aws-sdk-transfer 1.28.0 → 1.33.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +178 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-transfer.rb +3 -3
- data/lib/aws-sdk-transfer/client.rb +686 -96
- data/lib/aws-sdk-transfer/client_api.rb +169 -1
- data/lib/aws-sdk-transfer/errors.rb +1 -1
- data/lib/aws-sdk-transfer/resource.rb +1 -1
- data/lib/aws-sdk-transfer/types.rb +997 -116
- metadata +11 -9
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -19,25 +19,34 @@ module Aws::Transfer
|
|
19
19
|
Arn = Shapes::StringShape.new(name: 'Arn')
|
20
20
|
Certificate = Shapes::StringShape.new(name: 'Certificate')
|
21
21
|
ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
|
22
|
+
CreateAccessRequest = Shapes::StructureShape.new(name: 'CreateAccessRequest')
|
23
|
+
CreateAccessResponse = Shapes::StructureShape.new(name: 'CreateAccessResponse')
|
22
24
|
CreateServerRequest = Shapes::StructureShape.new(name: 'CreateServerRequest')
|
23
25
|
CreateServerResponse = Shapes::StructureShape.new(name: 'CreateServerResponse')
|
24
26
|
CreateUserRequest = Shapes::StructureShape.new(name: 'CreateUserRequest')
|
25
27
|
CreateUserResponse = Shapes::StructureShape.new(name: 'CreateUserResponse')
|
26
28
|
DateImported = Shapes::TimestampShape.new(name: 'DateImported')
|
29
|
+
DeleteAccessRequest = Shapes::StructureShape.new(name: 'DeleteAccessRequest')
|
27
30
|
DeleteServerRequest = Shapes::StructureShape.new(name: 'DeleteServerRequest')
|
28
31
|
DeleteSshPublicKeyRequest = Shapes::StructureShape.new(name: 'DeleteSshPublicKeyRequest')
|
29
32
|
DeleteUserRequest = Shapes::StructureShape.new(name: 'DeleteUserRequest')
|
33
|
+
DescribeAccessRequest = Shapes::StructureShape.new(name: 'DescribeAccessRequest')
|
34
|
+
DescribeAccessResponse = Shapes::StructureShape.new(name: 'DescribeAccessResponse')
|
30
35
|
DescribeSecurityPolicyRequest = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyRequest')
|
31
36
|
DescribeSecurityPolicyResponse = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyResponse')
|
32
37
|
DescribeServerRequest = Shapes::StructureShape.new(name: 'DescribeServerRequest')
|
33
38
|
DescribeServerResponse = Shapes::StructureShape.new(name: 'DescribeServerResponse')
|
34
39
|
DescribeUserRequest = Shapes::StructureShape.new(name: 'DescribeUserRequest')
|
35
40
|
DescribeUserResponse = Shapes::StructureShape.new(name: 'DescribeUserResponse')
|
41
|
+
DescribedAccess = Shapes::StructureShape.new(name: 'DescribedAccess')
|
36
42
|
DescribedSecurityPolicy = Shapes::StructureShape.new(name: 'DescribedSecurityPolicy')
|
37
43
|
DescribedServer = Shapes::StructureShape.new(name: 'DescribedServer')
|
38
44
|
DescribedUser = Shapes::StructureShape.new(name: 'DescribedUser')
|
45
|
+
DirectoryId = Shapes::StringShape.new(name: 'DirectoryId')
|
46
|
+
Domain = Shapes::StringShape.new(name: 'Domain')
|
39
47
|
EndpointDetails = Shapes::StructureShape.new(name: 'EndpointDetails')
|
40
48
|
EndpointType = Shapes::StringShape.new(name: 'EndpointType')
|
49
|
+
ExternalId = Shapes::StringShape.new(name: 'ExternalId')
|
41
50
|
Fips = Shapes::BooleanShape.new(name: 'Fips')
|
42
51
|
HomeDirectory = Shapes::StringShape.new(name: 'HomeDirectory')
|
43
52
|
HomeDirectoryMapEntry = Shapes::StructureShape.new(name: 'HomeDirectoryMapEntry')
|
@@ -52,6 +61,8 @@ module Aws::Transfer
|
|
52
61
|
InternalServiceError = Shapes::StructureShape.new(name: 'InternalServiceError')
|
53
62
|
InvalidNextTokenException = Shapes::StructureShape.new(name: 'InvalidNextTokenException')
|
54
63
|
InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
|
64
|
+
ListAccessesRequest = Shapes::StructureShape.new(name: 'ListAccessesRequest')
|
65
|
+
ListAccessesResponse = Shapes::StructureShape.new(name: 'ListAccessesResponse')
|
55
66
|
ListSecurityPoliciesRequest = Shapes::StructureShape.new(name: 'ListSecurityPoliciesRequest')
|
56
67
|
ListSecurityPoliciesResponse = Shapes::StructureShape.new(name: 'ListSecurityPoliciesResponse')
|
57
68
|
ListServersRequest = Shapes::StructureShape.new(name: 'ListServersRequest')
|
@@ -60,6 +71,8 @@ module Aws::Transfer
|
|
60
71
|
ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
|
61
72
|
ListUsersRequest = Shapes::StructureShape.new(name: 'ListUsersRequest')
|
62
73
|
ListUsersResponse = Shapes::StructureShape.new(name: 'ListUsersResponse')
|
74
|
+
ListedAccess = Shapes::StructureShape.new(name: 'ListedAccess')
|
75
|
+
ListedAccesses = Shapes::ListShape.new(name: 'ListedAccesses')
|
63
76
|
ListedServer = Shapes::StructureShape.new(name: 'ListedServer')
|
64
77
|
ListedServers = Shapes::ListShape.new(name: 'ListedServers')
|
65
78
|
ListedUser = Shapes::StructureShape.new(name: 'ListedUser')
|
@@ -71,6 +84,8 @@ module Aws::Transfer
|
|
71
84
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
72
85
|
NullableRole = Shapes::StringShape.new(name: 'NullableRole')
|
73
86
|
Policy = Shapes::StringShape.new(name: 'Policy')
|
87
|
+
PosixId = Shapes::IntegerShape.new(name: 'PosixId')
|
88
|
+
PosixProfile = Shapes::StructureShape.new(name: 'PosixProfile')
|
74
89
|
Protocol = Shapes::StringShape.new(name: 'Protocol')
|
75
90
|
Protocols = Shapes::ListShape.new(name: 'Protocols')
|
76
91
|
Resource = Shapes::StringShape.new(name: 'Resource')
|
@@ -80,6 +95,7 @@ module Aws::Transfer
|
|
80
95
|
Response = Shapes::StringShape.new(name: 'Response')
|
81
96
|
RetryAfterSeconds = Shapes::StringShape.new(name: 'RetryAfterSeconds')
|
82
97
|
Role = Shapes::StringShape.new(name: 'Role')
|
98
|
+
SecondaryGids = Shapes::ListShape.new(name: 'SecondaryGids')
|
83
99
|
SecurityGroupId = Shapes::StringShape.new(name: 'SecurityGroupId')
|
84
100
|
SecurityGroupIds = Shapes::ListShape.new(name: 'SecurityGroupIds')
|
85
101
|
SecurityPolicyName = Shapes::StringShape.new(name: 'SecurityPolicyName')
|
@@ -111,6 +127,8 @@ module Aws::Transfer
|
|
111
127
|
TestIdentityProviderResponse = Shapes::StructureShape.new(name: 'TestIdentityProviderResponse')
|
112
128
|
ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
|
113
129
|
UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
|
130
|
+
UpdateAccessRequest = Shapes::StructureShape.new(name: 'UpdateAccessRequest')
|
131
|
+
UpdateAccessResponse = Shapes::StructureShape.new(name: 'UpdateAccessResponse')
|
114
132
|
UpdateServerRequest = Shapes::StructureShape.new(name: 'UpdateServerRequest')
|
115
133
|
UpdateServerResponse = Shapes::StructureShape.new(name: 'UpdateServerResponse')
|
116
134
|
UpdateUserRequest = Shapes::StructureShape.new(name: 'UpdateUserRequest')
|
@@ -130,7 +148,22 @@ module Aws::Transfer
|
|
130
148
|
ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
131
149
|
ConflictException.struct_class = Types::ConflictException
|
132
150
|
|
151
|
+
CreateAccessRequest.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
152
|
+
CreateAccessRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
153
|
+
CreateAccessRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
154
|
+
CreateAccessRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
155
|
+
CreateAccessRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
156
|
+
CreateAccessRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "Role"))
|
157
|
+
CreateAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
158
|
+
CreateAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
159
|
+
CreateAccessRequest.struct_class = Types::CreateAccessRequest
|
160
|
+
|
161
|
+
CreateAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
162
|
+
CreateAccessResponse.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
163
|
+
CreateAccessResponse.struct_class = Types::CreateAccessResponse
|
164
|
+
|
133
165
|
CreateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
166
|
+
CreateServerRequest.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
134
167
|
CreateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
135
168
|
CreateServerRequest.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
136
169
|
CreateServerRequest.add_member(:host_key, Shapes::ShapeRef.new(shape: HostKey, location_name: "HostKey"))
|
@@ -149,6 +182,7 @@ module Aws::Transfer
|
|
149
182
|
CreateUserRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
150
183
|
CreateUserRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
151
184
|
CreateUserRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
185
|
+
CreateUserRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
152
186
|
CreateUserRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "Role"))
|
153
187
|
CreateUserRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
154
188
|
CreateUserRequest.add_member(:ssh_public_key_body, Shapes::ShapeRef.new(shape: SshPublicKeyBody, location_name: "SshPublicKeyBody"))
|
@@ -160,6 +194,10 @@ module Aws::Transfer
|
|
160
194
|
CreateUserResponse.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
|
161
195
|
CreateUserResponse.struct_class = Types::CreateUserResponse
|
162
196
|
|
197
|
+
DeleteAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
198
|
+
DeleteAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
199
|
+
DeleteAccessRequest.struct_class = Types::DeleteAccessRequest
|
200
|
+
|
163
201
|
DeleteServerRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
164
202
|
DeleteServerRequest.struct_class = Types::DeleteServerRequest
|
165
203
|
|
@@ -172,6 +210,14 @@ module Aws::Transfer
|
|
172
210
|
DeleteUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
|
173
211
|
DeleteUserRequest.struct_class = Types::DeleteUserRequest
|
174
212
|
|
213
|
+
DescribeAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
214
|
+
DescribeAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
215
|
+
DescribeAccessRequest.struct_class = Types::DescribeAccessRequest
|
216
|
+
|
217
|
+
DescribeAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
218
|
+
DescribeAccessResponse.add_member(:access, Shapes::ShapeRef.new(shape: DescribedAccess, required: true, location_name: "Access"))
|
219
|
+
DescribeAccessResponse.struct_class = Types::DescribeAccessResponse
|
220
|
+
|
175
221
|
DescribeSecurityPolicyRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
|
176
222
|
DescribeSecurityPolicyRequest.struct_class = Types::DescribeSecurityPolicyRequest
|
177
223
|
|
@@ -192,6 +238,15 @@ module Aws::Transfer
|
|
192
238
|
DescribeUserResponse.add_member(:user, Shapes::ShapeRef.new(shape: DescribedUser, required: true, location_name: "User"))
|
193
239
|
DescribeUserResponse.struct_class = Types::DescribeUserResponse
|
194
240
|
|
241
|
+
DescribedAccess.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
242
|
+
DescribedAccess.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
243
|
+
DescribedAccess.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
244
|
+
DescribedAccess.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
245
|
+
DescribedAccess.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
246
|
+
DescribedAccess.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
247
|
+
DescribedAccess.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, location_name: "ExternalId"))
|
248
|
+
DescribedAccess.struct_class = Types::DescribedAccess
|
249
|
+
|
195
250
|
DescribedSecurityPolicy.add_member(:fips, Shapes::ShapeRef.new(shape: Fips, location_name: "Fips"))
|
196
251
|
DescribedSecurityPolicy.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
|
197
252
|
DescribedSecurityPolicy.add_member(:ssh_ciphers, Shapes::ShapeRef.new(shape: SecurityPolicyOptions, location_name: "SshCiphers"))
|
@@ -202,6 +257,7 @@ module Aws::Transfer
|
|
202
257
|
|
203
258
|
DescribedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
|
204
259
|
DescribedServer.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
260
|
+
DescribedServer.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
205
261
|
DescribedServer.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
206
262
|
