aws-sdk-transfer 1.30.0 → 1.35.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +188 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-transfer.rb +3 -3
- data/lib/aws-sdk-transfer/client.rb +756 -166
- data/lib/aws-sdk-transfer/client_api.rb +159 -1
- data/lib/aws-sdk-transfer/errors.rb +1 -1
- data/lib/aws-sdk-transfer/resource.rb +1 -1
- data/lib/aws-sdk-transfer/types.rb +1174 -223
- metadata +9 -7
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -19,26 +19,34 @@ module Aws::Transfer
|
|
19
19
|
Arn = Shapes::StringShape.new(name: 'Arn')
|
20
20
|
Certificate = Shapes::StringShape.new(name: 'Certificate')
|
21
21
|
ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
|
22
|
+
CreateAccessRequest = Shapes::StructureShape.new(name: 'CreateAccessRequest')
|
23
|
+
CreateAccessResponse = Shapes::StructureShape.new(name: 'CreateAccessResponse')
|
22
24
|
CreateServerRequest = Shapes::StructureShape.new(name: 'CreateServerRequest')
|
23
25
|
CreateServerResponse = Shapes::StructureShape.new(name: 'CreateServerResponse')
|
24
26
|
CreateUserRequest = Shapes::StructureShape.new(name: 'CreateUserRequest')
|
25
27
|
CreateUserResponse = Shapes::StructureShape.new(name: 'CreateUserResponse')
|
26
28
|
DateImported = Shapes::TimestampShape.new(name: 'DateImported')
|
29
|
+
DeleteAccessRequest = Shapes::StructureShape.new(name: 'DeleteAccessRequest')
|
27
30
|
DeleteServerRequest = Shapes::StructureShape.new(name: 'DeleteServerRequest')
|
28
31
|
DeleteSshPublicKeyRequest = Shapes::StructureShape.new(name: 'DeleteSshPublicKeyRequest')
|
29
32
|
DeleteUserRequest = Shapes::StructureShape.new(name: 'DeleteUserRequest')
|
33
|
+
DescribeAccessRequest = Shapes::StructureShape.new(name: 'DescribeAccessRequest')
|
34
|
+
DescribeAccessResponse = Shapes::StructureShape.new(name: 'DescribeAccessResponse')
|
30
35
|
DescribeSecurityPolicyRequest = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyRequest')
|
31
36
|
DescribeSecurityPolicyResponse = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyResponse')
|
32
37
|
DescribeServerRequest = Shapes::StructureShape.new(name: 'DescribeServerRequest')
|
33
38
|
DescribeServerResponse = Shapes::StructureShape.new(name: 'DescribeServerResponse')
|
34
39
|
DescribeUserRequest = Shapes::StructureShape.new(name: 'DescribeUserRequest')
|
35
40
|
DescribeUserResponse = Shapes::StructureShape.new(name: 'DescribeUserResponse')
|
41
|
+
DescribedAccess = Shapes::StructureShape.new(name: 'DescribedAccess')
|
36
42
|
DescribedSecurityPolicy = Shapes::StructureShape.new(name: 'DescribedSecurityPolicy')
|
37
43
|
DescribedServer = Shapes::StructureShape.new(name: 'DescribedServer')
|
38
44
|
DescribedUser = Shapes::StructureShape.new(name: 'DescribedUser')
|
45
|
+
DirectoryId = Shapes::StringShape.new(name: 'DirectoryId')
|
39
46
|
Domain = Shapes::StringShape.new(name: 'Domain')
|
40
47
|
EndpointDetails = Shapes::StructureShape.new(name: 'EndpointDetails')
|
41
48
|
EndpointType = Shapes::StringShape.new(name: 'EndpointType')
|
49
|
+
ExternalId = Shapes::StringShape.new(name: 'ExternalId')
|
42
50
|
Fips = Shapes::BooleanShape.new(name: 'Fips')
|
43
51
|
HomeDirectory = Shapes::StringShape.new(name: 'HomeDirectory')
|
44
52
|
HomeDirectoryMapEntry = Shapes::StructureShape.new(name: 'HomeDirectoryMapEntry')
|
@@ -53,6 +61,8 @@ module Aws::Transfer
|
|
53
61
|
InternalServiceError = Shapes::StructureShape.new(name: 'InternalServiceError')
|
54
62
|
InvalidNextTokenException = Shapes::StructureShape.new(name: 'InvalidNextTokenException')
|
55
63
|
InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
|
64
|
+
ListAccessesRequest = Shapes::StructureShape.new(name: 'ListAccessesRequest')
|
65
|
+
ListAccessesResponse = Shapes::StructureShape.new(name: 'ListAccessesResponse')
|
56
66
|
ListSecurityPoliciesRequest = Shapes::StructureShape.new(name: 'ListSecurityPoliciesRequest')
|
57
67
|
ListSecurityPoliciesResponse = Shapes::StructureShape.new(name: 'ListSecurityPoliciesResponse')
|
58
68
|
ListServersRequest = Shapes::StructureShape.new(name: 'ListServersRequest')
|
@@ -61,6 +71,8 @@ module Aws::Transfer
|
|
61
71
|
ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
|
62
72
|
ListUsersRequest = Shapes::StructureShape.new(name: 'ListUsersRequest')
|
63
73
|
ListUsersResponse = Shapes::StructureShape.new(name: 'ListUsersResponse')
|
74
|
+
ListedAccess = Shapes::StructureShape.new(name: 'ListedAccess')
|
75
|
+
ListedAccesses = Shapes::ListShape.new(name: 'ListedAccesses')
|
64
76
|
ListedServer = Shapes::StructureShape.new(name: 'ListedServer')
|
65
77
|
ListedServers = Shapes::ListShape.new(name: 'ListedServers')
|
66
78
|
ListedUser = Shapes::StructureShape.new(name: 'ListedUser')
|
@@ -71,10 +83,12 @@ module Aws::Transfer
|
|
71
83
|
Message = Shapes::StringShape.new(name: 'Message')
|
72
84
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
73
85
|
NullableRole = Shapes::StringShape.new(name: 'NullableRole')
|
86
|
+
PassiveIp = Shapes::StringShape.new(name: 'PassiveIp')
|
74
87
|
Policy = Shapes::StringShape.new(name: 'Policy')
|
75
88
|
PosixId = Shapes::IntegerShape.new(name: 'PosixId')
|
76
89
|
PosixProfile = Shapes::StructureShape.new(name: 'PosixProfile')
|
77
90
|
Protocol = Shapes::StringShape.new(name: 'Protocol')
|
91
|
+
ProtocolDetails = Shapes::StructureShape.new(name: 'ProtocolDetails')
|
78
92
|
Protocols = Shapes::ListShape.new(name: 'Protocols')
|
79
93
|
Resource = Shapes::StringShape.new(name: 'Resource')
|
80
94
|
ResourceExistsException = Shapes::StructureShape.new(name: 'ResourceExistsException')
|
@@ -115,6 +129,8 @@ module Aws::Transfer
|
|
115
129
|
TestIdentityProviderResponse = Shapes::StructureShape.new(name: 'TestIdentityProviderResponse')
|
116
130
|
ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
|
117
131
|
UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
|
132
|
+
UpdateAccessRequest = Shapes::StructureShape.new(name: 'UpdateAccessRequest')
|
133
|
+
UpdateAccessResponse = Shapes::StructureShape.new(name: 'UpdateAccessResponse')
|
118
134
|
UpdateServerRequest = Shapes::StructureShape.new(name: 'UpdateServerRequest')
|
119
135
|
UpdateServerResponse = Shapes::StructureShape.new(name: 'UpdateServerResponse')
|
120
136
|
UpdateUserRequest = Shapes::StructureShape.new(name: 'UpdateUserRequest')
|
@@ -134,6 +150,20 @@ module Aws::Transfer
|
|
134
150
|
ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
135
151
|
ConflictException.struct_class = Types::ConflictException
|
136
152
|
|
153
|
+
CreateAccessRequest.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
154
|
+
CreateAccessRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
155
|
+
CreateAccessRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
156
|
+
CreateAccessRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
157
|
+
CreateAccessRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
158
|
+
CreateAccessRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "Role"))
|
159
|
+
CreateAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
160
|
+
CreateAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
161
|
+
CreateAccessRequest.struct_class = Types::CreateAccessRequest
|
162
|
+
|
163
|
+
CreateAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
164
|
+
CreateAccessResponse.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
165
|
+
CreateAccessResponse.struct_class = Types::CreateAccessResponse
|
166
|
+
|
137
167
|
CreateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
138
168
|
CreateServerRequest.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
139
169
|
CreateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
@@ -166,6 +196,10 @@ module Aws::Transfer
|
|
166
196
|
CreateUserResponse.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
|
167
197
|
CreateUserResponse.struct_class = Types::CreateUserResponse
|
168
198
|
|
199
|
+
DeleteAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
200
|
+
DeleteAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
201
|
+
DeleteAccessRequest.struct_class = Types::DeleteAccessRequest
|
202
|
+
|
169
203
|
DeleteServerRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
170
204
|
DeleteServerRequest.struct_class = Types::DeleteServerRequest
|
171
205
|
|
@@ -178,6 +212,14 @@ module Aws::Transfer
|
|
178
212
|
DeleteUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
|
179
213
|
DeleteUserRequest.struct_class = Types::DeleteUserRequest
|
180
214
|
|
215
|
+
DescribeAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
216
|
+
DescribeAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
217
|
+
DescribeAccessRequest.struct_class = Types::DescribeAccessRequest
|
218
|
+
|
219
|
+
DescribeAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
220
|
+
DescribeAccessResponse.add_member(:access, Shapes::ShapeRef.new(shape: DescribedAccess, required: true, location_name: "Access"))
|
221
|
+
DescribeAccessResponse.struct_class = Types::DescribeAccessResponse
|
222
|
+
|
181
223
|
DescribeSecurityPolicyRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
|
182
224
|
DescribeSecurityPolicyRequest.struct_class = Types::DescribeSecurityPolicyRequest
|
183
225
|
|
@@ -198,6 +240,15 @@ module Aws::Transfer
|
|
198
240
|
DescribeUserResponse.add_member(:user, Shapes::ShapeRef.new(shape: DescribedUser, required: true, location_name: "User"))
|
199
241
|
DescribeUserResponse.struct_class = Types::DescribeUserResponse
|
200
242
|
|
243
|
+
DescribedAccess.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
244
|
+
DescribedAccess.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
245
|
+
DescribedAccess.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
246
|
+
DescribedAccess.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
247
|
+
DescribedAccess.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
248
|
+
DescribedAccess.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
249
|
+
DescribedAccess.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, location_name: "ExternalId"))
|
250
|
+
DescribedAccess.struct_class = Types::DescribedAccess
|
251
|
+
|
201
252
|
DescribedSecurityPolicy.add_member(:fips, Shapes::ShapeRef.new(shape: Fips, location_name: "Fips"))
|
202
253
|
DescribedSecurityPolicy.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
|
203
254
|
DescribedSecurityPolicy.add_member(:ssh_ciphers, Shapes::ShapeRef.new(shape: SecurityPolicyOptions, location_name: "SshCiphers"))
|
@@ -208,6 +259,7 @@ module Aws::Transfer
|
|
208
259
|
|
209
260
|
DescribedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
|
210
261
|
DescribedServer.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
262
|
+
DescribedServer.add_member(:protocol_details, Shapes::ShapeRef.new(shape: ProtocolDetails, location_name: "ProtocolDetails"))
|
211
263
|
DescribedServer.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
212
264
|
DescribedServer.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
213
265
|
DescribedServer.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
@@ -250,6 +302,7 @@ module Aws::Transfer
|
|
250
302
|
|
251
303
|
IdentityProviderDetails.add_member(:url, Shapes::ShapeRef.new(shape: Url, location_name: "Url"))
|
252
304
|
IdentityProviderDetails.add_member(:invocation_role, Shapes::ShapeRef.new(shape: Role, location_name: "InvocationRole"))
|
305
|
+
IdentityProviderDetails.add_member(:directory_id, Shapes::ShapeRef.new(shape: DirectoryId, location_name: "DirectoryId"))
|
253
306
|
IdentityProviderDetails.struct_class = Types::IdentityProviderDetails
|
254
307
|
|
255
308
|
ImportSshPublicKeyRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
@@ -271,6 +324,16 @@ module Aws::Transfer
|
|
271
324
|
InvalidRequestException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
272
325
|
InvalidRequestException.struct_class = Types::InvalidRequestException
|
273
326
|
|
327
|
+
ListAccessesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
|
328
|
+
ListAccessesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
329
|
+
ListAccessesRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
330
|
+
ListAccessesRequest.struct_class = Types::ListAccessesRequest
|
331
|
+
|
332
|
+
ListAccessesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
333
|
+
ListAccessesResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
334
|
+
ListAccessesResponse.add_member(:accesses, Shapes::ShapeRef.new(shape: ListedAccesses, required: true, location_name: "Accesses"))
|
335
|
+
ListAccessesResponse.struct_class = Types::ListAccessesResponse
|
336
|
+
|
274
337
|
ListSecurityPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
|
275
338
|
ListSecurityPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
276
339
|
ListSecurityPoliciesRequest.struct_class = Types::ListSecurityPoliciesRequest
|
@@ -307,6 +370,14 @@ module Aws::Transfer
|
|
307
370
|
ListUsersResponse.add_member(:users, Shapes::ShapeRef.new(shape: ListedUsers, required: true, location_name: "Users"))
|
308
371
|
ListUsersResponse.struct_class = Types::ListUsersResponse
|
309
372
|
|
373
|
+
ListedAccess.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
374
|
+
ListedAccess.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
375
|
+
ListedAccess.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
376
|
+
ListedAccess.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, location_name: "ExternalId"))
|
377
|
+
ListedAccess.struct_class = Types::ListedAccess
|
378
|
+
|
379
|
+
ListedAccesses.member = Shapes::ShapeRef.new(shape: ListedAccess)
|
380
|
+
|
310
381
|
ListedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
|
311
382
|
ListedServer.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
312
383
|
ListedServer.add_member(:identity_provider_type, Shapes::ShapeRef.new(shape: IdentityProviderType, location_name: "IdentityProviderType"))
|
@@ -334,6 +405,9 @@ module Aws::Transfer
|
|
334
405
|
PosixProfile.add_member(:secondary_gids, Shapes::ShapeRef.new(shape: SecondaryGids, location_name: "SecondaryGids"))
|
335
406
|
PosixProfile.struct_class = Types::PosixProfile
|
336
407
|
|
408
|
+
ProtocolDetails.add_member(:passive_ip, Shapes::ShapeRef.new(shape: PassiveIp, location_name: "PassiveIp"))
|
409
|
+
ProtocolDetails.struct_class = Types::ProtocolDetails
|
410
|
+
|
337
411
|
Protocols.member = Shapes::ShapeRef.new(shape: Protocol)
|
338
412
|
|
339
413
|
ResourceExistsException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
@@ -404,7 +478,22 @@ module Aws::Transfer
|
|
404
478
|
UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeys, required: true, location_name: "TagKeys"))
|
405
479
|
UntagResourceRequest.struct_class = Types::UntagResourceRequest
|
406
480
|
|
481
|
+
UpdateAccessRequest.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
|
482
|
+
UpdateAccessRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
|
483
|
+
UpdateAccessRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
|
484
|
+
UpdateAccessRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
485
|
+
UpdateAccessRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
|
486
|
+
UpdateAccessRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
|
487
|
+
UpdateAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
488
|
+
UpdateAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
489
|
+
UpdateAccessRequest.struct_class = Types::UpdateAccessRequest
|
490
|
+
|
491
|
+
UpdateAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
|
492
|
+
UpdateAccessResponse.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
|
493
|
+
UpdateAccessResponse.struct_class = Types::UpdateAccessResponse
|
494
|
+
|
407
495
|
UpdateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
496
|
+
UpdateServerRequest.add_member(:protocol_details, Shapes::ShapeRef.new(shape: ProtocolDetails, location_name: "ProtocolDetails"))
|
408
497
|
UpdateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
409
498
|
UpdateServerRequest.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
410
499
|
UpdateServerRequest.add_member(:host_key, Shapes::ShapeRef.new(shape: HostKey, location_name: "HostKey"))
|
@@ -452,6 +541,19 @@ module Aws::Transfer
|
|
452
541
|
"uid" => "transfer-2018-11-05",
|
453
542
|
}
|
454
543
|
|
544
|
+
api.add_operation(:create_access, Seahorse::Model::Operation.new.tap do |o|
|
545
|
+
o.name = "CreateAccess"
|
546
|
+
o.http_method = "POST"
|
547
|
+
o.http_request_uri = "/"
|
548
|
+
o.input = Shapes::ShapeRef.new(shape: CreateAccessRequest)
|
549
|
+
o.output = Shapes::ShapeRef.new(shape: CreateAccessResponse)
|
550
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
551
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
552
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
553
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
|
554
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
555
|
+
end)
|
556
|
+
|
455
557
|
api.add_operation(:create_server, Seahorse::Model::Operation.new.tap do |o|
|
456
558
|
o.name = "CreateServer"
|
457
559
|
o.http_method = "POST"
|
@@ -479,6 +581,18 @@ module Aws::Transfer
|
|
479
581
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
480
582
|
end)
|
481
583
|
|
584
|
+
api.add_operation(:delete_access, Seahorse::Model::Operation.new.tap do |o|
|
585
|
+
o.name = "DeleteAccess"
|
586
|
+
o.http_method = "POST"
|
587
|
+
o.http_request_uri = "/"
|
588
|
+
o.input = Shapes::ShapeRef.new(shape: DeleteAccessRequest)
|
589
|
+
o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
|
590
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
591
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
592
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
593
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
594
|
+
end)
|
595
|
+
|
482
596
|
api.add_operation(:delete_server, Seahorse::Model::Operation.new.tap do |o|
|
483
597
|
o.name = "DeleteServer"
|
484
598
|
o.http_method = "POST"
|
@@ -517,6 +631,18 @@ module Aws::Transfer
|
|
517
631
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
518
632
|
end)
|
519
633
|
|
634
|
+
api.add_operation(:describe_access, Seahorse::Model::Operation.new.tap do |o|
|
635
|
+
o.name = "DescribeAccess"
|
636
|
+
o.http_method = "POST"
|
637
|
+
o.http_request_uri = "/"
|
638
|
+
o.input = Shapes::ShapeRef.new(shape: DescribeAccessRequest)
|
639
|
+
o.output = Shapes::ShapeRef.new(shape: DescribeAccessResponse)
|
640
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
641
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
642
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
643
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
644
|
+
end)
|
645
|
+
|
520
646
|
api.add_operation(:describe_security_policy, Seahorse::Model::Operation.new.tap do |o|
|
521
647
|
o.name = "DescribeSecurityPolicy"
|
522
648
|
o.http_method = "POST"
|
@@ -567,6 +693,25 @@ module Aws::Transfer
|
|
567
693
|
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
568
694
|
end)
|
569
695
|
|
696
|
+
api.add_operation(:list_accesses, Seahorse::Model::Operation.new.tap do |o|
|
697
|
+
o.name = "ListAccesses"
|
698
|
+
o.http_method = "POST"
|
699
|
+
o.http_request_uri = "/"
|
700
|
+
o.input = Shapes::ShapeRef.new(shape: ListAccessesRequest)
|
701
|
+
o.output = Shapes::ShapeRef.new(shape: ListAccessesResponse)
|
702
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
703
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
704
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
|
705
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
706
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
707
|
+
o[:pager] = Aws::Pager.new(
|
708
|
+
limit_key: "max_results",
|
709
|
+
tokens: {
|
710
|
+
"next_token" => "next_token"
|
711
|
+
}
|
712
|
+
)
|
713
|
+
end)
|
714
|
+
|
570
715
|
api.add_operation(:list_security_policies, Seahorse::Model::Operation.new.tap do |o|
|
571
716
|
o.name = "ListSecurityPolicies"
|
572
717
|
o.http_method = "POST"
|
@@ -702,6 +847,19 @@ module Aws::Transfer
|
|
702
847
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
703
848
|
end)
|
704
849
|
|
850
|
+
api.add_operation(:update_access, Seahorse::Model::Operation.new.tap do |o|
|
851
|
+
o.name = "UpdateAccess"
|
852
|
+
o.http_method = "POST"
|
853
|
+
o.http_request_uri = "/"
|
854
|
+
o.input = Shapes::ShapeRef.new(shape: UpdateAccessRequest)
|
855
|
+
o.output = Shapes::ShapeRef.new(shape: UpdateAccessResponse)
|
856
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
857
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
858
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
859
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
|
860
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
861
|
+
end)
|
862
|
+
|
705
863
|
api.add_operation(:update_server, Seahorse::Model::Operation.new.tap do |o|
|
706
864
|
o.name = "UpdateServer"
|
707
865
|
o.http_method = "POST"
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -38,6 +38,191 @@ module Aws::Transfer
