aws-sdk-transfer 1.29.0 → 1.34.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +183 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-transfer.rb +3 -3
- data/lib/aws-sdk-transfer/client.rb +680 -110
- data/lib/aws-sdk-transfer/client_api.rb +152 -1
- data/lib/aws-sdk-transfer/errors.rb +1 -1
- data/lib/aws-sdk-transfer/resource.rb +1 -1
- data/lib/aws-sdk-transfer/types.rb +997 -155
- metadata +11 -9
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -19,26 +19,34 @@ module Aws::Transfer
|
|
19
19
|
Arn = Shapes::StringShape.new(name: 'Arn')
|
20
20
|
Certificate = Shapes::StringShape.new(name: 'Certificate')
|
21
21
|
ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
|
22
|
+
CreateAccessRequest = Shapes::StructureShape.new(name: 'CreateAccessRequest')
|
23
|
+
CreateAccessResponse = Shapes::StructureShape.new(name: 'CreateAccessResponse')
|
22
24
|
CreateServerRequest = Shapes::StructureShape.new(name: 'CreateServerRequest')
|
23
25
|
CreateServerResponse = Shapes::StructureShape.new(name: 'CreateServerResponse')
|
24
26
|
CreateUserRequest = Shapes::StructureShape.new(name: 'CreateUserRequest')
|
25
27
|
CreateUserResponse = Shapes::StructureShape.new(name: 'CreateUserResponse')
|
26
28
|
DateImported = Shapes::TimestampShape.new(name: 'DateImported')
|
29
|
+
DeleteAccessRequest = Shapes::StructureShape.new(name: 'DeleteAccessRequest')
|
27
30
|
DeleteServerRequest = Shapes::StructureShape.new(name: 'DeleteServerRequest')
|
28
31
|
DeleteSshPublicKeyRequest = Shapes::StructureShape.new(name: 'DeleteSshPublicKeyRequest')
|
29
32
|
DeleteUserRequest = Shapes::StructureShape.new(name: 'DeleteUserRequest')
|
33
|
+
DescribeAccessRequest = Shapes::StructureShape.new(name: 'DescribeAccessRequest')
|
34
|
+
DescribeAccessResponse = Shapes::StructureShape.new(name: 'DescribeAccessResponse')
|
30
35
|
DescribeSecurityPolicyRequest = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyRequest')
|
31
36
|
DescribeSecurityPolicyResponse = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyResponse')
|
32
37
|
DescribeServerRequest = Shapes::StructureShape.new(name: 'DescribeServerRequest')
|
33
38
|
DescribeServerResponse = Shapes::StructureShape.new(name: 'DescribeServerResponse')
|
34
39
|
DescribeUserRequest = Shapes::StructureShape.new(name: 'DescribeUserRequest')
|
35
40
|
DescribeUserResponse = Shapes::StructureShape.new(name: 'DescribeUserResponse')
|
41
|
+
DescribedAccess = Shapes::StructureShape.new(name: 'DescribedAccess')
|
36
42
|
DescribedSecurityPolicy = Shapes::StructureShape.new(name: 'DescribedSecurityPolicy')
|
37
43
|
DescribedServer = Shapes::StructureShape.new(name: 'DescribedServer')
|
38
44
|
DescribedUser = Shapes::StructureShape.new(name: 'DescribedUser')
|
45
|
+
DirectoryId = Shapes::StringShape.new(name: 'DirectoryId')
|
39
46
|
Domain = Shapes::StringShape.new(name: 'Domain')
|
40
47
|
EndpointDetails = Shapes::StructureShape.new(name: 'EndpointDetails')
|
41
48
|
EndpointType = Shapes::StringShape.new(name: 'EndpointType')
|
49
|
+
ExternalId = Shapes::StringShape.new(name: 'ExternalId')
|
42
50
|
Fips = Shapes::BooleanShape.new(name: 'Fips')
|
43
51
|
HomeDirectory = Shapes::StringShape.new(name: 'HomeDirectory')
|
44
52
|
HomeDirectoryMapEntry = Shapes::StructureShape.new(name: 'HomeDirectoryMapEntry')
|
@@ -53,6 +61,8 @@ module Aws::Transfer
|
|
53
61
|
InternalServiceError = Shapes::StructureShape.new(name: 'InternalServiceError')
|
54
62
|
InvalidNextTokenException = Shapes::StructureShape.new(name: 'InvalidNextTokenException')
|
55
63
|
InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
|
64
|
+
ListAccessesRequest = Shapes::StructureShape.new(name: 'ListAccessesRequest')
|
65
|
+
ListAccessesResponse = Shapes::StructureShape.new(name: 'ListAccessesResponse')
|
56
66
|
ListSecurityPoliciesRequest = Shapes::StructureShape.new(name: 'ListSecurityPoliciesRequest')
|
57
67
|
ListSecurityPoliciesResponse = Shapes::StructureShape.new(name: 'ListSecurityPoliciesResponse')
|
58
68
|
ListServersRequest = Shapes::StructureShape.new(name: 'ListServersRequest')
|
@@ -61,6 +71,8 @@ module Aws::Transfer
|
|
61
71
|
ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
|
62
72
|
ListUsersRequest = Shapes::StructureShape.new(name: 'ListUsersRequest')
|
63
73
|
ListUsersResponse = Shapes::StructureShape.new(name: 'ListUsersResponse')
|
74
|
+
ListedAccess = Shapes::StructureShape.new(name: 'ListedAccess')
|
75
|
+
ListedAccesses = Shapes::ListShape.new(name: 'ListedAccesses')
|
64
76
|
ListedServer = Shapes::StructureShape.new(name: 'ListedServer')
|
65
77
|
ListedServers = Shapes::ListShape.new(name: 'ListedServers')
|
66
78
|
ListedUser = Shapes::StructureShape.new(name: 'ListedUser')
|
@@ -115,6 +127,8 @@ module Aws::Transfer
|
|
115
127
|
TestIdentityProviderResponse = Shapes::StructureShape.new(name: 'TestIdentityProviderResponse')
|
116
128
|
ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
|
117
129
|
UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
|
130
|
+
UpdateAccessRequest = Shapes::StructureShape.new(name: 'UpdateAccessRequest')
|
131
|
+
UpdateAccessResponse = Shapes::StructureShape.new(name: 'UpdateAccessResponse')
|
118
132
|
UpdateServerRequest = Shapes::StructureShape.new(name: 'UpdateServerRequest')
|
119
133
|
UpdateServerResponse = Shapes::StructureShape.new(name: 'UpdateServerResponse')
|
120
134
|
UpdateUserRequest = Shapes::StructureShape.new(name: 'UpdateUserRequest')
|
@@ -134,6 +148,20 @@ module Aws::Transfer
|
|
134
148
|
ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
135
149
|
ConflictException.struct_class = Types::ConflictException
|
136
150
|
|
151
|
+
CreateAccessRequest.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
152
|
+
CreateAccessRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
153
|
+
CreateAccessRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
154
|
+
CreateAccessRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
155
|
+
CreateAccessRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
156
|
+
CreateAccessRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "Role"))
|
157
|
+
CreateAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
158
|
+
CreateAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
159
|
+
CreateAccessRequest.struct_class = Types::CreateAccessRequest
|
160
|
+
|
161
|
+
CreateAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
162
|
+
CreateAccessResponse.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
163
|
+
CreateAccessResponse.struct_class = Types::CreateAccessResponse
|
164
|
+
|
137
165
|
CreateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
138
166
|
CreateServerRequest.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
139
167
|
CreateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
@@ -166,6 +194,10 @@ module Aws::Transfer
|
|
166
194
|
CreateUserResponse.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
|
167
195
|
CreateUserResponse.struct_class = Types::CreateUserResponse
|
168
196
|
|
197
|
+
DeleteAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
198
|
+
DeleteAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
199
|
+
DeleteAccessRequest.struct_class = Types::DeleteAccessRequest
|
200
|
+
|
169
201
|
DeleteServerRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
170
202
|
DeleteServerRequest.struct_class = Types::DeleteServerRequest
|
171
203
|
|
@@ -178,6 +210,14 @@ module Aws::Transfer
|
|
178
210
|
DeleteUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
|
179
211
|
DeleteUserRequest.struct_class = Types::DeleteUserRequest
|
180
212
|
|
213
|
+
DescribeAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
214
|
+
DescribeAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
215
|
+
DescribeAccessRequest.struct_class = Types::DescribeAccessRequest
|
216
|
+
|
217
|
+
DescribeAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
218
|
+
DescribeAccessResponse.add_member(:access, Shapes::ShapeRef.new(shape: DescribedAccess, required: true, location_name: "Access"))
|
219
|
+
DescribeAccessResponse.struct_class = Types::DescribeAccessResponse
|
220
|
+
|
181
221
|
DescribeSecurityPolicyRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
|
182
222
|
DescribeSecurityPolicyRequest.struct_class = Types::DescribeSecurityPolicyRequest
|
183
223
|
|
@@ -198,6 +238,15 @@ module Aws::Transfer
|
|
198
238
|
DescribeUserResponse.add_member(:user, Shapes::ShapeRef.new(shape: DescribedUser, required: true, location_name: "User"))
|
199
239
|
DescribeUserResponse.struct_class = Types::DescribeUserResponse
|
200
240
|
|
241
|
+
DescribedAccess.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
242
|
+
DescribedAccess.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
243
|
+
DescribedAccess.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
244
|
+
DescribedAccess.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
245
|
+
DescribedAccess.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
246
|
+
DescribedAccess.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
247
|
+
DescribedAccess.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, location_name: "ExternalId"))
|
248
|
+
DescribedAccess.struct_class = Types::DescribedAccess
|
249
|
+
|
201
250
|
DescribedSecurityPolicy.add_member(:fips, Shapes::ShapeRef.new(shape: Fips, location_name: "Fips"))
