aws-sdk-transfer 1.20.0 → 1.25.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 90dc7322cdebf9a63dc91e89550505d8602b4ecc4d9a25ae5985158aa165991f
-  data.tar.gz: b73403e5937ceb79803af79f963586e73b3be59c2696ae9d5b1a23afaf85ff76
+  metadata.gz: 0e2d9cedbc75747c909c28ef42749237b1e31bcb86253581ddd95df91678fed9
+  data.tar.gz: 30075c349181110f27d3213eca79ef2dfa8889313bfc33eb8a6be4ce108c59d2
 SHA512:
-  metadata.gz: 3ac272cd20b7cf50e64aaf28e5cc7e8755c23572f4b53891358d279ee8bba3189078f7ded09f1618e227a537eb05a9c5d55dc5ddbce181e6f1334ee679695249
-  data.tar.gz: a7818347b0fe6a3763c4859604fec3755d245c99c7946e7a30f457e5201c4d6f4a20f8f0664a9046171cd95b8719b50f6d21a62fc7c53f4b50b67d22294bad95
+  metadata.gz: 5fbe9972ebe3e381f09d4d5a910924810c4873b905dfad426adb8e753aaea8b6cff7df6b2c89d9b47be943beeb2828331bef6129f8a2c4f076580a35d250e237
+  data.tar.gz: 81fe53356243105f85ebeafac95d46c1ac455eedd08da54a145548ddc55a936fba7bdd2043f3ade4e9fa7ee8cfc06811bd15a027d301f0b2b539e5c72eaa70b6

data/lib/aws-sdk-transfer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -42,9 +44,9 @@ require_relative 'aws-sdk-transfer/customizations'
 #
 # See {Errors} for more information.
 #
-# @service
+# @!group service
 module Aws::Transfer
 
-  GEM_VERSION = '1.20.0'
+  GEM_VERSION = '1.25.0'
 
 end

data/lib/aws-sdk-transfer/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -24,6 +26,7 @@ require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
 require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
+require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
@@ -69,6 +72,7 @@ module Aws::Transfer
     add_plugin(Aws::Plugins::ClientMetricsPlugin)
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
+    add_plugin(Aws::Plugins::HttpChecksum)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
 