|
|
38
38
|
include Aws::Structure
|
39
39
|
end
|
40
40
|
|
41
|
+
# @note When making an API call, you may pass CreateAccessRequest
|
42
|
+
# data as a hash:
|
43
|
+
#
|
44
|
+
# {
|
45
|
+
# home_directory: "HomeDirectory",
|
46
|
+
# home_directory_type: "PATH", # accepts PATH, LOGICAL
|
47
|
+
# home_directory_mappings: [
|
48
|
+
# {
|
49
|
+
# entry: "MapEntry", # required
|
50
|
+
# target: "MapTarget", # required
|
51
|
+
# },
|
52
|
+
# ],
|
53
|
+
# policy: "Policy",
|
54
|
+
# posix_profile: {
|
55
|
+
# uid: 1, # required
|
56
|
+
# gid: 1, # required
|
57
|
+
# secondary_gids: [1],
|
58
|
+
# },
|
59
|
+
# role: "Role", # required
|
60
|
+
# server_id: "ServerId", # required
|
61
|
+
# external_id: "ExternalId", # required
|
62
|
+
# }
|
63
|
+
#
|
64
|
+
# @!attribute [rw] home_directory
|
65
|
+
# The landing directory (folder) for a user when they log in to the
|
66
|
+
# server using the client.
|
67
|
+
#
|
68
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
69
|
+
# @return [String]
|
70
|
+
#
|
71
|
+
# @!attribute [rw] home_directory_type
|
72
|
+
# The type of landing directory (folder) you want your users' home
|
73
|
+
# directory to be when they log into the server. If you set it to
|
74
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
75
|
+
# as is in their file transfer protocol clients. If you set it
|
76
|
+
# `LOGICAL`, you will need to provide mappings in the
|
77
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
78
|
+
# paths visible to your users.
|
79
|
+
# @return [String]
|
80
|
+
#
|
81
|
+
# @!attribute [rw] home_directory_mappings
|
82
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
83
|
+
# paths and keys should be visible to your user and how you want to
|
84
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
85
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
86
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
87
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
88
|
+
# Services Identity and Access Management (IAM) role provides access
|
89
|
+
# to paths in `Target`. This value can only be set when
|
90
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
91
|
+
#
|
92
|
+
# The following is an `Entry` and `Target` pair example.
|
93
|
+
#
|
94
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
95
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
96
|
+
#
|
97
|
+
# In most cases, you can use this value instead of the scope-down
|
98
|
+
# policy to lock down your user to the designated home directory
|
99
|
+
# ("`chroot`"). To do this, you can set `Entry` to `/` and set
|
100
|
+
# `Target` to the `HomeDirectory` parameter value.
|
101
|
+
#
|
102
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
103
|
+
#
|
104
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
105
|
+
#
|
106
|
+
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
107
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
108
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
109
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
110
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
111
|
+
# operation. For example, you use the following: `aws s3api put-object
|
112
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
113
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
114
|
+
#
|
115
|
+
# </note>
|
116
|
+
# @return [Array<Types::HomeDirectoryMapEntry>]
|
117
|
+
#
|
118
|
+
# @!attribute [rw] policy
|
119
|
+
# A scope-down policy for your user so that you can use the same IAM
|
120
|
+
# role across multiple users. This policy scopes down user access to
|
121
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
122
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
123
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
124
|
+
#
|
125
|
+
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
126
|
+
# not use scope-down policies.
|
127
|
+
#
|
128
|
+
# For scope-down policies, Amazon Web Services Transfer Family stores
|
129
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
130
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
131
|
+
# `Policy` argument.
|
132
|
+
#
|
133
|
+
# For an example of a scope-down policy, see [Example scope-down
|
134
|
+
# policy][1].
|
135
|
+
#
|
136
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
137
|
+
# Services Security Token Service API Reference*.
|
138
|
+
#
|
139
|
+
# </note>
|
140
|
+
#
|
141
|
+
#
|
142
|
+
#
|
143
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
|
144
|
+
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
145
|
+
# @return [String]
|
146
|
+
#
|
147
|
+
# @!attribute [rw] posix_profile
|
148
|
+
# The full POSIX identity, including user ID (`Uid`), group ID
|
149
|
+
# (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
150
|
+
# controls your users' access to your Amazon EFS file systems. The
|
151
|
+
# POSIX permissions that are set on files and directories in your file
|
152
|
+
# system determine the level of access your users get when
|
153
|
+
# transferring files into and out of your Amazon EFS file systems.
|
154
|
+
# @return [Types::PosixProfile]
|
155
|
+
#
|
156
|
+
# @!attribute [rw] role
|
157
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
158
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
159
|
+
# system. The policies attached to this role determine the level of
|
160
|
+
# access that you want to provide your users when transferring files
|
161
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
162
|
+
# role should also contain a trust relationship that allows the server
|
163
|
+
# to access your resources when servicing your users' transfer
|
164
|
+
# requests.
|
165
|
+
# @return [String]
|
166
|
+
#
|
167
|
+
# @!attribute [rw] server_id
|
168
|
+
# A system-assigned unique identifier for a server instance. This is
|
169
|
+
# the specific server that you added your user to.
|
170
|
+
# @return [String]
|
171
|
+
#
|
172
|
+
# @!attribute [rw] external_id
|
173
|
+
# A unique identifier that is required to identify specific groups
|
174
|
+
# within your directory. The users of the group that you associate
|
175
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
176
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
177
|
+
# know the group name, you can view the SID values by running the
|
178
|
+
# following command using Windows PowerShell.
|
179
|
+
#
|
180
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
181
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
182
|
+
#
|
183
|
+
# In that command, replace *YourGroupName* with the name of your
|
184
|
+
# Active Directory group.
|
185
|
+
#
|
186
|
+
# The regex used to validate this parameter is a string of characters
|
187
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
188
|
+
# no spaces. You can also include underscores or any of the following
|
189
|
+
# characters: =,.@:/-
|
190
|
+
# @return [String]
|
191
|
+
#
|
192
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessRequest AWS API Documentation
|
193
|
+
#
|
194
|
+
class CreateAccessRequest < Struct.new(
|
195
|
+
:home_directory,
|
196
|
+
:home_directory_type,
|
197
|
+
:home_directory_mappings,
|
198
|
+
:policy,
|
199
|
+
:posix_profile,
|
200
|
+
:role,
|
201
|
+
:server_id,
|
202
|
+
:external_id)
|
203
|
+
SENSITIVE = []
|
204
|
+
include Aws::Structure
|
205
|
+
end
|
206
|
+
|
207
|
+
# @!attribute [rw] server_id
|
208
|
+
# The ID of the server that the user is attached to.
|
209
|
+
# @return [String]
|
210
|
+
#
|
211
|
+
# @!attribute [rw] external_id
|
212
|
+
# The external ID of the group whose users have access to your Amazon
|
213
|
+
# S3 or Amazon EFS resources over the enabled protocols using Amazon
|
214
|
+
# Web Services Transfer Family.
|
215
|
+
# @return [String]
|
216
|
+
#
|
217
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessResponse AWS API Documentation
|
218
|
+
#
|
219
|
+
class CreateAccessResponse < Struct.new(
|
220
|
+
:server_id,
|
221
|
+
:external_id)
|
222
|
+
SENSITIVE = []