DescribedServer.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
207
263
|
DescribedServer.add_member(:host_key_fingerprint, Shapes::ShapeRef.new(shape: HostKeyFingerprint, location_name: "HostKeyFingerprint"))
|
@@ -221,6 +277,7 @@ module Aws::Transfer
|
|
221
277
|
DescribedUser.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
222
278
|
DescribedUser.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
223
279
|
DescribedUser.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
280
|
+
DescribedUser.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
224
281
|
DescribedUser.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
225
282
|
DescribedUser.add_member(:ssh_public_keys, Shapes::ShapeRef.new(shape: SshPublicKeys, location_name: "SshPublicKeys"))
|
226
283
|
DescribedUser.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
@@ -242,6 +299,7 @@ module Aws::Transfer
|
|
242
299
|
|
243
300
|
IdentityProviderDetails.add_member(:url, Shapes::ShapeRef.new(shape: Url, location_name: "Url"))
|
244
301
|
IdentityProviderDetails.add_member(:invocation_role, Shapes::ShapeRef.new(shape: Role, location_name: "InvocationRole"))
|
302
|
+
IdentityProviderDetails.add_member(:directory_id, Shapes::ShapeRef.new(shape: DirectoryId, location_name: "DirectoryId"))
|
245
303
|
IdentityProviderDetails.struct_class = Types::IdentityProviderDetails
|
246
304
|
|
247
305
|
ImportSshPublicKeyRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
@@ -263,6 +321,16 @@ module Aws::Transfer
|
|
263
321
|
InvalidRequestException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
264
322
|
InvalidRequestException.struct_class = Types::InvalidRequestException
|
265
323
|
|
324
|
+
ListAccessesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
|
325
|
+
ListAccessesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
326
|
+
ListAccessesRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
327
|
+
ListAccessesRequest.struct_class = Types::ListAccessesRequest
|
328
|
+
|
329
|
+
ListAccessesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
330
|
+
ListAccessesResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
331
|
+
ListAccessesResponse.add_member(:accesses, Shapes::ShapeRef.new(shape: ListedAccesses, required: true, location_name: "Accesses"))
|
332
|
+
ListAccessesResponse.struct_class = Types::ListAccessesResponse
|
333
|
+
|
266
334
|
ListSecurityPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
|
267
335
|
ListSecurityPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
268
336
|
ListSecurityPoliciesRequest.struct_class = Types::ListSecurityPoliciesRequest
|
@@ -299,7 +367,16 @@ module Aws::Transfer
|
|
299
367
|
ListUsersResponse.add_member(:users, Shapes::ShapeRef.new(shape: ListedUsers, required: true, location_name: "Users"))
|
300
368
|
ListUsersResponse.struct_class = Types::ListUsersResponse
|
301
369
|
|
370
|
+
ListedAccess.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
371
|
+
ListedAccess.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
372
|
+
ListedAccess.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
373
|
+
ListedAccess.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, location_name: "ExternalId"))
|
374
|
+
ListedAccess.struct_class = Types::ListedAccess
|
375
|
+
|
376
|
+
ListedAccesses.member = Shapes::ShapeRef.new(shape: ListedAccess)
|
377
|
+
|
302
378
|
ListedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
|
379
|
+
ListedServer.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
303
380
|
ListedServer.add_member(:identity_provider_type, Shapes::ShapeRef.new(shape: IdentityProviderType, location_name: "IdentityProviderType"))
|
304
381
|
ListedServer.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
305
382
|
ListedServer.add_member(:logging_role, Shapes::ShapeRef.new(shape: Role, location_name: "LoggingRole"))
|
@@ -320,6 +397,11 @@ module Aws::Transfer
|
|
320
397
|
|
321
398
|
ListedUsers.member = Shapes::ShapeRef.new(shape: ListedUser)
|
322
399
|
|
400
|
+
PosixProfile.add_member(:uid, Shapes::ShapeRef.new(shape: PosixId, required: true, location_name: "Uid"))
|
401
|
+
PosixProfile.add_member(:gid, Shapes::ShapeRef.new(shape: PosixId, required: true, location_name: "Gid"))
|
402
|
+
PosixProfile.add_member(:secondary_gids, Shapes::ShapeRef.new(shape: SecondaryGids, location_name: "SecondaryGids"))
|
403
|
+
PosixProfile.struct_class = Types::PosixProfile
|
404
|
+
|
323
405
|
Protocols.member = Shapes::ShapeRef.new(shape: Protocol)
|
324
406
|
|
325
407
|
ResourceExistsException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
@@ -332,6 +414,8 @@ module Aws::Transfer
|
|
332
414
|
ResourceNotFoundException.add_member(:resource_type, Shapes::ShapeRef.new(shape: ResourceType, required: true, location_name: "ResourceType"))
|
333
415
|
ResourceNotFoundException.struct_class = Types::ResourceNotFoundException
|
334
416
|
|
417
|
+
SecondaryGids.member = Shapes::ShapeRef.new(shape: PosixId)
|
418
|
+
|
335
419
|
SecurityGroupIds.member = Shapes::ShapeRef.new(shape: SecurityGroupId)
|
336
420
|
|
337
421
|
SecurityPolicyNames.member = Shapes::ShapeRef.new(shape: SecurityPolicyName)
|
@@ -388,6 +472,20 @@ module Aws::Transfer
|
|
388
472
|
UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeys, required: true, location_name: "TagKeys"))
|
389
473
|
UntagResourceRequest.struct_class = Types::UntagResourceRequest
|
390
474
|
|
475
|
+
UpdateAccessRequest.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
476
|
+
UpdateAccessRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
477
|
+
UpdateAccessRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
478
|
+
UpdateAccessRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
479
|
+
UpdateAccessRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
480
|
+
UpdateAccessRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
481
|
+
UpdateAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
482
|
+
UpdateAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
483
|
+
UpdateAccessRequest.struct_class = Types::UpdateAccessRequest
|
484
|
+
|
485
|
+
UpdateAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
486
|
+
UpdateAccessResponse.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
487
|
+
UpdateAccessResponse.struct_class = Types::UpdateAccessResponse
|
488
|
+
|
391
489
|
UpdateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
392
490
|
UpdateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
393
491
|
UpdateServerRequest.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
@@ -406,6 +504,7 @@ module Aws::Transfer
|
|
406
504
|
UpdateUserRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
407
505
|
UpdateUserRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
408
506
|
UpdateUserRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
507
|
+
UpdateUserRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
409
508
|
UpdateUserRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
410
509
|
UpdateUserRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
411
510
|
UpdateUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
|
@@ -435,6 +534,19 @@ module Aws::Transfer
|
|
435
534
|
"uid" => "transfer-2018-11-05",
|
436
535
|
}
|
437
536
|
|
537
|
+
api.add_operation(:create_access, Seahorse::Model::Operation.new.tap do |o|
|
538
|
+
o.name = "CreateAccess"
|
539
|
+
o.http_method = "POST"
|
540
|
+
o.http_request_uri = "/"
|
541
|
+
o.input = Shapes::ShapeRef.new(shape: CreateAccessRequest)
|
542
|
+
o.output = Shapes::ShapeRef.new(shape: CreateAccessResponse)
|
543
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
544
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
545
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
546
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
|
547
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
548
|
+
end)
|
549
|
+
|
438
550
|
api.add_operation(:create_server, Seahorse::Model::Operation.new.tap do |o|
|
439
551
|
o.name = "CreateServer"
|
440
552
|
o.http_method = "POST"
|
@@ -462,6 +574,18 @@ module Aws::Transfer
|
|
462
574
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
463
575
|
end)
|
464
576
|
|
577
|
+
api.add_operation(:delete_access, Seahorse::Model::Operation.new.tap do |o|
|
578
|
+
o.name = "DeleteAccess"
|
579
|
+
o.http_method = "POST"
|
580
|
+
o.http_request_uri = "/"
|
581
|
+
o.input = Shapes::ShapeRef.new(shape: DeleteAccessRequest)
|
582
|
+
o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
|
583
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
584
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
585
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
586
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
587
|
+
end)
|
588
|
+
|
465
589
|
api.add_operation(:delete_server, Seahorse::Model::Operation.new.tap do |o|
|
466
590
|
o.name = "DeleteServer"
|
467
591
|
o.http_method = "POST"
|
@@ -500,6 +624,18 @@ module Aws::Transfer
|
|
500
624
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
501
625
|
end)
|
502
626
|
|
627
|
+
api.add_operation(:describe_access, Seahorse::Model::Operation.new.tap do |o|
|
628
|
+
o.name = "DescribeAccess"
|
629
|
+
o.http_method = "POST"
|
630
|
+
o.http_request_uri = "/"
|
631
|
+
o.input = Shapes::ShapeRef.new(shape: DescribeAccessRequest)
|
632
|
+
o.output = Shapes::ShapeRef.new(shape: DescribeAccessResponse)
|
633
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
634
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
635
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
636
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
637
|
+
end)
|
638
|
+
|
503
639
|
api.add_operation(:describe_security_policy, Seahorse::Model::Operation.new.tap do |o|
|
504
640
|
o.name = "DescribeSecurityPolicy"
|
505
641
|
o.http_method = "POST"
|
@@ -550,6 +686,25 @@ module Aws::Transfer
|
|
550
686
|
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
551
687
|
end)
|
552
688
|
|
689
|
+
api.add_operation(:list_accesses, Seahorse::Model::Operation.new.tap do |o|
|
690
|
+
o.name = "ListAccesses"
|
691
|
+
o.http_method = "POST"
|
692
|
+
o.http_request_uri = "/"
|
693
|
+
o.input = Shapes::ShapeRef.new(shape: ListAccessesRequest)
|
694
|
+
o.output = Shapes::ShapeRef.new(shape: ListAccessesResponse)
|
695
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
696
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
697
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
|
698
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
699
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
700
|
+
o[:pager] = Aws::Pager.new(
|
701
|
+
limit_key: "max_results",
|
702
|
+
tokens: {
|
703
|
+
"next_token" => "next_token"
|
704
|
+
}
|
705
|
+
)
|
706
|
+
end)
|
707
|
+
|
553
708
|
api.add_operation(:list_security_policies, Seahorse::Model::Operation.new.tap do |o|
|
554
709
|
o.name = "ListSecurityPolicies"
|
555
710
|
o.http_method = "POST"
|
@@ -685,6 +840,19 @@ module Aws::Transfer
|
|
685
840
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
686
841
|
end)
|
687
842
|
|
843
|
+
api.add_operation(:update_access, Seahorse::Model::Operation.new.tap do |o|
|
844
|
+
o.name = "UpdateAccess"
|
845
|
+
o.http_method = "POST"
|
846
|
+
o.http_request_uri = "/"
|
847
|
+
o.input = Shapes::ShapeRef.new(shape: UpdateAccessRequest)
|
848
|
+
o.output = Shapes::ShapeRef.new(shape: UpdateAccessResponse)
|
849
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
850
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
851
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
852
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
|
853
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
854
|
+
end)
|
855
|
+
|
688
856
|
api.add_operation(:update_server, Seahorse::Model::Operation.new.tap do |o|
|
689
857
|
o.name = "UpdateServer"
|
690
858
|
o.http_method = "POST"
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -38,11 +38,200 @@ module Aws::Transfer
