aws-sdk-transfer 1.32.0 → 1.36.0

data/lib/aws-sdk-transfer/client_api.rb

@@ -19,26 +19,34 @@ module Aws::Transfer
     Arn = Shapes::StringShape.new(name: 'Arn')
     Certificate = Shapes::StringShape.new(name: 'Certificate')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
+    CreateAccessRequest = Shapes::StructureShape.new(name: 'CreateAccessRequest')
+    CreateAccessResponse = Shapes::StructureShape.new(name: 'CreateAccessResponse')
     CreateServerRequest = Shapes::StructureShape.new(name: 'CreateServerRequest')
     CreateServerResponse = Shapes::StructureShape.new(name: 'CreateServerResponse')
     CreateUserRequest = Shapes::StructureShape.new(name: 'CreateUserRequest')
     CreateUserResponse = Shapes::StructureShape.new(name: 'CreateUserResponse')
     DateImported = Shapes::TimestampShape.new(name: 'DateImported')
+    DeleteAccessRequest = Shapes::StructureShape.new(name: 'DeleteAccessRequest')
     DeleteServerRequest = Shapes::StructureShape.new(name: 'DeleteServerRequest')
     DeleteSshPublicKeyRequest = Shapes::StructureShape.new(name: 'DeleteSshPublicKeyRequest')
     DeleteUserRequest = Shapes::StructureShape.new(name: 'DeleteUserRequest')
+    DescribeAccessRequest = Shapes::StructureShape.new(name: 'DescribeAccessRequest')
+    DescribeAccessResponse = Shapes::StructureShape.new(name: 'DescribeAccessResponse')
     DescribeSecurityPolicyRequest = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyRequest')
     DescribeSecurityPolicyResponse = Shapes::StructureShape.new(name: 'DescribeSecurityPolicyResponse')
     DescribeServerRequest = Shapes::StructureShape.new(name: 'DescribeServerRequest')
     DescribeServerResponse = Shapes::StructureShape.new(name: 'DescribeServerResponse')
     DescribeUserRequest = Shapes::StructureShape.new(name: 'DescribeUserRequest')
     DescribeUserResponse = Shapes::StructureShape.new(name: 'DescribeUserResponse')
+    DescribedAccess = Shapes::StructureShape.new(name: 'DescribedAccess')
     DescribedSecurityPolicy = Shapes::StructureShape.new(name: 'DescribedSecurityPolicy')
     DescribedServer = Shapes::StructureShape.new(name: 'DescribedServer')
     DescribedUser = Shapes::StructureShape.new(name: 'DescribedUser')
+    DirectoryId = Shapes::StringShape.new(name: 'DirectoryId')
     Domain = Shapes::StringShape.new(name: 'Domain')
     EndpointDetails = Shapes::StructureShape.new(name: 'EndpointDetails')
     EndpointType = Shapes::StringShape.new(name: 'EndpointType')
+    ExternalId = Shapes::StringShape.new(name: 'ExternalId')
     Fips = Shapes::BooleanShape.new(name: 'Fips')
     HomeDirectory = Shapes::StringShape.new(name: 'HomeDirectory')
     HomeDirectoryMapEntry = Shapes::StructureShape.new(name: 'HomeDirectoryMapEntry')
@@ -53,6 +61,8 @@ module Aws::Transfer
     InternalServiceError = Shapes::StructureShape.new(name: 'InternalServiceError')
     InvalidNextTokenException = Shapes::StructureShape.new(name: 'InvalidNextTokenException')
     InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
+    ListAccessesRequest = Shapes::StructureShape.new(name: 'ListAccessesRequest')
+    ListAccessesResponse = Shapes::StructureShape.new(name: 'ListAccessesResponse')
     ListSecurityPoliciesRequest = Shapes::StructureShape.new(name: 'ListSecurityPoliciesRequest')
     ListSecurityPoliciesResponse = Shapes::StructureShape.new(name: 'ListSecurityPoliciesResponse')
     ListServersRequest = Shapes::StructureShape.new(name: 'ListServersRequest')
@@ -61,6 +71,8 @@ module Aws::Transfer
     ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
     ListUsersRequest = Shapes::StructureShape.new(name: 'ListUsersRequest')
     ListUsersResponse = Shapes::StructureShape.new(name: 'ListUsersResponse')
+    ListedAccess = Shapes::StructureShape.new(name: 'ListedAccess')
+    ListedAccesses = Shapes::ListShape.new(name: 'ListedAccesses')
     ListedServer = Shapes::StructureShape.new(name: 'ListedServer')
     ListedServers = Shapes::ListShape.new(name: 'ListedServers')
     ListedUser = Shapes::StructureShape.new(name: 'ListedUser')
@@ -71,10 +83,12 @@ module Aws::Transfer
     Message = Shapes::StringShape.new(name: 'Message')
     NextToken = Shapes::StringShape.new(name: 'NextToken')
     NullableRole = Shapes::StringShape.new(name: 'NullableRole')
+    PassiveIp = Shapes::StringShape.new(name: 'PassiveIp')
     Policy = Shapes::StringShape.new(name: 'Policy')
     PosixId = Shapes::IntegerShape.new(name: 'PosixId')
     PosixProfile = Shapes::StructureShape.new(name: 'PosixProfile')
     Protocol = Shapes::StringShape.new(name: 'Protocol')
+    ProtocolDetails = Shapes::StructureShape.new(name: 'ProtocolDetails')
     Protocols = Shapes::ListShape.new(name: 'Protocols')
     Resource = Shapes::StringShape.new(name: 'Resource')
     ResourceExistsException = Shapes::StructureShape.new(name: 'ResourceExistsException')
@@ -115,6 +129,8 @@ module Aws::Transfer
     TestIdentityProviderResponse = Shapes::StructureShape.new(name: 'TestIdentityProviderResponse')
     ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
+    UpdateAccessRequest = Shapes::StructureShape.new(name: 'UpdateAccessRequest')
+    UpdateAccessResponse = Shapes::StructureShape.new(name: 'UpdateAccessResponse')
     UpdateServerRequest = Shapes::StructureShape.new(name: 'UpdateServerRequest')
     UpdateServerResponse = Shapes::StructureShape.new(name: 'UpdateServerResponse')
     UpdateUserRequest = Shapes::StructureShape.new(name: 'UpdateUserRequest')
@@ -134,6 +150,20 @@ module Aws::Transfer
     ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
     ConflictException.struct_class = Types::ConflictException
 
+    CreateAccessRequest.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
+    CreateAccessRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
+    CreateAccessRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
+    CreateAccessRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
+    CreateAccessRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
+    CreateAccessRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "Role"))
+    CreateAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    CreateAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
+    CreateAccessRequest.struct_class = Types::CreateAccessRequest
+
+    CreateAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    CreateAccessResponse.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
+    CreateAccessResponse.struct_class = Types::CreateAccessResponse
+
     CreateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
     CreateServerRequest.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
     CreateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
@@ -166,6 +196,10 @@ module Aws::Transfer
     CreateUserResponse.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
     CreateUserResponse.struct_class = Types::CreateUserResponse
 
+    DeleteAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    DeleteAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
+    DeleteAccessRequest.struct_class = Types::DeleteAccessRequest
+
     DeleteServerRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
     DeleteServerRequest.struct_class = Types::DeleteServerRequest
 
@@ -178,6 +212,14 @@ module Aws::Transfer
     DeleteUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
     DeleteUserRequest.struct_class = Types::DeleteUserRequest
 
+    DescribeAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    DescribeAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
+    DescribeAccessRequest.struct_class = Types::DescribeAccessRequest
+
+    DescribeAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    DescribeAccessResponse.add_member(:access, Shapes::ShapeRef.new(shape: DescribedAccess, required: true, location_name: "Access"))
+    DescribeAccessResponse.struct_class = Types::DescribeAccessResponse
+
     DescribeSecurityPolicyRequest.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
     DescribeSecurityPolicyRequest.struct_class = Types::DescribeSecurityPolicyRequest
 
@@ -198,6 +240,15 @@ module Aws::Transfer
     DescribeUserResponse.add_member(:user, Shapes::ShapeRef.new(shape: DescribedUser, required: true, location_name: "User"))
     DescribeUserResponse.struct_class = Types::DescribeUserResponse
 
+    DescribedAccess.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
+    DescribedAccess.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
+    DescribedAccess.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
+    DescribedAccess.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
+    DescribedAccess.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
+    DescribedAccess.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
+    DescribedAccess.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, location_name: "ExternalId"))
+    DescribedAccess.struct_class = Types::DescribedAccess
+
     DescribedSecurityPolicy.add_member(:fips, Shapes::ShapeRef.new(shape: Fips, location_name: "Fips"))
     DescribedSecurityPolicy.add_member(:security_policy_name, Shapes::ShapeRef.new(shape: SecurityPolicyName, required: true, location_name: "SecurityPolicyName"))
     DescribedSecurityPolicy.add_member(:ssh_ciphers, Shapes::ShapeRef.new(shape: SecurityPolicyOptions, location_name: "SshCiphers"))
@@ -208,6 +259,7 @@ module Aws::Transfer
 
     DescribedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
     DescribedServer.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
+    DescribedServer.add_member(:protocol_details, Shapes::ShapeRef.new(shape: ProtocolDetails, location_name: "ProtocolDetails"))
     DescribedServer.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
     DescribedServer.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
     DescribedServer.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
@@ -250,6 +302,7 @@ module Aws::Transfer
 
     IdentityProviderDetails.add_member(:url, Shapes::ShapeRef.new(shape: Url, location_name: "Url"))
     IdentityProviderDetails.add_member(:invocation_role, Shapes::ShapeRef.new(shape: Role, location_name: "InvocationRole"))
+    IdentityProviderDetails.add_member(:directory_id, Shapes::ShapeRef.new(shape: DirectoryId, location_name: "DirectoryId"))
     IdentityProviderDetails.struct_class = Types::IdentityProviderDetails
 
     ImportSshPublicKeyRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
@@ -271,6 +324,16 @@ module Aws::Transfer
     InvalidRequestException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
     InvalidRequestException.struct_class = Types::InvalidRequestException
 
+    ListAccessesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
+    ListAccessesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
+    ListAccessesRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    ListAccessesRequest.struct_class = Types::ListAccessesRequest
+
+    ListAccessesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
+    ListAccessesResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    ListAccessesResponse.add_member(:accesses, Shapes::ShapeRef.new(shape: ListedAccesses, required: true, location_name: "Accesses"))
+    ListAccessesResponse.struct_class = Types::ListAccessesResponse
+
     ListSecurityPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
     ListSecurityPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     ListSecurityPoliciesRequest.struct_class = Types::ListSecurityPoliciesRequest
@@ -307,6 +370,14 @@ module Aws::Transfer
     ListUsersResponse.add_member(:users, Shapes::ShapeRef.new(shape: ListedUsers, required: true, location_name: "Users"))
     ListUsersResponse.struct_class = Types::ListUsersResponse
 
+    ListedAccess.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
+    ListedAccess.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
+    ListedAccess.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
+    ListedAccess.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, location_name: "ExternalId"))
+    ListedAccess.struct_class = Types::ListedAccess
+
+    ListedAccesses.member = Shapes::ShapeRef.new(shape: ListedAccess)
+
     ListedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
     ListedServer.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
     ListedServer.add_member(:identity_provider_type, Shapes::ShapeRef.new(shape: IdentityProviderType, location_name: "IdentityProviderType"))
@@ -334,6 +405,9 @@ module Aws::Transfer
     PosixProfile.add_member(:secondary_gids, Shapes::ShapeRef.new(shape: SecondaryGids, location_name: "SecondaryGids"))
     PosixProfile.struct_class = Types::PosixProfile
 
+    ProtocolDetails.add_member(:passive_ip, Shapes::ShapeRef.new(shape: PassiveIp, location_name: "PassiveIp"))
+    ProtocolDetails.struct_class = Types::ProtocolDetails
+
     Protocols.member = Shapes::ShapeRef.new(shape: Protocol)
 
     ResourceExistsException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
@@ -404,7 +478,22 @@ module Aws::Transfer
     UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeys, required: true, location_name: "TagKeys"))
     UntagResourceRequest.struct_class = Types::UntagResourceRequest
 
+    UpdateAccessRequest.add_member(:home_directory, Shapes::ShapeRef.new(shape: HomeDirectory, location_name: "HomeDirectory"))
+    UpdateAccessRequest.add_member(:home_directory_type, Shapes::ShapeRef.new(shape: HomeDirectoryType, location_name: "HomeDirectoryType"))
+    UpdateAccessRequest.add_member(:home_directory_mappings, Shapes::ShapeRef.new(shape: HomeDirectoryMappings, location_name: "HomeDirectoryMappings"))
+    UpdateAccessRequest.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
+    UpdateAccessRequest.add_member(:posix_profile, Shapes::ShapeRef.new(shape: PosixProfile, location_name: "PosixProfile"))
+    UpdateAccessRequest.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
+    UpdateAccessRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    UpdateAccessRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
+    UpdateAccessRequest.struct_class = Types::UpdateAccessRequest
+
+    UpdateAccessResponse.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    UpdateAccessResponse.add_member(:external_id, Shapes::ShapeRef.new(shape: ExternalId, required: true, location_name: "ExternalId"))
+    UpdateAccessResponse.struct_class = Types::UpdateAccessResponse
+
     UpdateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
+    UpdateServerRequest.add_member(:protocol_details, Shapes::ShapeRef.new(shape: ProtocolDetails, location_name: "ProtocolDetails"))
     UpdateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
     UpdateServerRequest.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
     UpdateServerRequest.add_member(:host_key, Shapes::ShapeRef.new(shape: HostKey, location_name: "HostKey"))
@@ -452,6 +541,19 @@ module Aws::Transfer
         "uid" => "transfer-2018-11-05",
       }
 
+      api.add_operation(:create_access, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreateAccess"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: CreateAccessRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreateAccessResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
       api.add_operation(:create_server, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateServer"
         o.http_method = "POST"
@@ -479,6 +581,18 @@ module Aws::Transfer
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:delete_access, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteAccess"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeleteAccessRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
       api.add_operation(:delete_server, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteServer"
         o.http_method = "POST"
@@ -517,6 +631,18 @@ module Aws::Transfer
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:describe_access, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeAccess"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DescribeAccessRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeAccessResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
       api.add_operation(:describe_security_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribeSecurityPolicy"
         o.http_method = "POST"
@@ -567,6 +693,25 @@ module Aws::Transfer
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
       end)
 
+      api.add_operation(:list_accesses, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListAccesses"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListAccessesRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListAccessesResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_security_policies, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListSecurityPolicies"
         o.http_method = "POST"
@@ -702,6 +847,19 @@ module Aws::Transfer
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:update_access, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateAccess"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UpdateAccessRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateAccessResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
       api.add_operation(:update_server, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateServer"
         o.http_method = "POST"

