830,21 @@ module Aws::Transfer
1517
1830
  # @!attribute [rw] endpoint_type
1518
1831
  # The type of endpoint that you want your file transfer
1519
1832
  # protocol-enabled server to connect to. You can choose to connect to
1520
- # the public internet or a VPC endpoint. With a VPC endpoint, your
1521
- # server isn't accessible over the public internet.
1833
+ # the public internet or a VPC endpoint. With a VPC endpoint, you can
1834
+ # restrict access to your server and resources only within your VPC.
1835
+ #
1836
+ # <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With
1837
+ # this endpoint type, you have the option to directly associate up to
1838
+ # three Elastic IPv4 addresses (BYO IP included) with your server's
1839
+ # endpoint and use VPC security groups to restrict traffic by the
1840
+ # client's public IP address. This is not possible with
1841
+ # `EndpointType` set to `VPC_ENDPOINT`.
1842
+ #
1843
+ # </note>
1522
1844
  # @return [String]
1523
1845
  #
1524
1846
  # @!attribute [rw] host_key
1525
- # The RSA private key as generated by `ssh-keygen -N "" -f
1847
+ # The RSA private key as generated by `ssh-keygen -N "" -m PEM -f
1526
1848
  # my-new-server-key`.
1527
1849
  #
1528
1850
  # If you aren't planning to migrate existing users from an existing
@@ -1530,12 +1852,12 @@ module Aws::Transfer
1530
1852
  # the host key. Accidentally changing a server's host key can be
1531
1853
  # disruptive.
1532
1854
  #
1533
- # For more information, see [Changing the Host Key for Your AWS
1534
- # Transfer Family Server][1] in the *AWS Transfer Family User Guide*.
1855
+ # For more information, see [Change the host key for your SFTP-enabled
1856
+ # server][1] in the *AWS Transfer Family User Guide*.
1535
1857
  #
1536
1858
  #
1537
1859
  #
1538
- # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
1860
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
1539
1861
  # @return [String]
1540
1862
  #
1541
1863
  # @!attribute [rw] identity_provider_details
@@ -1561,8 +1883,30 @@ module Aws::Transfer
1561
1883
  # encryption
1562
1884
  #
1563
1885
  # * File Transfer Protocol (FTP): Unencrypted file transfer
1886
+ #
1887
+ # <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
1888
+ # Certificate Manager (ACM) which will be used to identify your server
1889
+ # when clients connect to it over FTPS.
1890
+ #
1891
+ # If `Protocol` includes either `FTP` or `FTPS`, then the
1892
+ # `EndpointType` must be `VPC` and the `IdentityProviderType` must be
1893
+ # `API_GATEWAY`.
1894
+ #
1895
+ # If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
1896
+ # associated.
1897
+ #
1898
+ # If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
1899
+ # to `PUBLIC` and the `IdentityProviderType` can be set to
1900
+ # `SERVICE_MANAGED`.
1901
+ #
1902
+ # </note>
1564
1903
  # @return [Array<String>]
1565
1904
  #
1905
+ # @!attribute [rw] security_policy_name
1906
+ # Specifies the name of the security policy that is attached to the
1907
+ # server.
1908
+ # @return [String]
1909
+ #
1566
1910
  # @!attribute [rw] server_id
1567
1911
  # A system-assigned unique identifier for a file transfer
1568
1912
  # protocol-enabled server instance that the user account is assigned
@@ -1579,7 +1923,9 @@ module Aws::Transfer
1579
1923
  :identity_provider_details,
1580
1924
  :logging_role,
1581
1925
  :protocols,
1926
+ :security_policy_name,
1582
1927
  :server_id)
1928
+ SENSITIVE = [:host_key]
1583
1929
  include Aws::Structure
1584
1930
  end
1585
1931
 
@@ -1592,6 +1938,7 @@ module Aws::Transfer
1592
1938
  #
1593
1939
  class UpdateServerResponse < Struct.new(
1594
1940
  :server_id)
1941
+ SENSITIVE = []
1595
1942
  include Aws::Structure
1596
1943
  end
1597
1944
 