|
|
38
38
|
include Aws::Structure
|
39
39
|
end
|
40
40
|
|
41
|
+
# @note When making an API call, you may pass CreateAccessRequest
|
42
|
+
# data as a hash:
|
43
|
+
#
|
44
|
+
# {
|
45
|
+
# home_directory: "HomeDirectory",
|
46
|
+
# home_directory_type: "PATH", # accepts PATH, LOGICAL
|
47
|
+
# home_directory_mappings: [
|
48
|
+
# {
|
49
|
+
# entry: "MapEntry", # required
|
50
|
+
# target: "MapTarget", # required
|
51
|
+
# },
|
52
|
+
# ],
|
53
|
+
# policy: "Policy",
|
54
|
+
# posix_profile: {
|
55
|
+
# uid: 1, # required
|
56
|
+
# gid: 1, # required
|
57
|
+
# secondary_gids: [1],
|
58
|
+
# },
|
59
|
+
# role: "Role", # required
|
60
|
+
# server_id: "ServerId", # required
|
61
|
+
# external_id: "ExternalId", # required
|
62
|
+
# }
|
63
|
+
#
|
64
|
+
# @!attribute [rw] home_directory
|
65
|
+
# The landing directory (folder) for a user when they log in to the
|
66
|
+
# server using the client.
|
67
|
+
#
|
68
|
+
# A `HomeDirectory` example is `/directory_name/home/mydirectory`.
|
69
|
+
# @return [String]
|
70
|
+
#
|
71
|
+
# @!attribute [rw] home_directory_type
|
72
|
+
# The type of landing directory (folder) that you want your users'
|
73
|
+
# home directory to be when they log in to the server. If you set it
|
74
|
+
# to `PATH`, the user will see the absolute Amazon S3 bucket paths as
|
75
|
+
# is in their file transfer protocol clients. If you set it `LOGICAL`,
|
76
|
+
# you must provide mappings in the `HomeDirectoryMappings` for how you
|
77
|
+
# want to make Amazon S3 paths visible to your users.
|
78
|
+
# @return [String]
|
79
|
+
#
|
80
|
+
# @!attribute [rw] home_directory_mappings
|
81
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
82
|
+
# paths and keys should be visible to your user and how you want to
|
83
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
84
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
85
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
86
|
+
# it will be displayed as is. You also must ensure that your AWS
|
87
|
+
# Identity and Access Management (IAM) role provides access to paths
|
88
|
+
# in `Target`. This value can only be set when `HomeDirectoryType` is
|
89
|
+
# set to *LOGICAL*.
|
90
|
+
#
|
91
|
+
# The following is an `Entry` and `Target` pair example.
|
92
|
+
#
|
93
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
94
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
95
|
+
#
|
96
|
+
# In most cases, you can use this value instead of the scope-down
|
97
|
+
# policy to lock down your user to the designated home directory
|
98
|
+
# ("`chroot`"). To do this, you can set `Entry` to `/` and set
|
99
|
+
# `Target` to the `HomeDirectory` parameter value.
|
100
|
+
#
|
101
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
102
|
+
#
|
103
|
+
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
104
|
+
#
|
105
|
+
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
106
|
+
# S3 or Amazon EFS, the entry will be ignored. As a workaround, you
|
107
|
+
# can use the Amazon S3 API or EFS API to create 0-byte objects as
|
108
|
+
# place holders for your directory. If using the AWS CLI, use the
|
109
|
+
# `s3api` or `efsapi` call instead of `s3` or `efs` so you can use the
|
110
|
+
# `put-object` operation. For example, you can use the following.
|
111
|
+
#
|
112
|
+
# `aws s3api put-object --bucket bucketname --key path/to/folder/`
|
113
|
+
#
|
114
|
+
# The end of the key name must end in a `/` for it to be considered a
|
115
|
+
# folder.
|
116
|
+
#
|
117
|
+
# </note>
|
118
|
+
#
|
119
|
+
# Required: No
|
120
|
+
# @return [Array<Types::HomeDirectoryMapEntry>]
|
121
|
+
#
|
122
|
+
# @!attribute [rw] policy
|
123
|
+
# A scope-down policy for your user so that you can use the same IAM
|
124
|
+
# role across multiple users. This policy scopes down user access to
|
125
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
126
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
127
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
128
|
+
#
|
129
|
+
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
130
|
+
# not use scope down policy.
|
131
|
+
#
|
132
|
+
# For scope-down policies, AWS Transfer Family stores the policy as a
|
133
|
+
# JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
|
134
|
+
# You save the policy as a JSON blob and pass it in the `Policy`
|
135
|
+
# argument.
|
136
|
+
#
|
137
|
+
# For an example of a scope-down policy, see [Example scope-down
|
138
|
+
# policy][1].
|
139
|
+
#
|
140
|
+
# For more information, see [AssumeRole][2] in the *AWS Security Token
|
141
|
+
# Service API Reference*.
|
142
|
+
#
|
143
|
+
# </note>
|
144
|
+
#
|
145
|
+
#
|
146
|
+
#
|
147
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
|
148
|
+
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
149
|
+
# @return [String]
|
150
|
+
#
|
151
|
+
# @!attribute [rw] posix_profile
|
152
|
+
# The full POSIX identity, including user ID (`Uid`), group ID
|
153
|
+
# (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
154
|
+
# controls your users' access to your Amazon EFS file systems. The
|
155
|
+
# POSIX permissions that are set on files and directories in your file
|
156
|
+
# system determine the level of access your users get when
|
157
|
+
# transferring files into and out of your Amazon EFS file systems.
|
158
|
+
# @return [Types::PosixProfile]
|
159
|
+
#
|
160
|
+
# @!attribute [rw] role
|
161
|
+
# Specifies the IAM role that controls your users' access to your
|
162
|
+
# Amazon S3 bucket or EFS file system. The policies attached to this
|
163
|
+
# role determine the level of access that you want to provide your
|
164
|
+
# users when transferring files into and out of your Amazon S3 bucket
|
165
|
+
# or EFS file system. The IAM role should also contain a trust
|
166
|
+
# relationship that allows the server to access your resources when
|
167
|
+
# servicing your users' transfer requests.
|
168
|
+
# @return [String]
|
169
|
+
#
|
170
|
+
# @!attribute [rw] server_id
|
171
|
+
# A system-assigned unique identifier for a server instance. This is
|
172
|
+
# the specific server that you added your user to.
|
173
|
+
# @return [String]
|
174
|
+
#
|
175
|
+
# @!attribute [rw] external_id
|
176
|
+
# A unique identifier that is required to identify specific groups
|
177
|
+
# within your directory. The users of the group that you associate
|
178
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
179
|
+
# enabled protocols using AWS Transfer Family. If you know the group
|
180
|
+
# name, you can view the SID values by running the following command
|
181
|
+
# using Windows PowerShell.
|
182
|
+
#
|
183
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
184
|
+
# -Properties * | Select SamaccountName,ObjectSid`
|
185
|
+
#
|
186
|
+
# In that command, replace *YourGroupName* with the name of your
|
187
|
+
# Active Directory group.
|
188
|
+
#
|
189
|
+
# The regex used to validate this parameter is a string of characters
|
190
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
191
|
+
# no spaces. You can also include underscores or any of the following
|
192
|
+
# characters: =,.@:/-
|
193
|
+
# @return [String]
|
194
|
+
#
|
195
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessRequest AWS API Documentation
|
196
|
+
#
|
197
|
+
class CreateAccessRequest < Struct.new(
|
198
|
+
:home_directory,
|
199
|
+
:home_directory_type,
|
200
|
+
:home_directory_mappings,
|
201
|
+
:policy,
|
202
|
+
:posix_profile,
|
203
|
+
:role,
|
204
|
+
:server_id,
|
205
|
+
:external_id)
|
206
|
+
SENSITIVE = []
|
207
|
+
include Aws::Structure
|
208
|
+
end
|
209
|
+
|
210
|
+
# @!attribute [rw] server_id
|
211
|
+
# The ID of the server that the user is attached to.
|
212
|
+
# @return [String]
|
213
|
+
#
|
214
|
+
# @!attribute [rw] external_id
|
215
|
+
# The external ID of the group whose users have access to your Amazon
|
216
|
+
# S3 or Amazon EFS resources over the enabled protocols using AWS
|
217
|
+
# Transfer Family.
|
218
|
+
# @return [String]
|
219
|
+
#
|
220
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessResponse AWS API Documentation
|
221
|
+
#
|
222
|
+
class CreateAccessResponse < Struct.new(
|
223
|
+
:server_id,
|
224
|
+
:external_id)
|
225
|
+
SENSITIVE = []