|
223
|
+
include Aws::Structure
|
224
|
+
end
|
225
|
+
|
41
226
|
# @note When making an API call, you may pass CreateServerRequest
|
42
227
|
# data as a hash:
|
43
228
|
#
|
@@ -56,8 +241,9 @@ module Aws::Transfer
|
|
56
241
|
# identity_provider_details: {
|
57
242
|
# url: "Url",
|
58
243
|
# invocation_role: "Role",
|
244
|
+
# directory_id: "DirectoryId",
|
59
245
|
# },
|
60
|
-
# identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY
|
246
|
+
# identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY, AWS_DIRECTORY_SERVICE
|
61
247
|
# logging_role: "Role",
|
62
248
|
# protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
|
63
249
|
# security_policy_name: "SecurityPolicyName",
|
@@ -70,19 +256,21 @@ module Aws::Transfer
|
|
70
256
|
# }
|
71
257
|
#
|
72
258
|
# @!attribute [rw] certificate
|
73
|
-
# The Amazon Resource Name (ARN) of the
|
74
|
-
# certificate. Required when `Protocols` is
|
259
|
+
# The Amazon Resource Name (ARN) of the Amazon Web Services
|
260
|
+
# Certificate Manager (ACM) certificate. Required when `Protocols` is
|
261
|
+
# set to `FTPS`.
|
75
262
|
#
|
76
263
|
# To request a new public certificate, see [Request a public
|
77
|
-
# certificate][1] in the <i>
|
264
|
+
# certificate][1] in the <i> Amazon Web Services Certificate Manager
|
265
|
+
# User Guide</i>.
|
78
266
|
#
|
79
267
|
# To import an existing certificate into ACM, see [Importing
|
80
|
-
# certificates into ACM][2] in the <i>
|
81
|
-
# Guide</i>.
|
268
|
+
# certificates into ACM][2] in the <i> Amazon Web Services Certificate
|
269
|
+
# Manager User Guide</i>.
|
82
270
|
#
|
83
271
|
# To request a private certificate to use FTPS through private IP
|
84
|
-
# addresses, see [Request a private certificate][3] in the <i>
|
85
|
-
# Certificate Manager User Guide</i>.
|
272
|
+
# addresses, see [Request a private certificate][3] in the <i> Amazon
|
273
|
+
# Web Services Certificate Manager User Guide</i>.
|
86
274
|
#
|
87
275
|
# Certificates with the following cryptographic algorithms and key
|
88
276
|
# sizes are supported:
|
@@ -110,24 +298,44 @@ module Aws::Transfer
|
|
110
298
|
# @return [String]
|
111
299
|
#
|
112
300
|
# @!attribute [rw] domain
|
301
|
+
# The domain of the storage system that is used for file transfers.
|
302
|
+
# There are two domains available: Amazon Simple Storage Service
|
303
|
+
# (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default
|
304
|
+
# value is S3.
|
305
|
+
#
|
306
|
+
# <note markdown="1"> After the server is created, the domain cannot be changed.
|
307
|
+
#
|
308
|
+
# </note>
|
113
309
|
# @return [String]
|
114
310
|
#
|
115
311
|
# @!attribute [rw] endpoint_details
|
116
312
|
# The virtual private cloud (VPC) endpoint settings that are
|
117
313
|
# configured for your server. When you host your endpoint within your
|
118
314
|
# VPC, you can make it accessible only to resources within your VPC,
|
119
|
-
# or you can attach Elastic
|
120
|
-
# the internet. Your VPC's default security groups are
|
121
|
-
# assigned to your endpoint.
|
315
|
+
# or you can attach Elastic IP addresses and make it accessible to
|
316
|
+
# clients over the internet. Your VPC's default security groups are
|
317
|
+
# automatically assigned to your endpoint.
|
122
318
|
# @return [Types::EndpointDetails]
|
123
319
|
#
|
124
320
|
# @!attribute [rw] endpoint_type
|
125
|
-
# The type of
|
126
|
-
#
|
127
|
-
#
|
128
|
-
#
|
129
|
-
#
|
130
|
-
#
|
321
|
+
# The type of endpoint that you want your server to use. You can
|
322
|
+
# choose to make your server's endpoint publicly accessible (PUBLIC)
|
323
|
+
# or host it inside your VPC. With an endpoint that is hosted in a
|
324
|
+
# VPC, you can restrict access to your server and resources only
|
325
|
+
# within your VPC or choose to make it internet facing by attaching
|
326
|
+
# Elastic IP addresses directly to it.
|
327
|
+
#
|
328
|
+
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
329
|
+
# `EndpointType=VPC_ENDPOINT` in your Amazon Web Services account if
|
330
|
+
# your account hasn't already done so before May 19, 2021. If you
|
331
|
+
# have already created servers with `EndpointType=VPC_ENDPOINT` in
|
332
|
+
# your Amazon Web Services account on or before May 19, 2021, you will
|
333
|
+
# not be affected. After this date, use `EndpointType`=`VPC`.
|
334
|
+
#
|
335
|
+
# For more information, see
|
336
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
337
|
+
#
|
338
|
+
# It is recommended that you use `VPC` as the `EndpointType`. With
|
131
339
|
# this endpoint type, you have the option to directly associate up to
|
132
340
|
# three Elastic IPv4 addresses (BYO IP included) with your server's
|
133
341
|
# endpoint and use VPC security groups to restrict traffic by the
|
@@ -146,7 +354,7 @@ module Aws::Transfer
|
|
146
354
|
# Accidentally changing a server's host key can be disruptive.
|
147
355
|
#
|
148
356
|
# For more information, see [Change the host key for your SFTP-enabled
|
149
|
-
# server][1] in the *
|
357
|
+
# server][1] in the *Amazon Web Services Transfer Family User Guide*.
|
150
358
|
#
|
151
359
|
#
|
152
360
|
#
|
@@ -154,26 +362,38 @@ module Aws::Transfer
|
|
154
362
|
# @return [String]
|
155
363
|
#
|
156
364
|
# @!attribute [rw] identity_provider_details
|
157
|
-
# Required when `IdentityProviderType` is set to
|
158
|
-
# Accepts an array
|
159
|
-
#
|
160
|
-
#
|
161
|
-
#
|
365
|
+
# Required when `IdentityProviderType` is set to
|
366
|
+
# `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`. Accepts an array
|
367
|
+
# containing all of the information required to use a directory in
|
368
|
+
# `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication
|
369
|
+
# API, including the API Gateway URL. Not required when
|
370
|
+
# `IdentityProviderType` is set to `SERVICE_MANAGED`.
|
162
371
|
# @return [Types::IdentityProviderDetails]
|
163
372
|
#
|
164
373
|
# @!attribute [rw] identity_provider_type
|
165
374
|
# Specifies the mode of authentication for a server. The default value
|
166
375
|
# is `SERVICE_MANAGED`, which allows you to store and access user
|
167
|
-
# credentials within the
|
168
|
-
#
|
169
|
-
#
|
170
|
-
#
|
376
|
+
# credentials within the Amazon Web Services Transfer Family service.
|
377
|
+
#
|
378
|
+
# Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
|
379
|
+
# groups in Amazon Web Services Managed Active Directory or Microsoft
|
380
|
+
# Active Directory in your on-premises environment or in Amazon Web
|
381
|
+
# Services using AD Connectors. This option also requires you to
|
382
|
+
# provide a Directory ID using the `IdentityProviderDetails`
|
383
|
+
# parameter.
|
384
|
+
#
|
385
|
+
# Use the `API_GATEWAY` value to integrate with an identity provider
|
386
|
+
# of your choosing. The `API_GATEWAY` setting requires you to provide
|
387
|
+
# an API Gateway endpoint URL to call for authentication using the
|
171
388
|
# `IdentityProviderDetails` parameter.
|
172
389
|
# @return [String]
|
173
390
|
#
|
174
391
|
# @!attribute [rw] logging_role
|
175
|
-
#
|
176
|
-
#
|
392
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
393
|
+
# Identity and Access Management (IAM) role that allows a server to
|
394
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
395
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
396
|
+
# logs.
|
177
397
|
# @return [String]
|
178
398
|
#
|
179
399
|
# @!attribute [rw] protocols
|
@@ -189,13 +409,13 @@ module Aws::Transfer
|
|
189
409
|
#
|
190
410
|
# * `FTP` (File Transfer Protocol): Unencrypted file transfer
|
191
411
|
#
|
192
|
-
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in
|
193
|
-
# Certificate Manager (ACM) which
|
194
|
-
# when clients connect to it over FTPS.
|
412
|
+
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
|
413
|
+
# Web Services Certificate Manager (ACM) which is used to identify
|
414
|
+
# your server when clients connect to it over FTPS.
|
195
415
|
#
|
196
416
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
197
417
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
198
|
-
# `API_GATEWAY`.
|
418
|
+
# `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
|
199
419
|
#
|
200
420
|
# If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
|
201
421
|
# associated.
|
@@ -280,86 +500,103 @@ module Aws::Transfer
|
|
280
500
|
# The landing directory (folder) for a user when they log in to the
|
281
501
|
# server using the client.
|
282
502
|
#
|
283
|
-
#
|
284
|
-
# <code>your-Amazon-S3-bucket-name>/home/username</code> </i>.
|
503
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
285
504
|
# @return [String]
|
286
505
|
#
|
287
506
|
# @!attribute [rw] home_directory_type
|
288
507
|
# The type of landing directory (folder) you want your users' home
|
289
508
|
# directory to be when they log into the server. If you set it to
|
290
|
-
# `PATH`, the user will see the absolute Amazon S3 bucket
|
291
|
-
# in their file transfer protocol clients. If you set it
|
292
|
-
# you will need to provide mappings in the
|
293
|
-
# how you want to make Amazon S3
|
509
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
510
|
+
# as is in their file transfer protocol clients. If you set it
|
511
|
+
# `LOGICAL`, you will need to provide mappings in the
|
512
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
513
|
+
# paths visible to your users.
|
294
514
|
# @return [String]
|
295
515
|
#
|
296
516
|
# @!attribute [rw] home_directory_mappings
|
297
|
-
# Logical directory mappings that specify what Amazon S3
|
298
|
-
# keys should be visible to your user and how you want to
|
299
|
-
# visible. You
|
300
|
-
#
|
301
|
-
#
|
302
|
-
#
|
303
|
-
#
|
304
|
-
#
|
305
|
-
#
|
306
|
-
#
|
307
|
-
#
|
308
|
-
#
|
517
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
518
|
+
# paths and keys should be visible to your user and how you want to
|
519
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
520
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
521
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
522
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
523
|
+
# Services Identity and Access Management (IAM) role provides access
|
524
|
+
# to paths in `Target`. This value can only be set when
|
525
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
526
|
+
#
|
527
|
+
# The following is an `Entry` and `Target` pair example.
|
528
|
+
#
|
529
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
530
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
309
531
|
#
|
310
532
|
# In most cases, you can use this value instead of the scope-down
|
311
533
|
# policy to lock your user down to the designated home directory
|
312
|
-
# ("chroot"). To do this, you can set `Entry` to
|
534
|
+
# ("`chroot`"). To do this, you can set `Entry` to `/` and set
|
313
535
|
# `Target` to the HomeDirectory parameter value.
|
314
536
|
#
|
537
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
538
|
+
#
|
539
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
540
|
+
#
|
315
541
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
316
|
-
# S3, the entry
|
317
|
-
# Amazon S3 API to create 0 byte objects as place holders
|
318
|
-
# directory. If using the CLI, use the `s3api`
|
319
|
-
#
|
320
|
-
# following: `aws s3api put-object
|
321
|
-
# path/to/folder/`. Make sure that the end
|
322
|
-
#
|
542
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
543
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
544
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
545
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
546
|
+
# operation. For example, you use the following: `aws s3api put-object
|
547
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
548
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
323
549
|
#
|
324
550
|
# </note>
|
325
551
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
326
552
|
#
|
327
553
|
# @!attribute [rw] policy
|
328
|
-
# A scope-down policy for your user so you can use the same IAM
|
329
|
-
# across multiple users. This policy scopes down user access to
|
554
|
+
# A scope-down policy for your user so that you can use the same IAM
|
555
|
+
# role across multiple users. This policy scopes down user access to
|
330
556
|
# portions of their Amazon S3 bucket. Variables that you can use
|
331
557
|
# inside this policy include `$\{Transfer:UserName\}`,
|
332
558
|
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