data/lib/aws-sdk-transfer/types.rb

@@ -38,6 +38,191 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreateAccessRequest
+    #   data as a hash:
+    #
+    #       {
+    #         home_directory: "HomeDirectory",
+    #         home_directory_type: "PATH", # accepts PATH, LOGICAL
+    #         home_directory_mappings: [
+    #           {
+    #             entry: "MapEntry", # required
+    #             target: "MapTarget", # required
+    #           },
+    #         ],
+    #         policy: "Policy",
+    #         posix_profile: {
+    #           uid: 1, # required
+    #           gid: 1, # required
+    #           secondary_gids: [1],
+    #         },
+    #         role: "Role", # required
+    #         server_id: "ServerId", # required
+    #         external_id: "ExternalId", # required
+    #       }
+    #
+    # @!attribute [rw] home_directory
+    #   The landing directory (folder) for a user when they log in to the
+    #   server using the client.
+    #
+    #   A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
+    #   @return [String]
+    #
+    # @!attribute [rw] home_directory_type
+    #   The type of landing directory (folder) you want your users' home
+    #   directory to be when they log into the server. If you set it to
+    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
+    #   as is in their file transfer protocol clients. If you set it
+    #   `LOGICAL`, you will need to provide mappings in the
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
+    #   paths visible to your users.
+    #   @return [String]
+    #
+    # @!attribute [rw] home_directory_mappings
+    #   Logical directory mappings that specify what Amazon S3 or Amazon EFS
+    #   paths and keys should be visible to your user and how you want to
+    #   make them visible. You must specify the `Entry` and `Target` pair,
+    #   where `Entry` shows how the path is made visible and `Target` is the
+    #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
+    #   it is displayed as is. You also must ensure that your Amazon Web
+    #   Services Identity and Access Management (IAM) role provides access
+    #   to paths in `Target`. This value can only be set when
+    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #
+    #   The following is an `Entry` and `Target` pair example.
+    #
+    #   `[ \{ "Entry": "your-personal-report.pdf", "Target":
+    #   "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
+    #
+    #   In most cases, you can use this value instead of the scope-down
+    #   policy to lock down your user to the designated home directory
+    #   ("`chroot`"). To do this, you can set `Entry` to `/` and set
+    #   `Target` to the `HomeDirectory` parameter value.
+    #
+    #   The following is an `Entry` and `Target` pair example for `chroot`.
+    #
+    #   `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
+    #
+    #   <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
+    #   S3 or EFS, the entry is ignored. As a workaround, you can use the
+    #   Amazon S3 API or EFS API to create 0 byte objects as place holders
+    #   for your directory. If using the CLI, use the `s3api` or `efsapi`
+    #   call instead of `s3` or `efs` so you can use the put-object
+    #   operation. For example, you use the following: `aws s3api put-object
+    #   --bucket bucketname --key path/to/folder/`. Make sure that the end
+    #   of the key name ends in a `/` for it to be considered a folder.
+    #
+    #    </note>
+    #   @return [Array<Types::HomeDirectoryMapEntry>]
+    #
+    # @!attribute [rw] policy
+    #   A scope-down policy for your user so that you can use the same IAM
+    #   role across multiple users. This policy scopes down user access to
+    #   portions of their Amazon S3 bucket. Variables that you can use
+    #   inside this policy include `$\{Transfer:UserName\}`,
+    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
+    #
+    #   <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
+    #   not use scope-down policies.
+    #
+    #    For scope-down policies, Amazon Web Services Transfer Family stores
+    #   the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
+    #   of the policy. You save the policy as a JSON blob and pass it in the
+    #   `Policy` argument.
+    #
+    #    For an example of a scope-down policy, see [Example scope-down
+    #   policy][1].
+    #
+    #    For more information, see [AssumeRole][2] in the *Amazon Web
+    #   Services Security Token Service API Reference*.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
+    #   [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
+    #   @return [String]
+    #
+    # @!attribute [rw] posix_profile
+    #   The full POSIX identity, including user ID (`Uid`), group ID
+    #   (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
+    #   controls your users' access to your Amazon EFS file systems. The
+    #   POSIX permissions that are set on files and directories in your file
+    #   system determine the level of access your users get when
+    #   transferring files into and out of your Amazon EFS file systems.
+    #   @return [Types::PosixProfile]
+    #
+    # @!attribute [rw] role
+    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
+    #   controls your users' access to your Amazon S3 bucket or EFS file
+    #   system. The policies attached to this role determine the level of
+    #   access that you want to provide your users when transferring files
+    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
+    #   role should also contain a trust relationship that allows the server
+    #   to access your resources when servicing your users' transfer
+    #   requests.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server instance. This is
+    #   the specific server that you added your user to.
+    #   @return [String]
+    #
+    # @!attribute [rw] external_id
+    #   A unique identifier that is required to identify specific groups
+    #   within your directory. The users of the group that you associate
+    #   have access to your Amazon S3 or Amazon EFS resources over the
+    #   enabled protocols using Amazon Web Services Transfer Family. If you
+    #   know the group name, you can view the SID values by running the
+    #   following command using Windows PowerShell.
+    #
+    #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
+    #   -Properties * | Select SamAccountName,ObjectSid`
+    #
+    #   In that command, replace *YourGroupName* with the name of your
+    #   Active Directory group.
+    #
+    #   The regex used to validate this parameter is a string of characters
+    #   consisting of uppercase and lowercase alphanumeric characters with
+    #   no spaces. You can also include underscores or any of the following
+    #   characters: =,.@:/-
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessRequest AWS API Documentation
+    #
+    class CreateAccessRequest < Struct.new(
+      :home_directory,
+      :home_directory_type,
+      :home_directory_mappings,
+      :policy,
+      :posix_profile,
+      :role,
+      :server_id,
+      :external_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] server_id
+    #   The ID of the server that the user is attached to.
+    #   @return [String]
+    #
+    # @!attribute [rw] external_id
+    #   The external ID of the group whose users have access to your Amazon
+    #   S3 or Amazon EFS resources over the enabled protocols using Amazon
+    #   Web Services Transfer Family.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessResponse AWS API Documentation
+    #
+    class CreateAccessResponse < Struct.new(
+      :server_id,
+      :external_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateServerRequest
     #   data as a hash:
     #
@@ -56,8 +241,9 @@ module Aws::Transfer
     #         identity_provider_details: {
     #           url: "Url",
     #           invocation_role: "Role",
+    #           directory_id: "DirectoryId",
     #         },
-    #         identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY
+    #         identity_provider_type: "SERVICE_MANAGED", # accepts SERVICE_MANAGED, API_GATEWAY, AWS_DIRECTORY_SERVICE
     #         logging_role: "Role",
     #         protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
     #         security_policy_name: "SecurityPolicyName",
@@ -70,19 +256,21 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] certificate
-    #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
-    #   certificate. Required when `Protocols` is set to `FTPS`.
+    #   The Amazon Resource Name (ARN) of the Amazon Web Services
+    #   Certificate Manager (ACM) certificate. Required when `Protocols` is
+    #   set to `FTPS`.
     #
     #   To request a new public certificate, see [Request a public
-    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #   certificate][1] in the <i> Amazon Web Services Certificate Manager
+    #   User Guide</i>.
     #
     #   To import an existing certificate into ACM, see [Importing
-    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
-    #   Guide</i>.
+    #   certificates into ACM][2] in the <i> Amazon Web Services Certificate
+    #   Manager User Guide</i>.
     #
     #   To request a private certificate to use FTPS through private IP
-    #   addresses, see [Request a private certificate][3] in the <i> AWS
-    #   Certificate Manager User Guide</i>.
+    #   addresses, see [Request a private certificate][3] in the <i> Amazon
+    #   Web Services Certificate Manager User Guide</i>.
     #
     #   Certificates with the following cryptographic algorithms and key
     #   sizes are supported:
@@ -110,24 +298,44 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] domain
+    #   The domain of the storage system that is used for file transfers.
+    #   There are two domains available: Amazon Simple Storage Service
+    #   (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default
+    #   value is S3.
+    #
+    #   <note markdown="1"> After the server is created, the domain cannot be changed.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are
     #   configured for your server. When you host your endpoint within your
     #   VPC, you can make it accessible only to resources within your VPC,
-    #   or you can attach Elastic IPs and make it accessible to clients over
-    #   the internet. Your VPC's default security groups are automatically
-    #   assigned to your endpoint.
+    #   or you can attach Elastic IP addresses and make it accessible to
+    #   clients over the internet. Your VPC's default security groups are
+    #   automatically assigned to your endpoint.
     #   @return [Types::EndpointDetails]
     #
     # @!attribute [rw] endpoint_type
-    #   The type of VPC endpoint that you want your server to connect to.
-    #   You can choose to connect to the public internet or a VPC endpoint.
-    #   With a VPC endpoint, you can restrict access to your server and
-    #   resources only within your VPC.
-    #
-    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With
+    #   The type of endpoint that you want your server to use. You can
+    #   choose to make your server's endpoint publicly accessible (PUBLIC)
+    #   or host it inside your VPC. With an endpoint that is hosted in a
+    #   VPC, you can restrict access to your server and resources only
+    #   within your VPC or choose to make it internet facing by attaching
+    #   Elastic IP addresses directly to it.