|
226
|
+
include Aws::Structure
|
227
|
+
end
|
228
|
+
|
41
229
|
# @note When making an API call, you may pass CreateServerRequest
|
42
230
|
# data as a hash:
|
43
231
|
#
|
44
232
|
# {
|
45
233
|
# certificate: "Certificate",
|
234
|
+
# domain: "S3", # accepts S3, EFS
|
46
235
|
# endpoint_details: {
|
47
236
|
# address_allocation_ids: ["AddressAllocationId"],
|
48
237
|
# subnet_ids: ["SubnetId"],
|
@@ -55,8 +244,9 @@ module Aws::Transfer
|
|
55
244
|
# identity_provider_details: {
|
56
245
|
# url: "Url",
|
57
246
|
# invocation_role: "Role",
|
247
|
+
# directory_id: "DirectoryId",
|
58
248
|
# },
|
59
|
-
# identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY
|
249
|
+
# identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY, AWS_DIRECTORY_SERVICE
|
60
250
|
# logging_role: "Role",
|
61
251
|
# protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
|
62
252
|
# security_policy_name: "SecurityPolicyName",
|
@@ -108,22 +298,45 @@ module Aws::Transfer
|
|
108
298
|
# [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
|
109
299
|
# @return [String]
|
110
300
|
#
|
301
|
+
# @!attribute [rw] domain
|
302
|
+
# The domain of the storage system that is used for file transfers.
|
303
|
+
# There are two domains available: Amazon Simple Storage Service
|
304
|
+
# (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default
|
305
|
+
# value is S3.
|
306
|
+
#
|
307
|
+
# <note markdown="1"> After the server is created, the domain cannot be changed.
|
308
|
+
#
|
309
|
+
# </note>
|
310
|
+
# @return [String]
|
311
|
+
#
|
111
312
|
# @!attribute [rw] endpoint_details
|
112
313
|
# The virtual private cloud (VPC) endpoint settings that are
|
113
314
|
# configured for your server. When you host your endpoint within your
|
114
315
|
# VPC, you can make it accessible only to resources within your VPC,
|
115
|
-
# or you can attach Elastic
|
116
|
-
# the internet. Your VPC's default security groups are
|
117
|
-
# assigned to your endpoint.
|
316
|
+
# or you can attach Elastic IP addresses and make it accessible to
|
317
|
+
# clients over the internet. Your VPC's default security groups are
|
318
|
+
# automatically assigned to your endpoint.
|
118
319
|
# @return [Types::EndpointDetails]
|
119
320
|
#
|
120
321
|
# @!attribute [rw] endpoint_type
|
121
|
-
# The type of
|
122
|
-
#
|
123
|
-
#
|
124
|
-
#
|
125
|
-
#
|
126
|
-
#
|
322
|
+
# The type of endpoint that you want your server to use. You can
|
323
|
+
# choose to make your server's endpoint publicly accessible (PUBLIC)
|
324
|
+
# or host it inside your VPC. With an endpoint that is hosted in a
|
325
|
+
# VPC, you can restrict access to your server and resources only
|
326
|
+
# within your VPC or choose to make it internet facing by attaching
|
327
|
+
# Elastic IP addresses directly to it.
|
328
|
+
#
|
329
|
+
# <note markdown="1"> After March 31, 2021, you won't be able to create a server using
|
330
|
+
# `EndpointType=VPC_ENDPOINT` in your AWS account if your account
|
331
|
+
# hasn't already done so before March 31, 2021. If you have already
|
332
|
+
# created servers with `EndpointType=VPC_ENDPOINT` in your AWS account
|
333
|
+
# on or before March 31, 2021, you will not be affected. After this
|
334
|
+
# date, use `EndpointType`=`VPC`.
|
335
|
+
#
|
336
|
+
# For more information, see
|
337
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
338
|
+
#
|
339
|
+
# It is recommended that you use `VPC` as the `EndpointType`. With
|
127
340
|
# this endpoint type, you have the option to directly associate up to
|
128
341
|
# three Elastic IPv4 addresses (BYO IP included) with your server's
|
129
342
|
# endpoint and use VPC security groups to restrict traffic by the
|
@@ -150,20 +363,26 @@ module Aws::Transfer
|
|
150
363
|
# @return [String]
|
151
364
|
#
|
152
365
|
# @!attribute [rw] identity_provider_details
|
153
|
-
# Required when `IdentityProviderType` is set to
|
154
|
-
# Accepts an array
|
155
|
-
#
|
156
|
-
#
|
157
|
-
#
|
366
|
+
# Required when `IdentityProviderType` is set to
|
367
|
+
# `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`. Accepts an array
|
368
|
+
# containing all of the information required to use a directory in
|
369
|
+
# `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication
|
370
|
+
# API, including the API Gateway URL. Not required when
|
371
|
+
# `IdentityProviderType` is set to `SERVICE_MANAGED`.
|
158
372
|
# @return [Types::IdentityProviderDetails]
|
159
373
|
#
|
160
374
|
# @!attribute [rw] identity_provider_type
|
161
375
|
# Specifies the mode of authentication for a server. The default value
|
162
376
|
# is `SERVICE_MANAGED`, which allows you to store and access user
|
163
|
-
# credentials within the AWS Transfer Family service. Use
|
164
|
-
# `
|
165
|
-
#
|
166
|
-
#
|
377
|
+
# credentials within the AWS Transfer Family service. Use
|
378
|
+
# `AWS_DIRECTORY_SERVICE` to provide access to Active Directory groups
|
379
|
+
# in AWS Managed Active Directory or Microsoft Active Directory in
|
380
|
+
# your on-premises environment or in AWS using AD Connectors. This
|
381
|
+
# option also requires you to provide a Directory ID using the
|
382
|
+
# `IdentityProviderDetails` parameter. Use the `API_GATEWAY` value to
|
383
|
+
# integrate with an identity provider of your choosing. The
|
384
|
+
# `API_GATEWAY` setting requires you to provide an API Gateway
|
385
|
+
# endpoint URL to call for authentication using the
|
167
386
|
# `IdentityProviderDetails` parameter.
|
168
387
|
# @return [String]
|
169
388
|
#
|
@@ -191,7 +410,7 @@ module Aws::Transfer
|
|
191
410
|
#
|
192
411
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
193
412
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
194
|
-
# `API_GATEWAY`.
|
413
|
+
# `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
|
195
414
|
#
|
196
415
|
# If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
|
197
416
|
# associated.
|
@@ -216,6 +435,7 @@ module Aws::Transfer
|
|
216
435
|
#
|
217
436
|
class CreateServerRequest < Struct.new(
|
218
437
|
:certificate,
|
438
|
+
:domain,
|
219
439
|
:endpoint_details,
|
220
440
|
:endpoint_type,
|
221
441
|
:host_key,
|
@@ -254,6 +474,11 @@ module Aws::Transfer
|
|
254
474
|
# },
|
255
475
|
# ],
|
256
476
|
# policy: "Policy",
|
477
|
+
# posix_profile: {
|
478
|
+
# uid: 1, # required
|
479
|
+
# gid: 1, # required
|
480
|
+
# secondary_gids: [1],
|
481
|
+
# },
|
257
482
|
# role: "Role", # required
|
258
483
|
# server_id: "ServerId", # required
|
259
484
|
# ssh_public_key_body: "SshPublicKeyBody",
|
@@ -270,8 +495,7 @@ module Aws::Transfer
|
|
270
495
|
# The landing directory (folder) for a user when they log in to the
|
271
496
|
# server using the client.
|
272
497
|
#
|
273
|
-
#
|
274
|
-
# <code>your-Amazon-S3-bucket-name>/home/username</code> </i>.
|
498
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
275
499
|
# @return [String]
|
276
500
|
#
|
277
501
|
# @!attribute [rw] home_directory_type
|
@@ -284,32 +508,37 @@ module Aws::Transfer
|
|
284
508
|
# @return [String]
|
285
509
|
#
|
286
510
|
# @!attribute [rw] home_directory_mappings
|
287
|
-
# Logical directory mappings that specify what Amazon S3 paths
|
288
|
-
# keys should be visible to your user and how you want to make
|
289
|
-
# visible. You will need to specify the
|
511
|
+
# Logical directory mappings that specify what Amazon S3 or EFS paths
|
512
|
+
# and keys should be visible to your user and how you want to make
|
513
|
+
# them visible. You will need to specify the `Entry` and `Target`
|
290
514
|
# pair, where `Entry` shows how the path is made visible and `Target`
|
291
|
-
# is the actual Amazon S3 path. If you only specify a target,
|
292
|
-
# be displayed as is. You will need to also make sure that
|
293
|
-
# role provides access to paths in `Target`.
|
294
|
-
#
|
515
|
+
# is the actual Amazon S3 or EFS path. If you only specify a target,
|
516
|
+
# it will be displayed as is. You will need to also make sure that
|
517
|
+
# your IAM role provides access to paths in `Target`. This value can
|
518
|
+
# only be set when `HomeDirectoryType` is set to `LOGICAL`.
|
295
519
|
#
|
296
|
-
# `
|
297
|
-
#
|
298
|
-
# "
|
520
|
+
# The following is an `Entry` and `Target` pair example.
|
521
|
+
#
|
522
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
523
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
299
524
|
#
|
300
525
|
# In most cases, you can use this value instead of the scope-down
|
301
526
|
# policy to lock your user down to the designated home directory
|
302
|
-
# ("chroot"). To do this, you can set `Entry` to
|
527
|
+
# ("`chroot`"). To do this, you can set `Entry` to `/` and set
|
303
528
|
# `Target` to the HomeDirectory parameter value.
|
304
529
|
#
|
530
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
531
|
+
#
|
532
|
+
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
533
|
+
#
|
305
534
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
306
|
-
# S3, the entry will be ignored. As a workaround, you can use
|
307
|
-
# Amazon S3 API to create 0 byte objects as place
|
308
|
-
# directory. If using the CLI, use the `s3api`
|
309
|
-
#
|
310
|
-
# following: `aws s3api put-object
|
311
|
-
# path/to/folder/`. Make sure that the end
|
312
|
-
#
|
535
|
+
# S3 or EFS, the entry will be ignored. As a workaround, you can use
|
536
|
+
# the Amazon S3 API or EFS API to create 0 byte objects as place
|
537
|
+
# holders for your directory. If using the CLI, use the `s3api` or
|
538
|
+
# `efsapi` call instead of `s3` or `efs` so you can use the put-object
|
539
|
+
# operation. For example, you use the following: `aws s3api put-object
|
540
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
541
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
313
542
|
#
|
314
543
|
# </note>
|
315
544
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
@@ -321,12 +550,15 @@ module Aws::Transfer
|
|
321
550
|
# inside this policy include `$\{Transfer:UserName\}`,
|
322
551
|
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
323
552
|
#
|
324
|
-
# <note markdown="1">
|
553
|
+
# <note markdown="1"> This only applies when domain of ServerId is S3. EFS does not use
|
554
|
+
# scope down policy.
|
555
|
+
#
|
556
|
+
# For scope-down policies, AWS Transfer Family stores the policy as a
|
325
557
|
# JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
|
326
558
|
# You save the policy as a JSON blob and pass it in the `Policy`
|
327
559
|
# argument.
|
328
560
|
#
|
329
|
-
# For an example of a scope-down policy, see [
|
561
|
+
# For an example of a scope-down policy, see [Example scope-down
|
330
562
|
# policy][1].
|
331
563
|
#
|
332
564
|
# For more information, see [AssumeRole][2] in the *AWS Security Token
|
@@ -336,17 +568,27 @@ module Aws::Transfer
|
|
336
568
|
#
|
337
569
|
#
|
338
570
|
#
|
339
|
-
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/
|
571
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
|
340
572
|
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
341
573
|
# @return [String]
|
342
574
|
#
|
575
|
+
# @!attribute [rw] posix_profile
|
576
|
+
# Specifies the full POSIX identity, including user ID (`Uid`), group
|
577
|
+
# ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
578
|
+
# controls your users' access to your Amazon EFS file systems. The
|
579
|
+
# POSIX permissions that are set on files and directories in Amazon
|
580
|
+
# EFS determine the level of access your users get when transferring
|
581
|
+
# files into and out of your Amazon EFS file systems.
|
582
|
+
# @return [Types::PosixProfile]
|
583
|
+
#
|
343
584
|
# @!attribute [rw] role
|
344
|
-
#
|
345
|
-
# bucket. The policies attached to this
|
346
|
-
# of access you want to provide your
|
347
|
-
# into and out of your Amazon S3 bucket
|
348
|
-
#
|
349
|
-
#
|
585
|
+
# Specifies the IAM role that controls your users' access to your
|
586
|
+
# Amazon S3 bucket or EFS file system. The policies attached to this
|
587
|
+
# role will determine the level of access you want to provide your
|
588
|
+
# users when transferring files into and out of your Amazon S3 bucket
|
589
|
+
# or EFS file system. The IAM role should also contain a trust
|
590
|
+
# relationship that allows the server to access your resources when
|
591
|
+
# servicing your users' transfer requests.
|
350
592
|
# @return [String]
|
351
593
|
#
|
352
594
|
# @!attribute [rw] server_id
|
@@ -380,6 +622,7 @@ module Aws::Transfer
|
|
380
622
|
:home_directory_type,
|
381
623
|
:home_directory_mappings,
|
382
624
|
:policy,
|
625
|
+
:posix_profile,
|
383
626
|
:role,
|
384
627
|
:server_id,
|
385
628
|
:ssh_public_key_body,
|
@@ -407,6 +650,48 @@ module Aws::Transfer
|
|
407
650
|
include Aws::Structure
|
408
651
|
end
|
409
652
|
|
653
|
+
# @note When making an API call, you may pass DeleteAccessRequest
|
654
|
+
# data as a hash:
|
655
|
+
#
|
656
|
+
# {
|
657
|
+
# server_id: "ServerId", # required
|
658
|
+
# external_id: "ExternalId", # required
|
659
|
+
# }
|
660
|
+
#
|
661
|
+
# @!attribute [rw] server_id
|
662
|
+
# A system-assigned unique identifier for a server that has this user
|
663
|
+
# assigned.
|
664
|
+
# @return [String]
|
665
|
+
#
|
666
|
+
# @!attribute [rw] external_id
|
667
|
+
# A unique identifier that is required to identify specific groups
|
668
|
+
# within your directory. The users of the group that you associate
|
669
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
670
|
+
# enabled protocols using AWS Transfer Family. If you know the group
|
671
|
+
# name, you can view the SID values by running the following command
|
672
|
+
# using Windows PowerShell.
|
673
|
+
#
|
674
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
675
|
+
# -Properties * | Select SamaccountName,ObjectSid`
|
676
|
+
#
|
677
|
+
# In that command, replace *YourGroupName* with the name of your
|
678
|
+
# Active Directory group.
|
679
|
+
#
|
680
|
+
# The regex used to validate this parameter is a string of characters
|
681
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
682
|
+
# no spaces. You can also include underscores or any of the following
|
683
|
+
# characters: =,.@:/-
|
684
|
+
# @return [String]
|
685
|
+
#
|
686
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DeleteAccessRequest AWS API Documentation
|
687
|
+
#
|
688
|
+
class DeleteAccessRequest < Struct.new(
|
689
|
+
:server_id,
|
690
|
+
:external_id)
|
691
|
+
SENSITIVE = []