333
559
|
#
|
334
|
-
# <note markdown="1">
|
335
|
-
#
|
336
|
-
# You save the policy as a JSON blob and pass it in the `Policy`
|
337
|
-
# argument.
|
560
|
+
# <note markdown="1"> This only applies when domain of ServerId is S3. EFS does not use
|
561
|
+
# scope down policy.
|
338
562
|
#
|
339
|
-
# For
|
563
|
+
# For scope-down policies, Amazon Web Services Transfer Family stores
|
564
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
565
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
566
|
+
# `Policy` argument.
|
567
|
+
#
|
568
|
+
# For an example of a scope-down policy, see [Example scope-down
|
340
569
|
# policy][1].
|
341
570
|
#
|
342
|
-
# For more information, see [AssumeRole][2] in the *
|
343
|
-
# Service API Reference*.
|
571
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
572
|
+
# Services Security Token Service API Reference*.
|
344
573
|
#
|
345
574
|
# </note>
|
346
575
|
#
|
347
576
|
#
|
348
577
|
#
|
349
|
-
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/
|
578
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
|
350
579
|
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
351
580
|
# @return [String]
|
352
581
|
#
|
353
582
|
# @!attribute [rw] posix_profile
|
583
|
+
# Specifies the full POSIX identity, including user ID (`Uid`), group
|
584
|
+
# ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
585
|
+
# controls your users' access to your Amazon EFS file systems. The
|
586
|
+
# POSIX permissions that are set on files and directories in Amazon
|
587
|
+
# EFS determine the level of access your users get when transferring
|
588
|
+
# files into and out of your Amazon EFS file systems.
|
354
589
|
# @return [Types::PosixProfile]
|
355
590
|
#
|
356
591
|
# @!attribute [rw] role
|
357
|
-
#
|
358
|
-
#
|
359
|
-
#
|
360
|
-
#
|
361
|
-
#
|
362
|
-
#
|
592
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
593
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
594
|
+
# system. The policies attached to this role determine the level of
|
595
|
+
# access that you want to provide your users when transferring files
|
596
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
597
|
+
# role should also contain a trust relationship that allows the server
|
598
|
+
# to access your resources when servicing your users' transfer
|
599
|
+
# requests.
|
363
600
|
# @return [String]
|
364
601
|
#
|
365
602
|
# @!attribute [rw] server_id
|
@@ -421,6 +658,48 @@ module Aws::Transfer
|
|
421
658
|
include Aws::Structure
|
422
659
|
end
|
423
660
|
|
661
|
+
# @note When making an API call, you may pass DeleteAccessRequest
|
662
|
+
# data as a hash:
|
663
|
+
#
|
664
|
+
# {
|
665
|
+
# server_id: "ServerId", # required
|
666
|
+
# external_id: "ExternalId", # required
|
667
|
+
# }
|
668
|
+
#
|
669
|
+
# @!attribute [rw] server_id
|
670
|
+
# A system-assigned unique identifier for a server that has this user
|
671
|
+
# assigned.
|
672
|
+
# @return [String]
|
673
|
+
#
|
674
|
+
# @!attribute [rw] external_id
|
675
|
+
# A unique identifier that is required to identify specific groups
|
676
|
+
# within your directory. The users of the group that you associate
|
677
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
678
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
679
|
+
# know the group name, you can view the SID values by running the
|
680
|
+
# following command using Windows PowerShell.
|
681
|
+
#
|
682
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
683
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
684
|
+
#
|
685
|
+
# In that command, replace *YourGroupName* with the name of your
|
686
|
+
# Active Directory group.
|
687
|
+
#
|
688
|
+
# The regex used to validate this parameter is a string of characters
|
689
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
690
|
+
# no spaces. You can also include underscores or any of the following
|
691
|
+
# characters: =,.@:/-
|
692
|
+
# @return [String]
|
693
|
+
#
|
694
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DeleteAccessRequest AWS API Documentation
|
695
|
+
#
|
696
|
+
class DeleteAccessRequest < Struct.new(
|
697
|
+
:server_id,
|
698
|
+
:external_id)
|
699
|
+
SENSITIVE = []
|
700
|
+
include Aws::Structure
|
701
|
+
end
|
702
|
+
|
424
703
|
# @note When making an API call, you may pass DeleteServerRequest
|
425
704
|
# data as a hash:
|
426
705
|
#
|
@@ -500,6 +779,66 @@ module Aws::Transfer
|
|
500
779
|
include Aws::Structure
|
501
780
|
end
|
502
781
|
|
782
|
+
# @note When making an API call, you may pass DescribeAccessRequest
|
783
|
+
# data as a hash:
|
784
|
+
#
|
785
|
+
# {
|
786
|
+
# server_id: "ServerId", # required
|
787
|
+
# external_id: "ExternalId", # required
|
788
|
+
# }
|
789
|
+
#
|
790
|
+
# @!attribute [rw] server_id
|
791
|
+
# A system-assigned unique identifier for a server that has this
|
792
|
+
# access assigned.
|
793
|
+
# @return [String]
|
794
|
+
#
|
795
|
+
# @!attribute [rw] external_id
|
796
|
+
# A unique identifier that is required to identify specific groups
|
797
|
+
# within your directory. The users of the group that you associate
|
798
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
799
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
800
|
+
# know the group name, you can view the SID values by running the
|
801
|
+
# following command using Windows PowerShell.
|
802
|
+
#
|
803
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
804
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
805
|
+
#
|
806
|
+
# In that command, replace *YourGroupName* with the name of your
|
807
|
+
# Active Directory group.
|
808
|
+
#
|
809
|
+
# The regex used to validate this parameter is a string of characters
|
810
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
811
|
+
# no spaces. You can also include underscores or any of the following
|
812
|
+
# characters: =,.@:/-
|
813
|
+
# @return [String]
|
814
|
+
#
|
815
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAccessRequest AWS API Documentation
|
816
|
+
#
|
817
|
+
class DescribeAccessRequest < Struct.new(
|
818
|
+
:server_id,
|
819
|
+
:external_id)
|
820
|
+
SENSITIVE = []
|
821
|
+
include Aws::Structure
|
822
|
+
end
|
823
|
+
|
824
|
+
# @!attribute [rw] server_id
|
825
|
+
# A system-assigned unique identifier for a server that has this
|
826
|
+
# access assigned.
|
827
|
+
# @return [String]
|
828
|
+
#
|
829
|
+
# @!attribute [rw] access
|
830
|
+
# The external ID of the server that the access is attached to.
|
831
|
+
# @return [Types::DescribedAccess]
|
832
|
+
#
|
833
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAccessResponse AWS API Documentation
|
834
|
+
#
|
835
|
+
class DescribeAccessResponse < Struct.new(
|
836
|
+
:server_id,
|
837
|
+
:access)
|
838
|
+
SENSITIVE = []
|
839
|
+
include Aws::Structure
|
840
|
+
end
|
841
|
+
|
503
842
|
# @note When making an API call, you may pass DescribeSecurityPolicyRequest
|
504
843
|
# data as a hash:
|
505
844
|
#
|
@@ -579,8 +918,8 @@ module Aws::Transfer
|
|
579
918
|
#
|
580
919
|
# @!attribute [rw] user_name
|
581
920
|
# The name of the user assigned to one or more servers. User names are
|
582
|
-
# part of the sign-in credentials to use the
|
583
|
-
# service and perform file transfer tasks.
|
921
|
+
# part of the sign-in credentials to use the Amazon Web Services
|
922
|
+
# Transfer Family service and perform file transfer tasks.
|
584
923
|
# @return [String]
|
585
924
|
#
|
586
925
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeUserRequest AWS API Documentation
|
@@ -611,6 +950,104 @@ module Aws::Transfer
|
|
611
950
|
include Aws::Structure
|
612
951
|
end
|
613
952
|
|
953
|
+
# Describes the properties of the access that was specified.
|
954
|
+
#
|
955
|
+
# @!attribute [rw] home_directory
|
956
|
+
# The landing directory (folder) for a user when they log in to the
|
957
|
+
# server using the client.
|
958
|
+
#
|
959
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
960
|
+
# @return [String]
|
961
|
+
#
|
962
|
+
# @!attribute [rw] home_directory_mappings
|
963
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
964
|
+
# paths and keys should be visible to your user and how you want to
|
965
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
966
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
967
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
968
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
969
|
+
# Services Identity and Access Management (IAM) role provides access
|
970
|
+
# to paths in `Target`. This value can only be set when
|
971
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
972
|
+
#
|
973
|
+
# In most cases, you can use this value instead of the scope-down
|
974
|
+
# policy to lock down the associated access to the designated home
|
975
|
+
# directory ("`chroot`"). To do this, you can set `Entry` to '/'
|
976
|
+
# and set `Target` to the `HomeDirectory` parameter value.
|
977
|
+
# @return [Array<Types::HomeDirectoryMapEntry>]
|
978
|
+
#
|
979
|
+
# @!attribute [rw] home_directory_type
|
980
|
+
# The type of landing directory (folder) you want your users' home
|
981
|
+
# directory to be when they log into the server. If you set it to
|
982
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
983
|
+
# as is in their file transfer protocol clients. If you set it
|
984
|
+
# `LOGICAL`, you will need to provide mappings in the
|
985
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
986
|
+
# paths visible to your users.
|
987
|
+
# @return [String]
|
988
|
+
#
|
989
|
+
# @!attribute [rw] policy
|
990
|
+
# A scope-down policy for your user so that you can use the same IAM
|
991
|
+
# role across multiple users. This policy scopes down user access to
|
992
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
993
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
994
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
995
|
+
# @return [String]
|
996
|
+
#
|
997
|
+
# @!attribute [rw] posix_profile
|
998
|
+
# The full POSIX identity, including user ID (`Uid`), group ID
|
999
|
+
# (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
1000
|
+
# controls your users' access to your Amazon EFS file systems. The
|
1001
|
+
# POSIX permissions that are set on files and directories in your file
|
1002
|
+
# system determine the level of access your users get when
|
1003
|
+
# transferring files into and out of your Amazon EFS file systems.
|
1004
|
+
# @return [Types::PosixProfile]
|
1005
|
+
#
|
1006
|
+
# @!attribute [rw] role
|
1007
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
1008
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
1009
|
+
# system. The policies attached to this role determine the level of
|
1010
|
+
# access that you want to provide your users when transferring files
|
1011
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
1012
|
+
# role should also contain a trust relationship that allows the server
|
1013
|
+
# to access your resources when servicing your users' transfer
|
1014
|
+
# requests.
|
1015
|
+
# @return [String]
|
1016
|
+
#
|
1017
|
+
# @!attribute [rw] external_id
|
1018
|
+
# A unique identifier that is required to identify specific groups
|
1019
|
+
# within your directory. The users of the group that you associate
|
1020
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
1021
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
1022
|
+
# know the group name, you can view the SID values by running the
|
1023
|
+
# following command using Windows PowerShell.
|
1024
|
+
#
|
1025
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
1026
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
1027
|
+
#
|
1028
|
+
# In that command, replace *YourGroupName* with the name of your
|
1029
|
+
# Active Directory group.
|
1030
|
+
#
|
1031
|
+
# The regex used to validate this parameter is a string of characters
|
1032
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
1033
|
+
# no spaces. You can also include underscores or any of the following
|
1034
|
+
# characters: =,.@:/-
|
1035
|
+
# @return [String]
|
1036
|
+
#
|
1037
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedAccess AWS API Documentation
|
1038
|
+
#
|
1039
|
+
class DescribedAccess < Struct.new(
|
1040
|
+
:home_directory,
|
1041
|
+
:home_directory_mappings,
|
1042
|
+
:home_directory_type,
|
1043
|
+
:policy,
|
1044
|
+
:posix_profile,
|
1045
|
+
:role,
|
1046
|
+
:external_id)
|
1047
|
+
SENSITIVE = []