+    #
+    #   <note markdown="1"> After May 19, 2021, you won't be able to create a server using
+    #   `EndpointType=VPC_ENDPOINT` in your Amazon Web Services account if
+    #   your account hasn't already done so before May 19, 2021. If you
+    #   have already created servers with `EndpointType=VPC_ENDPOINT` in
+    #   your Amazon Web Services account on or before May 19, 2021, you will
+    #   not be affected. After this date, use `EndpointType`=`VPC`.
+    #
+    #    For more information, see
+    #   https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
+    #
+    #    It is recommended that you use `VPC` as the `EndpointType`. With
     #   this endpoint type, you have the option to directly associate up to
     #   three Elastic IPv4 addresses (BYO IP included) with your server's
     #   endpoint and use VPC security groups to restrict traffic by the
@@ -146,7 +354,7 @@ module Aws::Transfer
     #   Accidentally changing a server's host key can be disruptive.
     #
     #   For more information, see [Change the host key for your SFTP-enabled
-    #   server][1] in the *AWS Transfer Family User Guide*.
+    #   server][1] in the *Amazon Web Services Transfer Family User Guide*.
     #
     #
     #
@@ -154,26 +362,38 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_details
-    #   Required when `IdentityProviderType` is set to `API_GATEWAY`.
-    #   Accepts an array containing all of the information required to call
-    #   a customer-supplied authentication API, including the API Gateway
-    #   URL. Not required when `IdentityProviderType` is set to
-    #   `SERVICE_MANAGED`.
+    #   Required when `IdentityProviderType` is set to
+    #   `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`. Accepts an array
+    #   containing all of the information required to use a directory in
+    #   `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication
+    #   API, including the API Gateway URL. Not required when
+    #   `IdentityProviderType` is set to `SERVICE_MANAGED`.
     #   @return [Types::IdentityProviderDetails]
     #
     # @!attribute [rw] identity_provider_type
     #   Specifies the mode of authentication for a server. The default value
     #   is `SERVICE_MANAGED`, which allows you to store and access user
-    #   credentials within the AWS Transfer Family service. Use the
-    #   `API_GATEWAY` value to integrate with an identity provider of your
-    #   choosing. The `API_GATEWAY` setting requires you to provide an API
-    #   Gateway endpoint URL to call for authentication using the
+    #   credentials within the Amazon Web Services Transfer Family service.
+    #
+    #   Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
+    #   groups in Amazon Web Services Managed Active Directory or Microsoft
+    #   Active Directory in your on-premises environment or in Amazon Web
+    #   Services using AD Connectors. This option also requires you to
+    #   provide a Directory ID using the `IdentityProviderDetails`
+    #   parameter.
+    #
+    #   Use the `API_GATEWAY` value to integrate with an identity provider
+    #   of your choosing. The `API_GATEWAY` setting requires you to provide
+    #   an API Gateway endpoint URL to call for authentication using the
     #   `IdentityProviderDetails` parameter.
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   Allows the service to write your users' activity to your Amazon
-    #   CloudWatch logs for monitoring and auditing purposes.
+    #   Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
+    #   Identity and Access Management (IAM) role that allows a server to
+    #   turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
+    #   events. When set, user activity can be viewed in your CloudWatch
+    #   logs.
     #   @return [String]
     #
     # @!attribute [rw] protocols
@@ -189,13 +409,13 @@ module Aws::Transfer
     #
     #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
     #
-    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
-    #   Certificate Manager (ACM) which will be used to identify your server
-    #   when clients connect to it over FTPS.
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
+    #   Web Services Certificate Manager (ACM) which is used to identify
+    #   your server when clients connect to it over FTPS.
     #
     #    If `Protocol` includes either `FTP` or `FTPS`, then the
     #   `EndpointType` must be `VPC` and the `IdentityProviderType` must be
-    #   `API_GATEWAY`.
+    #   `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
     #
     #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
     #   associated.
@@ -280,86 +500,103 @@ module Aws::Transfer
     #   The landing directory (folder) for a user when they log in to the
     #   server using the client.
     #
-    #   An example is <i>
-    #   <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
+    #   A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
     #   The type of landing directory (folder) you want your users' home
     #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket paths as is
-    #   in their file transfer protocol clients. If you set it `LOGICAL`,
-    #   you will need to provide mappings in the `HomeDirectoryMappings` for
-    #   how you want to make Amazon S3 paths visible to your users.
+    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
+    #   as is in their file transfer protocol clients. If you set it
+    #   `LOGICAL`, you will need to provide mappings in the
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
+    #   paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_mappings
-    #   Logical directory mappings that specify what Amazon S3 paths and
-    #   keys should be visible to your user and how you want to make them
-    #   visible. You will need to specify the "`Entry`" and "`Target`"
-    #   pair, where `Entry` shows how the path is made visible and `Target`
-    #   is the actual Amazon S3 path. If you only specify a target, it will
-    #   be displayed as is. You will need to also make sure that your IAM
-    #   role provides access to paths in `Target`. The following is an
-    #   example.
-    #
-    #   `'[ "/bucket2/documentation", \{ "Entry":
-    #   "your-personal-report.pdf", "Target":
-    #   "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]'`
+    #   Logical directory mappings that specify what Amazon S3 or Amazon EFS
+    #   paths and keys should be visible to your user and how you want to
+    #   make them visible. You must specify the `Entry` and `Target` pair,
+    #   where `Entry` shows how the path is made visible and `Target` is the
+    #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
+    #   it is displayed as is. You also must ensure that your Amazon Web
+    #   Services Identity and Access Management (IAM) role provides access
+    #   to paths in `Target`. This value can only be set when
+    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #
+    #   The following is an `Entry` and `Target` pair example.
+    #
+    #   `[ \{ "Entry": "your-personal-report.pdf", "Target":
+    #   "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
     #
     #   In most cases, you can use this value instead of the scope-down
     #   policy to lock your user down to the designated home directory
-    #   ("chroot"). To do this, you can set `Entry` to '/' and set
+    #   ("`chroot`"). To do this, you can set `Entry` to `/` and set
     #   `Target` to the HomeDirectory parameter value.
     #
+    #   The following is an `Entry` and `Target` pair example for `chroot`.
+    #
+    #   `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
+    #
     #   <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
-    #   S3, the entry will be ignored. As a workaround, you can use the
-    #   Amazon S3 API to create 0 byte objects as place holders for your
-    #   directory. If using the CLI, use the `s3api` call instead of `s3` so
-    #   you can use the put-object operation. For example, you use the
-    #   following: `aws s3api put-object --bucket bucketname --key
-    #   path/to/folder/`. Make sure that the end of the key name ends in a
-    #   '/' for it to be considered a folder.
+    #   S3 or EFS, the entry is ignored. As a workaround, you can use the
+    #   Amazon S3 API or EFS API to create 0 byte objects as place holders
+    #   for your directory. If using the CLI, use the `s3api` or `efsapi`
+    #   call instead of `s3` or `efs` so you can use the put-object
+    #   operation. For example, you use the following: `aws s3api put-object
+    #   --bucket bucketname --key path/to/folder/`. Make sure that the end
+    #   of the key name ends in a `/` for it to be considered a folder.
     #
     #    </note>
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] policy
-    #   A scope-down policy for your user so you can use the same IAM role
-    #   across multiple users. This policy scopes down user access to
+    #   A scope-down policy for your user so that you can use the same IAM
+    #   role across multiple users. This policy scopes down user access to
     #   portions of their Amazon S3 bucket. Variables that you can use
     #   inside this policy include `$\{Transfer:UserName\}`,
     #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
     #
-    #   <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
-    #   JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
-    #   You save the policy as a JSON blob and pass it in the `Policy`
-    #   argument.
+    #   <note markdown="1"> This only applies when domain of ServerId is S3. EFS does not use
+    #   scope down policy.
     #
-    #    For an example of a scope-down policy, see [Creating a scope-down
+    #    For scope-down policies, Amazon Web Services Transfer Family stores
+    #   the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
+    #   of the policy. You save the policy as a JSON blob and pass it in the
+    #   `Policy` argument.
+    #
+    #    For an example of a scope-down policy, see [Example scope-down
     #   policy][1].
     #
-    #    For more information, see [AssumeRole][2] in the *AWS Security Token
-    #   Service API Reference*.
+    #    For more information, see [AssumeRole][2] in the *Amazon Web
+    #   Services Security Token Service API Reference*.
     #
     #    </note>
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/users.html#users-policies-scope-down
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
     #   [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
     #   @return [String]
     #
     # @!attribute [rw] posix_profile
+    #   Specifies the full POSIX identity, including user ID (`Uid`), group
+    #   ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
+    #   controls your users' access to your Amazon EFS file systems. The
+    #   POSIX permissions that are set on files and directories in Amazon
+    #   EFS determine the level of access your users get when transferring
+    #   files into and out of your Amazon EFS file systems.
     #   @return [Types::PosixProfile]
     #
     # @!attribute [rw] role
-    #   The IAM role that controls your users' access to your Amazon S3
-    #   bucket. The policies attached to this role will determine the level
-    #   of access you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or buckets. The IAM role
-    #   should also contain a trust relationship that allows the server to
-    #   access your resources when servicing your users' transfer requests.