|
692
|
+
include Aws::Structure
|
693
|
+
end
|
694
|
+
|
410
695
|
# @note When making an API call, you may pass DeleteServerRequest
|
411
696
|
# data as a hash:
|
412
697
|
#
|
@@ -486,6 +771,66 @@ module Aws::Transfer
|
|
486
771
|
include Aws::Structure
|
487
772
|
end
|
488
773
|
|
774
|
+
# @note When making an API call, you may pass DescribeAccessRequest
|
775
|
+
# data as a hash:
|
776
|
+
#
|
777
|
+
# {
|
778
|
+
# server_id: "ServerId", # required
|
779
|
+
# external_id: "ExternalId", # required
|
780
|
+
# }
|
781
|
+
#
|
782
|
+
# @!attribute [rw] server_id
|
783
|
+
# A system-assigned unique identifier for a server that has this
|
784
|
+
# access assigned.
|
785
|
+
# @return [String]
|
786
|
+
#
|
787
|
+
# @!attribute [rw] external_id
|
788
|
+
# A unique identifier that is required to identify specific groups
|
789
|
+
# within your directory. The users of the group you associate have
|
790
|
+
# access to your Amazon S3 or Amazon EFS resources over the enabled
|
791
|
+
# protocols using AWS Transfer Family. If you know the group name, you
|
792
|
+
# can view the SID values by running the following command using
|
793
|
+
# Windows PowerShell.
|
794
|
+
#
|
795
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
796
|
+
# -Properties * | Select SamaccountName,ObjectSid`
|
797
|
+
#
|
798
|
+
# In that command, replace *YourGroupName* with the name of your
|
799
|
+
# Active Directory group.
|
800
|
+
#
|
801
|
+
# The regex used to validate this parameter is a string of characters
|
802
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
803
|
+
# no spaces. You can also include underscores or any of the following
|
804
|
+
# characters: =,.@:/-
|
805
|
+
# @return [String]
|
806
|
+
#
|
807
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAccessRequest AWS API Documentation
|
808
|
+
#
|
809
|
+
class DescribeAccessRequest < Struct.new(
|
810
|
+
:server_id,
|
811
|
+
:external_id)
|
812
|
+
SENSITIVE = []
|
813
|
+
include Aws::Structure
|
814
|
+
end
|
815
|
+
|
816
|
+
# @!attribute [rw] server_id
|
817
|
+
# A system-assigned unique identifier for a server that has this
|
818
|
+
# access assigned.
|
819
|
+
# @return [String]
|
820
|
+
#
|
821
|
+
# @!attribute [rw] access
|
822
|
+
# The external ID of the server that the access is attached to.
|
823
|
+
# @return [Types::DescribedAccess]
|
824
|
+
#
|
825
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAccessResponse AWS API Documentation
|
826
|
+
#
|
827
|
+
class DescribeAccessResponse < Struct.new(
|
828
|
+
:server_id,
|
829
|
+
:access)
|
830
|
+
SENSITIVE = []
|
831
|
+
include Aws::Structure
|
832
|
+
end
|
833
|
+
|
489
834
|
# @note When making an API call, you may pass DescribeSecurityPolicyRequest
|
490
835
|
# data as a hash:
|
491
836
|
#
|
@@ -597,6 +942,100 @@ module Aws::Transfer
|
|
597
942
|
include Aws::Structure
|
598
943
|
end
|
599
944
|
|
945
|
+
# Describes the properties of the access that was specified.
|
946
|
+
#
|
947
|
+
# @!attribute [rw] home_directory
|
948
|
+
# Specifies the landing directory (or folder), which is the location
|
949
|
+
# that files are written to or read from in an Amazon S3 bucket, for
|
950
|
+
# the described access.
|
951
|
+
# @return [String]
|
952
|
+
#
|
953
|
+
# @!attribute [rw] home_directory_mappings
|
954
|
+
# Specifies the logical directory mappings that specify what Amazon S3
|
955
|
+
# or Amazon EFS paths and keys should be visible to the associated
|
956
|
+
# access and how you want to make them visible. You must specify the
|
957
|
+
# "`Entry`" and "`Target`" pair, where `Entry` shows how the path
|
958
|
+
# is made visible and `Target` is the actual Amazon S3 or EFS path. If
|
959
|
+
# you only specify a target, it will be displayed as is. You also must
|
960
|
+
# ensure that your AWS Identity and Access Management (IAM) role
|
961
|
+
# provides access to paths in `Target`.
|
962
|
+
#
|
963
|
+
# In most cases, you can use this value instead of the scope-down
|
964
|
+
# policy to lock down the associated access to the designated home
|
965
|
+
# directory ("`chroot`"). To do this, you can set `Entry` to '/'
|
966
|
+
# and set `Target` to the `HomeDirectory` parameter value.
|
967
|
+
# @return [Array<Types::HomeDirectoryMapEntry>]
|
968
|
+
#
|
969
|
+
# @!attribute [rw] home_directory_type
|
970
|
+
# The type of landing directory (folder) that you want your users'
|
971
|
+
# home directory to be when they log in to the server. If you set it
|
972
|
+
# to `PATH`, the user will see the absolute Amazon S3 bucket paths as
|
973
|
+
# is in their file transfer protocol clients. If you set it to
|
974
|
+
# `LOGICAL`, you must provide mappings in the `HomeDirectoryMappings`
|
975
|
+
# for how you want to make Amazon S3 paths visible to your users.
|
976
|
+
# @return [String]
|
977
|
+
#
|
978
|
+
# @!attribute [rw] policy
|
979
|
+
# A scope-down policy for your user so that you can use the same AWS
|
980
|
+
# Identity and Access Management (IAM) role across multiple users.
|
981
|
+
# This policy scopes down user access to portions of their Amazon S3
|
982
|
+
# bucket. Variables that you can use inside this policy include
|
983
|
+
# `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
|
984
|
+
# `$\{Transfer:HomeBucket\}`.
|
985
|
+
# @return [String]
|
986
|
+
#
|
987
|
+
# @!attribute [rw] posix_profile
|
988
|
+
# The full POSIX identity, including user ID (`Uid`), group ID
|
989
|
+
# (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
990
|
+
# controls your users' access to your Amazon EFS file systems. The
|
991
|
+
# POSIX permissions that are set on files and directories in your file
|
992
|
+
# system determine the level of access your users get when
|
993
|
+
# transferring files into and out of your Amazon EFS file systems.
|
994
|
+
# @return [Types::PosixProfile]
|
995
|
+
#
|
996
|
+
# @!attribute [rw] role
|
997
|
+
# The IAM role that controls access to your Amazon S3 bucket from the
|
998
|
+
# specified associated access. The policies attached to this role will
|
999
|
+
# determine the level of access that you want to provide the
|
1000
|
+
# associated access when transferring files into and out of your
|
1001
|
+
# Amazon S3 bucket or buckets. The IAM role should also contain a
|
1002
|
+
# trust relationship that allows a server to access your resources
|
1003
|
+
# when servicing transfer requests for the associated access.
|
1004
|
+
# @return [String]
|
1005
|
+
#
|
1006
|
+
# @!attribute [rw] external_id
|
1007
|
+
# A unique identifier that might be required when you assume a role in
|
1008
|
+
# another account. Think of the `ExternalID` as a group membership
|
1009
|
+
# mechanism that uses a unique identifier (often a SID, but could be a
|
1010
|
+
# group name or something else) as a basis. If the administrator of
|
1011
|
+
# the account to which the role belongs provided you with an external
|
1012
|
+
# ID, then provide that value in the `ExternalId` parameter. A
|
1013
|
+
# cross-account role is usually set up to trust everyone in an
|
1014
|
+
# account. Therefore, the administrator of the trusting account might
|
1015
|
+
# send an external ID to the administrator of the trusted account.
|
1016
|
+
# That way, only someone with the ID can assume the role, rather than
|
1017
|
+
# everyone in the account.
|
1018
|
+
#
|
1019
|
+
# The regex used to validate this parameter is a string of characters
|
1020
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
1021
|
+
# no spaces. You can also include underscores or any of the following
|
1022
|
+
# characters: =,.@:/-
|
1023
|
+
# @return [String]
|
1024
|
+
#
|
1025
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedAccess AWS API Documentation
|
1026
|
+
#
|
1027
|
+
class DescribedAccess < Struct.new(
|
1028
|
+
:home_directory,
|
1029
|
+
:home_directory_mappings,
|
1030
|
+
:home_directory_type,
|
1031
|
+
:policy,
|
1032
|
+
:posix_profile,
|
1033
|
+
:role,
|
1034
|
+
:external_id)
|
1035
|
+
SENSITIVE = []