|
1048
|
+
include Aws::Structure
|
1049
|
+
end
|
1050
|
+
|
614
1051
|
# Describes the properties of a security policy that was specified. For
|
615
1052
|
# more information about security policies, see [Working with security
|
616
1053
|
# policies][1].
|
@@ -672,16 +1109,30 @@ module Aws::Transfer
|
|
672
1109
|
# @return [String]
|
673
1110
|
#
|
674
1111
|
# @!attribute [rw] certificate
|
675
|
-
# Specifies the ARN of the
|
676
|
-
# Required when `Protocols` is set to `FTPS`.
|
1112
|
+
# Specifies the ARN of the Amazon Web ServicesCertificate Manager
|
1113
|
+
# (ACM) certificate. Required when `Protocols` is set to `FTPS`.
|
677
1114
|
# @return [String]
|
678
1115
|
#
|
1116
|
+
# @!attribute [rw] protocol_details
|
1117
|
+
# The protocol settings that are configured for your server.
|
1118
|
+
#
|
1119
|
+
# Use the `PassiveIp` parameter to indicate passive mode. Enter a
|
1120
|
+
# single dotted-quad IPv4 address, such as the external IP address of
|
1121
|
+
# a firewall, router, or load balancer.
|
1122
|
+
# @return [Types::ProtocolDetails]
|
1123
|
+
#
|
679
1124
|
# @!attribute [rw] domain
|
1125
|
+
# Specifies the domain of the storage system that is used for file
|
1126
|
+
# transfers.
|
680
1127
|
# @return [String]
|
681
1128
|
#
|
682
1129
|
# @!attribute [rw] endpoint_details
|
683
|
-
#
|
684
|
-
# configured for your server.
|
1130
|
+
# The virtual private cloud (VPC) endpoint settings that are
|
1131
|
+
# configured for your server. When you host your endpoint within your
|
1132
|
+
# VPC, you can make it accessible only to resources within your VPC,
|
1133
|
+
# or you can attach Elastic IP addresses and make it accessible to
|
1134
|
+
# clients over the internet. Your VPC's default security groups are
|
1135
|
+
# automatically assigned to your endpoint.
|
685
1136
|
# @return [Types::EndpointDetails]
|
686
1137
|
#
|
687
1138
|
# @!attribute [rw] endpoint_type
|
@@ -699,21 +1150,31 @@ module Aws::Transfer
|
|
699
1150
|
# @!attribute [rw] identity_provider_details
|
700
1151
|
# Specifies information to call a customer-supplied authentication
|
701
1152
|
# API. This field is not populated when the `IdentityProviderType` of
|
702
|
-
# a server is `SERVICE_MANAGED`.
|
1153
|
+
# a server is `AWS_DIRECTORY_SERVICE` or `SERVICE_MANAGED`.
|
703
1154
|
# @return [Types::IdentityProviderDetails]
|
704
1155
|
#
|
705
1156
|
# @!attribute [rw] identity_provider_type
|
706
|
-
# Specifies the mode of authentication
|
707
|
-
#
|
708
|
-
#
|
709
|
-
#
|
710
|
-
#
|
711
|
-
#
|
1157
|
+
# Specifies the mode of authentication for a server. The default value
|
1158
|
+
# is `SERVICE_MANAGED`, which allows you to store and access user
|
1159
|
+
# credentials within the Amazon Web Services Transfer Family service.
|
1160
|
+
#
|
1161
|
+
# Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
|
1162
|
+
# groups in Amazon Web Services Managed Active Directory or Microsoft
|
1163
|
+
# Active Directory in your on-premises environment or in Amazon Web
|
1164
|
+
# Services using AD Connectors. This option also requires you to
|
1165
|
+
# provide a Directory ID using the `IdentityProviderDetails`
|
1166
|
+
# parameter.
|
1167
|
+
#
|
1168
|
+
# Use the `API_GATEWAY` value to integrate with an identity provider
|
1169
|
+
# of your choosing. The `API_GATEWAY` setting requires you to provide
|
1170
|
+
# an API Gateway endpoint URL to call for authentication using the
|
1171
|
+
# `IdentityProviderDetails` parameter.
|
712
1172
|
# @return [String]
|
713
1173
|
#
|
714
1174
|
# @!attribute [rw] logging_role
|
715
|
-
# Specifies the
|
716
|
-
#
|
1175
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
1176
|
+
# Identity and Access Management (IAM) role that allows a server to
|
1177
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
717
1178
|
# events. When set, user activity can be viewed in your CloudWatch
|
718
1179
|
# logs.
|
719
1180
|
# @return [String]
|
@@ -769,6 +1230,7 @@ module Aws::Transfer
|
|
769
1230
|
class DescribedServer < Struct.new(
|
770
1231
|
:arn,
|
771
1232
|
:certificate,
|
1233
|
+
:protocol_details,
|
772
1234
|
:domain,
|
773
1235
|
:endpoint_details,
|
774
1236
|
:endpoint_type,
|
@@ -794,52 +1256,66 @@ module Aws::Transfer
|
|
794
1256
|
# @return [String]
|
795
1257
|
#
|
796
1258
|
# @!attribute [rw] home_directory
|
797
|
-
#
|
798
|
-
#
|
799
|
-
#
|
800
|
-
#
|
1259
|
+
# The landing directory (folder) for a user when they log in to the
|
1260
|
+
# server using the client.
|
1261
|
+
#
|
1262
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
801
1263
|
# @return [String]
|
802
1264
|
#
|
803
1265
|
# @!attribute [rw] home_directory_mappings
|
804
|
-
#
|
1266
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
805
1267
|
# paths and keys should be visible to your user and how you want to
|
806
|
-
# make them visible. You
|
807
|
-
#
|
808
|
-
#
|
809
|
-
#
|
810
|
-
#
|
811
|
-
#
|
1268
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
1269
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
1270
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
1271
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
1272
|
+
# Services Identity and Access Management (IAM) role provides access
|
1273
|
+
# to paths in `Target`. This value can only be set when
|
1274
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
812
1275
|
#
|
813
1276
|
# In most cases, you can use this value instead of the scope-down
|
814
1277
|
# policy to lock your user down to the designated home directory
|
815
|
-
# ("chroot"). To do this, you can set `Entry` to '/' and set
|
1278
|
+
# ("`chroot`"). To do this, you can set `Entry` to '/' and set
|
816
1279
|
# `Target` to the HomeDirectory parameter value.
|
817
1280
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
818
1281
|
#
|
819
1282
|
# @!attribute [rw] home_directory_type
|
820
|
-
#
|
821
|
-
#
|
822
|
-
#
|
823
|
-
#
|
824
|
-
#
|
825
|
-
#
|
1283
|
+
# The type of landing directory (folder) you want your users' home
|
1284
|
+
# directory to be when they log into the server. If you set it to
|
1285
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
1286
|
+
# as is in their file transfer protocol clients. If you set it
|
1287
|
+
# `LOGICAL`, you will need to provide mappings in the
|
1288
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
826
1289
|
# paths visible to your users.
|
827
1290
|
# @return [String]
|
828
1291
|
#
|
829
1292
|
# @!attribute [rw] policy
|
830
|
-
#
|
1293
|
+
# A scope-down policy for your user so that you can use the same IAM
|
1294
|
+
# role across multiple users. This policy scopes down user access to
|
1295
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
1296
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
1297
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
831
1298
|
# @return [String]
|
832
1299
|
#
|
833
1300
|
# @!attribute [rw] posix_profile
|
1301
|
+
# Specifies the full POSIX identity, including user ID (`Uid`), group
|
1302
|
+
# ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
1303
|
+
# controls your users' access to your Amazon Elastic File System
|
1304
|
+
# (Amazon EFS) file systems. The POSIX permissions that are set on
|
1305
|
+
# files and directories in your file system determine the level of
|
1306
|
+
# access your users get when transferring files into and out of your
|
1307
|
+
# Amazon EFS file systems.
|
834
1308
|
# @return [Types::PosixProfile]
|
835
1309
|
#
|
836
1310
|
# @!attribute [rw] role
|
837
|
-
# Specifies the
|
838
|
-
#
|
839
|
-
#
|
840
|
-
#
|
841
|
-
#
|
842
|
-
#
|
1311
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
1312
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
1313
|
+
# system. The policies attached to this role determine the level of
|
1314
|
+
# access that you want to provide your users when transferring files
|
1315
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
1316
|
+
# role should also contain a trust relationship that allows the server
|
1317
|
+
# to access your resources when servicing your users' transfer
|
1318
|
+
# requests.
|
843
1319
|
# @return [String]
|
844
1320
|
#
|
845
1321
|
# @!attribute [rw] ssh_public_keys
|
@@ -879,7 +1355,19 @@ module Aws::Transfer
|
|
879
1355
|
# for your file transfer protocol-enabled server. With a VPC endpoint,
|
880
1356
|
# you can restrict access to your server and resources only within your
|
881
1357
|
# VPC. To control incoming internet traffic, invoke the `UpdateServer`
|
882
|
-
# API and attach an Elastic IP to your server's endpoint.
|
1358
|
+
# API and attach an Elastic IP address to your server's endpoint.
|
1359
|
+
#
|
1360
|
+
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
1361
|
+
# `EndpointType=VPC_ENDPOINT` in your Amazon Web Servicesaccount if your
|
1362
|
+
# account hasn't already done so before May 19, 2021. If you have
|
1363
|
+
# already created servers with `EndpointType=VPC_ENDPOINT` in your
|
1364
|
+
# Amazon Web Servicesaccount on or before May 19, 2021, you will not be
|
1365
|
+
# affected. After this date, use `EndpointType`=`VPC`.
|
1366
|
+
#
|
1367
|
+
# For more information, see
|
1368
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
1369
|
+
#
|
1370
|
+
# </note>
|
883
1371
|
#
|
884
1372
|
# @note When making an API call, you may pass EndpointDetails
|
885
1373
|
# data as a hash:
|
@@ -917,6 +1405,9 @@ module Aws::Transfer
|
|
917
1405
|
# <note markdown="1"> This property can only be set when `EndpointType` is set to
|
918
1406
|
# `VPC_ENDPOINT`.
|
919
1407
|
#
|
1408
|
+
# For more information, see
|
1409
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
1410
|
+
#
|
920
1411
|
# </note>
|
921
1412
|
# @return [String]
|
922
1413
|
#
|
@@ -934,11 +1425,18 @@ module Aws::Transfer
|
|
934
1425
|
#
|
935
1426
|
# <note markdown="1"> This property can only be set when `EndpointType` is set to `VPC`.
|
936
1427
|
#
|
937
|
-
# You can
|
938
|
-
#
|
939
|
-
# from `PUBLIC` or `VPC_ENDPOINT` to `VPC`.
|
1428
|
+
# You can edit the `SecurityGroupIds` property in the
|
1429
|
+
# [UpdateServer][1] API only if you are changing the `EndpointType`
|
1430
|
+
# from `PUBLIC` or `VPC_ENDPOINT` to `VPC`. To change security groups
|
1431
|
+
# associated with your server's VPC endpoint after creation, use the
|
1432
|
+
# Amazon EC2 [ModifyVpcEndpoint][2] API.
|
940
1433
|
#
|
941
1434
|
# </note>
|
1435
|
+
#
|
1436
|
+
#
|
1437
|
+
#
|
1438
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateServer.html
|
1439
|
+
# [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html
|
942
1440
|
# @return [Array<String>]
|
943
1441
|
#
|
944
1442
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/EndpointDetails AWS API Documentation
|
@@ -956,6 +1454,21 @@ module Aws::Transfer
|
|
956
1454
|
# Represents an object that contains entries and targets for
|
957
1455
|
# `HomeDirectoryMappings`.
|
958
1456
|
#
|
1457
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
1458
|
+
#
|
1459
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
1460
|
+
#
|
1461
|
+
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon S3
|
1462
|
+
# or EFS, the entry is ignored. As a workaround, you can use the Amazon
|
1463
|
+
# S3 API or EFS API to create 0 byte objects as place holders for your
|
1464
|
+
# directory. If using the CLI, use the `s3api` or `efsapi` call instead
|
1465
|
+
# of `s3` or `efs` so you can use the put-object operation. For example,
|
1466
|
+
# you use the following: `aws s3api put-object --bucket bucketname --key
|
1467
|
+
# path/to/folder/`. Make sure that the end of the key name ends in a `/`
|
1468
|
+
# for it to be considered a folder.
|
1469
|
+
#
|
1470
|
+
# </note>
|
1471
|
+
#
|
959
1472
|
# @note When making an API call, you may pass HomeDirectoryMapEntry
|
960
1473
|
# data as a hash:
|
961
1474
|
#
|
@@ -965,7 +1478,7 @@ module Aws::Transfer
|
|
965
1478
|
# }
|
966
1479
|
#
|
967
1480
|
# @!attribute [rw] entry
|
968
|
-
# Represents an entry
|
1481
|
+
# Represents an entry for `HomeDirectoryMappings`.
|
969
1482
|
# @return [String]
|
970
1483
|
#
|
971
1484
|
# @!attribute [rw] target
|
@@ -991,6 +1504,7 @@ module Aws::Transfer
|
|
991
1504
|
# {
|
992
1505
|
# url: "Url",
|
993
1506
|
# invocation_role: "Role",
|
1507
|
+
# directory_id: "DirectoryId",
|
994
1508
|
# }
|
995
1509
|
#
|
996
1510
|
# @!attribute [rw] url
|
@@ -1003,11 +1517,17 @@ module Aws::Transfer
|
|
1003
1517
|
# account.
|
1004
1518
|
# @return [String]
|
1005
1519
|
#
|
1520
|
+
# @!attribute [rw] directory_id
|
1521
|
+
# The identifier of the Amazon Web ServicesDirectory Service directory
|
1522
|
+
# that you want to stop sharing.
|
1523
|
+
# @return [String]
|
1524
|
+
#
|
1006
1525
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/IdentityProviderDetails AWS API Documentation
|
1007
1526
|
#
|
1008
1527
|
class IdentityProviderDetails < Struct.new(
|
1009
1528
|
:url,
|
1010
|
-
:invocation_role
|
1529
|
+
:invocation_role,
|
1530
|
+
:directory_id)
|
1011
1531
|
SENSITIVE = []