|
202
251
|
DescribedSecurityPolicy.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
|
203
252
|
DescribedSecurityPolicy.add_member(:ssh_ciphers, Shapes::ShapeRef.new(shape: SecurityPolicyOptions, location_name: "SshCiphers"))
|
@@ -250,6 +299,7 @@ module Aws::Transfer
|
|
250
299
|
|
251
300
|
IdentityProviderDetails.add_member(:url, Shapes::ShapeRef.new(shape: Url, location_name: "Url"))
|
252
301
|
IdentityProviderDetails.add_member(:invocation_role, Shapes::ShapeRef.new(shape: Role, location_name: "InvocationRole"))
|
302
|
+
IdentityProviderDetails.add_member(:directory_id, Shapes::ShapeRef.new(shape: DirectoryId, location_name: "DirectoryId"))
|
253
303
|
IdentityProviderDetails.struct_class = Types::IdentityProviderDetails
|
254
304
|
|
255
305
|
ImportSshPublicKeyRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
@@ -271,6 +321,16 @@ module Aws::Transfer
|
|
271
321
|
InvalidRequestException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
272
322
|
InvalidRequestException.struct_class = Types::InvalidRequestException
|
273
323
|
|
324
|
+
ListAccessesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
|
325
|
+
ListAccessesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
326
|
+
ListAccessesRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
327
|
+
ListAccessesRequest.struct_class = Types::ListAccessesRequest
|
328
|
+
|
329
|
+
ListAccessesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
330
|
+
ListAccessesResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
331
|
+
ListAccessesResponse.add_member(:accesses, Shapes::ShapeRef.new(shape: ListedAccesses, required: true, location_name: "Accesses"))
|
332
|
+
ListAccessesResponse.struct_class = Types::ListAccessesResponse
|
333
|
+
|
274
334
|
ListSecurityPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
|
275
335
|
ListSecurityPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
276
336
|
ListSecurityPoliciesRequest.struct_class = Types::ListSecurityPoliciesRequest
|
@@ -307,6 +367,14 @@ module Aws::Transfer
|
|
307
367
|
ListUsersResponse.add_member(:users, Shapes::ShapeRef.new(shape: ListedUsers, required: true, location_name: "Users"))
|
308
368
|
ListUsersResponse.struct_class = Types::ListUsersResponse
|
309
369
|
|
370
|
+
ListedAccess.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
371
|
+
ListedAccess.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
372
|
+
ListedAccess.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
373
|
+
ListedAccess.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, location_name: "ExternalId"))
|
374
|
+
ListedAccess.struct_class = Types::ListedAccess
|
375
|
+
|
376
|
+
ListedAccesses.member = Shapes::ShapeRef.new(shape: ListedAccess)
|
377
|
+
|
310
378
|
ListedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
|
311
379
|
ListedServer.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
312
380
|
ListedServer.add_member(:identity_provider_type, Shapes::ShapeRef.new(shape: IdentityProviderType, location_name: "IdentityProviderType"))
|
@@ -404,6 +472,20 @@ module Aws::Transfer
|
|
404
472
|
UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeys, required: true, location_name: "TagKeys"))
|
405
473
|
UntagResourceRequest.struct_class = Types::UntagResourceRequest
|
406
474
|
|
475
|
+
UpdateAccessRequest.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
476
|
+
UpdateAccessRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
477
|
+
UpdateAccessRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
478
|
+
UpdateAccessRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
479
|
+
UpdateAccessRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
480
|
+
UpdateAccessRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
481
|
+
UpdateAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
482
|
+
UpdateAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
483
|
+
UpdateAccessRequest.struct_class = Types::UpdateAccessRequest
|
484
|
+
|
485
|
+
UpdateAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
486
|
+
UpdateAccessResponse.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
487
|
+
UpdateAccessResponse.struct_class = Types::UpdateAccessResponse
|
488
|
+
|
407
489
|
UpdateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
408
490
|
UpdateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
409
491
|
UpdateServerRequest.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
@@ -452,6 +534,19 @@ module Aws::Transfer
|
|
452
534
|
"uid" => "transfer-2018-11-05",
|
453
535
|
}
|
454
536
|
|
537
|
+
api.add_operation(:create_access, Seahorse::Model::Operation.new.tap do |o|
|
538
|
+
o.name = "CreateAccess"
|
539
|
+
o.http_method = "POST"
|
540
|
+
o.http_request_uri = "/"
|
541
|
+
o.input = Shapes::ShapeRef.new(shape: CreateAccessRequest)
|
542
|
+
o.output = Shapes::ShapeRef.new(shape: CreateAccessResponse)
|
543
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
544
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
545
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
546
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
|
547
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
548
|
+
end)
|
549
|
+
|
455
550
|
api.add_operation(:create_server, Seahorse::Model::Operation.new.tap do |o|
|
456
551
|
o.name = "CreateServer"
|
457
552
|
o.http_method = "POST"
|
@@ -479,6 +574,18 @@ module Aws::Transfer
|
|
479
574
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
480
575
|
end)
|
481
576
|
|
577
|
+
api.add_operation(:delete_access, Seahorse::Model::Operation.new.tap do |o|
|
578
|
+
o.name = "DeleteAccess"
|
579
|
+
o.http_method = "POST"
|
580
|
+
o.http_request_uri = "/"
|
581
|
+
o.input = Shapes::ShapeRef.new(shape: DeleteAccessRequest)
|
582
|
+
o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
|
583
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
584
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
585
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
586
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
587
|
+
end)
|
588
|
+
|
482
589
|
api.add_operation(:delete_server, Seahorse::Model::Operation.new.tap do |o|
|
483
590
|
o.name = "DeleteServer"
|
484
591
|
o.http_method = "POST"
|
@@ -517,6 +624,18 @@ module Aws::Transfer
|
|
517
624
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
518
625
|
end)
|
519
626
|
|
627
|
+
api.add_operation(:describe_access, Seahorse::Model::Operation.new.tap do |o|
|
628
|
+
o.name = "DescribeAccess"
|
629
|
+
o.http_method = "POST"
|
630
|
+
o.http_request_uri = "/"
|
631
|
+
o.input = Shapes::ShapeRef.new(shape: DescribeAccessRequest)
|
632
|
+
o.output = Shapes::ShapeRef.new(shape: DescribeAccessResponse)
|
633
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
634
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
635
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
636
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
637
|
+
end)
|
638
|
+
|
520
639
|
api.add_operation(:describe_security_policy, Seahorse::Model::Operation.new.tap do |o|
|
521
640
|
o.name = "DescribeSecurityPolicy"
|
522
641
|
o.http_method = "POST"
|
@@ -567,6 +686,25 @@ module Aws::Transfer
|
|
567
686
|
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
568
687
|
end)
|
569
688
|
|
689
|
+
api.add_operation(:list_accesses, Seahorse::Model::Operation.new.tap do |o|
|
690
|
+
o.name = "ListAccesses"
|
691
|
+
o.http_method = "POST"
|
692
|
+
o.http_request_uri = "/"
|
693
|
+
o.input = Shapes::ShapeRef.new(shape: ListAccessesRequest)
|
694
|
+
o.output = Shapes::ShapeRef.new(shape: ListAccessesResponse)
|
695
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
696
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
697
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
|
698
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
699
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
700
|
+
o[:pager] = Aws::Pager.new(
|
701
|
+
limit_key: "max_results",
|
702
|
+
tokens: {
|
703
|
+
"next_token" => "next_token"
|
704
|
+
}
|
705
|
+
)
|
706
|
+
end)
|
707
|
+
|
570
708
|
api.add_operation(:list_security_policies, Seahorse::Model::Operation.new.tap do |o|
|
571
709
|
o.name = "ListSecurityPolicies"
|
572
710
|
o.http_method = "POST"
|
@@ -702,6 +840,19 @@ module Aws::Transfer
|
|
702
840
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
703
841
|
end)
|
704
842
|
|
843
|
+
api.add_operation(:update_access, Seahorse::Model::Operation.new.tap do |o|
|
844
|
+
o.name = "UpdateAccess"
|
845
|
+
o.http_method = "POST"
|
846
|
+
o.http_request_uri = "/"
|
847
|
+
o.input = Shapes::ShapeRef.new(shape: UpdateAccessRequest)
|
848
|
+
o.output = Shapes::ShapeRef.new(shape: UpdateAccessResponse)
|
849
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
850
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
851
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
852
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
|
853
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
854
|
+
end)
|
855
|
+
|
705
856
|
api.add_operation(:update_server, Seahorse::Model::Operation.new.tap do |o|
|
706
857
|
o.name = "UpdateServer"
|
707
858
|
o.http_method = "POST"
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -38,6 +38,194 @@ module Aws::Transfer