+    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
+    #   controls your users' access to your Amazon S3 bucket or EFS file
+    #   system. The policies attached to this role determine the level of
+    #   access that you want to provide your users when transferring files
+    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
+    #   role should also contain a trust relationship that allows the server
+    #   to access your resources when servicing your users' transfer
+    #   requests.
     #   @return [String]
     #
     # @!attribute [rw] server_id
@@ -421,6 +658,48 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteAccessRequest
+    #   data as a hash:
+    #
+    #       {
+    #         server_id: "ServerId", # required
+    #         external_id: "ExternalId", # required
+    #       }
+    #
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server that has this user
+    #   assigned.
+    #   @return [String]
+    #
+    # @!attribute [rw] external_id
+    #   A unique identifier that is required to identify specific groups
+    #   within your directory. The users of the group that you associate
+    #   have access to your Amazon S3 or Amazon EFS resources over the
+    #   enabled protocols using Amazon Web Services Transfer Family. If you
+    #   know the group name, you can view the SID values by running the
+    #   following command using Windows PowerShell.
+    #
+    #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
+    #   -Properties * | Select SamAccountName,ObjectSid`
+    #
+    #   In that command, replace *YourGroupName* with the name of your
+    #   Active Directory group.
+    #
+    #   The regex used to validate this parameter is a string of characters
+    #   consisting of uppercase and lowercase alphanumeric characters with
+    #   no spaces. You can also include underscores or any of the following
+    #   characters: =,.@:/-
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DeleteAccessRequest AWS API Documentation
+    #
+    class DeleteAccessRequest < Struct.new(
+      :server_id,
+      :external_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteServerRequest
     #   data as a hash:
     #
@@ -500,6 +779,66 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DescribeAccessRequest
+    #   data as a hash:
+    #
+    #       {
+    #         server_id: "ServerId", # required
+    #         external_id: "ExternalId", # required
+    #       }
+    #
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server that has this
+    #   access assigned.
+    #   @return [String]
+    #
+    # @!attribute [rw] external_id
+    #   A unique identifier that is required to identify specific groups
+    #   within your directory. The users of the group that you associate
+    #   have access to your Amazon S3 or Amazon EFS resources over the
+    #   enabled protocols using Amazon Web Services Transfer Family. If you
+    #   know the group name, you can view the SID values by running the
+    #   following command using Windows PowerShell.
+    #
+    #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
+    #   -Properties * | Select SamAccountName,ObjectSid`
+    #
+    #   In that command, replace *YourGroupName* with the name of your
+    #   Active Directory group.
+    #
+    #   The regex used to validate this parameter is a string of characters
+    #   consisting of uppercase and lowercase alphanumeric characters with
+    #   no spaces. You can also include underscores or any of the following
+    #   characters: =,.@:/-
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAccessRequest AWS API Documentation
+    #
+    class DescribeAccessRequest < Struct.new(
+      :server_id,
+      :external_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server that has this
+    #   access assigned.
+    #   @return [String]
+    #
+    # @!attribute [rw] access
+    #   The external ID of the server that the access is attached to.
+    #   @return [Types::DescribedAccess]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAccessResponse AWS API Documentation
+    #
+    class DescribeAccessResponse < Struct.new(
+      :server_id,
+      :access)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeSecurityPolicyRequest
     #   data as a hash:
     #
@@ -579,8 +918,8 @@ module Aws::Transfer
     #
     # @!attribute [rw] user_name
     #   The name of the user assigned to one or more servers. User names are
-    #   part of the sign-in credentials to use the AWS Transfer Family
-    #   service and perform file transfer tasks.
+    #   part of the sign-in credentials to use the Amazon Web Services
+    #   Transfer Family service and perform file transfer tasks.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeUserRequest AWS API Documentation
@@ -611,6 +950,104 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # Describes the properties of the access that was specified.
+    #
+    # @!attribute [rw] home_directory
+    #   The landing directory (folder) for a user when they log in to the
+    #   server using the client.
+    #
+    #   A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
+    #   @return [String]
+    #
+    # @!attribute [rw] home_directory_mappings
+    #   Logical directory mappings that specify what Amazon S3 or Amazon EFS
+    #   paths and keys should be visible to your user and how you want to
+    #   make them visible. You must specify the `Entry` and `Target` pair,
+    #   where `Entry` shows how the path is made visible and `Target` is the
+    #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
+    #   it is displayed as is. You also must ensure that your Amazon Web
+    #   Services Identity and Access Management (IAM) role provides access
+    #   to paths in `Target`. This value can only be set when
+    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #
+    #   In most cases, you can use this value instead of the scope-down
+    #   policy to lock down the associated access to the designated home
+    #   directory ("`chroot`"). To do this, you can set `Entry` to '/'
+    #   and set `Target` to the `HomeDirectory` parameter value.
+    #   @return [Array<Types::HomeDirectoryMapEntry>]
+    #
+    # @!attribute [rw] home_directory_type
+    #   The type of landing directory (folder) you want your users' home
+    #   directory to be when they log into the server. If you set it to
+    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
+    #   as is in their file transfer protocol clients. If you set it
+    #   `LOGICAL`, you will need to provide mappings in the
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
+    #   paths visible to your users.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy
+    #   A scope-down policy for your user so that you can use the same IAM
+    #   role across multiple users. This policy scopes down user access to
+    #   portions of their Amazon S3 bucket. Variables that you can use
+    #   inside this policy include `$\{Transfer:UserName\}`,
+    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
+    #   @return [String]
+    #
+    # @!attribute [rw] posix_profile
+    #   The full POSIX identity, including user ID (`Uid`), group ID
+    #   (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
+    #   controls your users' access to your Amazon EFS file systems. The
+    #   POSIX permissions that are set on files and directories in your file
+    #   system determine the level of access your users get when
+    #   transferring files into and out of your Amazon EFS file systems.
+    #   @return [Types::PosixProfile]
+    #
+    # @!attribute [rw] role
+    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
+    #   controls your users' access to your Amazon S3 bucket or EFS file
+    #   system. The policies attached to this role determine the level of
+    #   access that you want to provide your users when transferring files
+    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
+    #   role should also contain a trust relationship that allows the server
+    #   to access your resources when servicing your users' transfer
+    #   requests.
+    #   @return [String]
+    #
+    # @!attribute [rw] external_id
+    #   A unique identifier that is required to identify specific groups
+    #   within your directory. The users of the group that you associate
+    #   have access to your Amazon S3 or Amazon EFS resources over the
+    #   enabled protocols using Amazon Web Services Transfer Family. If you
+    #   know the group name, you can view the SID values by running the
+    #   following command using Windows PowerShell.
+    #
+    #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
+    #   -Properties * | Select SamAccountName,ObjectSid`
+    #
+    #   In that command, replace *YourGroupName* with the name of your
+    #   Active Directory group.
+    #
+    #   The regex used to validate this parameter is a string of characters
+    #   consisting of uppercase and lowercase alphanumeric characters with
+    #   no spaces. You can also include underscores or any of the following
+    #   characters: =,.@:/-
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedAccess AWS API Documentation
+    #
+    class DescribedAccess < Struct.new(
+      :home_directory,
+      :home_directory_mappings,
+      :home_directory_type,
+      :policy,
+      :posix_profile,
+      :role,
+      :external_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes the properties of a security policy that was specified. For
     # more information about security policies, see [Working with security
     # policies][1].
@@ -672,16 +1109,30 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] certificate
-    #   Specifies the ARN of the AWS Certificate Manager (ACM) certificate.
-    #   Required when `Protocols` is set to `FTPS`.
+    #   Specifies the ARN of the Amazon Web ServicesCertificate Manager
+    #   (ACM) certificate. Required when `Protocols` is set to `FTPS`.
     #   @return [String]
     #
+    # @!attribute [rw] protocol_details
+    #   The protocol settings that are configured for your server.
+    #
+    #   Use the `PassiveIp` parameter to indicate passive mode. Enter a
+    #   single dotted-quad IPv4 address, such as the external IP address of
+    #   a firewall, router, or load balancer.
+    #   @return [Types::ProtocolDetails]
+    #
     # @!attribute [rw] domain
+    #   Specifies the domain of the storage system that is used for file
+    #   transfers.
     #   @return [String]
     #
     # @!attribute [rw] endpoint_details
-    #   Specifies the virtual private cloud (VPC) endpoint settings that you
-    #   configured for your server.
+    #   The virtual private cloud (VPC) endpoint settings that are
+    #   configured for your server. When you host your endpoint within your
+    #   VPC, you can make it accessible only to resources within your VPC,
+    #   or you can attach Elastic IP addresses and make it accessible to
+    #   clients over the internet. Your VPC's default security groups are
+    #   automatically assigned to your endpoint.
     #   @return [Types::EndpointDetails]
     #
     # @!attribute [rw] endpoint_type
@@ -699,21 +1150,31 @@ module Aws::Transfer
     # @!attribute [rw] identity_provider_details
     #   Specifies information to call a customer-supplied authentication
     #   API. This field is not populated when the `IdentityProviderType` of
-    #   a server is `SERVICE_MANAGED`.
+    #   a server is `AWS_DIRECTORY_SERVICE` or `SERVICE_MANAGED`.