|
1012
1532
|
include Aws::Structure
|
1013
1533
|
end
|
@@ -1070,8 +1590,8 @@ module Aws::Transfer
|
|
1070
1590
|
include Aws::Structure
|
1071
1591
|
end
|
1072
1592
|
|
1073
|
-
# This exception is thrown when an error occurs in the
|
1074
|
-
# Family service.
|
1593
|
+
# This exception is thrown when an error occurs in the Amazon Web
|
1594
|
+
# ServicesTransfer Family service.
|
1075
1595
|
#
|
1076
1596
|
# @!attribute [rw] message
|
1077
1597
|
# @return [String]
|
@@ -1110,6 +1630,68 @@ module Aws::Transfer
|
|
1110
1630
|
include Aws::Structure
|
1111
1631
|
end
|
1112
1632
|
|
1633
|
+
# @note When making an API call, you may pass ListAccessesRequest
|
1634
|
+
# data as a hash:
|
1635
|
+
#
|
1636
|
+
# {
|
1637
|
+
# max_results: 1,
|
1638
|
+
# next_token: "NextToken",
|
1639
|
+
# server_id: "ServerId", # required
|
1640
|
+
# }
|
1641
|
+
#
|
1642
|
+
# @!attribute [rw] max_results
|
1643
|
+
# Specifies the maximum number of access SIDs to return.
|
1644
|
+
# @return [Integer]
|
1645
|
+
#
|
1646
|
+
# @!attribute [rw] next_token
|
1647
|
+
# When you can get additional results from the `ListAccesses` call, a
|
1648
|
+
# `NextToken` parameter is returned in the output. You can then pass
|
1649
|
+
# in a subsequent command to the `NextToken` parameter to continue
|
1650
|
+
# listing additional accesses.
|
1651
|
+
# @return [String]
|
1652
|
+
#
|
1653
|
+
# @!attribute [rw] server_id
|
1654
|
+
# A system-assigned unique identifier for a server that has users
|
1655
|
+
# assigned to it.
|
1656
|
+
# @return [String]
|
1657
|
+
#
|
1658
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAccessesRequest AWS API Documentation
|
1659
|
+
#
|
1660
|
+
class ListAccessesRequest < Struct.new(
|
1661
|
+
:max_results,
|
1662
|
+
:next_token,
|
1663
|
+
:server_id)
|
1664
|
+
SENSITIVE = []
|
1665
|
+
include Aws::Structure
|
1666
|
+
end
|
1667
|
+
|
1668
|
+
# @!attribute [rw] next_token
|
1669
|
+
# When you can get additional results from the `ListAccesses` call, a
|
1670
|
+
# `NextToken` parameter is returned in the output. You can then pass
|
1671
|
+
# in a subsequent command to the `NextToken` parameter to continue
|
1672
|
+
# listing additional accesses.
|
1673
|
+
# @return [String]
|
1674
|
+
#
|
1675
|
+
# @!attribute [rw] server_id
|
1676
|
+
# A system-assigned unique identifier for a server that has users
|
1677
|
+
# assigned to it.
|
1678
|
+
# @return [String]
|
1679
|
+
#
|
1680
|
+
# @!attribute [rw] accesses
|
1681
|
+
# Returns the accesses and their properties for the `ServerId` value
|
1682
|
+
# that you specify.
|
1683
|
+
# @return [Array<Types::ListedAccess>]
|
1684
|
+
#
|
1685
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAccessesResponse AWS API Documentation
|
1686
|
+
#
|
1687
|
+
class ListAccessesResponse < Struct.new(
|
1688
|
+
:next_token,
|
1689
|
+
:server_id,
|
1690
|
+
:accesses)
|
1691
|
+
SENSITIVE = []
|
1692
|
+
include Aws::Structure
|
1693
|
+
end
|
1694
|
+
|
1113
1695
|
# @note When making an API call, you may pass ListSecurityPoliciesRequest
|
1114
1696
|
# data as a hash:
|
1115
1697
|
#
|
@@ -1219,8 +1801,8 @@ module Aws::Transfer
|
|
1219
1801
|
#
|
1220
1802
|
# @!attribute [rw] arn
|
1221
1803
|
# Requests the tags associated with a particular Amazon Resource Name
|
1222
|
-
# (ARN). An ARN is an identifier for a specific
|
1223
|
-
# a server, user, or role.
|
1804
|
+
# (ARN). An ARN is an identifier for a specific Amazon Web Services
|
1805
|
+
# resource, such as a server, user, or role.
|
1224
1806
|
# @return [String]
|
1225
1807
|
#
|
1226
1808
|
# @!attribute [rw] max_results
|
@@ -1335,6 +1917,67 @@ module Aws::Transfer
|
|
1335
1917
|
include Aws::Structure
|
1336
1918
|
end
|
1337
1919
|
|
1920
|
+
# Lists the properties for one or more specified associated accesses.
|
1921
|
+
#
|
1922
|
+
# @!attribute [rw] home_directory
|
1923
|
+
# The landing directory (folder) for a user when they log in to the
|
1924
|
+
# server using the client.
|
1925
|
+
#
|
1926
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
1927
|
+
# @return [String]
|
1928
|
+
#
|
1929
|
+
# @!attribute [rw] home_directory_type
|
1930
|
+
# The type of landing directory (folder) you want your users' home
|
1931
|
+
# directory to be when they log into the server. If you set it to
|
1932
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
1933
|
+
# as is in their file transfer protocol clients. If you set it
|
1934
|
+
# `LOGICAL`, you will need to provide mappings in the
|
1935
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
1936
|
+
# paths visible to your users.
|
1937
|
+
# @return [String]
|
1938
|
+
#
|
1939
|
+
# @!attribute [rw] role
|
1940
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
1941
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
1942
|
+
# system. The policies attached to this role determine the level of
|
1943
|
+
# access that you want to provide your users when transferring files
|
1944
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
1945
|
+
# role should also contain a trust relationship that allows the server
|
1946
|
+
# to access your resources when servicing your users' transfer
|
1947
|
+
# requests.
|
1948
|
+
# @return [String]
|
1949
|
+
#
|
1950
|
+
# @!attribute [rw] external_id
|
1951
|
+
# A unique identifier that is required to identify specific groups
|
1952
|
+
# within your directory. The users of the group that you associate
|
1953
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
1954
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
1955
|
+
# know the group name, you can view the SID values by running the
|
1956
|
+
# following command using Windows PowerShell.
|
1957
|
+
#
|
1958
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
1959
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
1960
|
+
#
|
1961
|
+
# In that command, replace *YourGroupName* with the name of your
|
1962
|
+
# Active Directory group.
|
1963
|
+
#
|
1964
|
+
# The regex used to validate this parameter is a string of characters
|
1965
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
1966
|
+
# no spaces. You can also include underscores or any of the following
|
1967
|
+
# characters: =,.@:/-
|
1968
|
+
# @return [String]
|
1969
|
+
#
|
1970
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedAccess AWS API Documentation
|
1971
|
+
#
|
1972
|
+
class ListedAccess < Struct.new(
|
1973
|
+
:home_directory,
|
1974
|
+
:home_directory_type,
|
1975
|
+
:role,
|
1976
|
+
:external_id)
|
1977
|
+
SENSITIVE = []