@@ -81,13 +85,28 @@ module Aws::Transfer
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
     #
+    #     * `Aws::SharedCredentials` - Used for loading static credentials from a
+    #       shared file, such as `~/.aws/config`.
+    #
+    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #     * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+    #       assume a role after providing credentials via the web.
+    #
+    #     * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     * `Aws::ProcessCredentials` - Used for loading credentials from a
+    #       process that outputs to stdout.
+    #
     #     * `Aws::InstanceProfileCredentials` - Used for loading credentials
     #       from an EC2 IMDS on an EC2 instance.
     #
-    #     * `Aws::SharedCredentials` - Used for loading credentials from a
-    #       shared file, such as `~/.aws/config`.
+    #     * `Aws::ECSCredentials` - Used for loading credentials from
+    #       instances running in ECS.
     #
-    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+    #       from the Cognito Identity service.
     #
     #     When `:credentials` are not configured directly, the following
     #     locations will be searched for credentials:
@@ -97,10 +116,10 @@ module Aws::Transfer
     #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
-    #     * EC2 IMDS instance profile - When used by default, the timeouts are
-    #       very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` to enable retries and extended
-    #       timeouts.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
+    #       are very aggressive. Construct and pass an instance of
+    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -161,7 +180,7 @@ module Aws::Transfer
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
-    #     to test endpoints. This should be a valid HTTP(S) URI.
+    #     to test or custom endpoints. This should be a valid HTTP(S) URI.
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -328,6 +347,41 @@ module Aws::Transfer
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
     #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key sizes
+    #   are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
+    #
     # @option params [Types::EndpointDetails] :endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are configured
     #   for your file transfer protocol-enabled server. When you host your
@@ -339,24 +393,32 @@ module Aws::Transfer
     # @option params [String] :endpoint_type
     #   The type of VPC endpoint that you want your file transfer
     #   protocol-enabled server to connect to. You can choose to connect to
-    #   the public internet or a virtual private cloud (VPC) endpoint. With a
-    #   VPC endpoint, you can restrict access to your server and resources
-    #   only within your VPC.
+    #   the public internet or a VPC endpoint. With a VPC endpoint, you can
+    #   restrict access to your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With this
+    #   endpoint type, you have the option to directly associate up to three
+    #   Elastic IPv4 addresses (BYO IP included) with your server's endpoint
+    #   and use VPC security groups to restrict traffic by the client's
+    #   public IP address. This is not possible with `EndpointType` set to
+    #   `VPC_ENDPOINT`.
+    #
+    #    </note>
     #
     # @option params [String] :host_key
-    #   The RSA private key as generated by the `ssh-keygen -N "" -f
+    #   The RSA private key as generated by the `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key` command.
     #
     #   If you aren't planning to migrate existing users from an existing
     #   SFTP-enabled server to a new server, don't update the host key.
     #   Accidentally changing a server's host key can be disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS Transfer
-    #   Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #
     # @option params [Types::IdentityProviderDetails] :identity_provider_details
     #   Required when `IdentityProviderType` is set to `API_GATEWAY`. Accepts
@@ -382,13 +444,33 @@ module Aws::Transfer
     #   transfer protocol client can connect to your server's endpoint. The
     #   available protocols are:
     #
-    #   * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over
-    #     SSH
+    #   * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
+    #     over SSH
     #
-    #   * File Transfer Protocol Secure (FTPS): File transfer with TLS
+    #   * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
     #     encryption
     #
-    #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
+    #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your file
+    #   transfer protocol-enabled server when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the `EndpointType`
+    #   must be `VPC` and the `IdentityProviderType` must be `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set to
+    #   `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
+    #
+    # @option params [String] :security_policy_name
+    #   Specifies the name of the security policy that is attached to the
+    #   server.
     #
     # @option params [Array<Types::Tag>] :tags
     #   Key-value pairs that can be used to group and search for file transfer
@@ -417,6 +499,7 @@ module Aws::Transfer
     #     identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY
     #     logging_role: "Role",
     #     protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
+    #     security_policy_name: "SecurityPolicyName",
     #     tags: [
     #       {
     #         key: "TagKey", # required
@@ -451,7 +534,8 @@ module Aws::Transfer
     #   The landing directory (folder) for a user when they log in to the file
     #   transfer protocol-enabled server using the client.
     #
-    #   An example is `your-Amazon-S3-bucket-name>/home/username`.
+    #   An example is <i>
+    #   <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
     #
     # @option params [String] :home_directory_type
     #   The type of landing directory (folder) you want your users' home
@@ -468,8 +552,8 @@ module Aws::Transfer
     #   You will need to specify the "`Entry`" and "`Target`" pair, where
     #   `Entry` shows how the path is made visible and `Target` is the actual
     #   Amazon S3 path. If you only specify a target, it will be displayed as
-    #   is. You will need to also make sure that your AWS IAM Role provides
-    #   access to paths in `Target`. The following is an example.
+    #   is. You will need to also make sure that your IAM role provides access
+    #   to paths in `Target`. The following is an example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry": "your-personal-report.pdf",
     #   "Target": "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \}
@@ -482,7 +566,7 @@ module Aws::Transfer
     #
     #   <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
     #   S3, the entry will be ignored. As a workaround, you can use the Amazon
-    #   S3 api to create 0 byte objects as place holders for your directory.
+    #   S3 API to create 0 byte objects as place holders for your directory.
     #   If using the CLI, use the `s3api` call instead of `s3` so you can use
     #   the put-object operation. For example, you use the following: `aws
     #   s3api put-object --bucket bucketname --key path/to/folder/`. Make sure
@@ -503,8 +587,8 @@ module Aws::Transfer
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.
@@ -541,9 +625,10 @@ module Aws::Transfer
     # @option params [required, String] :user_name
     #   A unique string that identifies a user and is associated with a file
     #   transfer protocol-enabled server as specified by the `ServerId`. This
-    #   user name must be a minimum of 3 and a maximum of 32 characters long.
-    #   The following are valid characters: a-z, A-Z, 0-9, underscore, and
-    #   hyphen. The user name can't start with a hyphen.
+    #   user name must be a minimum of 3 and a maximum of 100 characters long.
+    #   The following are valid characters: a-z, A-Z, 0-9, underscore '\_',
+    #   hyphen '-', period '.', and at sign '@'. The user name can't
+    #   start with a hyphen, period, and at sign.
     #
     # @return [Types::CreateUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -682,6 +767,51 @@ module Aws::Transfer
       req.send_request(options)
     end
 