     #   @return [Types::IdentityProviderDetails]
     #
     # @!attribute [rw] identity_provider_type
-    #   Specifies the mode of authentication method enabled for this
-    #   service. A value of `SERVICE_MANAGED` means that you are using this
-    #   server to store and access user credentials within the service. A
-    #   value of `API_GATEWAY` indicates that you have integrated an API
-    #   Gateway endpoint that will be invoked for authenticating your user
-    #   into the service.
+    #   Specifies the mode of authentication for a server. The default value
+    #   is `SERVICE_MANAGED`, which allows you to store and access user
+    #   credentials within the Amazon Web Services Transfer Family service.
+    #
+    #   Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
+    #   groups in Amazon Web Services Managed Active Directory or Microsoft
+    #   Active Directory in your on-premises environment or in Amazon Web
+    #   Services using AD Connectors. This option also requires you to
+    #   provide a Directory ID using the `IdentityProviderDetails`
+    #   parameter.
+    #
+    #   Use the `API_GATEWAY` value to integrate with an identity provider
+    #   of your choosing. The `API_GATEWAY` setting requires you to provide
+    #   an API Gateway endpoint URL to call for authentication using the
+    #   `IdentityProviderDetails` parameter.
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   Specifies the AWS Identity and Access Management (IAM) role that
-    #   allows a server to turn on Amazon CloudWatch logging for Amazon S3
+    #   Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
+    #   Identity and Access Management (IAM) role that allows a server to
+    #   turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
     #   events. When set, user activity can be viewed in your CloudWatch
     #   logs.
     #   @return [String]
@@ -769,6 +1230,7 @@ module Aws::Transfer
     class DescribedServer < Struct.new(
       :arn,
       :certificate,
+      :protocol_details,
       :domain,
       :endpoint_details,
       :endpoint_type,
@@ -794,52 +1256,66 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory
-    #   Specifies the landing directory (or folder), which is the location
-    #   that files are written to or read from in an Amazon S3 bucket, for
-    #   the described user. An example is <i>
-    #   <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
+    #   The landing directory (folder) for a user when they log in to the
+    #   server using the client.
+    #
+    #   A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_mappings
-    #   Specifies the logical directory mappings that specify what Amazon S3
+    #   Logical directory mappings that specify what Amazon S3 or Amazon EFS
     #   paths and keys should be visible to your user and how you want to
-    #   make them visible. You will need to specify the "`Entry`" and
-    #   "`Target`" pair, where `Entry` shows how the path is made visible
-    #   and `Target` is the actual Amazon S3 path. If you only specify a
-    #   target, it will be displayed as is. You will need to also make sure
-    #   that your AWS Identity and Access Management (IAM) role provides
-    #   access to paths in `Target`.
+    #   make them visible. You must specify the `Entry` and `Target` pair,
+    #   where `Entry` shows how the path is made visible and `Target` is the
+    #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
+    #   it is displayed as is. You also must ensure that your Amazon Web
+    #   Services Identity and Access Management (IAM) role provides access
+    #   to paths in `Target`. This value can only be set when
+    #   `HomeDirectoryType` is set to *LOGICAL*.
     #
     #   In most cases, you can use this value instead of the scope-down
     #   policy to lock your user down to the designated home directory
-    #   ("chroot"). To do this, you can set `Entry` to '/' and set
+    #   ("`chroot`"). To do this, you can set `Entry` to '/' and set
     #   `Target` to the HomeDirectory parameter value.
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] home_directory_type
-    #   Specifies the type of landing directory (folder) you mapped for your
-    #   users to see when they log into the file transfer protocol-enabled
-    #   server. If you set it to `PATH`, the user will see the absolute
-    #   Amazon S3 bucket paths as is in their file transfer protocol
-    #   clients. If you set it `LOGICAL`, you will need to provide mappings
-    #   in the `HomeDirectoryMappings` for how you want to make Amazon S3
+    #   The type of landing directory (folder) you want your users' home
+    #   directory to be when they log into the server. If you set it to
+    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
+    #   as is in their file transfer protocol clients. If you set it
+    #   `LOGICAL`, you will need to provide mappings in the
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
     #   paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] policy
-    #   Specifies the name of the policy in use for the described user.
+    #   A scope-down policy for your user so that you can use the same IAM
+    #   role across multiple users. This policy scopes down user access to
+    #   portions of their Amazon S3 bucket. Variables that you can use
+    #   inside this policy include `$\{Transfer:UserName\}`,
+    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
     #   @return [String]
     #
     # @!attribute [rw] posix_profile
+    #   Specifies the full POSIX identity, including user ID (`Uid`), group
+    #   ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
+    #   controls your users' access to your Amazon Elastic File System
+    #   (Amazon EFS) file systems. The POSIX permissions that are set on
+    #   files and directories in your file system determine the level of
+    #   access your users get when transferring files into and out of your
+    #   Amazon EFS file systems.
     #   @return [Types::PosixProfile]
     #
     # @!attribute [rw] role
-    #   Specifies the IAM role that controls your users' access to your
-    #   Amazon S3 bucket. The policies attached to this role will determine
-    #   the level of access you want to provide your users when transferring
-    #   files into and out of your Amazon S3 bucket or buckets. The IAM role
-    #   should also contain a trust relationship that allows a server to
-    #   access your resources when servicing your users' transfer requests.
+    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
+    #   controls your users' access to your Amazon S3 bucket or EFS file
+    #   system. The policies attached to this role determine the level of
+    #   access that you want to provide your users when transferring files
+    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
+    #   role should also contain a trust relationship that allows the server
+    #   to access your resources when servicing your users' transfer
+    #   requests.
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_keys
@@ -879,7 +1355,19 @@ module Aws::Transfer
     # for your file transfer protocol-enabled server. With a VPC endpoint,
     # you can restrict access to your server and resources only within your
     # VPC. To control incoming internet traffic, invoke the `UpdateServer`
-    # API and attach an Elastic IP to your server's endpoint.
+    # API and attach an Elastic IP address to your server's endpoint.
+    #
+    # <note markdown="1"> After May 19, 2021, you won't be able to create a server using
+    # `EndpointType=VPC_ENDPOINT` in your Amazon Web Servicesaccount if your
+    # account hasn't already done so before May 19, 2021. If you have
+    # already created servers with `EndpointType=VPC_ENDPOINT` in your
+    # Amazon Web Servicesaccount on or before May 19, 2021, you will not be
+    # affected. After this date, use `EndpointType`=`VPC`.
+    #
+    #  For more information, see
+    # https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
+    #
+    #  </note>
     #
     # @note When making an API call, you may pass EndpointDetails
     #   data as a hash:
@@ -917,6 +1405,9 @@ module Aws::Transfer
     #   <note markdown="1"> This property can only be set when `EndpointType` is set to
     #   `VPC_ENDPOINT`.
     #
+    #    For more information, see
+    #   https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
+    #
     #    </note>
     #   @return [String]
     #
@@ -934,11 +1425,18 @@ module Aws::Transfer
     #
     #   <note markdown="1"> This property can only be set when `EndpointType` is set to `VPC`.
     #
-    #    You can only edit the `SecurityGroupIds` property in the
-    #   `UpdateServer` API and only if you are changing the `EndpointType`
-    #   from `PUBLIC` or `VPC_ENDPOINT` to `VPC`.
+    #    You can edit the `SecurityGroupIds` property in the
+    #   [UpdateServer][1] API only if you are changing the `EndpointType`
+    #   from `PUBLIC` or `VPC_ENDPOINT` to `VPC`. To change security groups
+    #   associated with your server's VPC endpoint after creation, use the
+    #   Amazon EC2 [ModifyVpcEndpoint][2] API.
     #
     #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateServer.html
+    #   [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/EndpointDetails AWS API Documentation
@@ -956,6 +1454,21 @@ module Aws::Transfer
     # Represents an object that contains entries and targets for
     # `HomeDirectoryMappings`.
     #
+    # The following is an `Entry` and `Target` pair example for `chroot`.
+    #
+    # `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
+    #
+    # <note markdown="1"> If the target of a logical directory entry does not exist in Amazon S3
+    # or EFS, the entry is ignored. As a workaround, you can use the Amazon
+    # S3 API or EFS API to create 0 byte objects as place holders for your
+    # directory. If using the CLI, use the `s3api` or `efsapi` call instead
+    # of `s3` or `efs` so you can use the put-object operation. For example,
+    # you use the following: `aws s3api put-object --bucket bucketname --key
+    # path/to/folder/`. Make sure that the end of the key name ends in a `/`
+    # for it to be considered a folder.
+    #
+    #  </note>
+    #
     # @note When making an API call, you may pass HomeDirectoryMapEntry
     #   data as a hash:
     #
@@ -965,7 +1478,7 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] entry
-    #   Represents an entry and a target for `HomeDirectoryMappings`.
+    #   Represents an entry for `HomeDirectoryMappings`.
     #   @return [String]
     #
     # @!attribute [rw] target
@@ -991,6 +1504,7 @@ module Aws::Transfer
     #       {
     #         url: "Url",
     #         invocation_role: "Role",
+    #         directory_id: "DirectoryId",
     #       }
     #
     # @!attribute [rw] url
@@ -1003,11 +1517,17 @@ module Aws::Transfer
     #   account.
     #   @return [String]
     #
+    # @!attribute [rw] directory_id
+    #   The identifier of the Amazon Web ServicesDirectory Service directory
+    #   that you want to stop sharing.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/IdentityProviderDetails AWS API Documentation
     #
     class IdentityProviderDetails < Struct.new(
       :url,
-      :invocation_role)
+      :invocation_role,
+      :directory_id)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1070,8 +1590,8 @@ module Aws::Transfer
       include Aws::Structure
     end
 