|
1978
|
+
include Aws::Structure
|
1979
|
+
end
|
1980
|
+
|
1338
1981
|
# Returns properties of a file transfer protocol-enabled server that was
|
1339
1982
|
# specified.
|
1340
1983
|
#
|
@@ -1344,13 +1987,26 @@ module Aws::Transfer
|
|
1344
1987
|
# @return [String]
|
1345
1988
|
#
|
1346
1989
|
# @!attribute [rw] domain
|
1990
|
+
# Specifies the domain of the storage system that is used for file
|
1991
|
+
# transfers.
|
1347
1992
|
# @return [String]
|
1348
1993
|
#
|
1349
1994
|
# @!attribute [rw] identity_provider_type
|
1350
|
-
# Specifies the
|
1351
|
-
#
|
1352
|
-
#
|
1353
|
-
#
|
1995
|
+
# Specifies the mode of authentication for a server. The default value
|
1996
|
+
# is `SERVICE_MANAGED`, which allows you to store and access user
|
1997
|
+
# credentials within the Amazon Web Services Transfer Family service.
|
1998
|
+
#
|
1999
|
+
# Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
|
2000
|
+
# groups in Amazon Web Services Managed Active Directory or Microsoft
|
2001
|
+
# Active Directory in your on-premises environment or in Amazon Web
|
2002
|
+
# Services using AD Connectors. This option also requires you to
|
2003
|
+
# provide a Directory ID using the `IdentityProviderDetails`
|
2004
|
+
# parameter.
|
2005
|
+
#
|
2006
|
+
# Use the `API_GATEWAY` value to integrate with an identity provider
|
2007
|
+
# of your choosing. The `API_GATEWAY` setting requires you to provide
|
2008
|
+
# an API Gateway endpoint URL to call for authentication using the
|
2009
|
+
# `IdentityProviderDetails` parameter.
|
1354
2010
|
# @return [String]
|
1355
2011
|
#
|
1356
2012
|
# @!attribute [rw] endpoint_type
|
@@ -1360,8 +2016,11 @@ module Aws::Transfer
|
|
1360
2016
|
# @return [String]
|
1361
2017
|
#
|
1362
2018
|
# @!attribute [rw] logging_role
|
1363
|
-
# Specifies the
|
1364
|
-
#
|
2019
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
2020
|
+
# Identity and Access Management (IAM) role that allows a server to
|
2021
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
2022
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
2023
|
+
# logs.
|
1365
2024
|
# @return [String]
|
1366
2025
|
#
|
1367
2026
|
# @!attribute [rw] server_id
|
@@ -1409,26 +2068,41 @@ module Aws::Transfer
|
|
1409
2068
|
# @return [String]
|
1410
2069
|
#
|
1411
2070
|
# @!attribute [rw] home_directory
|
1412
|
-
#
|
1413
|
-
#
|
2071
|
+
# The landing directory (folder) for a user when they log in to the
|
2072
|
+
# server using the client.
|
2073
|
+
#
|
2074
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
1414
2075
|
# @return [String]
|
1415
2076
|
#
|
1416
2077
|
# @!attribute [rw] home_directory_type
|
1417
|
-
#
|
1418
|
-
#
|
1419
|
-
# the absolute Amazon S3 bucket
|
1420
|
-
# protocol clients. If you set it
|
1421
|
-
#
|
1422
|
-
#
|
2078
|
+
# The type of landing directory (folder) you want your users' home
|
2079
|
+
# directory to be when they log into the server. If you set it to
|
2080
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
2081
|
+
# as is in their file transfer protocol clients. If you set it
|
2082
|
+
# `LOGICAL`, you will need to provide mappings in the
|
2083
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
2084
|
+
# paths visible to your users.
|
1423
2085
|
# @return [String]
|
1424
2086
|
#
|
1425
2087
|
# @!attribute [rw] role
|
1426
|
-
# Specifies the
|
1427
|
-
#
|
1428
|
-
#
|
1429
|
-
#
|
1430
|
-
#
|
1431
|
-
#
|
2088
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
2089
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
2090
|
+
# system. The policies attached to this role determine the level of
|
2091
|
+
# access that you want to provide your users when transferring files
|
2092
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
2093
|
+
# role should also contain a trust relationship that allows the server
|
2094
|
+
# to access your resources when servicing your users' transfer
|
2095
|
+
# requests.
|
2096
|
+
#
|
2097
|
+
# <note markdown="1"> The IAM role that controls your users' access to your Amazon S3
|
2098
|
+
# bucket for servers with `Domain=S3`, or your EFS file system for
|
2099
|
+
# servers with `Domain=EFS`.
|
2100
|
+
#
|
2101
|
+
# The policies attached to this role determine the level of access you
|
2102
|
+
# want to provide your users when transferring files into and out of
|
2103
|
+
# your S3 buckets or EFS file systems.
|
2104
|
+
#
|
2105
|
+
# </note>
|
1432
2106
|
# @return [String]
|
1433
2107
|
#
|
1434
2108
|
# @!attribute [rw] ssh_public_key_count
|
@@ -1454,6 +2128,13 @@ module Aws::Transfer
|
|
1454
2128
|
include Aws::Structure
|
1455
2129
|
end
|
1456
2130
|
|
2131
|
+
# The full POSIX identity, including user ID (`Uid`), group ID (`Gid`),
|
2132
|
+
# and any secondary groups IDs (`SecondaryGids`), that controls your
|
2133
|
+
# users' access to your Amazon EFS file systems. The POSIX permissions
|
2134
|
+
# that are set on files and directories in your file system determine
|
2135
|
+
# the level of access your users get when transferring files into and
|
2136
|
+
# out of your Amazon EFS file systems.
|
2137
|
+
#
|
1457
2138
|
# @note When making an API call, you may pass PosixProfile
|
1458
2139
|
# data as a hash:
|
1459
2140
|
#
|
@@ -1464,12 +2145,16 @@ module Aws::Transfer
|
|
1464
2145
|
# }
|
1465
2146
|
#
|
1466
2147
|
# @!attribute [rw] uid
|
2148
|
+
# The POSIX user ID used for all EFS operations by this user.
|
1467
2149
|
# @return [Integer]
|
1468
2150
|
#
|
1469
2151
|
# @!attribute [rw] gid
|
2152
|
+
# The POSIX group ID used for all EFS operations by this user.
|
1470
2153
|
# @return [Integer]
|
1471
2154
|
#
|
1472
2155
|
# @!attribute [rw] secondary_gids
|
2156
|
+
# The secondary POSIX group IDs used for all EFS operations by this
|
2157
|
+
# user.
|
1473
2158
|
# @return [Array<Integer>]
|
1474
2159
|
#
|
1475
2160
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/PosixProfile AWS API Documentation
|
@@ -1482,6 +2167,38 @@ module Aws::Transfer
|
|
1482
2167
|
include Aws::Structure
|
1483
2168
|
end
|
1484
2169
|
|
2170
|
+
# The protocol settings that are configured for your server.
|
2171
|
+
#
|
2172
|
+
# <note markdown="1"> This type is only valid in the `UpdateServer` API.
|
2173
|
+
#
|
2174
|
+
# </note>
|
2175
|
+
#
|
2176
|
+
# @note When making an API call, you may pass ProtocolDetails
|
2177
|
+
# data as a hash:
|
2178
|
+
#
|
2179
|
+
# {
|
2180
|
+
# passive_ip: "PassiveIp",
|
2181
|
+
# }
|
2182
|
+
#
|
2183
|
+
# @!attribute [rw] passive_ip
|
2184
|
+
# Indicates passive mode, for FTP and FTPS protocols. Enter a single
|
2185
|
+
# dotted-quad IPv4 address, such as the external IP address of a
|
2186
|
+
# firewall, router, or load balancer. For example:
|
2187
|
+
#
|
2188
|
+
# ` aws transfer update-server --protocol-details PassiveIp=0.0.0.0 `
|
2189
|
+
#
|
2190
|
+
# Replace ` 0.0.0.0 ` in the example above with the actual IP address
|
2191
|
+
# you want to use.
|
2192
|
+
# @return [String]
|
2193
|
+
#
|
2194
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ProtocolDetails AWS API Documentation
|
2195
|
+
#
|
2196
|
+
class ProtocolDetails < Struct.new(
|
2197
|
+
:passive_ip)
|
2198
|
+
SENSITIVE = []
|
2199
|
+
include Aws::Structure
|
2200
|
+
end
|
2201
|
+
|
1485
2202
|
# The requested resource does not exist.
|
1486
2203
|
#
|
1487
2204
|
# @!attribute [rw] message
|
@@ -1503,8 +2220,8 @@ module Aws::Transfer
|
|
1503
2220
|
include Aws::Structure
|
1504
2221
|
end
|
1505
2222
|
|
1506
|
-
# This exception is thrown when a resource is not found by the
|
1507
|
-
#
|
2223
|
+
# This exception is thrown when a resource is not found by the Amazon
|
2224
|
+
# Web ServicesTransfer Family service.
|
1508
2225
|
#
|
1509
2226
|
# @!attribute [rw] message
|
1510
2227
|
# @return [String]
|
@@ -1525,8 +2242,8 @@ module Aws::Transfer
|
|
1525
2242
|
include Aws::Structure
|
1526
2243
|
end
|
1527
2244
|
|
1528
|
-
# The request has failed because the
|
1529
|
-
# available.
|
2245
|
+
# The request has failed because the Amazon Web ServicesTransfer Family
|
2246
|
+
# service is not available.
|
1530
2247
|
#
|
1531
2248
|
# @!attribute [rw] message
|
1532
2249
|
# @return [String]
|
@@ -1656,8 +2373,8 @@ module Aws::Transfer
|
|
1656
2373
|
# }
|
1657
2374
|
#
|
1658
2375
|
# @!attribute [rw] arn
|
1659
|
-
# An Amazon Resource Name (ARN) for a specific
|
1660
|
-
# server, user, or role.
|
2376
|
+
# An Amazon Resource Name (ARN) for a specific Amazon Web Services
|
2377
|
+
# resource, such as a server, user, or role.
|
1661
2378
|
# @return [String]
|
1662
2379
|
#
|
1663
2380
|
# @!attribute [rw] tags
|
@@ -1779,8 +2496,8 @@ module Aws::Transfer
|
|
1779
2496
|
#
|
1780
2497
|
# @!attribute [rw] arn
|
1781
2498
|
# The value of the resource that will have the tag removed. An Amazon
|
1782
|
-
# Resource Name (ARN) is an identifier for a specific
|
1783
|
-
# such as a server, user, or role.
|
2499
|
+
# Resource Name (ARN) is an identifier for a specific Amazon Web
|
2500
|
+
# Services resource, such as a server, user, or role.
|
1784
2501
|
# @return [String]
|
1785
2502
|
#
|
1786
2503
|
# @!attribute [rw] tag_keys
|
@@ -1798,11 +2515,199 @@ module Aws::Transfer
|
|
1798
2515
|
include Aws::Structure
|
1799
2516
|
end
|
1800
2517
|
|
2518
|
+
# @note When making an API call, you may pass UpdateAccessRequest
|
2519
|
+
# data as a hash:
|
2520
|
+
#
|
2521
|
+
# {
|
2522
|
+
# home_directory: "HomeDirectory",
|
2523
|
+
# home_directory_type: "PATH", # accepts PATH, LOGICAL
|
2524
|
+
# home_directory_mappings: [
|
2525
|
+
# {
|
2526
|
+
# entry: "MapEntry", # required
|
2527
|
+
# target: "MapTarget", # required
|
2528
|
+
# },
|
2529
|
+
# ],
|
2530
|
+
# policy: "Policy",
|
2531
|
+
# posix_profile: {
|
2532
|
+
# uid: 1, # required
|
2533
|
+
# gid: 1, # required
|
2534
|
+
# secondary_gids: [1],
|
2535
|
+
# },
|
2536
|
+
# role: "Role",
|
2537
|
+
# server_id: "ServerId", # required
|
2538
|
+
# external_id: "ExternalId", # required
|
2539
|
+
# }
|
2540
|
+
#
|
2541
|
+
# @!attribute [rw] home_directory
|
2542
|
+
# The landing directory (folder) for a user when they log in to the
|
2543
|
+
# server using the client.
|
2544
|
+
#
|
2545
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
2546
|
+
# @return [String]
|
2547
|
+
#
|
2548
|
+
# @!attribute [rw] home_directory_type
|
2549
|
+
# The type of landing directory (folder) you want your users' home
|
2550
|
+
# directory to be when they log into the server. If you set it to
|
2551
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
2552
|
+
# as is in their file transfer protocol clients. If you set it
|
2553
|
+
# `LOGICAL`, you will need to provide mappings in the
|
2554
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
2555
|
+
# paths visible to your users.
|
2556
|
+
# @return [String]
|
2557
|
+
#
|
2558
|
+
# @!attribute [rw] home_directory_mappings
|
2559
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
2560
|
+
# paths and keys should be visible to your user and how you want to
|
2561
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
2562
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
2563
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
2564
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
2565
|
+
# Services Identity and Access Management (IAM) role provides access
|
2566
|
+
# to paths in `Target`. This value can only be set when
|
2567
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
2568
|
+
#
|
2569
|
+
# The following is an `Entry` and `Target` pair example.
|
2570
|
+
#
|
2571
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
2572
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
2573
|
+
#
|
2574
|
+
# In most cases, you can use this value instead of the scope-down
|
2575
|
+
# policy to lock down your user to the designated home directory
|
2576
|
+
# ("`chroot`"). To do this, you can set `Entry` to `/` and set
|
2577
|
+
# `Target` to the `HomeDirectory` parameter value.
|
2578
|
+
#
|
2579
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
2580
|
+
#
|
2581
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
2582
|
+
#
|
2583
|
+
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
2584
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
2585
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
2586
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
2587
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
2588
|
+
# operation. For example, you use the following: `aws s3api put-object
|
2589
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
2590
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
2591
|
+
#
|
2592
|
+
# </note>
|
2593
|
+
# @return [Array<Types::HomeDirectoryMapEntry>]
|
2594
|
+
#
|
2595
|
+
# @!attribute [rw] policy
|
2596
|
+
# A scope-down policy for your user so that you can use the same IAM
|
2597
|
+
# role across multiple users. This policy scopes down user access to
|
2598
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
2599
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
2600
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
2601
|
+
#
|
2602
|
+
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
2603
|
+
# not use scope down policy.
|
2604
|
+
#
|
2605
|
+
# For scope-down policies, Amazon Web ServicesTransfer Family stores
|
2606
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
2607
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
2608
|
+
# `Policy` argument.
|
2609
|
+
#
|
2610
|
+
# For an example of a scope-down policy, see [Example scope-down
|
2611
|
+
# policy][1].
|
2612
|
+
#
|
2613
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
2614
|
+
# ServicesSecurity Token Service API Reference*.
|
2615
|
+
#
|
2616
|
+
# </note>
|
2617
|
+
#
|
2618
|
+
#
|
2619
|
+
#
|
2620
|
+
# [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
|
2621
|
+
# [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
|
2622
|
+
# @return [String]
|
2623
|
+
#
|
2624
|
+
# @!attribute [rw] posix_profile
|
2625
|
+
# The full POSIX identity, including user ID (`Uid`), group ID
|
2626
|
+
# (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
2627
|
+
# controls your users' access to your Amazon EFS file systems. The
|
2628
|
+
# POSIX permissions that are set on files and directories in your file
|
2629
|
+
# system determine the level of access your users get when
|
2630
|
+
# transferring files into and out of your Amazon EFS file systems.
|
2631
|
+
# @return [Types::PosixProfile]
|
2632
|
+
#
|
2633
|
+
# @!attribute [rw] role
|
2634
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
2635
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
2636
|
+
# system. The policies attached to this role determine the level of
|
2637
|
+
# access that you want to provide your users when transferring files
|
2638
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
2639
|
+
# role should also contain a trust relationship that allows the server
|
2640
|
+
# to access your resources when servicing your users' transfer
|
2641
|
+
# requests.
|
2642
|
+
# @return [String]
|
2643
|
+
#
|
2644
|
+
# @!attribute [rw] server_id
|
2645
|
+
# A system-assigned unique identifier for a server instance. This is
|
2646
|
+
# the specific server that you added your user to.
|
2647
|
+
# @return [String]
|
2648
|
+
#
|
2649
|
+
# @!attribute [rw] external_id
|
2650
|
+
# A unique identifier that is required to identify specific groups
|
2651
|
+
# within your directory. The users of the group that you associate
|
2652
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
2653
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
2654
|
+
# know the group name, you can view the SID values by running the
|
2655
|
+
# following command using Windows PowerShell.
|
2656
|
+
#
|
2657
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
2658
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
2659
|
+
#
|
2660
|
+
# In that command, replace *YourGroupName* with the name of your
|
2661
|
+
# Active Directory group.
|
2662
|
+
#
|
2663
|
+
# The regex used to validate this parameter is a string of characters
|
2664
|
+
# consisting of uppercase and lowercase alphanumeric characters with
|
2665
|
+
# no spaces. You can also include underscores or any of the following
|
2666
|
+
# characters: =,.@:/-
|
2667
|
+
# @return [String]
|
2668
|
+
#
|
2669
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessRequest AWS API Documentation
|
2670
|
+
#
|
2671
|
+
class UpdateAccessRequest < Struct.new(
|
2672
|
+
:home_directory,
|
2673
|
+
:home_directory_type,
|
2674
|
+
:home_directory_mappings,
|
2675
|
+
:policy,
|
2676
|
+
:posix_profile,
|
2677
|
+
:role,
|
2678
|
+
:server_id,
|
2679
|
+
:external_id)
|
2680
|
+
SENSITIVE = []
|
2681
|
+
include Aws::Structure
|
2682
|
+
end
|
2683
|
+
|
2684
|
+
# @!attribute [rw] server_id
|
2685
|
+
# The ID of the server that the user is attached to.
|
2686
|
+
# @return [String]
|
2687
|
+
#
|
2688
|
+
# @!attribute [rw] external_id
|
2689
|
+
# The external ID of the group whose users have access to your Amazon
|
2690
|
+
# S3 or Amazon EFS resources over the enabled protocols using Amazon
|
2691
|
+
# Web ServicesTransfer Family.
|
2692
|
+
# @return [String]
|
2693
|
+
#
|
2694
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessResponse AWS API Documentation
|
2695
|
+
#
|
2696
|
+
class UpdateAccessResponse < Struct.new(
|
2697
|
+
:server_id,
|
2698
|
+
:external_id)
|
2699
|
+
SENSITIVE = []