|
|
38
38
|
include Aws::Structure
|
39
39
|
end
|
40
40
|
|
41
|
+
# @note When making an API call, you may pass CreateAccessRequest
|
42
|
+
# data as a hash:
|
43
|
+
#
|
44
|
+
# {
|
45
|
+
# home_directory: "HomeDirectory",
|
46
|
+
# home_directory_type: "PATH", # accepts PATH, LOGICAL
|
47
|
+
# home_directory_mappings: [
|
48
|
+
# {
|
49
|
+
# entry: "MapEntry", # required
|
50
|
+
# target: "MapTarget", # required
|
51
|
+
# },
|
52
|
+
# ],
|
53
|
+
# policy: "Policy",
|
54
|
+
# posix_profile: {
|
55
|
+
# uid: 1, # required
|
56
|
+
# gid: 1, # required
|
57
|
+
# secondary_gids: [1],
|
58
|
+
# },
|
59
|
+
# role: "Role", # required
|
60
|
+
# server_id: "ServerId", # required
|
61
|
+
# external_id: "ExternalId", # required
|
62
|
+
# }
|
63
|
+
#
|
64
|
+
# @!attribute [rw] home_directory
|
65
|
+
# The landing directory (folder) for a user when they log in to the
|
66
|
+
# server using the client.
|
67
|
+
#
|
68
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
69
|
+
# @return [String]
|
70
|
+
#
|
71
|
+
# @!attribute [rw] home_directory_type
|
72
|
+
# The type of landing directory (folder) you want your users' home
|
73
|
+
# directory to be when they log into the server. If you set it to
|
74
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
75
|
+
# as is in their file transfer protocol clients. If you set it
|
76
|
+
# `LOGICAL`, you will need to provide mappings in the
|
77
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
78
|
+
# paths visible to your users.
|
79
|
+
# @return [String]
|
80
|
+
#
|
81
|
+
# @!attribute [rw] home_directory_mappings
|
82
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
83
|
+
# paths and keys should be visible to your user and how you want to
|
84
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
85
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
86
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
87
|
+
# it will be displayed as is. You also must ensure that your AWS
|
88
|
+
# Identity and Access Management (IAM) role provides access to paths
|
89
|
+
# in `Target`. This value can only be set when `HomeDirectoryType` is
|
90
|
+
# set to *LOGICAL*.
|
91
|
+
#
|
92
|
+
# The following is an `Entry` and `Target` pair example.
|
93
|
+
#
|
94
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
95
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
96
|
+
#
|
97
|
+
# In most cases, you can use this value instead of the scope-down
|
98
|
+
# policy to lock down your user to the designated home directory
|
99
|
+
# ("`chroot`"). To do this, you can set `Entry` to `/` and set
|
100
|
+
# `Target` to the `HomeDirectory` parameter value.
|
101
|
+
#
|
102
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
103
|
+
#
|
104
|
+
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
105
|
+
#
|
106
|
+
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
107
|
+
# S3 or Amazon EFS, the entry will be ignored. As a workaround, you
|
108
|
+
# can use the Amazon S3 API or EFS API to create 0-byte objects as
|
109
|
+
# place holders for your directory. If using the AWS CLI, use the
|
110
|
+
# `s3api` or `efsapi` call instead of `s3` or `efs` so you can use the
|
111
|
+
# `put-object` operation. For example, you can use the following.
|
112
|
+
#
|
113
|
+
# `aws s3api put-object --bucket bucketname --key path/to/folder/`
|
114
|
+
#
|
115
|
+
# The end of the key name must end in a `/` for it to be considered a
|
116
|
+
# folder.
|
117
|
+
#
|
118
|
+
# </note>
|
119
|
+
# @return [Array<Types::HomeDirectoryMapEntry>]
|
120
|
+
#
|
121
|
+
# @!attribute [rw] policy
|
122
|
+
# A scope-down policy for your user so that you can use the same IAM
|
123
|
+
# role across multiple users. This policy scopes down user access to
|
124
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
125
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
126
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
127
|
+
#
|
128
|
+
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
129
|
+
# not use scope-down policies.
|
130
|
+
#
|
131
|
+
# For scope-down policies, AWS Transfer Family stores the policy as a
|
132
|
+
# JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
|
133
|
+
# You save the policy as a JSON blob and pass it in the `Policy`
|
134
|
+
# argument.
|
135
|
+
#
|
136
|
+
# For an example of a scope-down policy, see [Example scope-down
|
137
|
+
# policy][1].
|
138
|
+
#
|
139
|
+
# For more information, see [AssumeRole][2] in the *AWS Security Token
|
140
|
+
# Service API Reference*.
|
141
|
+
#
|
142
|
+
# </note>
|
143
|
+
#
|
144
|
+
#
|
145
|
+
#
|
146
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
|
147
|
+
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
148
|
+
# @return [String]
|
149
|
+
#
|
150
|
+
# @!attribute [rw] posix_profile
|
151
|
+
# The full POSIX identity, including user ID (`Uid`), group ID
|
152
|
+
# (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
153
|
+
# controls your users' access to your Amazon EFS file systems. The
|
154
|
+
# POSIX permissions that are set on files and directories in your file
|
155
|
+
# system determine the level of access your users get when
|
156
|
+
# transferring files into and out of your Amazon EFS file systems.
|
157
|
+
# @return [Types::PosixProfile]
|
158
|
+
#
|
159
|
+
# @!attribute [rw] role
|
160
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
161
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
162
|
+
# system. The policies attached to this role determine the level of
|
163
|
+
# access that you want to provide your users when transferring files
|
164
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
165
|
+
# role should also contain a trust relationship that allows the server
|
166
|
+
# to access your resources when servicing your users' transfer
|
167
|
+
# requests.
|
168
|
+
# @return [String]
|
169
|
+
#
|
170
|
+
# @!attribute [rw] server_id
|
171
|
+
# A system-assigned unique identifier for a server instance. This is
|
172
|
+
# the specific server that you added your user to.
|
173
|
+
# @return [String]
|
174
|
+
#
|
175
|
+
# @!attribute [rw] external_id
|
176
|
+
# A unique identifier that is required to identify specific groups
|
177
|
+
# within your directory. The users of the group that you associate
|
178
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
179
|
+
# enabled protocols using AWS Transfer Family. If you know the group
|
180
|
+
# name, you can view the SID values by running the following command
|
181
|
+
# using Windows PowerShell.
|
182
|
+
#
|
183
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
184
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
185
|
+
#
|
186
|
+
# In that command, replace *YourGroupName* with the name of your
|
187
|
+
# Active Directory group.
|
188
|
+
#
|
189
|
+
# The regex used to validate this parameter is a string of characters
|
190
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
191
|
+
# no spaces. You can also include underscores or any of the following
|
192
|
+
# characters: =,.@:/-
|
193
|
+
# @return [String]
|
194
|
+
#
|
195
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessRequest AWS API Documentation
|
196
|
+
#
|
197
|
+
class CreateAccessRequest < Struct.new(
|
198
|
+
:home_directory,
|
199
|
+
:home_directory_type,
|
200
|
+
:home_directory_mappings,
|
201
|
+
:policy,
|
202
|
+
:posix_profile,
|
203
|
+
:role,
|
204
|
+
:server_id,
|
205
|
+
:external_id)
|
206
|
+
SENSITIVE = []
|
207
|
+
include Aws::Structure
|
208
|
+
end
|
209
|
+
|
210
|
+
# @!attribute [rw] server_id
|
211
|
+
# The ID of the server that the user is attached to.
|
212
|
+
# @return [String]
|
213
|
+
#
|
214
|
+
# @!attribute [rw] external_id
|
215
|
+
# The external ID of the group whose users have access to your Amazon
|
216
|
+
# S3 or Amazon EFS resources over the enabled protocols using AWS
|
217
|
+
# Transfer Family.
|
218
|
+
# @return [String]
|
219
|
+
#
|
220
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessResponse AWS API Documentation
|
221
|
+
#
|
222
|
+
class CreateAccessResponse < Struct.new(
|
223
|
+
:server_id,
|
224
|
+
:external_id)
|
225
|
+
SENSITIVE = []