|
1036
|
+
include Aws::Structure
|
1037
|
+
end
|
1038
|
+
|
600
1039
|
# Describes the properties of a security policy that was specified. For
|
601
1040
|
# more information about security policies, see [Working with security
|
602
1041
|
# policies][1].
|
@@ -662,6 +1101,11 @@ module Aws::Transfer
|
|
662
1101
|
# Required when `Protocols` is set to `FTPS`.
|
663
1102
|
# @return [String]
|
664
1103
|
#
|
1104
|
+
# @!attribute [rw] domain
|
1105
|
+
# Specifies the domain of the storage system that is used for file
|
1106
|
+
# transfers.
|
1107
|
+
# @return [String]
|
1108
|
+
#
|
665
1109
|
# @!attribute [rw] endpoint_details
|
666
1110
|
# Specifies the virtual private cloud (VPC) endpoint settings that you
|
667
1111
|
# configured for your server.
|
@@ -682,23 +1126,26 @@ module Aws::Transfer
|
|
682
1126
|
# @!attribute [rw] identity_provider_details
|
683
1127
|
# Specifies information to call a customer-supplied authentication
|
684
1128
|
# API. This field is not populated when the `IdentityProviderType` of
|
685
|
-
# a server is `SERVICE_MANAGED`.
|
1129
|
+
# a server is `AWS_DIRECTORY_SERVICE` or `SERVICE_MANAGED`.
|
686
1130
|
# @return [Types::IdentityProviderDetails]
|
687
1131
|
#
|
688
1132
|
# @!attribute [rw] identity_provider_type
|
689
1133
|
# Specifies the mode of authentication method enabled for this
|
690
|
-
# service. A value of `
|
691
|
-
#
|
692
|
-
#
|
693
|
-
#
|
694
|
-
#
|
1134
|
+
# service. A value of `AWS_DIRECTORY_SERVICE` means that you are
|
1135
|
+
# providing access to Active Directory groups in AWS Managed Active
|
1136
|
+
# Directory or Microsoft Active Directory in your on-premises
|
1137
|
+
# environment or in AWS using AD Connectors. A value of
|
1138
|
+
# `SERVICE_MANAGED` means that you are using this server to store and
|
1139
|
+
# access user credentials within the service. A value of `API_GATEWAY`
|
1140
|
+
# indicates that you have integrated an API Gateway endpoint that will
|
1141
|
+
# be invoked for authenticating your user into the service.
|
695
1142
|
# @return [String]
|
696
1143
|
#
|
697
1144
|
# @!attribute [rw] logging_role
|
698
1145
|
# Specifies the AWS Identity and Access Management (IAM) role that
|
699
1146
|
# allows a server to turn on Amazon CloudWatch logging for Amazon S3
|
700
|
-
# events. When set, user activity can be viewed in your
|
701
|
-
# logs.
|
1147
|
+
# or Amazon EFS events. When set, user activity can be viewed in your
|
1148
|
+
# CloudWatch logs.
|
702
1149
|
# @return [String]
|
703
1150
|
#
|
704
1151
|
# @!attribute [rw] protocols
|
@@ -752,6 +1199,7 @@ module Aws::Transfer
|
|
752
1199
|
class DescribedServer < Struct.new(
|
753
1200
|
:arn,
|
754
1201
|
:certificate,
|
1202
|
+
:domain,
|
755
1203
|
:endpoint_details,
|
756
1204
|
:endpoint_type,
|
757
1205
|
:host_key_fingerprint,
|
@@ -784,17 +1232,17 @@ module Aws::Transfer
|
|
784
1232
|
#
|
785
1233
|
# @!attribute [rw] home_directory_mappings
|
786
1234
|
# Specifies the logical directory mappings that specify what Amazon S3
|
787
|
-
# paths and keys should be visible to your user and how you
|
788
|
-
# make them visible. You will need to specify the "`Entry`"
|
789
|
-
# "`Target`" pair, where `Entry` shows how the path is made
|
790
|
-
# and `Target` is the actual Amazon S3 path. If you
|
791
|
-
# target, it will be displayed as is. You will need to
|
792
|
-
# that your AWS Identity and Access Management (IAM)
|
793
|
-
# access to paths in `Target`.
|
1235
|
+
# or EFS paths and keys should be visible to your user and how you
|
1236
|
+
# want to make them visible. You will need to specify the "`Entry`"
|
1237
|
+
# and "`Target`" pair, where `Entry` shows how the path is made
|
1238
|
+
# visible and `Target` is the actual Amazon S3 or EFS path. If you
|
1239
|
+
# only specify a target, it will be displayed as is. You will need to
|
1240
|
+
# also make sure that your AWS Identity and Access Management (IAM)
|
1241
|
+
# role provides access to paths in `Target`.
|
794
1242
|
#
|
795
1243
|
# In most cases, you can use this value instead of the scope-down
|
796
1244
|
# policy to lock your user down to the designated home directory
|
797
|
-
# ("chroot"). To do this, you can set `Entry` to '/' and set
|
1245
|
+
# ("`chroot`"). To do this, you can set `Entry` to '/' and set
|
798
1246
|
# `Target` to the HomeDirectory parameter value.
|
799
1247
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
800
1248
|
#
|
@@ -802,21 +1250,31 @@ module Aws::Transfer
|
|
802
1250
|
# Specifies the type of landing directory (folder) you mapped for your
|
803
1251
|
# users to see when they log into the file transfer protocol-enabled
|
804
1252
|
# server. If you set it to `PATH`, the user will see the absolute
|
805
|
-
# Amazon S3 bucket paths as is in their file transfer protocol
|
1253
|
+
# Amazon S3 bucket or EFS paths as is in their file transfer protocol
|
806
1254
|
# clients. If you set it `LOGICAL`, you will need to provide mappings
|
807
|
-
# in the `HomeDirectoryMappings` for how you want to make Amazon S3
|
808
|
-
# paths visible to your users.
|
1255
|
+
# in the `HomeDirectoryMappings` for how you want to make Amazon S3 or
|
1256
|
+
# EFS paths visible to your users.
|
809
1257
|
# @return [String]
|
810
1258
|
#
|
811
1259
|
# @!attribute [rw] policy
|
812
1260
|
# Specifies the name of the policy in use for the described user.
|
813
1261
|
# @return [String]
|
814
1262
|
#
|
1263
|
+
# @!attribute [rw] posix_profile
|
1264
|
+
# Specifies the full POSIX identity, including user ID (`Uid`), group
|
1265
|
+
# ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
1266
|
+
# controls your users' access to your Amazon Elastic File System
|
1267
|
+
# (Amazon EFS) file systems. The POSIX permissions that are set on
|
1268
|
+
# files and directories in your file system determine the level of
|
1269
|
+
# access your users get when transferring files into and out of your
|
1270
|
+
# Amazon EFS file systems.
|
1271
|
+
# @return [Types::PosixProfile]
|
1272
|
+
#
|
815
1273
|
# @!attribute [rw] role
|
816
|
-
#
|
817
|
-
#
|
818
|
-
#
|
819
|
-
#
|
1274
|
+
# The IAM role that controls your users' access to your Amazon S3
|
1275
|
+
# bucket. The policies attached to this role will determine the level
|
1276
|
+
# of access you want to provide your users when transferring files
|
1277
|
+
# into and out of your Amazon S3 bucket or buckets. The IAM role
|
820
1278
|
# should also contain a trust relationship that allows a server to
|
821
1279
|
# access your resources when servicing your users' transfer requests.
|
822
1280
|
# @return [String]
|
@@ -845,6 +1303,7 @@ module Aws::Transfer
|
|
845
1303
|
:home_directory_mappings,
|
846
1304
|
:home_directory_type,
|
847
1305
|
:policy,
|
1306
|
+
:posix_profile,
|
848
1307
|
:role,
|
849
1308
|
:ssh_public_keys,
|
850
1309
|
:tags,
|
@@ -857,7 +1316,19 @@ module Aws::Transfer
|
|
857
1316
|
# for your file transfer protocol-enabled server. With a VPC endpoint,
|
858
1317
|
# you can restrict access to your server and resources only within your
|
859
1318
|
# VPC. To control incoming internet traffic, invoke the `UpdateServer`
|
860
|
-
# API and attach an Elastic IP to your server's endpoint.
|
1319
|
+
# API and attach an Elastic IP address to your server's endpoint.
|
1320
|
+
#
|
1321
|
+
# <note markdown="1"> After March 31, 2021, you won't be able to create a server using
|
1322
|
+
# `EndpointType=VPC_ENDPOINT` in your AWS account if your account
|
1323
|
+
# hasn't already done so before March 31, 2021. If you have already
|
1324
|
+
# created servers with `EndpointType=VPC_ENDPOINT` in your AWS account
|
1325
|
+
# on or before March 31, 2021, you will not be affected. After this
|
1326
|
+
# date, use `EndpointType`=`VPC`.
|
1327
|
+
#
|
1328
|
+
# For more information, see
|
1329
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
1330
|
+
#
|
1331
|
+
# </note>
|
861
1332
|
#
|
862
1333
|
# @note When making an API call, you may pass EndpointDetails
|
863
1334
|
# data as a hash:
|
@@ -895,6 +1366,9 @@ module Aws::Transfer
|
|
895
1366
|
# <note markdown="1"> This property can only be set when `EndpointType` is set to
|
896
1367
|
# `VPC_ENDPOINT`.
|
897
1368
|
#
|
1369
|
+
# For more information, see
|
1370
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
1371
|
+
#
|
898
1372
|
# </note>
|
899
1373
|
# @return [String]
|
900
1374
|
#
|
@@ -912,11 +1386,18 @@ module Aws::Transfer
|
|
912
1386
|
#
|
913
1387
|
# <note markdown="1"> This property can only be set when `EndpointType` is set to `VPC`.
|
914
1388
|
#
|
915
|
-
# You can
|
916
|
-
#
|
917
|
-
# from `PUBLIC` or `VPC_ENDPOINT` to `VPC`.
|
1389
|
+
# You can edit the `SecurityGroupIds` property in the
|
1390
|
+
# [UpdateServer][1] API only if you are changing the `EndpointType`
|
1391
|
+
# from `PUBLIC` or `VPC_ENDPOINT` to `VPC`. To change security groups
|
1392
|
+
# associated with your server's VPC endpoint after creation, use the
|
1393
|
+
# Amazon EC2 [ModifyVpcEndpoint][2] API.
|
918
1394
|
#
|
919
1395
|
# </note>
|
1396
|
+
#
|
1397
|
+
#
|
1398
|
+
#
|
1399
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateServer.html
|
1400
|
+
# [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html
|
920
1401
|
# @return [Array<String>]
|
921
1402
|
#
|
922
1403
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/EndpointDetails AWS API Documentation
|
@@ -969,6 +1450,7 @@ module Aws::Transfer
|
|
969
1450
|
# {
|
970
1451
|
# url: "Url",
|
971
1452
|
# invocation_role: "Role",
|
1453
|
+
# directory_id: "DirectoryId",
|
972
1454
|
# }
|
973
1455
|
#
|
974
1456
|
# @!attribute [rw] url
|
@@ -981,11 +1463,17 @@ module Aws::Transfer
|
|
981
1463
|
# account.
|
982
1464
|
# @return [String]
|
983
1465
|
#
|
1466
|
+
# @!attribute [rw] directory_id
|
1467
|
+
# The identifier of the AWS Directory Service directory that you want
|
1468
|
+
# to stop sharing.
|
1469
|
+
# @return [String]
|
1470
|
+
#
|
984
1471
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/IdentityProviderDetails AWS API Documentation
|
985
1472
|
#
|
986
1473
|
class IdentityProviderDetails < Struct.new(
|
987
1474
|
:url,
|
988
|
-
:invocation_role
|
1475
|
+
:invocation_role,
|
1476
|
+
:directory_id)
|
989
1477
|
SENSITIVE = []
|
990
1478
|
include Aws::Structure
|
991
1479
|
end
|
@@ -1088,6 +1576,68 @@ module Aws::Transfer
|
|
1088
1576
|
include Aws::Structure
|
1089
1577
|
end
|
1090
1578
|
|
1579
|
+
# @note When making an API call, you may pass ListAccessesRequest
|
1580
|
+
# data as a hash:
|
1581
|
+
#
|
1582
|
+
# {
|
1583
|
+
# max_results: 1,
|
1584
|
+
# next_token: "NextToken",
|
1585
|
+
# server_id: "ServerId", # required
|
1586
|
+
# }
|
1587
|
+
#
|
1588
|
+
# @!attribute [rw] max_results
|
1589
|
+
# Specifies the maximum number of access SIDs to return.
|
1590
|
+
# @return [Integer]
|
1591
|
+
#
|
1592
|
+
# @!attribute [rw] next_token
|
1593
|
+
# When you can get additional results from the `ListAccesses` call, a
|
1594
|
+
# `NextToken` parameter is returned in the output. You can then pass
|
1595
|
+
# in a subsequent command to the `NextToken` parameter to continue
|
1596
|
+
# listing additional accesses.
|
1597
|
+
# @return [String]
|
1598
|
+
#
|
1599
|
+
# @!attribute [rw] server_id
|
1600
|
+
# A system-assigned unique identifier for a server that has users
|
1601
|
+
# assigned to it.
|
1602
|
+
# @return [String]
|
1603
|
+
#
|
1604
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAccessesRequest AWS API Documentation
|
1605
|
+
#
|
1606
|
+
class ListAccessesRequest < Struct.new(
|
1607
|
+
:max_results,
|
1608
|
+
:next_token,
|
1609
|
+
:server_id)
|
1610
|
+
SENSITIVE = []
|
1611
|
+
include Aws::Structure
|
1612
|
+
end
|
1613
|
+
|
1614
|
+
# @!attribute [rw] next_token
|
1615
|
+
# When you can get additional results from the `ListAccesses` call, a
|
1616
|
+
# `NextToken` parameter is returned in the output. You can then pass
|
1617
|
+
# in a subsequent command to the `NextToken` parameter to continue
|
1618
|
+
# listing additional accesses.
|
1619
|
+
# @return [String]
|
1620
|
+
#
|
1621
|
+
# @!attribute [rw] server_id
|
1622
|
+
# A system-assigned unique identifier for a server that has users
|
1623
|
+
# assigned to it.
|
1624
|
+
# @return [String]
|
1625
|
+
#
|
1626
|
+
# @!attribute [rw] accesses
|
1627
|
+
# Returns the accesses and their properties for the `ServerId` value
|
1628
|
+
# that you specify.
|
1629
|
+
# @return [Array<Types::ListedAccess>]
|
1630
|
+
#
|
1631
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAccessesResponse AWS API Documentation
|
1632
|
+
#
|
1633
|
+
class ListAccessesResponse < Struct.new(
|
1634
|
+
:next_token,
|
1635
|
+
:server_id,
|
1636
|
+
:accesses)
|
1637
|
+
SENSITIVE = []