@@ -1637,8 +1984,8 @@ module Aws::Transfer
1637
1984
  # visible. You will need to specify the "`Entry`" and "`Target`"
1638
1985
  # pair, where `Entry` shows how the path is made visible and `Target`
1639
1986
  # is the actual Amazon S3 path. If you only specify a target, it will
1640
- # be displayed as is. You will need to also make sure that your AWS
1641
- # IAM Role provides access to paths in `Target`. The following is an
1987
+ # be displayed as is. You will need to also make sure that your IAM
1988
+ # role provides access to paths in `Target`. The following is an
1642
1989
  # example.
1643
1990
  #
1644
1991
  # `'[ "/bucket2/documentation", \{ "Entry":
@@ -1652,7 +1999,7 @@ module Aws::Transfer
1652
1999
  #
1653
2000
  # <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
1654
2001
  # S3, the entry will be ignored. As a workaround, you can use the
1655
- # Amazon S3 api to create 0 byte objects as place holders for your
2002
+ # Amazon S3 API to create 0 byte objects as place holders for your
1656
2003
  # directory. If using the CLI, use the `s3api` call instead of `s3` so
1657
2004
  # you can use the put-object operation. For example, you use the
1658
2005
  # following: `aws s3api put-object --bucket bucketname --key
@@ -1664,19 +2011,18 @@ module Aws::Transfer
1664
2011
  #
1665
2012
  # @!attribute [rw] policy
1666
2013
  # Allows you to supply a scope-down policy for your user so you can
1667
- # use the same AWS Identity and Access Management (IAM) role across
1668
- # multiple users. The policy scopes down user access to portions of
1669
- # your Amazon S3 bucket. Variables you can use inside this policy
1670
- # include `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
1671
- # `$\{Transfer:HomeBucket\}`.
2014
+ # use the same IAM role across multiple users. The policy scopes down
2015
+ # user access to portions of your Amazon S3 bucket. Variables you can
2016
+ # use inside this policy include `$\{Transfer:UserName\}`,
2017
+ # `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
1672
2018
  #
1673
2019
  # <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
1674
2020
  # JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
1675
2021
  # You save the policy as a JSON blob and pass it in the `Policy`
1676
2022
  # argument.
1677
2023
  #
1678
- # For an example of a scope-down policy, see [Creating a Scope-Down
1679
- # Policy][1].
2024
+ # For an example of a scope-down policy, see [Creating a scope-down
2025
+ # policy][1].
1680
2026
  #
1681
2027
  # For more information, see [AssumeRole][2] in the *AWS Security Token
1682
2028
  # Service API Reference*.
@@ -1708,10 +2054,10 @@ module Aws::Transfer
1708
2054
  # @!attribute [rw] user_name
1709
2055
  # A unique string that identifies a user and is associated with a file
1710
2056
  # transfer protocol-enabled server as specified by the `ServerId`.
1711
- # This is the string that will be used by your user when they log in
1712
- # to your server. This user name is a minimum of 3 and a maximum of 32
2057
+ # This user name must be a minimum of 3 and a maximum of 100
1713
2058
  # characters long. The following are valid characters: a-z, A-Z, 0-9,
1714
- # underscore, and hyphen. The user name can't start with a hyphen.
2059
+ # underscore '\_', hyphen '-', period '.', and at sign '@'.
2060
+ # The user name can't start with a hyphen, period, and at sign.
1715
2061
  # @return [String]
1716
2062
  #
1717
2063
  # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateUserRequest AWS API Documentation
@@ -1724,6 +2070,7 @@ module Aws::Transfer
1724
2070
  :role,
1725
2071
  :server_id,
1726
2072
  :user_name)
2073
+ SENSITIVE = []
1727
2074
  include Aws::Structure
1728
2075
  end
1729
2076
 
@@ -1747,6 +2094,7 @@ module Aws::Transfer
1747
2094
  class UpdateUserResponse < Struct.new(
1748
2095
  :server_id,
1749
2096
  :user_name)
2097
+ SENSITIVE = []
1750
2098
  include Aws::Structure
1751
2099
  end
1752
2100