|
2700
|
+
include Aws::Structure
|
2701
|
+
end
|
2702
|
+
|
1801
2703
|
# @note When making an API call, you may pass UpdateServerRequest
|
1802
2704
|
# data as a hash:
|
1803
2705
|
#
|
1804
2706
|
# {
|
1805
2707
|
# certificate: "Certificate",
|
2708
|
+
# protocol_details: {
|
2709
|
+
# passive_ip: "PassiveIp",
|
2710
|
+
# },
|
1806
2711
|
# endpoint_details: {
|
1807
2712
|
# address_allocation_ids: ["AddressAllocationId"],
|
1808
2713
|
# subnet_ids: ["SubnetId"],
|
@@ -1815,6 +2720,7 @@ module Aws::Transfer
|
|
1815
2720
|
# identity_provider_details: {
|
1816
2721
|
# url: "Url",
|
1817
2722
|
# invocation_role: "Role",
|
2723
|
+
# directory_id: "DirectoryId",
|
1818
2724
|
# },
|
1819
2725
|
# logging_role: "NullableRole",
|
1820
2726
|
# protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
|
@@ -1823,19 +2729,21 @@ module Aws::Transfer
|
|
1823
2729
|
# }
|
1824
2730
|
#
|
1825
2731
|
# @!attribute [rw] certificate
|
1826
|
-
# The Amazon Resource Name (ARN) of the
|
1827
|
-
# certificate. Required when `Protocols` is set to
|
2732
|
+
# The Amazon Resource Name (ARN) of the Amazon Web ServicesCertificate
|
2733
|
+
# Manager (ACM) certificate. Required when `Protocols` is set to
|
2734
|
+
# `FTPS`.
|
1828
2735
|
#
|
1829
2736
|
# To request a new public certificate, see [Request a public
|
1830
|
-
# certificate][1] in the <i>
|
2737
|
+
# certificate][1] in the <i> Amazon Web ServicesCertificate Manager
|
2738
|
+
# User Guide</i>.
|
1831
2739
|
#
|
1832
2740
|
# To import an existing certificate into ACM, see [Importing
|
1833
|
-
# certificates into ACM][2] in the <i>
|
1834
|
-
# Guide</i>.
|
2741
|
+
# certificates into ACM][2] in the <i> Amazon Web ServicesCertificate
|
2742
|
+
# Manager User Guide</i>.
|
1835
2743
|
#
|
1836
2744
|
# To request a private certificate to use FTPS through private IP
|
1837
|
-
# addresses, see [Request a private certificate][3] in the <i>
|
1838
|
-
#
|
2745
|
+
# addresses, see [Request a private certificate][3] in the <i> Amazon
|
2746
|
+
# Web ServicesCertificate Manager User Guide</i>.
|
1839
2747
|
#
|
1840
2748
|
# Certificates with the following cryptographic algorithms and key
|
1841
2749
|
# sizes are supported:
|
@@ -1862,21 +2770,42 @@ module Aws::Transfer
|
|
1862
2770
|
# [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
|
1863
2771
|
# @return [String]
|
1864
2772
|
#
|
2773
|
+
# @!attribute [rw] protocol_details
|
2774
|
+
# The protocol settings that are configured for your server.
|
2775
|
+
#
|
2776
|
+
# Use the `PassiveIp` parameter to indicate passive mode (for FTP and
|
2777
|
+
# FTPS protocols). Enter a single dotted-quad IPv4 address, such as
|
2778
|
+
# the external IP address of a firewall, router, or load balancer.
|
2779
|
+
# @return [Types::ProtocolDetails]
|
2780
|
+
#
|
1865
2781
|
# @!attribute [rw] endpoint_details
|
1866
2782
|
# The virtual private cloud (VPC) endpoint settings that are
|
1867
|
-
# configured for your server.
|
1868
|
-
#
|
1869
|
-
#
|
1870
|
-
#
|
2783
|
+
# configured for your server. When you host your endpoint within your
|
2784
|
+
# VPC, you can make it accessible only to resources within your VPC,
|
2785
|
+
# or you can attach Elastic IP addresses and make it accessible to
|
2786
|
+
# clients over the internet. Your VPC's default security groups are
|
2787
|
+
# automatically assigned to your endpoint.
|
1871
2788
|
# @return [Types::EndpointDetails]
|
1872
2789
|
#
|
1873
2790
|
# @!attribute [rw] endpoint_type
|
1874
|
-
# The type of endpoint that you want your server to
|
1875
|
-
#
|
1876
|
-
#
|
1877
|
-
#
|
1878
|
-
#
|
1879
|
-
#
|
2791
|
+
# The type of endpoint that you want your server to use. You can
|
2792
|
+
# choose to make your server's endpoint publicly accessible (PUBLIC)
|
2793
|
+
# or host it inside your VPC. With an endpoint that is hosted in a
|
2794
|
+
# VPC, you can restrict access to your server and resources only
|
2795
|
+
# within your VPC or choose to make it internet facing by attaching
|
2796
|
+
# Elastic IP addresses directly to it.
|
2797
|
+
#
|
2798
|
+
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
2799
|
+
# `EndpointType=VPC_ENDPOINT` in your Amazon Web Servicesaccount if
|
2800
|
+
# your account hasn't already done so before May 19, 2021. If you
|
2801
|
+
# have already created servers with `EndpointType=VPC_ENDPOINT` in
|
2802
|
+
# your Amazon Web Servicesaccount on or before May 19, 2021, you will
|
2803
|
+
# not be affected. After this date, use `EndpointType`=`VPC`.
|
2804
|
+
#
|
2805
|
+
# For more information, see
|
2806
|
+
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
2807
|
+
#
|
2808
|
+
# It is recommended that you use `VPC` as the `EndpointType`. With
|
1880
2809
|
# this endpoint type, you have the option to directly associate up to
|
1881
2810
|
# three Elastic IPv4 addresses (BYO IP included) with your server's
|
1882
2811
|
# endpoint and use VPC security groups to restrict traffic by the
|
@@ -1895,7 +2824,7 @@ module Aws::Transfer
|
|
1895
2824
|
# changing a server's host key can be disruptive.
|
1896
2825
|
#
|
1897
2826
|
# For more information, see [Change the host key for your SFTP-enabled
|
1898
|
-
# server][1] in the *
|
2827
|
+
# server][1] in the *Amazon Web ServicesTransfer Family User Guide*.
|
1899
2828
|
#
|
1900
2829
|
#
|
1901
2830
|
#
|
@@ -1908,9 +2837,11 @@ module Aws::Transfer
|
|
1908
2837
|
# @return [Types::IdentityProviderDetails]
|
1909
2838
|
#
|
1910
2839
|
# @!attribute [rw] logging_role
|
1911
|
-
#
|
1912
|
-
#
|
1913
|
-
#
|
2840
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
2841
|
+
# Identity and Access Management (IAM) role that allows a server to
|
2842
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
2843
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
2844
|
+
# logs.
|
1914
2845
|
# @return [String]
|
1915
2846
|
#
|
1916
2847
|
# @!attribute [rw] protocols
|
@@ -1926,13 +2857,13 @@ module Aws::Transfer
|
|
1926
2857
|
#
|
1927
2858
|
# * File Transfer Protocol (FTP): Unencrypted file transfer
|
1928
2859
|
#
|
1929
|
-
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in
|
1930
|
-
#
|
1931
|
-
# when clients connect to it over FTPS.
|
2860
|
+
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
|
2861
|
+
# Web ServicesCertificate Manager (ACM) which will be used to identify
|
2862
|
+
# your server when clients connect to it over FTPS.
|
1932
2863
|
#
|
1933
2864
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
1934
2865
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
1935
|
-
# `API_GATEWAY`.
|
2866
|
+
# `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
|
1936
2867
|
#
|
1937
2868
|
# If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
|
1938
2869
|
# associated.
|
@@ -1958,6 +2889,7 @@ module Aws::Transfer
|
|
1958
2889
|
#
|
1959
2890
|
class UpdateServerRequest < Struct.new(
|
1960
2891
|
:certificate,
|
2892
|
+
:protocol_details,
|
1961
2893
|
:endpoint_details,
|
1962
2894
|
:endpoint_type,
|
1963
2895
|
:host_key,
|
@@ -2007,69 +2939,79 @@ module Aws::Transfer
|
|
2007
2939
|
# }
|
2008
2940
|
#
|
2009
2941
|
# @!attribute [rw] home_directory
|
2010
|
-
#
|
2011
|
-
#
|
2942
|
+
# The landing directory (folder) for a user when they log in to the
|
2943
|
+
# server using the client.
|
2012
2944
|
#
|
2013
|
-
#
|
2945
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
2014
2946
|
# @return [String]
|
2015
2947
|
#
|
2016
2948
|
# @!attribute [rw] home_directory_type
|
2017
2949
|
# The type of landing directory (folder) you want your users' home
|
2018
2950
|
# directory to be when they log into the server. If you set it to
|
2019
|
-
# `PATH`, the user will see the absolute Amazon S3 bucket
|
2020
|
-
# in their file transfer protocol clients. If you set it
|
2021
|
-
# you will need to provide mappings in the
|
2022
|
-
# how you want to make Amazon S3
|
2951
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
2952
|
+
# as is in their file transfer protocol clients. If you set it
|
2953
|
+
# `LOGICAL`, you will need to provide mappings in the
|
2954
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
2955
|
+
# paths visible to your users.
|
2023
2956
|
# @return [String]
|
2024
2957
|
#
|
2025
2958
|
# @!attribute [rw] home_directory_mappings
|
2026
|
-
# Logical directory mappings that specify what Amazon S3
|
2027
|
-
# keys should be visible to your user and how you want to
|
2028
|
-
# visible. You
|
2029
|
-
#
|
2030
|
-
#
|
2031
|
-
#
|
2032
|
-
#
|
2033
|
-
#
|
2034
|
-
#
|
2035
|
-
#
|
2036
|
-
#
|
2037
|
-
#
|
2959
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
2960
|
+
# paths and keys should be visible to your user and how you want to
|
2961
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
2962
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
2963
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
2964
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
2965
|
+
# Services Identity and Access Management (IAM) role provides access
|
2966
|
+
# to paths in `Target`. This value can only be set when
|
2967
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
2968
|
+
#
|
2969
|
+
# The following is an `Entry` and `Target` pair example.
|
2970
|
+
#
|
2971
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
2972
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
2038
2973
|
#
|
2039
2974
|
# In most cases, you can use this value instead of the scope-down
|
2040
|
-
# policy to lock your user
|
2041
|
-
# ("chroot"). To do this, you can set `Entry` to '/' and set
|
2975
|
+
# policy to lock down your user to the designated home directory
|
2976
|
+
# ("`chroot`"). To do this, you can set `Entry` to '/' and set
|
2042
2977
|
# `Target` to the HomeDirectory parameter value.
|
2043
2978
|
#
|
2979
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
2980
|
+
#
|
2981
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
2982
|
+
#
|
2044
2983
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
2045
|
-
# S3, the entry
|
2046
|
-
# Amazon S3 API to create 0 byte objects as place holders
|
2047
|
-
# directory. If using the CLI, use the `s3api`
|
2048
|
-
#
|
2049
|
-
# following: `aws s3api put-object
|
2050
|
-
# path/to/folder/`. Make sure that the end
|
2051
|
-
# for it to be considered a folder.
|
2984
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
2985
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
2986
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
2987
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
2988
|
+
# operation. For example, you use the following: `aws s3api put-object
|
2989
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
2990
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
2052
2991
|
#
|
2053
2992
|
# </note>
|
2054
2993
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
2055
2994
|
#
|
2056
2995
|
# @!attribute [rw] policy
|
2057
|
-
#
|
2058
|
-
#
|
2059
|
-
#
|
2060
|
-
#
|
2996
|
+
# A scope-down policy for your user so that you can use the same IAM
|
2997
|
+
# role across multiple users. This policy scopes down user access to
|
2998
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
2999
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
2061
3000
|
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
2062
3001
|
#
|
2063
|
-
# <note markdown="1">
|
2064
|
-
#
|
2065
|
-
#
|
2066
|
-
#
|
3002
|
+
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
3003
|
+
# not use scope-down policies.
|
3004
|
+
#
|
3005
|
+
# For scope-down policies, Amazon Web ServicesTransfer Family stores
|
3006
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
3007
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
3008
|
+
# `Policy` argument.
|
2067
3009
|
#
|
2068
3010
|
# For an example of a scope-down policy, see [Creating a scope-down
|
2069
3011
|
# policy][1].
|
2070
3012
|
#
|
2071
|
-
# For more information, see [AssumeRole][2] in the *
|
2072
|
-
# Service API Reference*.
|
3013
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
3014
|
+
# Services Security Token Service API Reference*.
|
2073
3015
|
#
|
2074
3016
|
# </note>
|
2075
3017
|
#
|
@@ -2080,15 +3022,24 @@ module Aws::Transfer
|
|
2080
3022
|
# @return [String]
|
2081
3023
|
#
|
2082
3024
|
# @!attribute [rw] posix_profile
|
3025
|
+
# Specifies the full POSIX identity, including user ID (`Uid`), group
|
3026
|
+
# ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
|
3027
|
+
# controls your users' access to your Amazon Elastic File Systems
|
3028
|
+
# (Amazon EFS). The POSIX permissions that are set on files and
|
3029
|
+
# directories in your file system determines the level of access your
|
3030
|
+
# users get when transferring files into and out of your Amazon EFS
|
3031
|
+
# file systems.
|
2083
3032
|
# @return [Types::PosixProfile]
|
2084
3033
|
#
|
2085
3034
|
# @!attribute [rw] role
|
2086
|
-
#
|
2087
|
-
#
|
2088
|
-
#
|
2089
|
-
#
|
2090
|
-
#
|
2091
|
-
#
|
3035
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
3036
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
3037
|
+
# system. The policies attached to this role determine the level of
|
3038
|
+
# access that you want to provide your users when transferring files
|
3039
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
3040
|
+
# role should also contain a trust relationship that allows the server
|
3041
|
+
# to access your resources when servicing your users' transfer
|
3042
|
+
# requests.
|
2092
3043
|
# @return [String]
|
2093
3044
|
#
|
2094
3045
|
# @!attribute [rw] server_id
|