|
226
|
+
include Aws::Structure
|
227
|
+
end
|
228
|
+
|
41
229
|
# @note When making an API call, you may pass CreateServerRequest
|
42
230
|
# data as a hash:
|
43
231
|
#
|
@@ -56,8 +244,9 @@ module Aws::Transfer
|
|
56
244
|
# identity_provider_details: {
|
57
245
|
# url: "Url",
|
58
246
|
# invocation_role: "Role",
|
247
|
+
# directory_id: "DirectoryId",
|
59
248
|
# },
|
60
|
-
# identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY
|
249
|
+
# identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY, AWS_DIRECTORY_SERVICE
|
61
250
|
# logging_role: "Role",
|
62
251
|
# protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
|
63
252
|
# security_policy_name: "SecurityPolicyName",
|
@@ -110,24 +299,44 @@ module Aws::Transfer
|
|
110
299
|
# @return [String]
|
111
300
|
#
|
112
301
|
# @!attribute [rw] domain
|
302
|
+
# The domain of the storage system that is used for file transfers.
|
303
|
+
# There are two domains available: Amazon Simple Storage Service
|
304
|
+
# (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default
|
305
|
+
# value is S3.
|
306
|
+
#
|
307
|
+
# <note markdown="1"> After the server is created, the domain cannot be changed.
|
308
|
+
#
|
309
|
+
# </note>
|
113
310
|
# @return [String]
|
114
311
|
#
|
115
312
|
# @!attribute [rw] endpoint_details
|
116
313
|
# The virtual private cloud (VPC) endpoint settings that are
|
117
314
|
# configured for your server. When you host your endpoint within your
|
118
315
|
# VPC, you can make it accessible only to resources within your VPC,
|
119
|
-
# or you can attach Elastic
|
120
|
-
# the internet. Your VPC's default security groups are
|
121
|
-
# assigned to your endpoint.
|
316
|
+
# or you can attach Elastic IP addresses and make it accessible to
|
317
|
+
# clients over the internet. Your VPC's default security groups are
|
318
|
+
# automatically assigned to your endpoint.
|
122
319
|
# @return [Types::EndpointDetails]
|
123
320
|
#
|
124
321
|
# @!attribute [rw] endpoint_type
|
125
|
-
# The type of
|
126
|
-
#
|
127
|
-
#
|
128
|
-
#
|
129
|
-
#
|
130
|
-
#
|
322
|
+
# The type of endpoint that you want your server to use. You can
|
323
|
+
# choose to make your server's endpoint publicly accessible (PUBLIC)
|
324
|
+
# or host it inside your VPC. With an endpoint that is hosted in a
|
325
|
+
# VPC, you can restrict access to your server and resources only
|
326
|
+
# within your VPC or choose to make it internet facing by attaching
|
327
|
+
# Elastic IP addresses directly to it.
|
328
|
+
#
|
329
|
+
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
330
|
+
# `EndpointType=VPC_ENDPOINT` in your AWS account if your account
|
331
|
+
# hasn't already done so before May 19, 2021. If you have already
|
332
|
+
# created servers with `EndpointType=VPC_ENDPOINT` in your AWS account
|
333
|
+
# on or before May 19, 2021, you will not be affected. After this
|
334
|
+
# date, use `EndpointType`=`VPC`.
|
335
|
+
#
|
336
|
+
# For more information, see
|
337
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
338
|
+
#
|
339
|
+
# It is recommended that you use `VPC` as the `EndpointType`. With
|
131
340
|
# this endpoint type, you have the option to directly associate up to
|
132
341
|
# three Elastic IPv4 addresses (BYO IP included) with your server's
|
133
342
|
# endpoint and use VPC security groups to restrict traffic by the
|
@@ -154,20 +363,26 @@ module Aws::Transfer
|
|
154
363
|
# @return [String]
|
155
364
|
#
|
156
365
|
# @!attribute [rw] identity_provider_details
|
157
|
-
# Required when `IdentityProviderType` is set to
|
158
|
-
# Accepts an array
|
159
|
-
#
|
160
|
-
#
|
161
|
-
#
|
366
|
+
# Required when `IdentityProviderType` is set to
|
367
|
+
# `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`. Accepts an array
|
368
|
+
# containing all of the information required to use a directory in
|
369
|
+
# `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication
|
370
|
+
# API, including the API Gateway URL. Not required when
|
371
|
+
# `IdentityProviderType` is set to `SERVICE_MANAGED`.
|
162
372
|
# @return [Types::IdentityProviderDetails]
|
163
373
|
#
|
164
374
|
# @!attribute [rw] identity_provider_type
|
165
375
|
# Specifies the mode of authentication for a server. The default value
|
166
376
|
# is `SERVICE_MANAGED`, which allows you to store and access user
|
167
|
-
# credentials within the AWS Transfer Family service. Use
|
168
|
-
# `
|
169
|
-
#
|
170
|
-
#
|
377
|
+
# credentials within the AWS Transfer Family service. Use
|
378
|
+
# `AWS_DIRECTORY_SERVICE` to provide access to Active Directory groups
|
379
|
+
# in AWS Managed Active Directory or Microsoft Active Directory in
|
380
|
+
# your on-premises environment or in AWS using AD Connectors. This
|
381
|
+
# option also requires you to provide a Directory ID using the
|
382
|
+
# `IdentityProviderDetails` parameter. Use the `API_GATEWAY` value to
|
383
|
+
# integrate with an identity provider of your choosing. The
|
384
|
+
# `API_GATEWAY` setting requires you to provide an API Gateway
|
385
|
+
# endpoint URL to call for authentication using the
|
171
386
|
# `IdentityProviderDetails` parameter.
|
172
387
|
# @return [String]
|
173
388
|
#
|
@@ -195,7 +410,7 @@ module Aws::Transfer
|
|
195
410
|
#
|
196
411
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
197
412
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
198
|
-
# `API_GATEWAY`.
|
413
|
+
# `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
|
199
414
|
#
|
200
415
|
# If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
|
201
416
|
# associated.
|
@@ -280,63 +495,71 @@ module Aws::Transfer
|
|
280
495
|
# The landing directory (folder) for a user when they log in to the
|
281
496
|
# server using the client.
|
282
497
|
#
|
283
|
-
#
|
284
|
-
# <code>your-Amazon-S3-bucket-name>/home/username</code> </i>.
|
498
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
285
499
|
# @return [String]
|
286
500
|
#
|
287
501
|
# @!attribute [rw] home_directory_type
|
288
502
|
# The type of landing directory (folder) you want your users' home
|
289
503
|
# directory to be when they log into the server. If you set it to
|
290
|
-
# `PATH`, the user will see the absolute Amazon S3 bucket
|
291
|
-
# in their file transfer protocol clients. If you set it
|
292
|
-
# you will need to provide mappings in the
|
293
|
-
# how you want to make Amazon S3
|
504
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
505
|
+
# as is in their file transfer protocol clients. If you set it
|
506
|
+
# `LOGICAL`, you will need to provide mappings in the
|
507
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
508
|
+
# paths visible to your users.
|
294
509
|
# @return [String]
|
295
510
|
#
|
296
511
|
# @!attribute [rw] home_directory_mappings
|
297
|
-
# Logical directory mappings that specify what Amazon S3 paths
|
298
|
-
# keys should be visible to your user and how you want to make
|
299
|
-
# visible. You will need to specify the
|
512
|
+
# Logical directory mappings that specify what Amazon S3 or EFS paths
|
513
|
+
# and keys should be visible to your user and how you want to make
|
514
|
+
# them visible. You will need to specify the `Entry` and `Target`
|
300
515
|
# pair, where `Entry` shows how the path is made visible and `Target`
|
301
|
-
# is the actual Amazon S3 path. If you only specify a target,
|
302
|
-
# be displayed as is. You will need to also make sure that
|
303
|
-
# role provides access to paths in `Target`.
|
304
|
-
#
|
516
|
+
# is the actual Amazon S3 or EFS path. If you only specify a target,
|
517
|
+
# it will be displayed as is. You will need to also make sure that
|
518
|
+
# your IAM role provides access to paths in `Target`. This value can
|
519
|
+
# only be set when `HomeDirectoryType` is set to `LOGICAL`.
|
305
520
|
#
|
306
|
-
# `
|
307
|
-
#
|
308
|
-
# "
|
521
|
+
# The following is an `Entry` and `Target` pair example.
|
522
|
+
#
|
523
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
524
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
309
525
|
#
|
310
526
|
# In most cases, you can use this value instead of the scope-down
|
311
527
|
# policy to lock your user down to the designated home directory
|
312
|
-
# ("chroot"). To do this, you can set `Entry` to
|
528
|
+
# ("`chroot`"). To do this, you can set `Entry` to `/` and set
|
313
529
|
# `Target` to the HomeDirectory parameter value.
|
314
530
|
#
|
531
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
532
|
+
#
|
533
|
+
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
534
|
+
#
|
315
535
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
316
|
-
# S3, the entry will be ignored. As a workaround, you can use
|
317
|
-
# Amazon S3 API to create 0 byte objects as place
|
318
|
-
# directory. If using the CLI, use the `s3api`
|
319
|
-
#
|
320
|
-
# following: `aws s3api put-object
|
321
|
-
# path/to/folder/`. Make sure that the end
|
322
|
-
#
|
536
|
+
# S3 or EFS, the entry will be ignored. As a workaround, you can use
|
537
|
+
# the Amazon S3 API or EFS API to create 0 byte objects as place
|
538
|
+
# holders for your directory. If using the CLI, use the `s3api` or
|
539
|
+
# `efsapi` call instead of `s3` or `efs` so you can use the put-object
|
540
|
+
# operation. For example, you use the following: `aws s3api put-object
|
541
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
542
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
323
543
|
#
|
324
544
|
# </note>
|
325
545
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
326
546
|
#
|
327
547
|
# @!attribute [rw] policy
|
328
|
-
# A scope-down policy for your user so you can use the same IAM
|
329
|
-
# across multiple users. This policy scopes down user access to
|
548
|
+
# A scope-down policy for your user so that you can use the same IAM
|
549
|
+
# role across multiple users. This policy scopes down user access to
|
330
550
|
# portions of their Amazon S3 bucket. Variables that you can use
|
331
551
|
# inside this policy include `$\{Transfer:UserName\}`,
|
332
552
|
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
333
553
|
#
|
334
|
-
# <note markdown="1">
|
554
|
+
# <note markdown="1"> This only applies when domain of ServerId is S3. EFS does not use
|
555
|
+
# scope down policy.
|
556
|
+
#
|
557
|
+
# For scope-down policies, AWS Transfer Family stores the policy as a
|
335
558
|
# JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
|
336
559
|
# You save the policy as a JSON blob and pass it in the `Policy`
|
337
560
|
# argument.
|
338
561
|
#
|
339
|
-
# For an example of a scope-down policy, see [
|
562
|
+
# For an example of a scope-down policy, see [Example scope-down
|
340
563
|
# policy][1].
|
341
564
|
#
|
342
565
|
# For more information, see [AssumeRole][2] in the *AWS Security Token
|
@@ -346,20 +569,28 @@ module Aws::Transfer
|
|
346
569
|
#
|
347
570
|
#
|
348
571
|
#
|
349
|
-
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/
|
572
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
|
350
573
|
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
351
574
|
# @return [String]
|
352
575
|
#
|
353
576
|
# @!attribute [rw] posix_profile
|
577
|
+
# Specifies the full POSIX identity, including user ID (`Uid`), group
|
578
|
+
# ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
579
|
+
# controls your users' access to your Amazon EFS file systems. The
|
580
|
+
# POSIX permissions that are set on files and directories in Amazon
|
581
|
+
# EFS determine the level of access your users get when transferring
|
582
|
+
# files into and out of your Amazon EFS file systems.
|
354
583
|
# @return [Types::PosixProfile]
|
355
584
|
#
|
356
585
|
# @!attribute [rw] role
|
357
|
-
#
|
358
|
-
#
|
359
|
-
#
|
360
|
-
#
|
361
|
-
#
|
362
|
-
#
|
586
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
587
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
588
|
+
# system. The policies attached to this role determine the level of
|
589
|
+
# access that you want to provide your users when transferring files
|
590
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
591
|
+
# role should also contain a trust relationship that allows the server
|
592
|
+
# to access your resources when servicing your users' transfer
|
593
|
+
# requests.
|
363
594
|
# @return [String]
|
364
595
|
#
|
365
596
|
# @!attribute [rw] server_id
|
@@ -421,6 +652,48 @@ module Aws::Transfer
|
|
421
652
|
include Aws::Structure
|
422
653
|
end
|
423
654
|
|
655
|
+
# @note When making an API call, you may pass DeleteAccessRequest
|
656
|
+
# data as a hash:
|
657
|
+
#
|
658
|
+
# {
|
659
|
+
# server_id: "ServerId", # required
|
660
|
+
# external_id: "ExternalId", # required
|
661
|
+
# }
|
662
|
+
#
|
663
|
+
# @!attribute [rw] server_id
|
664
|
+
# A system-assigned unique identifier for a server that has this user
|
665
|
+
# assigned.
|
666
|
+
# @return [String]
|
667
|
+
#
|
668
|
+
# @!attribute [rw] external_id
|
669
|
+
# A unique identifier that is required to identify specific groups
|
670
|
+
# within your directory. The users of the group that you associate
|
671
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
672
|
+
# enabled protocols using AWS Transfer Family. If you know the group
|
673
|
+
# name, you can view the SID values by running the following command
|
674
|
+
# using Windows PowerShell.
|
675
|
+
#
|
676
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
677
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
678
|
+
#
|
679
|
+
# In that command, replace *YourGroupName* with the name of your
|
680
|
+
# Active Directory group.
|
681
|
+
#
|
682
|
+
# The regex used to validate this parameter is a string of characters
|
683
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
684
|
+
# no spaces. You can also include underscores or any of the following
|
685
|
+
# characters: =,.@:/-
|
686
|
+
# @return [String]
|
687
|
+
#
|
688
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DeleteAccessRequest AWS API Documentation
|
689
|
+
#
|
690
|
+
class DeleteAccessRequest < Struct.new(
|
691
|
+
:server_id,
|
692
|
+
:external_id)
|
693
|
+
SENSITIVE = []
|
694
|
+
include Aws::Structure
|
695
|
+
end
|
696
|
+
|
424
697
|
# @note When making an API call, you may pass DeleteServerRequest
|
425
698
|
# data as a hash:
|
426
699
|
#
|
@@ -500,6 +773,66 @@ module Aws::Transfer
|
|
500
773
|
include Aws::Structure
|
501
774
|
end
|
502
775
|
|
776
|
+
# @note When making an API call, you may pass DescribeAccessRequest
|
777
|
+
# data as a hash:
|
778
|
+
#
|
779
|
+
# {
|
780
|
+
# server_id: "ServerId", # required
|
781
|
+
# external_id: "ExternalId", # required
|
782
|
+
# }
|
783
|
+
#
|
784
|
+
# @!attribute [rw] server_id
|
785
|
+
# A system-assigned unique identifier for a server that has this
|
786
|
+
# access assigned.
|
787
|
+
# @return [String]
|
788
|
+
#
|
789
|
+
# @!attribute [rw] external_id
|
790
|
+
# A unique identifier that is required to identify specific groups
|
791
|
+
# within your directory. The users of the group that you associate
|
792
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
793
|
+
# enabled protocols using AWS Transfer Family. If you know the group
|
794
|
+
# name, you can view the SID values by running the following command
|
795
|
+
# using Windows PowerShell.
|
796
|
+
#
|
797
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
798
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
799
|
+
#
|
800
|
+
# In that command, replace *YourGroupName* with the name of your
|
801
|
+
# Active Directory group.
|
802
|
+
#
|
803
|
+
# The regex used to validate this parameter is a string of characters
|
804
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
805
|
+
# no spaces. You can also include underscores or any of the following
|
806
|
+
# characters: =,.@:/-
|
807
|
+
# @return [String]
|
808
|
+
#
|
809
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAccessRequest AWS API Documentation
|
810
|
+
#
|
811
|
+
class DescribeAccessRequest < Struct.new(
|
812
|
+
:server_id,
|
813
|
+
:external_id)
|
814
|
+
SENSITIVE = []
|
815
|
+
include Aws::Structure
|
816
|
+
end
|
817
|
+
|
818
|
+
# @!attribute [rw] server_id
|
819
|
+
# A system-assigned unique identifier for a server that has this
|
820
|
+
# access assigned.
|
821
|
+
# @return [String]
|
822
|
+
#
|
823
|
+
# @!attribute [rw] access
|
824
|
+
# The external ID of the server that the access is attached to.
|
825
|
+
# @return [Types::DescribedAccess]
|
826
|
+
#
|
827
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAccessResponse AWS API Documentation
|
828
|
+
#
|
829
|
+
class DescribeAccessResponse < Struct.new(
|
830
|
+
:server_id,
|
831
|
+
:access)
|
832
|
+
SENSITIVE = []