|
1638
|
+
include Aws::Structure
|
1639
|
+
end
|
1640
|
+
|
1091
1641
|
# @note When making an API call, you may pass ListSecurityPoliciesRequest
|
1092
1642
|
# data as a hash:
|
1093
1643
|
#
|
@@ -1313,6 +1863,64 @@ module Aws::Transfer
|
|
1313
1863
|
include Aws::Structure
|
1314
1864
|
end
|
1315
1865
|
|
1866
|
+
# Lists the properties for one or more specified associated accesses.
|
1867
|
+
#
|
1868
|
+
# @!attribute [rw] home_directory
|
1869
|
+
# Specifies the landing directory (or folder), which is the location
|
1870
|
+
# that files are written to or read from in an Amazon S3 bucket, for
|
1871
|
+
# the described access.
|
1872
|
+
# @return [String]
|
1873
|
+
#
|
1874
|
+
# @!attribute [rw] home_directory_type
|
1875
|
+
# The type of landing directory (folder) that you want your users'
|
1876
|
+
# home directory to be when they log in to the server. If you set it
|
1877
|
+
# to `PATH`, the user will see the absolute Amazon S3 bucket paths as
|
1878
|
+
# is in their file transfer protocol clients. If you set it to
|
1879
|
+
# `LOGICAL`, you must provide mappings in the `HomeDirectoryMappings`
|
1880
|
+
# for how you want to make Amazon S3 paths visible to your users.
|
1881
|
+
# @return [String]
|
1882
|
+
#
|
1883
|
+
# @!attribute [rw] role
|
1884
|
+
# The AWS Identity and Access Management (IAM) role that controls
|
1885
|
+
# access to your Amazon S3 bucket from the specified associated
|
1886
|
+
# access. The policies attached to this role will determine the level
|
1887
|
+
# of access that you want to provide the associated access when
|
1888
|
+
# transferring files into and out of your Amazon S3 bucket or buckets.
|
1889
|
+
# The IAM role should also contain a trust relationship that allows a
|
1890
|
+
# server to access your resources when servicing transfer requests for
|
1891
|
+
# the associated access.
|
1892
|
+
# @return [String]
|
1893
|
+
#
|
1894
|
+
# @!attribute [rw] external_id
|
1895
|
+
# A unique identifier that might be required when you assume a role in
|
1896
|
+
# another account. Think of the `ExternalID` as a group membership
|
1897
|
+
# mechanism that uses a unique identifier (often a SID, but could be a
|
1898
|
+
# group name or something else) as a basis. If the administrator of
|
1899
|
+
# the account to which the role belongs provided you with an external
|
1900
|
+
# ID, then provide that value in the `ExternalId` parameter. A
|
1901
|
+
# cross-account role is usually set up to trust everyone in an
|
1902
|
+
# account. Therefore, the administrator of the trusting account might
|
1903
|
+
# send an external ID to the administrator of the trusted account.
|
1904
|
+
# That way, only someone with the ID can assume the role, rather than
|
1905
|
+
# everyone in the account.
|
1906
|
+
#
|
1907
|
+
# The regex used to validate this parameter is a string of characters
|
1908
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
1909
|
+
# no spaces. You can also include underscores or any of the following
|
1910
|
+
# characters: =,.@:/-
|
1911
|
+
# @return [String]
|
1912
|
+
#
|
1913
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedAccess AWS API Documentation
|
1914
|
+
#
|
1915
|
+
class ListedAccess < Struct.new(
|
1916
|
+
:home_directory,
|
1917
|
+
:home_directory_type,
|
1918
|
+
:role,
|
1919
|
+
:external_id)
|
1920
|
+
SENSITIVE = []
|
1921
|
+
include Aws::Structure
|
1922
|
+
end
|
1923
|
+
|
1316
1924
|
# Returns properties of a file transfer protocol-enabled server that was
|
1317
1925
|
# specified.
|
1318
1926
|
#
|
@@ -1321,11 +1929,16 @@ module Aws::Transfer
|
|
1321
1929
|
# listed.
|
1322
1930
|
# @return [String]
|
1323
1931
|
#
|
1932
|
+
# @!attribute [rw] domain
|
1933
|
+
# Specifies the domain of the storage system that is used for file
|
1934
|
+
# transfers.
|
1935
|
+
# @return [String]
|
1936
|
+
#
|
1324
1937
|
# @!attribute [rw] identity_provider_type
|
1325
1938
|
# Specifies the authentication method used to validate a user for a
|
1326
|
-
# server that was specified. This can include Secure Shell (SSH),
|
1327
|
-
# name and password combinations, or
|
1328
|
-
#
|
1939
|
+
# server that was specified. This can include Secure Shell (SSH),
|
1940
|
+
# Active Directory groups, user name and password combinations, or
|
1941
|
+
# your own custom authentication method.
|
1329
1942
|
# @return [String]
|
1330
1943
|
#
|
1331
1944
|
# @!attribute [rw] endpoint_type
|
@@ -1365,6 +1978,7 @@ module Aws::Transfer
|
|
1365
1978
|
#
|
1366
1979
|
class ListedServer < Struct.new(
|
1367
1980
|
:arn,
|
1981
|
+
:domain,
|
1368
1982
|
:identity_provider_type,
|
1369
1983
|
:endpoint_type,
|
1370
1984
|
:logging_role,
|
@@ -1403,6 +2017,16 @@ module Aws::Transfer
|
|
1403
2017
|
# behalf. It allows the server to inherit the trust relationship that
|
1404
2018
|
# enables that user to perform file operations to their Amazon S3
|
1405
2019
|
# bucket.
|
2020
|
+
#
|
2021
|
+
# <note markdown="1"> The IAM role that controls your users' access to your Amazon S3
|
2022
|
+
# bucket for servers with `Domain=S3`, or your EFS file system for
|
2023
|
+
# servers with `Domain=EFS`.
|
2024
|
+
#
|
2025
|
+
# The policies attached to this role determine the level of access you
|
2026
|
+
# want to provide your users when transferring files into and out of
|
2027
|
+
# your S3 buckets or EFS file systems.
|
2028
|
+
#
|
2029
|
+
# </note>
|
1406
2030
|
# @return [String]
|
1407
2031
|
#
|
1408
2032
|
# @!attribute [rw] ssh_public_key_count
|
@@ -1428,6 +2052,45 @@ module Aws::Transfer
|
|
1428
2052
|
include Aws::Structure
|
1429
2053
|
end
|
1430
2054
|
|
2055
|
+
# The full POSIX identity, including user ID (`Uid`), group ID (`Gid`),
|
2056
|
+
# and any secondary groups IDs (`SecondaryGids`), that controls your
|
2057
|
+
# users' access to your Amazon EFS file systems. The POSIX permissions
|
2058
|
+
# that are set on files and directories in your file system determine
|
2059
|
+
# the level of access your users get when transferring files into and
|
2060
|
+
# out of your Amazon EFS file systems.
|
2061
|
+
#
|
2062
|
+
# @note When making an API call, you may pass PosixProfile
|
2063
|
+
# data as a hash:
|
2064
|
+
#
|
2065
|
+
# {
|
2066
|
+
# uid: 1, # required
|
2067
|
+
# gid: 1, # required
|
2068
|
+
# secondary_gids: [1],
|
2069
|
+
# }
|
2070
|
+
#
|
2071
|
+
# @!attribute [rw] uid
|
2072
|
+
# The POSIX user ID used for all EFS operations by this user.
|
2073
|
+
# @return [Integer]
|
2074
|
+
#
|
2075
|
+
# @!attribute [rw] gid
|
2076
|
+
# The POSIX group ID used for all EFS operations by this user.
|
2077
|
+
# @return [Integer]
|
2078
|
+
#
|
2079
|
+
# @!attribute [rw] secondary_gids
|
2080
|
+
# The secondary POSIX group IDs used for all EFS operations by this
|
2081
|
+
# user.
|
2082
|
+
# @return [Array<Integer>]
|
2083
|
+
#
|
2084
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/PosixProfile AWS API Documentation
|
2085
|
+
#
|
2086
|
+
class PosixProfile < Struct.new(
|
2087
|
+
:uid,
|
2088
|
+
:gid,
|
2089
|
+
:secondary_gids)
|
2090
|
+
SENSITIVE = []