+    # Describes the security policy that is attached to your file transfer
+    # protocol-enabled server. The response contains a description of the
+    # security policy's properties. For more information about security
+    # policies, see [Working with security policies][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html
+    #
+    # @option params [required, String] :security_policy_name
+    #   Specifies the name of the security policy that is attached to the
+    #   server.
+    #
+    # @return [Types::DescribeSecurityPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeSecurityPolicyResponse#security_policy #security_policy} => Types::DescribedSecurityPolicy
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_security_policy({
+    #     security_policy_name: "SecurityPolicyName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.security_policy.fips #=> Boolean
+    #   resp.security_policy.security_policy_name #=> String
+    #   resp.security_policy.ssh_ciphers #=> Array
+    #   resp.security_policy.ssh_ciphers[0] #=> String
+    #   resp.security_policy.ssh_kexs #=> Array
+    #   resp.security_policy.ssh_kexs[0] #=> String
+    #   resp.security_policy.ssh_macs #=> Array
+    #   resp.security_policy.ssh_macs[0] #=> String
+    #   resp.security_policy.tls_ciphers #=> Array
+    #   resp.security_policy.tls_ciphers[0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeSecurityPolicy AWS API Documentation
+    #
+    # @overload describe_security_policy(params = {})
+    # @param [Hash] params ({})
+    def describe_security_policy(params = {}, options = {})
+      req = build_request(:describe_security_policy, params)
+      req.send_request(options)
+    end
+
     # Describes a file transfer protocol-enabled server that you specify by
     # passing the `ServerId` parameter.
     #
@@ -721,6 +851,7 @@ module Aws::Transfer
     #   resp.server.logging_role #=> String
     #   resp.server.protocols #=> Array
     #   resp.server.protocols[0] #=> String, one of "SFTP", "FTP", "FTPS"
+    #   resp.server.security_policy_name #=> String
     #   resp.server.server_id #=> String
     #   resp.server.state #=> String, one of "OFFLINE", "ONLINE", "STARTING", "STOPPING", "START_FAILED", "STOP_FAILED"
     #   resp.server.tags #=> Array
@@ -841,6 +972,48 @@ module Aws::Transfer
       req.send_request(options)
     end
 