|
833
|
+
include Aws::Structure
|
834
|
+
end
|
835
|
+
|
503
836
|
# @note When making an API call, you may pass DescribeSecurityPolicyRequest
|
504
837
|
# data as a hash:
|
505
838
|
#
|
@@ -611,6 +944,103 @@ module Aws::Transfer
|
|
611
944
|
include Aws::Structure
|
612
945
|
end
|
613
946
|
|
947
|
+
# Describes the properties of the access that was specified.
|
948
|
+
#
|
949
|
+
# @!attribute [rw] home_directory
|
950
|
+
# The landing directory (folder) for a user when they log in to the
|
951
|
+
# server using the client.
|
952
|
+
#
|
953
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
954
|
+
# @return [String]
|
955
|
+
#
|
956
|
+
# @!attribute [rw] home_directory_mappings
|
957
|
+
# Specifies the logical directory mappings that specify what Amazon S3
|
958
|
+
# or Amazon EFS paths and keys should be visible to the associated
|
959
|
+
# access and how you want to make them visible. You must specify the
|
960
|
+
# "`Entry`" and "`Target`" pair, where `Entry` shows how the path
|
961
|
+
# is made visible and `Target` is the actual Amazon S3 or EFS path. If
|
962
|
+
# you only specify a target, it will be displayed as is. You also must
|
963
|
+
# ensure that your AWS Identity and Access Management (IAM) role
|
964
|
+
# provides access to paths in `Target`.
|
965
|
+
#
|
966
|
+
# In most cases, you can use this value instead of the scope-down
|
967
|
+
# policy to lock down the associated access to the designated home
|
968
|
+
# directory ("`chroot`"). To do this, you can set `Entry` to '/'
|
969
|
+
# and set `Target` to the `HomeDirectory` parameter value.
|
970
|
+
# @return [Array<Types::HomeDirectoryMapEntry>]
|
971
|
+
#
|
972
|
+
# @!attribute [rw] home_directory_type
|
973
|
+
# The type of landing directory (folder) you want your users' home
|
974
|
+
# directory to be when they log into the server. If you set it to
|
975
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
976
|
+
# as is in their file transfer protocol clients. If you set it
|
977
|
+
# `LOGICAL`, you will need to provide mappings in the
|
978
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
979
|
+
# paths visible to your users.
|
980
|
+
# @return [String]
|
981
|
+
#
|
982
|
+
# @!attribute [rw] policy
|
983
|
+
# A scope-down policy for your user so that you can use the same IAM
|
984
|
+
# role across multiple users. This policy scopes down user access to
|
985
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
986
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
987
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
988
|
+
# @return [String]
|
989
|
+
#
|
990
|
+
# @!attribute [rw] posix_profile
|
991
|
+
# The full POSIX identity, including user ID (`Uid`), group ID
|
992
|
+
# (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
993
|
+
# controls your users' access to your Amazon EFS file systems. The
|
994
|
+
# POSIX permissions that are set on files and directories in your file
|
995
|
+
# system determine the level of access your users get when
|
996
|
+
# transferring files into and out of your Amazon EFS file systems.
|
997
|
+
# @return [Types::PosixProfile]
|
998
|
+
#
|
999
|
+
# @!attribute [rw] role
|
1000
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
1001
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
1002
|
+
# system. The policies attached to this role determine the level of
|
1003
|
+
# access that you want to provide your users when transferring files
|
1004
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
1005
|
+
# role should also contain a trust relationship that allows the server
|
1006
|
+
# to access your resources when servicing your users' transfer
|
1007
|
+
# requests.
|
1008
|
+
# @return [String]
|
1009
|
+
#
|
1010
|
+
# @!attribute [rw] external_id
|
1011
|
+
# A unique identifier that is required to identify specific groups
|
1012
|
+
# within your directory. The users of the group that you associate
|
1013
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
1014
|
+
# enabled protocols using AWS Transfer Family. If you know the group
|
1015
|
+
# name, you can view the SID values by running the following command
|
1016
|
+
# using Windows PowerShell.
|
1017
|
+
#
|
1018
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
1019
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
1020
|
+
#
|
1021
|
+
# In that command, replace *YourGroupName* with the name of your
|
1022
|
+
# Active Directory group.
|
1023
|
+
#
|
1024
|
+
# The regex used to validate this parameter is a string of characters
|
1025
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
1026
|
+
# no spaces. You can also include underscores or any of the following
|
1027
|
+
# characters: =,.@:/-
|
1028
|
+
# @return [String]
|
1029
|
+
#
|
1030
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedAccess AWS API Documentation
|
1031
|
+
#
|
1032
|
+
class DescribedAccess < Struct.new(
|
1033
|
+
:home_directory,
|
1034
|
+
:home_directory_mappings,
|
1035
|
+
:home_directory_type,
|
1036
|
+
:policy,
|
1037
|
+
:posix_profile,
|
1038
|
+
:role,
|
1039
|
+
:external_id)
|
1040
|
+
SENSITIVE = []