-    # This exception is thrown when an error occurs in the AWS Transfer
-    # Family service.
+    # This exception is thrown when an error occurs in the Amazon Web
+    # ServicesTransfer Family service.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1110,6 +1630,68 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListAccessesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #         server_id: "ServerId", # required
+    #       }
+    #
+    # @!attribute [rw] max_results
+    #   Specifies the maximum number of access SIDs to return.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   When you can get additional results from the `ListAccesses` call, a
+    #   `NextToken` parameter is returned in the output. You can then pass
+    #   in a subsequent command to the `NextToken` parameter to continue
+    #   listing additional accesses.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server that has users
+    #   assigned to it.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAccessesRequest AWS API Documentation
+    #
+    class ListAccessesRequest < Struct.new(
+      :max_results,
+      :next_token,
+      :server_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   When you can get additional results from the `ListAccesses` call, a
+    #   `NextToken` parameter is returned in the output. You can then pass
+    #   in a subsequent command to the `NextToken` parameter to continue
+    #   listing additional accesses.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server that has users
+    #   assigned to it.
+    #   @return [String]
+    #
+    # @!attribute [rw] accesses
+    #   Returns the accesses and their properties for the `ServerId` value
+    #   that you specify.
+    #   @return [Array<Types::ListedAccess>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAccessesResponse AWS API Documentation
+    #
+    class ListAccessesResponse < Struct.new(
+      :next_token,
+      :server_id,
+      :accesses)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListSecurityPoliciesRequest
     #   data as a hash:
     #
@@ -1219,8 +1801,8 @@ module Aws::Transfer
     #
     # @!attribute [rw] arn
     #   Requests the tags associated with a particular Amazon Resource Name
-    #   (ARN). An ARN is an identifier for a specific AWS resource, such as
-    #   a server, user, or role.
+    #   (ARN). An ARN is an identifier for a specific Amazon Web Services
+    #   resource, such as a server, user, or role.
     #   @return [String]
     #
     # @!attribute [rw] max_results
@@ -1335,6 +1917,67 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # Lists the properties for one or more specified associated accesses.
+    #
+    # @!attribute [rw] home_directory
+    #   The landing directory (folder) for a user when they log in to the
+    #   server using the client.
+    #
+    #   A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
+    #   @return [String]
+    #
+    # @!attribute [rw] home_directory_type
+    #   The type of landing directory (folder) you want your users' home
+    #   directory to be when they log into the server. If you set it to
+    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
+    #   as is in their file transfer protocol clients. If you set it
+    #   `LOGICAL`, you will need to provide mappings in the
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
+    #   paths visible to your users.
+    #   @return [String]
+    #
+    # @!attribute [rw] role
+    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
+    #   controls your users' access to your Amazon S3 bucket or EFS file
+    #   system. The policies attached to this role determine the level of
+    #   access that you want to provide your users when transferring files
+    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
+    #   role should also contain a trust relationship that allows the server
+    #   to access your resources when servicing your users' transfer
+    #   requests.
+    #   @return [String]
+    #
+    # @!attribute [rw] external_id
+    #   A unique identifier that is required to identify specific groups
+    #   within your directory. The users of the group that you associate
+    #   have access to your Amazon S3 or Amazon EFS resources over the
+    #   enabled protocols using Amazon Web Services Transfer Family. If you
+    #   know the group name, you can view the SID values by running the
+    #   following command using Windows PowerShell.
+    #
+    #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
+    #   -Properties * | Select SamAccountName,ObjectSid`
+    #
+    #   In that command, replace *YourGroupName* with the name of your
+    #   Active Directory group.
+    #
+    #   The regex used to validate this parameter is a string of characters
+    #   consisting of uppercase and lowercase alphanumeric characters with
+    #   no spaces. You can also include underscores or any of the following
+    #   characters: =,.@:/-
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedAccess AWS API Documentation
+    #
+    class ListedAccess < Struct.new(
+      :home_directory,
+      :home_directory_type,
+      :role,
+      :external_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Returns properties of a file transfer protocol-enabled server that was
     # specified.
     #
@@ -1344,13 +1987,26 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] domain
+    #   Specifies the domain of the storage system that is used for file
+    #   transfers.
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_type
-    #   Specifies the authentication method used to validate a user for a
-    #   server that was specified. This can include Secure Shell (SSH), user
-    #   name and password combinations, or your own custom authentication
-    #   method. Valid values include `SERVICE_MANAGED` or `API_GATEWAY`.
+    #   Specifies the mode of authentication for a server. The default value
+    #   is `SERVICE_MANAGED`, which allows you to store and access user
+    #   credentials within the Amazon Web Services Transfer Family service.
+    #
+    #   Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
+    #   groups in Amazon Web Services Managed Active Directory or Microsoft
+    #   Active Directory in your on-premises environment or in Amazon Web
+    #   Services using AD Connectors. This option also requires you to
+    #   provide a Directory ID using the `IdentityProviderDetails`
+    #   parameter.
+    #
+    #   Use the `API_GATEWAY` value to integrate with an identity provider
+    #   of your choosing. The `API_GATEWAY` setting requires you to provide
+    #   an API Gateway endpoint URL to call for authentication using the
+    #   `IdentityProviderDetails` parameter.
     #   @return [String]
     #
     # @!attribute [rw] endpoint_type
@@ -1360,8 +2016,11 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   Specifies the AWS Identity and Access Management (IAM) role that
-    #   allows a server to turn on Amazon CloudWatch logging.
+    #   Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
+    #   Identity and Access Management (IAM) role that allows a server to
+    #   turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
+    #   events. When set, user activity can be viewed in your CloudWatch
+    #   logs.
     #   @return [String]
     #
     # @!attribute [rw] server_id
@@ -1409,26 +2068,41 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory
-    #   Specifies the location that files are written to or read from an
-    #   Amazon S3 bucket for the user you specify by their ARN.
+    #   The landing directory (folder) for a user when they log in to the
+    #   server using the client.
+    #
+    #   A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
-    #   Specifies the type of landing directory (folder) you mapped for your
-    #   users' home directory. If you set it to `PATH`, the user will see
-    #   the absolute Amazon S3 bucket paths as is in their file transfer
-    #   protocol clients. If you set it `LOGICAL`, you will need to provide
-    #   mappings in the `HomeDirectoryMappings` for how you want to make
-    #   Amazon S3 paths visible to your users.
+    #   The type of landing directory (folder) you want your users' home
+    #   directory to be when they log into the server. If you set it to
+    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
+    #   as is in their file transfer protocol clients. If you set it
+    #   `LOGICAL`, you will need to provide mappings in the
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
+    #   paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] role
-    #   Specifies the role that is in use by this user. A *role* is an AWS
-    #   Identity and Access Management (IAM) entity that, in this case,
-    #   allows a file transfer protocol-enabled server to act on a user's
-    #   behalf. It allows the server to inherit the trust relationship that
-    #   enables that user to perform file operations to their Amazon S3
-    #   bucket.
+    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
+    #   controls your users' access to your Amazon S3 bucket or EFS file
+    #   system. The policies attached to this role determine the level of
+    #   access that you want to provide your users when transferring files
+    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
+    #   role should also contain a trust relationship that allows the server
+    #   to access your resources when servicing your users' transfer
+    #   requests.
+    #
+    #   <note markdown="1"> The IAM role that controls your users' access to your Amazon S3
+    #   bucket for servers with `Domain=S3`, or your EFS file system for
+    #   servers with `Domain=EFS`.
+    #
+    #    The policies attached to this role determine the level of access you
+    #   want to provide your users when transferring files into and out of
+    #   your S3 buckets or EFS file systems.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_key_count
@@ -1454,6 +2128,13 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # The full POSIX identity, including user ID (`Uid`), group ID (`Gid`),
+    # and any secondary groups IDs (`SecondaryGids`), that controls your
+    # users' access to your Amazon EFS file systems. The POSIX permissions
+    # that are set on files and directories in your file system determine
+    # the level of access your users get when transferring files into and
+    # out of your Amazon EFS file systems.
+    #
     # @note When making an API call, you may pass PosixProfile
     #   data as a hash:
     #
@@ -1464,12 +2145,16 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] uid
+    #   The POSIX user ID used for all EFS operations by this user.
     #   @return [Integer]
     #
     # @!attribute [rw] gid
+    #   The POSIX group ID used for all EFS operations by this user.
     #   @return [Integer]
     #
     # @!attribute [rw] secondary_gids
+    #   The secondary POSIX group IDs used for all EFS operations by this
+    #   user.
     #   @return [Array<Integer>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/PosixProfile AWS API Documentation
@@ -1482,6 +2167,38 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # The protocol settings that are configured for your server.
+    #
+    # <note markdown="1"> This type is only valid in the `UpdateServer` API.
+    #
+    #  </note>
+    #
+    # @note When making an API call, you may pass ProtocolDetails
+    #   data as a hash:
+    #
+    #       {
+    #         passive_ip: "PassiveIp",
+    #       }
+    #
+    # @!attribute [rw] passive_ip
+    #   Indicates passive mode, for FTP and FTPS protocols. Enter a single
+    #   dotted-quad IPv4 address, such as the external IP address of a
+    #   firewall, router, or load balancer. For example:
+    #
+    #   ` aws transfer update-server --protocol-details PassiveIp=0.0.0.0 `
+    #
+    #   Replace ` 0.0.0.0 ` in the example above with the actual IP address
+    #   you want to use.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ProtocolDetails AWS API Documentation
+    #
+    class ProtocolDetails < Struct.new(
+      :passive_ip)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The requested resource does not exist.
     #
     # @!attribute [rw] message
@@ -1503,8 +2220,8 @@ module Aws::Transfer
       include Aws::Structure
     end
 