|
2091
|
+
include Aws::Structure
|
2092
|
+
end
|
2093
|
+
|
1431
2094
|
# The requested resource does not exist.
|
1432
2095
|
#
|
1433
2096
|
# @!attribute [rw] message
|
@@ -1744,6 +2407,194 @@ module Aws::Transfer
|
|
1744
2407
|
include Aws::Structure
|
1745
2408
|
end
|
1746
2409
|
|
2410
|
+
# @note When making an API call, you may pass UpdateAccessRequest
|
2411
|
+
# data as a hash:
|
2412
|
+
#
|
2413
|
+
# {
|
2414
|
+
# home_directory: "HomeDirectory",
|
2415
|
+
# home_directory_type: "PATH", # accepts PATH, LOGICAL
|
2416
|
+
# home_directory_mappings: [
|
2417
|
+
# {
|
2418
|
+
# entry: "MapEntry", # required
|
2419
|
+
# target: "MapTarget", # required
|
2420
|
+
# },
|
2421
|
+
# ],
|
2422
|
+
# policy: "Policy",
|
2423
|
+
# posix_profile: {
|
2424
|
+
# uid: 1, # required
|
2425
|
+
# gid: 1, # required
|
2426
|
+
# secondary_gids: [1],
|
2427
|
+
# },
|
2428
|
+
# role: "Role",
|
2429
|
+
# server_id: "ServerId", # required
|
2430
|
+
# external_id: "ExternalId", # required
|
2431
|
+
# }
|
2432
|
+
#
|
2433
|
+
# @!attribute [rw] home_directory
|
2434
|
+
# The landing directory (folder) for a user when they log in to the
|
2435
|
+
# server using the client.
|
2436
|
+
#
|
2437
|
+
# A `HomeDirectory` example is `/directory_name/home/mydirectory`.
|
2438
|
+
# @return [String]
|
2439
|
+
#
|
2440
|
+
# @!attribute [rw] home_directory_type
|
2441
|
+
# The type of landing directory (folder) that you want your users'
|
2442
|
+
# home directory to be when they log in to the server. If you set it
|
2443
|
+
# to `PATH`, the user will see the absolute Amazon S3 bucket paths as
|
2444
|
+
# is in their file transfer protocol clients. If you set it `LOGICAL`,
|
2445
|
+
# you must provide mappings in the `HomeDirectoryMappings` for how you
|
2446
|
+
# want to make Amazon S3 paths visible to your users.
|
2447
|
+
# @return [String]
|
2448
|
+
#
|
2449
|
+
# @!attribute [rw] home_directory_mappings
|
2450
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
2451
|
+
# paths and keys should be visible to your user and how you want to
|
2452
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
2453
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
2454
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
2455
|
+
# it will be displayed as is. You also must ensure that your AWS
|
2456
|
+
# Identity and Access Management (IAM) role provides access to paths
|
2457
|
+
# in `Target`. This value can only be set when `HomeDirectoryType` is
|
2458
|
+
# set to *LOGICAL*.
|
2459
|
+
#
|
2460
|
+
# The following is an `Entry` and `Target` pair example.
|
2461
|
+
#
|
2462
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
2463
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
2464
|
+
#
|
2465
|
+
# In most cases, you can use this value instead of the scope-down
|
2466
|
+
# policy to lock down your user to the designated home directory
|
2467
|
+
# ("`chroot`"). To do this, you can set `Entry` to `/` and set
|
2468
|
+
# `Target` to the `HomeDirectory` parameter value.
|
2469
|
+
#
|
2470
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
2471
|
+
#
|
2472
|
+
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
2473
|
+
#
|
2474
|
+
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
2475
|
+
# S3 or Amazon EFS, the entry will be ignored. As a workaround, you
|
2476
|
+
# can use the Amazon S3 API or EFS API to create 0-byte objects as
|
2477
|
+
# place holders for your directory. If using the AWS CLI, use the
|
2478
|
+
# `s3api` or `efsapi` call instead of `s3` or `efs` so you can use the
|
2479
|
+
# `put-object` operation. For example, you can use the following.
|
2480
|
+
#
|
2481
|
+
# `aws s3api put-object --bucket bucketname --key path/to/folder/`
|
2482
|
+
#
|
2483
|
+
# The end of the key name must end in a `/` for it to be considered a
|
2484
|
+
# folder.
|
2485
|
+
#
|
2486
|
+
# </note>
|
2487
|
+
#
|
2488
|
+
# Required: No
|
2489
|
+
# @return [Array<Types::HomeDirectoryMapEntry>]
|
2490
|
+
#
|
2491
|
+
# @!attribute [rw] policy
|
2492
|
+
# A scope-down policy for your user so that you can use the same IAM
|
2493
|
+
# role across multiple users. This policy scopes down user access to
|
2494
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
2495
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
2496
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
2497
|
+
#
|
2498
|
+
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
2499
|
+
# not use scope down policy.
|
2500
|
+
#
|
2501
|
+
# For scope-down policies, AWS Transfer Family stores the policy as a
|
2502
|
+
# JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
|
2503
|
+
# You save the policy as a JSON blob and pass it in the `Policy`
|
2504
|
+
# argument.
|
2505
|
+
#
|
2506
|
+
# For an example of a scope-down policy, see [Example scope-down
|
2507
|
+
# policy][1].
|
2508
|
+
#
|
2509
|
+
# For more information, see [AssumeRole][2] in the *AWS Security Token
|
2510
|
+
# Service API Reference*.
|
2511
|
+
#
|
2512
|
+
# </note>
|
2513
|
+
#
|
2514
|
+
#
|
2515
|
+
#
|
2516
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
|
2517
|
+
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
2518
|
+
# @return [String]
|
2519
|
+
#
|
2520
|
+
# @!attribute [rw] posix_profile
|
2521
|
+
# The full POSIX identity, including user ID (`Uid`), group ID
|
2522
|
+
# (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
2523
|
+
# controls your users' access to your Amazon EFS file systems. The
|
2524
|
+
# POSIX permissions that are set on files and directories in your file
|
2525
|
+
# system determine the level of access your users get when
|
2526
|
+
# transferring files into and out of your Amazon EFS file systems.
|
2527
|
+
# @return [Types::PosixProfile]
|
2528
|
+
#
|
2529
|
+
# @!attribute [rw] role
|
2530
|
+
# Specifies the IAM role that controls your users' access to your
|
2531
|
+
# Amazon S3 bucket or EFS file system. The policies attached to this
|
2532
|
+
# role determine the level of access that you want to provide your
|
2533
|
+
# users when transferring files into and out of your Amazon S3 bucket
|
2534
|
+
# or EFS file system. The IAM role should also contain a trust
|
2535
|
+
# relationship that allows the server to access your resources when
|
2536
|
+
# servicing your users' transfer requests.
|
2537
|
+
# @return [String]
|
2538
|
+
#
|
2539
|
+
# @!attribute [rw] server_id
|
2540
|
+
# A system-assigned unique identifier for a server instance. This is
|
2541
|
+
# the specific server that you added your user to.
|
2542
|
+
# @return [String]
|
2543
|
+
#
|
2544
|
+
# @!attribute [rw] external_id
|
2545
|
+
# A unique identifier that is required to identify specific groups
|
2546
|
+
# within your directory. The users of the group that you associate
|
2547
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
2548
|
+
# enabled protocols using AWS Transfer Family. If you know the group
|
2549
|
+
# name, you can view the SID values by running the following command
|
2550
|
+
# using Windows PowerShell.
|
2551
|
+
#
|
2552
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
2553
|
+
# -Properties * | Select SamaccountName,ObjectSid`
|
2554
|
+
#
|
2555
|
+
# In that command, replace *YourGroupName* with the name of your
|
2556
|
+
# Active Directory group.
|
2557
|
+
#
|
2558
|
+
# The regex used to validate this parameter is a string of characters
|
2559
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
2560
|
+
# no spaces. You can also include underscores or any of the following
|
2561
|
+
# characters: =,.@:/-
|
2562
|
+
# @return [String]
|
2563
|
+
#
|
2564
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessRequest AWS API Documentation
|
2565
|
+
#
|
2566
|
+
class UpdateAccessRequest < Struct.new(
|
2567
|
+
:home_directory,
|
2568
|
+
:home_directory_type,
|
2569
|
+
:home_directory_mappings,
|
2570
|
+
:policy,
|
2571
|
+
:posix_profile,
|
2572
|
+
:role,
|
2573
|
+
:server_id,
|
2574
|
+
:external_id)
|
2575
|
+
SENSITIVE = []
|
2576
|
+
include Aws::Structure
|
2577
|
+
end
|
2578
|
+
|
2579
|
+
# @!attribute [rw] server_id
|
2580
|
+
# The ID of the server that the user is attached to.
|
2581
|
+
# @return [String]
|
2582
|
+
#
|
2583
|
+
# @!attribute [rw] external_id
|
2584
|
+
# The external ID of the group whose users have access to your Amazon
|
2585
|
+
# S3 or Amazon EFS resources over the enabled protocols using AWS
|
2586
|
+
# Transfer Family.
|
2587
|
+
# @return [String]
|
2588
|
+
#
|
2589
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessResponse AWS API Documentation
|
2590
|
+
#
|
2591
|
+
class UpdateAccessResponse < Struct.new(
|
2592
|
+
:server_id,
|
2593
|
+
:external_id)
|
2594
|
+
SENSITIVE = []
|
2595
|
+
include Aws::Structure
|
2596
|
+
end
|
2597
|
+
|
1747
2598
|
# @note When making an API call, you may pass UpdateServerRequest
|
1748
2599
|
# data as a hash:
|
1749
2600
|
#
|
@@ -1761,6 +2612,7 @@ module Aws::Transfer
|
|
1761
2612
|
# identity_provider_details: {
|
1762
2613
|
# url: "Url",
|
1763
2614
|
# invocation_role: "Role",
|
2615
|
+
# directory_id: "DirectoryId",
|
1764
2616
|
# },
|
1765
2617
|
# logging_role: "NullableRole",
|
1766
2618
|
# protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
|
@@ -1817,12 +2669,24 @@ module Aws::Transfer
|
|
1817
2669
|
# @return [Types::EndpointDetails]
|
1818
2670
|
#
|
1819
2671
|
# @!attribute [rw] endpoint_type
|
1820
|
-
# The type of endpoint that you want your server to
|
1821
|
-
#
|
1822
|
-
#
|
1823
|
-
#
|
1824
|
-
#
|
1825
|
-
#
|
2672
|
+
# The type of endpoint that you want your server to use. You can
|
2673
|
+
# choose to make your server's endpoint publicly accessible (PUBLIC)
|
2674
|
+
# or host it inside your VPC. With an endpoint that is hosted in a
|
2675
|
+
# VPC, you can restrict access to your server and resources only
|
2676
|
+
# within your VPC or choose to make it internet facing by attaching
|
2677
|
+
# Elastic IP addresses directly to it.
|
2678
|
+
#
|
2679
|
+
# <note markdown="1"> After March 31, 2021, you won't be able to create a server using
|
2680
|
+
# `EndpointType=VPC_ENDPOINT` in your AWS account if your account
|
2681
|
+
# hasn't already done so before March 31, 2021. If you have already
|
2682
|
+
# created servers with `EndpointType=VPC_ENDPOINT` in your AWS account
|
2683
|
+
# on or before March 31, 2021, you will not be affected. After this
|
2684
|
+
# date, use `EndpointType`=`VPC`.
|
2685
|
+
#
|
2686
|
+
# For more information, see
|
2687
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
2688
|
+
#
|
2689
|
+
# It is recommended that you use `VPC` as the `EndpointType`. With
|
1826
2690
|
# this endpoint type, you have the option to directly associate up to
|
1827
2691
|
# three Elastic IPv4 addresses (BYO IP included) with your server's
|
1828
2692
|
# endpoint and use VPC security groups to restrict traffic by the
|
@@ -1855,8 +2719,8 @@ module Aws::Transfer
|
|
1855
2719
|
#
|
1856
2720
|
# @!attribute [rw] logging_role
|
1857
2721
|
# Changes the AWS Identity and Access Management (IAM) role that
|
1858
|
-
# allows Amazon S3 events to be logged in Amazon
|
1859
|
-
# logging on or off.
|
2722
|
+
# allows Amazon S3 or Amazon EFS events to be logged in Amazon
|
2723
|
+
# CloudWatch, turning logging on or off.
|
1860
2724
|
# @return [String]
|
1861
2725
|
#
|
1862
2726
|
# @!attribute [rw] protocols
|
@@ -1878,7 +2742,7 @@ module Aws::Transfer
|
|
1878
2742
|
#
|
1879
2743
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
1880
2744
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
1881
|
-
# `API_GATEWAY`.
|
2745
|
+
# `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
|
1882
2746
|
#
|
1883
2747
|
# If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
|
1884
2748
|
# associated.
|
@@ -1942,6 +2806,11 @@ module Aws::Transfer
|
|
1942
2806
|
# },
|
1943
2807
|
# ],
|
1944
2808
|
# policy: "Policy",
|
2809
|
+
# posix_profile: {
|
2810
|
+
# uid: 1, # required
|
2811
|
+
# gid: 1, # required
|
2812
|
+
# secondary_gids: [1],
|
2813
|
+
# },
|
1945
2814
|
# role: "Role",
|
1946
2815
|
# server_id: "ServerId", # required
|
1947
2816
|
# user_name: "UserName", # required
|
@@ -1957,39 +2826,40 @@ module Aws::Transfer
|
|
1957
2826
|
# @!attribute [rw] home_directory_type
|
1958
2827
|
# The type of landing directory (folder) you want your users' home
|
1959
2828
|
# directory to be when they log into the server. If you set it to
|
1960
|
-
# `PATH`, the user will see the absolute Amazon S3 bucket
|
1961
|
-
# in their file transfer protocol clients. If you set it
|
1962
|
-
# you will need to provide mappings in the
|
1963
|
-
# how you want to make Amazon S3
|
2829
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
2830
|
+
# as is in their file transfer protocol clients. If you set it
|
2831
|
+
# `LOGICAL`, you will need to provide mappings in the
|
2832
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
2833
|
+
# paths visible to your users.
|
1964
2834
|
# @return [String]
|
1965
2835
|
#
|
1966
2836
|
# @!attribute [rw] home_directory_mappings
|
1967
|
-
# Logical directory mappings that specify what Amazon S3
|
1968
|
-
# keys should be visible to your user and how you want to
|
1969
|
-
# visible. You will need to specify the "`Entry`" and
|
1970
|
-
# pair, where `Entry` shows how the path is made visible
|
1971
|
-
# is the actual Amazon S3 path. If you only
|
1972
|
-
# be displayed as is. You will need to also
|
1973
|
-
# role provides access to paths in `Target`.
|
1974
|
-
# example.
|
2837
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
2838
|
+
# paths and keys should be visible to your user and how you want to
|
2839
|
+
# make them visible. You will need to specify the "`Entry`" and
|
2840
|
+
# "`Target`" pair, where `Entry` shows how the path is made visible
|
2841
|
+
# and `Target` is the actual Amazon S3 or Amazon EFS path. If you only
|
2842
|
+
# specify a target, it will be displayed as is. You will need to also
|
2843
|
+
# make sure that your IAM role provides access to paths in `Target`.
|
2844
|
+
# The following is an example.
|
1975
2845
|
#
|
1976
2846
|
# `'[ "/bucket2/documentation", \{ "Entry":
|
1977
2847
|
# "your-personal-report.pdf", "Target":
|
1978
2848
|
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]'`
|
1979
2849
|
#
|
1980
2850
|
# In most cases, you can use this value instead of the scope-down
|
1981
|
-
# policy to lock your user
|
1982
|
-
# ("chroot"). To do this, you can set `Entry` to '/' and set
|
2851
|
+
# policy to lock down your user to the designated home directory
|
2852
|
+
# ("`chroot`"). To do this, you can set `Entry` to '/' and set
|
1983
2853
|
# `Target` to the HomeDirectory parameter value.
|
1984
2854
|
#
|
1985
2855
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
1986
|
-
# S3, the entry will be ignored. As a workaround, you can use
|
1987
|
-
# Amazon S3 API to create 0
|
1988
|
-
# directory. If using the CLI, use the `s3api`
|
1989
|
-
#
|
1990
|
-
# following: `aws s3api put-object
|
1991
|
-
# path/to/folder/`. Make sure that the end
|
1992
|
-
# for it to be considered a folder.
|
2856
|
+
# S3 or EFS, the entry will be ignored. As a workaround, you can use
|
2857
|
+
# the Amazon S3 API or EFS API to create 0-byte objects as place
|
2858
|
+
# holders for your directory. If using the AWS CLI, use the `s3api` or
|
2859
|
+
# `efsapi` call instead of `s3` `efs` so you can use the put-object
|
2860
|
+
# operation. For example, you use the following: `aws s3api put-object
|
2861
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
2862
|
+
# of the key name ends in a / for it to be considered a folder.
|
1993
2863
|
#
|
1994
2864
|
# </note>
|
1995
2865
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
@@ -2020,13 +2890,23 @@ module Aws::Transfer
|
|
2020
2890
|
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
2021
2891
|
# @return [String]
|
2022
2892
|
#
|
2893
|
+
# @!attribute [rw] posix_profile
|
2894
|
+
# Specifies the full POSIX identity, including user ID (`Uid`), group
|
2895
|
+
# ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
2896
|
+
# controls your users' access to your Amazon Elastic File Systems
|
2897
|
+
# (Amazon EFS). The POSIX permissions that are set on files and
|
2898
|
+
# directories in your file system determines the level of access your
|
2899
|
+
# users get when transferring files into and out of your Amazon EFS
|
2900
|
+
# file systems.
|
2901
|
+
# @return [Types::PosixProfile]
|
2902
|
+
#
|
2023
2903
|
# @!attribute [rw] role
|
2024
2904
|
# The IAM role that controls your users' access to your Amazon S3
|
2025
|
-
# bucket. The policies attached to this role
|
2026
|
-
#
|
2027
|
-
#
|
2028
|
-
#
|
2029
|
-
#
|
2905
|
+
# bucket. The policies attached to this role determine the level of
|
2906
|
+
# access you want to provide your users when transferring files into
|
2907
|
+
# and out of your S3 bucket or buckets. The IAM role should also
|
2908
|
+
# contain a trust relationship that allows the server to access your
|
2909
|
+
# resources when servicing your users' transfer requests.
|
2030
2910
|
# @return [String]
|
2031
2911
|
#
|
2032
2912
|
# @!attribute [rw] server_id
|
@@ -2050,6 +2930,7 @@ module Aws::Transfer
|
|
2050
2930
|
:home_directory_type,
|
2051
2931
|
:home_directory_mappings,
|
2052
2932
|
:policy,
|
2933
|
+
:posix_profile,
|
2053
2934
|
:role,
|
2054
2935
|
:server_id,
|
2055
2936
|
:user_name)
|