+    # Lists the security policies that are attached to your file transfer
+    # protocol-enabled servers.
+    #
+    # @option params [Integer] :max_results
+    #   Specifies the number of security policies to return as a response to
+    #   the `ListSecurityPolicies` query.
+    #
+    # @option params [String] :next_token
+    #   When additional results are obtained from the `ListSecurityPolicies`
+    #   command, a `NextToken` parameter is returned in the output. You can
+    #   then pass the `NextToken` parameter in a subsequent command to
+    #   continue listing additional security policies.
+    #
+    # @return [Types::ListSecurityPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListSecurityPoliciesResponse#next_token #next_token} => String
+    #   * {Types::ListSecurityPoliciesResponse#security_policy_names #security_policy_names} => Array&lt;String&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_security_policies({
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.security_policy_names #=> Array
+    #   resp.security_policy_names[0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListSecurityPolicies AWS API Documentation
+    #
+    # @overload list_security_policies(params = {})
+    # @param [Hash] params ({})
+    def list_security_policies(params = {}, options = {})
+      req = build_request(:list_security_policies, params)
+      req.send_request(options)
+    end
+
     # Lists the file transfer protocol-enabled servers that are associated
     # with your AWS account.
     #
@@ -849,7 +1022,7 @@ module Aws::Transfer
     #   return as a response to the `ListServers` query.
     #
     # @option params [String] :next_token
-    #   When additional results are obtained from the`ListServers` command, a
+    #   When additional results are obtained from the `ListServers` command, a
     #   `NextToken` parameter is returned in the output. You can then pass the
     #   `NextToken` parameter in a subsequent command to continue listing
     #   additional file transfer protocol-enabled servers.
@@ -1110,12 +1283,6 @@ module Aws::Transfer
     #   protocol-enabled server. That server's user authentication method is
     #   tested with a user name and password.
     #
-    # @option params [required, String] :user_name
-    #   The name of the user account to be tested.
-    #
-    # @option params [String] :user_password
-    #   The password of the user account to be tested.
-    #
     # @option params [String] :server_protocol
     #   The type of file transfer protocol to be tested.
     #
@@ -1127,6 +1294,15 @@ module Aws::Transfer
     #
     #   * File Transfer Protocol (FTP)
     #
+    # @option params [String] :source_ip
+    #   The source IP address of the user account to be tested.
+    #
+    # @option params [required, String] :user_name
+    #   The name of the user account to be tested.
+    #
+    # @option params [String] :user_password
+    #   The password of the user account to be tested.
+    #
     # @return [Types::TestIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::TestIdentityProviderResponse#response #response} => String
@@ -1138,9 +1314,10 @@ module Aws::Transfer
     #
     #   resp = client.test_identity_provider({
     #     server_id: "ServerId", # required
+    #     server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
+    #     source_ip: "SourceIp",
     #     user_name: "UserName", # required
     #     user_password: "UserPassword",
-    #     server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
     #   })
     #
     # @example Response structure
@@ -1203,6 +1380,41 @@ module Aws::Transfer
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
     #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key sizes
+    #   are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
+    #
     # @option params [Types::EndpointDetails] :endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are configured
     #   for your file transfer protocol-enabled server. With a VPC endpoint,
@@ -1213,11 +1425,20 @@ module Aws::Transfer
     # @option params [String] :endpoint_type
     #   The type of endpoint that you want your file transfer protocol-enabled
     #   server to connect to. You can choose to connect to the public internet
-    #   or a VPC endpoint. With a VPC endpoint, your server isn't accessible
-    #   over the public internet.
+    #   or a VPC endpoint. With a VPC endpoint, you can restrict access to
+    #   your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With this
+    #   endpoint type, you have the option to directly associate up to three
+    #   Elastic IPv4 addresses (BYO IP included) with your server's endpoint
+    #   and use VPC security groups to restrict traffic by the client's
+    #   public IP address. This is not possible with `EndpointType` set to
+    #   `VPC_ENDPOINT`.
+    #
+    #    </note>
     #
     # @option params [String] :host_key
-    #   The RSA private key as generated by `ssh-keygen -N "" -f
+    #   The RSA private key as generated by `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key`.
     #
     #   If you aren't planning to migrate existing users from an existing
@@ -1225,12 +1446,12 @@ module Aws::Transfer
     #   the host key. Accidentally changing a server's host key can be
     #   disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS Transfer
-    #   Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #
     # @option params [Types::IdentityProviderDetails] :identity_provider_details
     #   An array containing all of the information required to call a
@@ -1254,6 +1475,26 @@ module Aws::Transfer
     #
     #   * File Transfer Protocol (FTP): Unencrypted file transfer
     #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your server
+    #   when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the `EndpointType`
+    #   must be `VPC` and the `IdentityProviderType` must be `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set to
+    #   `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
+    #
+    # @option params [String] :security_policy_name
+    #   Specifies the name of the security policy that is attached to the
+    #   server.
+    #
     # @option params [required, String] :server_id
     #   A system-assigned unique identifier for a file transfer
     #   protocol-enabled server instance that the user account is assigned to.
@@ -1280,6 +1521,7 @@ module Aws::Transfer
     #     },
     #     logging_role: "NullableRole",
     #     protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
+    #     security_policy_name: "SecurityPolicyName",
     #     server_id: "ServerId", # required
     #   })
     #
@@ -1325,8 +1567,8 @@ module Aws::Transfer
     #   You will need to specify the "`Entry`" and "`Target`" pair, where
     #   `Entry` shows how the path is made visible and `Target` is the actual
     #   Amazon S3 path. If you only specify a target, it will be displayed as
-    #   is. You will need to also make sure that your AWS IAM Role provides
-    #   access to paths in `Target`. The following is an example.
+    #   is. You will need to also make sure that your IAM role provides access
+    #   to paths in `Target`. The following is an example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry": "your-personal-report.pdf",
     #   "Target": "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \}
@@ -1339,7 +1581,7 @@ module Aws::Transfer
     #
     #   <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
     #   S3, the entry will be ignored. As a workaround, you can use the Amazon
-    #   S3 api to create 0 byte objects as place holders for your directory.
+    #   S3 API to create 0 byte objects as place holders for your directory.
     #   If using the CLI, use the `s3api` call instead of `s3` so you can use
     #   the put-object operation. For example, you use the following: `aws
     #   s3api put-object --bucket bucketname --key path/to/folder/`. Make sure
@@ -1350,19 +1592,18 @@ module Aws::Transfer
     #
     # @option params [String] :policy
     #   Allows you to supply a scope-down policy for your user so you can use
-    #   the same AWS Identity and Access Management (IAM) role across multiple
-    #   users. The policy scopes down user access to portions of your Amazon
-    #   S3 bucket. Variables you can use inside this policy include
-    #   `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
-    #   `$\{Transfer:HomeBucket\}`.
+    #   the same IAM role across multiple users. The policy scopes down user
+    #   access to portions of your Amazon S3 bucket. Variables you can use
+    #   inside this policy include `$\{Transfer:UserName\}`,
+    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
     #
     #   <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
     #   JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.
@@ -1390,10 +1631,10 @@ module Aws::Transfer
     # @option params [required, String] :user_name
     #   A unique string that identifies a user and is associated with a file
     #   transfer protocol-enabled server as specified by the `ServerId`. This
-    #   is the string that will be used by your user when they log in to your
-    #   server. This user name is a minimum of 3 and a maximum of 32
-    #   characters long. The following are valid characters: a-z, A-Z, 0-9,
-    #   underscore, and hyphen. The user name can't start with a hyphen.
+    #   user name must be a minimum of 3 and a maximum of 100 characters long.
+    #   The following are valid characters: a-z, A-Z, 0-9, underscore '\_',
+    #   hyphen '-', period '.', and at sign '@'. The user name can't
+    #   start with a hyphen, period, and at sign.
     #
     # @return [Types::UpdateUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1444,7 +1685,7 @@ module Aws::Transfer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-transfer'
-      context[:gem_version] = '1.20.0'
+      context[:gem_version] = '1.25.0'
       Seahorse::Client::Request.new(handlers, context)
     end