|
1041
|
+
include Aws::Structure
|
1042
|
+
end
|
1043
|
+
|
614
1044
|
# Describes the properties of a security policy that was specified. For
|
615
1045
|
# more information about security policies, see [Working with security
|
616
1046
|
# policies][1].
|
@@ -677,6 +1107,8 @@ module Aws::Transfer
|
|
677
1107
|
# @return [String]
|
678
1108
|
#
|
679
1109
|
# @!attribute [rw] domain
|
1110
|
+
# Specifies the domain of the storage system that is used for file
|
1111
|
+
# transfers.
|
680
1112
|
# @return [String]
|
681
1113
|
#
|
682
1114
|
# @!attribute [rw] endpoint_details
|
@@ -699,23 +1131,26 @@ module Aws::Transfer
|
|
699
1131
|
# @!attribute [rw] identity_provider_details
|
700
1132
|
# Specifies information to call a customer-supplied authentication
|
701
1133
|
# API. This field is not populated when the `IdentityProviderType` of
|
702
|
-
# a server is `SERVICE_MANAGED`.
|
1134
|
+
# a server is `AWS_DIRECTORY_SERVICE` or `SERVICE_MANAGED`.
|
703
1135
|
# @return [Types::IdentityProviderDetails]
|
704
1136
|
#
|
705
1137
|
# @!attribute [rw] identity_provider_type
|
706
1138
|
# Specifies the mode of authentication method enabled for this
|
707
|
-
# service. A value of `
|
708
|
-
#
|
709
|
-
#
|
710
|
-
#
|
711
|
-
#
|
1139
|
+
# service. A value of `AWS_DIRECTORY_SERVICE` means that you are
|
1140
|
+
# providing access to Active Directory groups in AWS Managed Active
|
1141
|
+
# Directory or Microsoft Active Directory in your on-premises
|
1142
|
+
# environment or in AWS using AD Connectors. A value of
|
1143
|
+
# `SERVICE_MANAGED` means that you are using this server to store and
|
1144
|
+
# access user credentials within the service. A value of `API_GATEWAY`
|
1145
|
+
# indicates that you have integrated an API Gateway endpoint that will
|
1146
|
+
# be invoked for authenticating your user into the service.
|
712
1147
|
# @return [String]
|
713
1148
|
#
|
714
1149
|
# @!attribute [rw] logging_role
|
715
1150
|
# Specifies the AWS Identity and Access Management (IAM) role that
|
716
1151
|
# allows a server to turn on Amazon CloudWatch logging for Amazon S3
|
717
|
-
# events. When set, user activity can be viewed in your
|
718
|
-
# logs.
|
1152
|
+
# or Amazon EFS events. When set, user activity can be viewed in your
|
1153
|
+
# CloudWatch logs.
|
719
1154
|
# @return [String]
|
720
1155
|
#
|
721
1156
|
# @!attribute [rw] protocols
|
@@ -794,52 +1229,65 @@ module Aws::Transfer
|
|
794
1229
|
# @return [String]
|
795
1230
|
#
|
796
1231
|
# @!attribute [rw] home_directory
|
797
|
-
#
|
798
|
-
#
|
799
|
-
#
|
800
|
-
#
|
1232
|
+
# The landing directory (folder) for a user when they log in to the
|
1233
|
+
# server using the client.
|
1234
|
+
#
|
1235
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
801
1236
|
# @return [String]
|
802
1237
|
#
|
803
1238
|
# @!attribute [rw] home_directory_mappings
|
804
1239
|
# Specifies the logical directory mappings that specify what Amazon S3
|
805
|
-
# paths and keys should be visible to your user and how you
|
806
|
-
# make them visible. You will need to specify the "`Entry`"
|
807
|
-
# "`Target`" pair, where `Entry` shows how the path is made
|
808
|
-
# and `Target` is the actual Amazon S3 path. If you
|
809
|
-
# target, it will be displayed as is. You will need to
|
810
|
-
# that your AWS Identity and Access Management (IAM)
|
811
|
-
# access to paths in `Target`.
|
1240
|
+
# or EFS paths and keys should be visible to your user and how you
|
1241
|
+
# want to make them visible. You will need to specify the "`Entry`"
|
1242
|
+
# and "`Target`" pair, where `Entry` shows how the path is made
|
1243
|
+
# visible and `Target` is the actual Amazon S3 or EFS path. If you
|
1244
|
+
# only specify a target, it will be displayed as is. You will need to
|
1245
|
+
# also make sure that your AWS Identity and Access Management (IAM)
|
1246
|
+
# role provides access to paths in `Target`.
|
812
1247
|
#
|
813
1248
|
# In most cases, you can use this value instead of the scope-down
|
814
1249
|
# policy to lock your user down to the designated home directory
|
815
|
-
# ("chroot"). To do this, you can set `Entry` to '/' and set
|
1250
|
+
# ("`chroot`"). To do this, you can set `Entry` to '/' and set
|
816
1251
|
# `Target` to the HomeDirectory parameter value.
|
817
1252
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
818
1253
|
#
|
819
1254
|
# @!attribute [rw] home_directory_type
|
820
|
-
#
|
821
|
-
#
|
822
|
-
#
|
823
|
-
#
|
824
|
-
#
|
825
|
-
#
|
1255
|
+
# The type of landing directory (folder) you want your users' home
|
1256
|
+
# directory to be when they log into the server. If you set it to
|
1257
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
1258
|
+
# as is in their file transfer protocol clients. If you set it
|
1259
|
+
# `LOGICAL`, you will need to provide mappings in the
|
1260
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
826
1261
|
# paths visible to your users.
|
827
1262
|
# @return [String]
|
828
1263
|
#
|
829
1264
|
# @!attribute [rw] policy
|
830
|
-
#
|
1265
|
+
# A scope-down policy for your user so that you can use the same IAM
|
1266
|
+
# role across multiple users. This policy scopes down user access to
|
1267
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
1268
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
1269
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
831
1270
|
# @return [String]
|
832
1271
|
#
|
833
1272
|
# @!attribute [rw] posix_profile
|
1273
|
+
# Specifies the full POSIX identity, including user ID (`Uid`), group
|
1274
|
+
# ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
1275
|
+
# controls your users' access to your Amazon Elastic File System
|
1276
|
+
# (Amazon EFS) file systems. The POSIX permissions that are set on
|
1277
|
+
# files and directories in your file system determine the level of
|
1278
|
+
# access your users get when transferring files into and out of your
|
1279
|
+
# Amazon EFS file systems.
|
834
1280
|
# @return [Types::PosixProfile]
|
835
1281
|
#
|
836
1282
|
# @!attribute [rw] role
|
837
|
-
# Specifies the
|
838
|
-
#
|
839
|
-
#
|
840
|
-
#
|
841
|
-
#
|
842
|
-
#
|
1283
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
1284
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
1285
|
+
# system. The policies attached to this role determine the level of
|
1286
|
+
# access that you want to provide your users when transferring files
|
1287
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
1288
|
+
# role should also contain a trust relationship that allows the server
|
1289
|
+
# to access your resources when servicing your users' transfer
|
1290
|
+
# requests.
|
843
1291
|
# @return [String]
|
844
1292
|
#
|
845
1293
|
# @!attribute [rw] ssh_public_keys
|
@@ -879,7 +1327,19 @@ module Aws::Transfer
|
|
879
1327
|
# for your file transfer protocol-enabled server. With a VPC endpoint,
|
880
1328
|
# you can restrict access to your server and resources only within your
|
881
1329
|
# VPC. To control incoming internet traffic, invoke the `UpdateServer`
|
882
|
-
# API and attach an Elastic IP to your server's endpoint.
|
1330
|
+
# API and attach an Elastic IP address to your server's endpoint.
|
1331
|
+
#
|
1332
|
+
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
1333
|
+
# `EndpointType=VPC_ENDPOINT` in your AWS account if your account
|
1334
|
+
# hasn't already done so before May 19, 2021. If you have already
|
1335
|
+
# created servers with `EndpointType=VPC_ENDPOINT` in your AWS account
|
1336
|
+
# on or before May 19, 2021, you will not be affected. After this date,
|
1337
|
+
# use `EndpointType`=`VPC`.
|
1338
|
+
#
|
1339
|
+
# For more information, see
|
1340
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
1341
|
+
#
|
1342
|
+
# </note>
|
883
1343
|
#
|
884
1344
|
# @note When making an API call, you may pass EndpointDetails
|
885
1345
|
# data as a hash:
|
@@ -917,6 +1377,9 @@ module Aws::Transfer
|
|
917
1377
|
# <note markdown="1"> This property can only be set when `EndpointType` is set to
|
918
1378
|
# `VPC_ENDPOINT`.
|
919
1379
|
#
|
1380
|
+
# For more information, see
|
1381
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
1382
|
+
#
|
920
1383
|
# </note>
|
921
1384
|
# @return [String]
|
922
1385
|
#
|
@@ -934,11 +1397,18 @@ module Aws::Transfer
|
|
934
1397
|
#
|
935
1398
|
# <note markdown="1"> This property can only be set when `EndpointType` is set to `VPC`.
|
936
1399
|
#
|
937
|
-
# You can
|
938
|
-
#
|
939
|
-
# from `PUBLIC` or `VPC_ENDPOINT` to `VPC`.
|
1400
|
+
# You can edit the `SecurityGroupIds` property in the
|
1401
|
+
# [UpdateServer][1] API only if you are changing the `EndpointType`
|
1402
|
+
# from `PUBLIC` or `VPC_ENDPOINT` to `VPC`. To change security groups
|
1403
|
+
# associated with your server's VPC endpoint after creation, use the
|
1404
|
+
# Amazon EC2 [ModifyVpcEndpoint][2] API.
|
940
1405
|
#
|
941
1406
|
# </note>
|
1407
|
+
#
|
1408
|
+
#
|
1409
|
+
#
|
1410
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateServer.html
|
1411
|
+
# [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html
|
942
1412
|
# @return [Array<String>]
|
943
1413
|
#
|
944
1414
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/EndpointDetails AWS API Documentation
|
@@ -991,6 +1461,7 @@ module Aws::Transfer
|
|
991
1461
|
# {
|
992
1462
|
# url: "Url",
|
993
1463
|
# invocation_role: "Role",
|
1464
|
+
# directory_id: "DirectoryId",
|
994
1465
|
# }
|
995
1466
|
#
|
996
1467
|
# @!attribute [rw] url
|
@@ -1003,11 +1474,17 @@ module Aws::Transfer
|
|
1003
1474
|
# account.
|
1004
1475
|
# @return [String]
|
1005
1476
|
#
|
1477
|
+
# @!attribute [rw] directory_id
|
1478
|
+
# The identifier of the AWS Directory Service directory that you want
|
1479
|
+
# to stop sharing.
|
1480
|
+
# @return [String]
|
1481
|
+
#
|
1006
1482
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/IdentityProviderDetails AWS API Documentation
|
1007
1483
|
#
|
1008
1484
|
class IdentityProviderDetails < Struct.new(
|
1009
1485
|
:url,
|
1010
|
-
:invocation_role
|
1486
|
+
:invocation_role,
|
1487
|
+
:directory_id)
|
1011
1488
|
SENSITIVE = []
|
1012
1489
|
include Aws::Structure
|
1013
1490
|
end
|
@@ -1110,6 +1587,68 @@ module Aws::Transfer
|
|
1110
1587
|
include Aws::Structure
|
1111
1588
|
end
|
1112
1589
|
|
1590
|
+
# @note When making an API call, you may pass ListAccessesRequest
|
1591
|
+
# data as a hash:
|
1592
|
+
#
|
1593
|
+
# {
|
1594
|
+
# max_results: 1,
|
1595
|
+
# next_token: "NextToken",
|
1596
|
+
# server_id: "ServerId", # required
|
1597
|
+
# }
|
1598
|
+
#
|
1599
|
+
# @!attribute [rw] max_results
|
1600
|
+
# Specifies the maximum number of access SIDs to return.
|
1601
|
+
# @return [Integer]
|
1602
|
+
#
|
1603
|
+
# @!attribute [rw] next_token
|
1604
|
+
# When you can get additional results from the `ListAccesses` call, a
|
1605
|
+
# `NextToken` parameter is returned in the output. You can then pass
|
1606
|
+
# in a subsequent command to the `NextToken` parameter to continue
|
1607
|
+
# listing additional accesses.
|
1608
|
+
# @return [String]
|
1609
|
+
#
|
1610
|
+
# @!attribute [rw] server_id
|
1611
|
+
# A system-assigned unique identifier for a server that has users
|
1612
|
+
# assigned to it.
|
1613
|
+
# @return [String]
|
1614
|
+
#
|
1615
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAccessesRequest AWS API Documentation
|
1616
|
+
#
|
1617
|
+
class ListAccessesRequest < Struct.new(
|
1618
|
+
:max_results,
|
1619
|
+
:next_token,
|
1620
|
+
:server_id)
|
1621
|
+
SENSITIVE = []
|
1622
|
+
include Aws::Structure
|
1623
|
+
end
|
1624
|
+
|
1625
|
+
# @!attribute [rw] next_token
|
1626
|
+
# When you can get additional results from the `ListAccesses` call, a
|
1627
|
+
# `NextToken` parameter is returned in the output. You can then pass
|
1628
|
+
# in a subsequent command to the `NextToken` parameter to continue
|
1629
|
+
# listing additional accesses.
|
1630
|
+
# @return [String]
|
1631
|
+
#
|
1632
|
+
# @!attribute [rw] server_id
|
1633
|
+
# A system-assigned unique identifier for a server that has users
|
1634
|
+
# assigned to it.
|
1635
|
+
# @return [String]
|
1636
|
+
#
|
1637
|
+
# @!attribute [rw] accesses
|
1638
|
+
# Returns the accesses and their properties for the `ServerId` value
|
1639
|
+
# that you specify.
|
1640
|
+
# @return [Array<Types::ListedAccess>]
|
1641
|
+
#
|
1642
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAccessesResponse AWS API Documentation
|
1643
|
+
#
|
1644
|
+
class ListAccessesResponse < Struct.new(
|
1645
|
+
:next_token,
|
1646
|
+
:server_id,
|
1647
|
+
:accesses)
|
1648
|
+
SENSITIVE = []
|
1649
|
+
include Aws::Structure
|
1650
|
+
end
|
1651
|
+
|
1113
1652
|
# @note When making an API call, you may pass ListSecurityPoliciesRequest
|
1114
1653
|
# data as a hash:
|
1115
1654
|
#
|
@@ -1335,6 +1874,67 @@ module Aws::Transfer
|
|
1335
1874
|
include Aws::Structure
|
1336
1875
|
end
|
1337
1876
|
|
1877
|
+
# Lists the properties for one or more specified associated accesses.
|
1878
|
+
#
|
1879
|
+
# @!attribute [rw] home_directory
|
1880
|
+
# The landing directory (folder) for a user when they log in to the
|
1881
|
+
# server using the client.
|
1882
|
+
#
|
1883
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
1884
|
+
# @return [String]
|
1885
|
+
#
|
1886
|
+
# @!attribute [rw] home_directory_type
|
1887
|
+
# The type of landing directory (folder) you want your users' home
|
1888
|
+
# directory to be when they log into the server. If you set it to
|
1889
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
1890
|
+
# as is in their file transfer protocol clients. If you set it
|
1891
|
+
# `LOGICAL`, you will need to provide mappings in the
|
1892
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
1893
|
+
# paths visible to your users.
|
1894
|
+
# @return [String]
|
1895
|
+
#
|
1896
|
+
# @!attribute [rw] role
|
1897
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
1898
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
1899
|
+
# system. The policies attached to this role determine the level of
|
1900
|
+
# access that you want to provide your users when transferring files
|
1901
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
1902
|
+
# role should also contain a trust relationship that allows the server
|
1903
|
+
# to access your resources when servicing your users' transfer
|
1904
|
+
# requests.
|
1905
|
+
# @return [String]
|
1906
|
+
#
|
1907
|
+
# @!attribute [rw] external_id
|
1908
|
+
# A unique identifier that is required to identify specific groups
|
1909
|
+
# within your directory. The users of the group that you associate
|
1910
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
1911
|
+
# enabled protocols using AWS Transfer Family. If you know the group
|
1912
|
+
# name, you can view the SID values by running the following command
|
1913
|
+
# using Windows PowerShell.
|
1914
|
+
#
|
1915
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
1916
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
1917
|
+
#
|
1918
|
+
# In that command, replace *YourGroupName* with the name of your
|
1919
|
+
# Active Directory group.
|
1920
|
+
#
|
1921
|
+
# The regex used to validate this parameter is a string of characters
|
1922
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
1923
|
+
# no spaces. You can also include underscores or any of the following
|
1924
|
+
# characters: =,.@:/-
|
1925
|
+
# @return [String]
|
1926
|
+
#
|
1927
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedAccess AWS API Documentation
|
1928
|
+
#
|
1929
|
+
class ListedAccess < Struct.new(
|
1930
|
+
:home_directory,
|
1931
|
+
:home_directory_type,
|
1932
|
+
:role,
|
1933
|
+
:external_id)
|
1934
|
+
SENSITIVE = []
|
1935
|
+
include Aws::Structure
|
1936
|
+
end
|
1937
|
+
|
1338
1938
|
# Returns properties of a file transfer protocol-enabled server that was
|
1339
1939
|
# specified.
|
1340
1940
|
#
|
@@ -1344,13 +1944,15 @@ module Aws::Transfer
|
|
1344
1944
|
# @return [String]
|
1345
1945
|
#
|
1346
1946
|
# @!attribute [rw] domain
|
1947
|
+
# Specifies the domain of the storage system that is used for file
|
1948
|
+
# transfers.
|
1347
1949
|
# @return [String]
|
1348
1950
|
#
|
1349
1951
|
# @!attribute [rw] identity_provider_type
|
1350
1952
|
# Specifies the authentication method used to validate a user for a
|
1351
|
-
# server that was specified. This can include Secure Shell (SSH),
|
1352
|
-
# name and password combinations, or
|
1353
|
-
#
|
1953
|
+
# server that was specified. This can include Secure Shell (SSH),
|
1954
|
+
# Active Directory groups, user name and password combinations, or
|
1955
|
+
# your own custom authentication method.
|
1354
1956
|
# @return [String]
|
1355
1957
|
#
|
1356
1958
|
# @!attribute [rw] endpoint_type
|
@@ -1409,26 +2011,41 @@ module Aws::Transfer
|
|
1409
2011
|
# @return [String]
|
1410
2012
|
#
|
1411
2013
|
# @!attribute [rw] home_directory
|
1412
|
-
#
|
1413
|
-
#
|
2014
|
+
# The landing directory (folder) for a user when they log in to the
|
2015
|
+
# server using the client.
|
2016
|
+
#
|
2017
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
1414
2018
|
# @return [String]
|
1415
2019
|
#
|
1416
2020
|
# @!attribute [rw] home_directory_type
|
1417
|
-
#
|
1418
|
-
#
|
1419
|
-
# the absolute Amazon S3 bucket
|
1420
|
-
# protocol clients. If you set it
|
1421
|
-
#
|
1422
|
-
#
|
2021
|
+
# The type of landing directory (folder) you want your users' home
|
2022
|
+
# directory to be when they log into the server. If you set it to
|
2023
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
2024
|
+
# as is in their file transfer protocol clients. If you set it
|
2025
|
+
# `LOGICAL`, you will need to provide mappings in the
|
2026
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
2027
|
+
# paths visible to your users.
|
1423
2028
|
# @return [String]
|
1424
2029
|
#
|
1425
2030
|
# @!attribute [rw] role
|
1426
|
-
# Specifies the
|
1427
|
-
#
|
1428
|
-
#
|
1429
|
-
#
|
1430
|
-
#
|
1431
|
-
#
|
2031
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
2032
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
2033
|
+
# system. The policies attached to this role determine the level of
|
2034
|
+
# access that you want to provide your users when transferring files
|
2035
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
2036
|
+
# role should also contain a trust relationship that allows the server
|
2037
|
+
# to access your resources when servicing your users' transfer
|
2038
|
+
# requests.
|
2039
|
+
#
|
2040
|
+
# <note markdown="1"> The IAM role that controls your users' access to your Amazon S3
|
2041
|
+
# bucket for servers with `Domain=S3`, or your EFS file system for
|
2042
|
+
# servers with `Domain=EFS`.
|
2043
|
+
#
|
2044
|
+
# The policies attached to this role determine the level of access you
|
2045
|
+
# want to provide your users when transferring files into and out of
|
2046
|
+
# your S3 buckets or EFS file systems.
|
2047
|
+
#
|
2048
|
+
# </note>
|
1432
2049
|
# @return [String]
|
1433
2050
|
#
|
1434
2051
|
# @!attribute [rw] ssh_public_key_count
|
@@ -1454,6 +2071,13 @@ module Aws::Transfer
|
|
1454
2071
|
include Aws::Structure
|
1455
2072
|
end
|
1456
2073
|
|
2074
|
+
# The full POSIX identity, including user ID (`Uid`), group ID (`Gid`),
|
2075
|
+
# and any secondary groups IDs (`SecondaryGids`), that controls your
|
2076
|
+
# users' access to your Amazon EFS file systems. The POSIX permissions
|
2077
|
+
# that are set on files and directories in your file system determine
|
2078
|
+
# the level of access your users get when transferring files into and
|
2079
|
+
# out of your Amazon EFS file systems.
|
2080
|
+
#
|
1457
2081
|
# @note When making an API call, you may pass PosixProfile
|
1458
2082
|
# data as a hash:
|
1459
2083
|
#
|
@@ -1464,12 +2088,16 @@ module Aws::Transfer
|
|
1464
2088
|
# }
|
1465
2089
|
#
|
1466
2090
|
# @!attribute [rw] uid
|
2091
|
+
# The POSIX user ID used for all EFS operations by this user.
|
1467
2092
|
# @return [Integer]
|
1468
2093
|
#
|
1469
2094
|
# @!attribute [rw] gid
|
2095
|
+
# The POSIX group ID used for all EFS operations by this user.
|
1470
2096
|
# @return [Integer]
|
1471
2097
|
#
|
1472
2098
|
# @!attribute [rw] secondary_gids
|
2099
|
+
# The secondary POSIX group IDs used for all EFS operations by this
|
2100
|
+
# user.
|
1473
2101
|
# @return [Array<Integer>]
|
1474
2102
|
#
|
1475
2103
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/PosixProfile AWS API Documentation
|
@@ -1798,6 +2426,194 @@ module Aws::Transfer
|
|
1798
2426
|
include Aws::Structure
|
1799
2427
|
end
|
1800
2428
|
|
2429
|
+
# @note When making an API call, you may pass UpdateAccessRequest
|
2430
|
+
# data as a hash:
|
2431
|
+
#
|
2432
|
+
# {
|
2433
|
+
# home_directory: "HomeDirectory",
|
2434
|
+
# home_directory_type: "PATH", # accepts PATH, LOGICAL
|
2435
|
+
# home_directory_mappings: [
|
2436
|
+
# {
|
2437
|
+
# entry: "MapEntry", # required
|
2438
|
+
# target: "MapTarget", # required
|
2439
|
+
# },
|
2440
|
+
# ],
|
2441
|
+
# policy: "Policy",
|
2442
|
+
# posix_profile: {
|
2443
|
+
# uid: 1, # required
|
2444
|
+
# gid: 1, # required
|
2445
|
+
# secondary_gids: [1],
|
2446
|
+
# },
|
2447
|
+
# role: "Role",
|
2448
|
+
# server_id: "ServerId", # required
|
2449
|
+
# external_id: "ExternalId", # required
|
2450
|
+
# }
|
2451
|
+
#
|
2452
|
+
# @!attribute [rw] home_directory
|
2453
|
+
# The landing directory (folder) for a user when they log in to the
|
2454
|
+
# server using the client.
|
2455
|
+
#
|
2456
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
2457
|
+
# @return [String]
|
2458
|
+
#
|
2459
|
+
# @!attribute [rw] home_directory_type
|
2460
|
+
# The type of landing directory (folder) you want your users' home
|
2461
|
+
# directory to be when they log into the server. If you set it to
|
2462
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
2463
|
+
# as is in their file transfer protocol clients. If you set it
|
2464
|
+
# `LOGICAL`, you will need to provide mappings in the
|
2465
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
2466
|
+
# paths visible to your users.
|
2467
|
+
# @return [String]
|
2468
|
+
#
|
2469
|
+
# @!attribute [rw] home_directory_mappings
|
2470
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
2471
|
+
# paths and keys should be visible to your user and how you want to
|
2472
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
2473
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
2474
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
2475
|
+
# it will be displayed as is. You also must ensure that your AWS
|
2476
|
+
# Identity and Access Management (IAM) role provides access to paths
|
2477
|
+
# in `Target`. This value can only be set when `HomeDirectoryType` is
|
2478
|
+
# set to *LOGICAL*.
|
2479
|
+
#
|
2480
|
+
# The following is an `Entry` and `Target` pair example.
|
2481
|
+
#
|
2482
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
2483
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
2484
|
+
#
|
2485
|
+
# In most cases, you can use this value instead of the scope-down
|
2486
|
+
# policy to lock down your user to the designated home directory
|
2487
|
+
# ("`chroot`"). To do this, you can set `Entry` to `/` and set
|
2488
|
+
# `Target` to the `HomeDirectory` parameter value.
|
2489
|
+
#
|
2490
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
2491
|
+
#
|
2492
|
+
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
2493
|
+
#
|
2494
|
+
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
2495
|
+
# S3 or Amazon EFS, the entry will be ignored. As a workaround, you
|
2496
|
+
# can use the Amazon S3 API or EFS API to create 0-byte objects as
|
2497
|
+
# place holders for your directory. If using the AWS CLI, use the
|
2498
|
+
# `s3api` or `efsapi` call instead of `s3` or `efs` so you can use the
|
2499
|
+
# `put-object` operation. For example, you can use the following.
|
2500
|
+
#
|
2501
|
+
# `aws s3api put-object --bucket bucketname --key path/to/folder/`
|
2502
|
+
#
|
2503
|
+
# The end of the key name must end in a `/` for it to be considered a
|
2504
|
+
# folder.
|
2505
|
+
#
|
2506
|
+
# </note>
|
2507
|
+
# @return [Array<Types::HomeDirectoryMapEntry>]
|
2508
|
+
#
|
2509
|
+
# @!attribute [rw] policy
|
2510
|
+
# A scope-down policy for your user so that you can use the same IAM
|
2511
|
+
# role across multiple users. This policy scopes down user access to
|
2512
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
2513
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
2514
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
2515
|
+
#
|
2516
|
+
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
2517
|
+
# not use scope down policy.
|
2518
|
+
#
|
2519
|
+
# For scope-down policies, AWS Transfer Family stores the policy as a
|
2520
|
+
# JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
|
2521
|
+
# You save the policy as a JSON blob and pass it in the `Policy`
|
2522
|
+
# argument.
|
2523
|
+
#
|
2524
|
+
# For an example of a scope-down policy, see [Example scope-down
|
2525
|
+
# policy][1].
|
2526
|
+
#
|
2527
|
+
# For more information, see [AssumeRole][2] in the *AWS Security Token
|
2528
|
+
# Service API Reference*.
|
2529
|
+
#
|
2530
|
+
# </note>
|
2531
|
+
#
|
2532
|
+
#
|
2533
|
+
#
|
2534
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
|
2535
|
+
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
2536
|
+
# @return [String]
|
2537
|
+
#
|
2538
|
+
# @!attribute [rw] posix_profile
|
2539
|
+
# The full POSIX identity, including user ID (`Uid`), group ID
|
2540
|
+
# (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
2541
|
+
# controls your users' access to your Amazon EFS file systems. The
|
2542
|
+
# POSIX permissions that are set on files and directories in your file
|
2543
|
+
# system determine the level of access your users get when
|
2544
|
+
# transferring files into and out of your Amazon EFS file systems.
|
2545
|
+
# @return [Types::PosixProfile]
|
2546
|
+
#
|
2547
|
+
# @!attribute [rw] role
|
2548
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
2549
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
2550
|
+
# system. The policies attached to this role determine the level of
|
2551
|
+
# access that you want to provide your users when transferring files
|
2552
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
2553
|
+
# role should also contain a trust relationship that allows the server
|
2554
|
+
# to access your resources when servicing your users' transfer
|
2555
|
+
# requests.
|
2556
|
+
# @return [String]
|
2557
|
+
#
|
2558
|
+
# @!attribute [rw] server_id
|
2559
|
+
# A system-assigned unique identifier for a server instance. This is
|
2560
|
+
# the specific server that you added your user to.
|
2561
|
+
# @return [String]
|
2562
|
+
#
|
2563
|
+
# @!attribute [rw] external_id
|
2564
|
+
# A unique identifier that is required to identify specific groups
|
2565
|
+
# within your directory. The users of the group that you associate
|
2566
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
2567
|
+
# enabled protocols using AWS Transfer Family. If you know the group
|
2568
|
+
# name, you can view the SID values by running the following command
|
2569
|
+
# using Windows PowerShell.
|
2570
|
+
#
|
2571
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
2572
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
2573
|
+
#
|
2574
|
+
# In that command, replace *YourGroupName* with the name of your
|
2575
|
+
# Active Directory group.
|
2576
|
+
#
|
2577
|
+
# The regex used to validate this parameter is a string of characters
|
2578
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
2579
|
+
# no spaces. You can also include underscores or any of the following
|
2580
|
+
# characters: =,.@:/-
|
2581
|
+
# @return [String]
|
2582
|
+
#
|
2583
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessRequest AWS API Documentation
|
2584
|
+
#
|
2585
|
+
class UpdateAccessRequest < Struct.new(
|
2586
|
+
:home_directory,
|
2587
|
+
:home_directory_type,
|
2588
|
+
:home_directory_mappings,
|
2589
|
+
:policy,
|
2590
|
+
:posix_profile,
|
2591
|
+
:role,
|
2592
|
+
:server_id,
|
2593
|
+
:external_id)
|
2594
|
+
SENSITIVE = []
|
2595
|
+
include Aws::Structure
|
2596
|
+
end
|
2597
|
+
|
2598
|
+
# @!attribute [rw] server_id
|
2599
|
+
# The ID of the server that the user is attached to.
|
2600
|
+
# @return [String]
|
2601
|
+
#
|
2602
|
+
# @!attribute [rw] external_id
|
2603
|
+
# The external ID of the group whose users have access to your Amazon
|
2604
|
+
# S3 or Amazon EFS resources over the enabled protocols using AWS
|
2605
|
+
# Transfer Family.
|
2606
|
+
# @return [String]
|
2607
|
+
#
|
2608
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessResponse AWS API Documentation
|
2609
|
+
#
|
2610
|
+
class UpdateAccessResponse < Struct.new(
|
2611
|
+
:server_id,
|
2612
|
+
:external_id)
|
2613
|
+
SENSITIVE = []
|
2614
|
+
include Aws::Structure
|
2615
|
+
end
|
2616
|
+
|
1801
2617
|
# @note When making an API call, you may pass UpdateServerRequest
|
1802
2618
|
# data as a hash:
|
1803
2619
|
#
|
@@ -1815,6 +2631,7 @@ module Aws::Transfer
|
|
1815
2631
|
# identity_provider_details: {
|
1816
2632
|
# url: "Url",
|
1817
2633
|
# invocation_role: "Role",
|
2634
|
+
# directory_id: "DirectoryId",
|
1818
2635
|
# },
|
1819
2636
|
# logging_role: "NullableRole",
|
1820
2637
|
# protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
|
@@ -1871,12 +2688,24 @@ module Aws::Transfer
|
|
1871
2688
|
# @return [Types::EndpointDetails]
|
1872
2689
|
#
|
1873
2690
|
# @!attribute [rw] endpoint_type
|
1874
|
-
# The type of endpoint that you want your server to
|
1875
|
-
#
|
1876
|
-
#
|
1877
|
-
#
|
1878
|
-
#
|
1879
|
-
#
|
2691
|
+
# The type of endpoint that you want your server to use. You can
|
2692
|
+
# choose to make your server's endpoint publicly accessible (PUBLIC)
|
2693
|
+
# or host it inside your VPC. With an endpoint that is hosted in a
|
2694
|
+
# VPC, you can restrict access to your server and resources only
|
2695
|
+
# within your VPC or choose to make it internet facing by attaching
|
2696
|
+
# Elastic IP addresses directly to it.
|
2697
|
+
#
|
2698
|
+
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
2699
|
+
# `EndpointType=VPC_ENDPOINT` in your AWS account if your account
|
2700
|
+
# hasn't already done so before May 19, 2021. If you have already
|
2701
|
+
# created servers with `EndpointType=VPC_ENDPOINT` in your AWS account
|
2702
|
+
# on or before May 19, 2021, you will not be affected. After this
|
2703
|
+
# date, use `EndpointType`=`VPC`.
|
2704
|
+
#
|
2705
|
+
# For more information, see
|
2706
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
2707
|
+
#
|
2708
|
+
# It is recommended that you use `VPC` as the `EndpointType`. With
|
1880
2709
|
# this endpoint type, you have the option to directly associate up to
|
1881
2710
|
# three Elastic IPv4 addresses (BYO IP included) with your server's
|
1882
2711
|
# endpoint and use VPC security groups to restrict traffic by the
|
@@ -1909,8 +2738,8 @@ module Aws::Transfer
|
|
1909
2738
|
#
|
1910
2739
|
# @!attribute [rw] logging_role
|
1911
2740
|
# Changes the AWS Identity and Access Management (IAM) role that
|
1912
|
-
# allows Amazon S3 events to be logged in Amazon
|
1913
|
-
# logging on or off.
|
2741
|
+
# allows Amazon S3 or Amazon EFS events to be logged in Amazon
|
2742
|
+
# CloudWatch, turning logging on or off.
|
1914
2743
|
# @return [String]
|
1915
2744
|
#
|
1916
2745
|
# @!attribute [rw] protocols
|
@@ -1932,7 +2761,7 @@ module Aws::Transfer
|
|
1932
2761
|
#
|
1933
2762
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
1934
2763
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
1935
|
-
# `API_GATEWAY`.
|
2764
|
+
# `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
|
1936
2765
|
#
|
1937
2766
|
# If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
|
1938
2767
|
# associated.
|
@@ -2007,60 +2836,64 @@ module Aws::Transfer
|
|
2007
2836
|
# }
|
2008
2837
|
#
|
2009
2838
|
# @!attribute [rw] home_directory
|
2010
|
-
#
|
2011
|
-
#
|
2839
|
+
# The landing directory (folder) for a user when they log in to the
|
2840
|
+
# server using the client.
|
2012
2841
|
#
|
2013
|
-
#
|
2842
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
2014
2843
|
# @return [String]
|
2015
2844
|
#
|
2016
2845
|
# @!attribute [rw] home_directory_type
|
2017
2846
|
# The type of landing directory (folder) you want your users' home
|
2018
2847
|
# directory to be when they log into the server. If you set it to
|
2019
|
-
# `PATH`, the user will see the absolute Amazon S3 bucket
|
2020
|
-
# in their file transfer protocol clients. If you set it
|
2021
|
-
# you will need to provide mappings in the
|
2022
|
-
# how you want to make Amazon S3
|
2848
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
2849
|
+
# as is in their file transfer protocol clients. If you set it
|
2850
|
+
# `LOGICAL`, you will need to provide mappings in the
|
2851
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
2852
|
+
# paths visible to your users.
|
2023
2853
|
# @return [String]
|
2024
2854
|
#
|
2025
2855
|
# @!attribute [rw] home_directory_mappings
|
2026
|
-
# Logical directory mappings that specify what Amazon S3
|
2027
|
-
# keys should be visible to your user and how you want to
|
2028
|
-
# visible. You will need to specify the "`Entry`" and
|
2029
|
-
# pair, where `Entry` shows how the path is made visible
|
2030
|
-
# is the actual Amazon S3 path. If you only
|
2031
|
-
# be displayed as is. You will need to also
|
2032
|
-
# role provides access to paths in `Target`.
|
2033
|
-
# example.
|
2856
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
2857
|
+
# paths and keys should be visible to your user and how you want to
|
2858
|
+
# make them visible. You will need to specify the "`Entry`" and
|
2859
|
+
# "`Target`" pair, where `Entry` shows how the path is made visible
|
2860
|
+
# and `Target` is the actual Amazon S3 or Amazon EFS path. If you only
|
2861
|
+
# specify a target, it will be displayed as is. You will need to also
|
2862
|
+
# make sure that your IAM role provides access to paths in `Target`.
|
2863
|
+
# The following is an example.
|
2034
2864
|
#
|
2035
2865
|
# `'[ "/bucket2/documentation", \{ "Entry":
|
2036
2866
|
# "your-personal-report.pdf", "Target":
|
2037
2867
|
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]'`
|
2038
2868
|
#
|
2039
2869
|
# In most cases, you can use this value instead of the scope-down
|
2040
|
-
# policy to lock your user
|
2041
|
-
# ("chroot"). To do this, you can set `Entry` to '/' and set
|
2870
|
+
# policy to lock down your user to the designated home directory
|
2871
|
+
# ("`chroot`"). To do this, you can set `Entry` to '/' and set
|
2042
2872
|
# `Target` to the HomeDirectory parameter value.
|
2043
2873
|
#
|
2044
2874
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
2045
|
-
# S3, the entry will be ignored. As a workaround, you can use
|
2046
|
-
# Amazon S3 API to create 0
|
2047
|
-
# directory. If using the CLI, use the `s3api`
|
2048
|
-
#
|
2049
|
-
# following: `aws s3api put-object
|
2050
|
-
# path/to/folder/`. Make sure that the end
|
2051
|
-
# for it to be considered a folder.
|
2875
|
+
# S3 or EFS, the entry will be ignored. As a workaround, you can use
|
2876
|
+
# the Amazon S3 API or EFS API to create 0-byte objects as place
|
2877
|
+
# holders for your directory. If using the AWS CLI, use the `s3api` or
|
2878
|
+
# `efsapi` call instead of `s3` `efs` so you can use the put-object
|
2879
|
+
# operation. For example, you use the following: `aws s3api put-object
|
2880
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
2881
|
+
# of the key name ends in a / for it to be considered a folder.
|
2052
2882
|
#
|
2053
2883
|
# </note>
|
2054
2884
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
2055
2885
|
#
|
2056
2886
|
# @!attribute [rw] policy
|
2057
|
-
#
|
2058
|
-
#
|
2059
|
-
#
|
2060
|
-
#
|
2887
|
+
# A scope-down policy for your user so that you can use the same IAM
|
2888
|
+
# role across multiple users. This policy scopes down user access to
|
2889
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
2890
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
2061
2891
|
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
2062
2892
|
#
|
2063
|
-
# <note markdown="1">
|
2893
|
+
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
2894
|
+
# not use scope-down policies.
|
2895
|
+
#
|
2896
|
+
# For scope-down policies, AWS Transfer Family stores the policy as a
|
2064
2897
|
# JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
|
2065
2898
|
# You save the policy as a JSON blob and pass it in the `Policy`
|
2066
2899
|
# argument.
|
@@ -2080,15 +2913,24 @@ module Aws::Transfer
|
|
2080
2913
|
# @return [String]
|
2081
2914
|
#
|
2082
2915
|
# @!attribute [rw] posix_profile
|
2916
|
+
# Specifies the full POSIX identity, including user ID (`Uid`), group
|
2917
|
+
# ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
2918
|
+
# controls your users' access to your Amazon Elastic File Systems
|
2919
|
+
# (Amazon EFS). The POSIX permissions that are set on files and
|
2920
|
+
# directories in your file system determines the level of access your
|
2921
|
+
# users get when transferring files into and out of your Amazon EFS
|
2922
|
+
# file systems.
|
2083
2923
|
# @return [Types::PosixProfile]
|
2084
2924
|
#
|
2085
2925
|
# @!attribute [rw] role
|
2086
|
-
#
|
2087
|
-
#
|
2088
|
-
#
|
2089
|
-
#
|
2090
|
-
#
|
2091
|
-
#
|
2926
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
2927
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
2928
|
+
# system. The policies attached to this role determine the level of
|
2929
|
+
# access that you want to provide your users when transferring files
|
2930
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
2931
|
+
# role should also contain a trust relationship that allows the server
|
2932
|
+
# to access your resources when servicing your users' transfer
|
2933
|
+
# requests.
|
2092
2934
|
# @return [String]
|
2093
2935
|
#
|
2094
2936
|
# @!attribute [rw] server_id
|