-    # This exception is thrown when a resource is not found by the AWS
-    # Transfer Family service.
+    # This exception is thrown when a resource is not found by the Amazon
+    # Web ServicesTransfer Family service.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1525,8 +2242,8 @@ module Aws::Transfer
       include Aws::Structure
     end
 
-    # The request has failed because the AWS Transfer Family service is not
-    # available.
+    # The request has failed because the Amazon Web ServicesTransfer Family
+    # service is not available.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1656,8 +2373,8 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] arn
-    #   An Amazon Resource Name (ARN) for a specific AWS resource, such as a
-    #   server, user, or role.
+    #   An Amazon Resource Name (ARN) for a specific Amazon Web Services
+    #   resource, such as a server, user, or role.
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -1779,8 +2496,8 @@ module Aws::Transfer
     #
     # @!attribute [rw] arn
     #   The value of the resource that will have the tag removed. An Amazon
-    #   Resource Name (ARN) is an identifier for a specific AWS resource,
-    #   such as a server, user, or role.
+    #   Resource Name (ARN) is an identifier for a specific Amazon Web
+    #   Services resource, such as a server, user, or role.
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
@@ -1798,11 +2515,199 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass UpdateAccessRequest
+    #   data as a hash:
+    #
+    #       {
+    #         home_directory: "HomeDirectory",
+    #         home_directory_type: "PATH", # accepts PATH, LOGICAL
+    #         home_directory_mappings: [
+    #           {
+    #             entry: "MapEntry", # required
+    #             target: "MapTarget", # required
+    #           },
+    #         ],
+    #         policy: "Policy",
+    #         posix_profile: {
+    #           uid: 1, # required
+    #           gid: 1, # required
+    #           secondary_gids: [1],
+    #         },
+    #         role: "Role",
+    #         server_id: "ServerId", # required
+    #         external_id: "ExternalId", # required
+    #       }
+    #
+    # @!attribute [rw] home_directory
+    #   The landing directory (folder) for a user when they log in to the
+    #   server using the client.
+    #
+    #   A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
+    #   @return [String]
+    #
+    # @!attribute [rw] home_directory_type
+    #   The type of landing directory (folder) you want your users' home
+    #   directory to be when they log into the server. If you set it to
+    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
+    #   as is in their file transfer protocol clients. If you set it
+    #   `LOGICAL`, you will need to provide mappings in the
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
+    #   paths visible to your users.
+    #   @return [String]
+    #
+    # @!attribute [rw] home_directory_mappings
+    #   Logical directory mappings that specify what Amazon S3 or Amazon EFS
+    #   paths and keys should be visible to your user and how you want to
+    #   make them visible. You must specify the `Entry` and `Target` pair,
+    #   where `Entry` shows how the path is made visible and `Target` is the
+    #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
+    #   it is displayed as is. You also must ensure that your Amazon Web
+    #   Services Identity and Access Management (IAM) role provides access
+    #   to paths in `Target`. This value can only be set when
+    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #
+    #   The following is an `Entry` and `Target` pair example.
+    #
+    #   `[ \{ "Entry": "your-personal-report.pdf", "Target":
+    #   "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
+    #
+    #   In most cases, you can use this value instead of the scope-down
+    #   policy to lock down your user to the designated home directory
+    #   ("`chroot`"). To do this, you can set `Entry` to `/` and set
+    #   `Target` to the `HomeDirectory` parameter value.
+    #
+    #   The following is an `Entry` and `Target` pair example for `chroot`.
+    #
+    #   `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
+    #
+    #   <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
+    #   S3 or EFS, the entry is ignored. As a workaround, you can use the
+    #   Amazon S3 API or EFS API to create 0 byte objects as place holders
+    #   for your directory. If using the CLI, use the `s3api` or `efsapi`
+    #   call instead of `s3` or `efs` so you can use the put-object
+    #   operation. For example, you use the following: `aws s3api put-object
+    #   --bucket bucketname --key path/to/folder/`. Make sure that the end
+    #   of the key name ends in a `/` for it to be considered a folder.
+    #
+    #    </note>
+    #   @return [Array<Types::HomeDirectoryMapEntry>]
+    #
+    # @!attribute [rw] policy
+    #   A scope-down policy for your user so that you can use the same IAM
+    #   role across multiple users. This policy scopes down user access to
+    #   portions of their Amazon S3 bucket. Variables that you can use
+    #   inside this policy include `$\{Transfer:UserName\}`,
+    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
+    #
+    #   <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
+    #   not use scope down policy.
+    #
+    #    For scope-down policies, Amazon Web ServicesTransfer Family stores
+    #   the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
+    #   of the policy. You save the policy as a JSON blob and pass it in the
+    #   `Policy` argument.
+    #
+    #    For an example of a scope-down policy, see [Example scope-down
+    #   policy][1].
+    #
+    #    For more information, see [AssumeRole][2] in the *Amazon Web
+    #   ServicesSecurity Token Service API Reference*.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/scope-down-policy.html
+    #   [2]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
+    #   @return [String]
+    #
+    # @!attribute [rw] posix_profile
+    #   The full POSIX identity, including user ID (`Uid`), group ID
+    #   (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
+    #   controls your users' access to your Amazon EFS file systems. The
+    #   POSIX permissions that are set on files and directories in your file
+    #   system determine the level of access your users get when
+    #   transferring files into and out of your Amazon EFS file systems.
+    #   @return [Types::PosixProfile]
+    #
+    # @!attribute [rw] role
+    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
+    #   controls your users' access to your Amazon S3 bucket or EFS file
+    #   system. The policies attached to this role determine the level of
+    #   access that you want to provide your users when transferring files
+    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
+    #   role should also contain a trust relationship that allows the server
+    #   to access your resources when servicing your users' transfer
+    #   requests.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server instance. This is
+    #   the specific server that you added your user to.
+    #   @return [String]
+    #
+    # @!attribute [rw] external_id
+    #   A unique identifier that is required to identify specific groups
+    #   within your directory. The users of the group that you associate
+    #   have access to your Amazon S3 or Amazon EFS resources over the
+    #   enabled protocols using Amazon Web Services Transfer Family. If you
+    #   know the group name, you can view the SID values by running the
+    #   following command using Windows PowerShell.
+    #
+    #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
+    #   -Properties * | Select SamAccountName,ObjectSid`
+    #
+    #   In that command, replace *YourGroupName* with the name of your
+    #   Active Directory group.
+    #
+    #   The regex used to validate this parameter is a string of characters
+    #   consisting of uppercase and lowercase alphanumeric characters with
+    #   no spaces. You can also include underscores or any of the following
+    #   characters: =,.@:/-
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessRequest AWS API Documentation
+    #
+    class UpdateAccessRequest < Struct.new(
+      :home_directory,
+      :home_directory_type,
+      :home_directory_mappings,
+      :policy,
+      :posix_profile,
+      :role,
+      :server_id,
+      :external_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] server_id
+    #   The ID of the server that the user is attached to.
+    #   @return [String]
+    #
+    # @!attribute [rw] external_id
+    #   The external ID of the group whose users have access to your Amazon
+    #   S3 or Amazon EFS resources over the enabled protocols using Amazon
+    #   Web ServicesTransfer Family.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessResponse AWS API Documentation
+    #
+    class UpdateAccessResponse < Struct.new(
+      :server_id,
+      :external_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateServerRequest
     #   data as a hash:
     #
     #       {
     #         certificate: "Certificate",
+    #         protocol_details: {
+    #           passive_ip: "PassiveIp",
+    #         },
     #         endpoint_details: {
     #           address_allocation_ids: ["AddressAllocationId"],
     #           subnet_ids: ["SubnetId"],
@@ -1815,6 +2720,7 @@ module Aws::Transfer
     #         identity_provider_details: {
     #           url: "Url",
     #           invocation_role: "Role",
+    #           directory_id: "DirectoryId",
     #         },
     #         logging_role: "NullableRole",
     #         protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
@@ -1823,19 +2729,21 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] certificate
-    #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
-    #   certificate. Required when `Protocols` is set to `FTPS`.
+    #   The Amazon Resource Name (ARN) of the Amazon Web ServicesCertificate
+    #   Manager (ACM) certificate. Required when `Protocols` is set to
+    #   `FTPS`.
     #
     #   To request a new public certificate, see [Request a public
-    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #   certificate][1] in the <i> Amazon Web ServicesCertificate Manager
+    #   User Guide</i>.
     #
     #   To import an existing certificate into ACM, see [Importing
-    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
-    #   Guide</i>.
+    #   certificates into ACM][2] in the <i> Amazon Web ServicesCertificate
+    #   Manager User Guide</i>.
     #
     #   To request a private certificate to use FTPS through private IP
-    #   addresses, see [Request a private certificate][3] in the <i> AWS
-    #   Certificate Manager User Guide</i>.
+    #   addresses, see [Request a private certificate][3] in the <i> Amazon
+    #   Web ServicesCertificate Manager User Guide</i>.
     #
     #   Certificates with the following cryptographic algorithms and key
     #   sizes are supported:
@@ -1862,21 +2770,42 @@ module Aws::Transfer
     #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
     #   @return [String]
     #
+    # @!attribute [rw] protocol_details
+    #   The protocol settings that are configured for your server.
+    #
+    #   Use the `PassiveIp` parameter to indicate passive mode (for FTP and
+    #   FTPS protocols). Enter a single dotted-quad IPv4 address, such as
+    #   the external IP address of a firewall, router, or load balancer.
+    #   @return [Types::ProtocolDetails]
+    #
     # @!attribute [rw] endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are
-    #   configured for your server. With a VPC endpoint, you can restrict
-    #   access to your server to resources only within your VPC. To control
-    #   incoming internet traffic, you will need to associate one or more
-    #   Elastic IP addresses with your server's endpoint.
+    #   configured for your server. When you host your endpoint within your
+    #   VPC, you can make it accessible only to resources within your VPC,
+    #   or you can attach Elastic IP addresses and make it accessible to
+    #   clients over the internet. Your VPC's default security groups are
+    #   automatically assigned to your endpoint.
     #   @return [Types::EndpointDetails]
     #
     # @!attribute [rw] endpoint_type
-    #   The type of endpoint that you want your server to connect to. You
-    #   can choose to connect to the public internet or a VPC endpoint. With
-    #   a VPC endpoint, you can restrict access to your server and resources
-    #   only within your VPC.
-    #
-    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With
+    #   The type of endpoint that you want your server to use. You can
+    #   choose to make your server's endpoint publicly accessible (PUBLIC)
+    #   or host it inside your VPC. With an endpoint that is hosted in a
+    #   VPC, you can restrict access to your server and resources only
+    #   within your VPC or choose to make it internet facing by attaching
+    #   Elastic IP addresses directly to it.
+    #
+    #   <note markdown="1"> After May 19, 2021, you won't be able to create a server using
+    #   `EndpointType=VPC_ENDPOINT` in your Amazon Web Servicesaccount if
+    #   your account hasn't already done so before May 19, 2021. If you
+    #   have already created servers with `EndpointType=VPC_ENDPOINT` in
+    #   your Amazon Web Servicesaccount on or before May 19, 2021, you will
+    #   not be affected. After this date, use `EndpointType`=`VPC`.
+    #
+    #    For more information, see
+    #   https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
+    #
+    #    It is recommended that you use `VPC` as the `EndpointType`. With
     #   this endpoint type, you have the option to directly associate up to
     #   three Elastic IPv4 addresses (BYO IP included) with your server's
     #   endpoint and use VPC security groups to restrict traffic by the
@@ -1895,7 +2824,7 @@ module Aws::Transfer
     #   changing a server's host key can be disruptive.
     #
     #   For more information, see [Change the host key for your SFTP-enabled
-    #   server][1] in the *AWS Transfer Family User Guide*.
+    #   server][1] in the *Amazon Web ServicesTransfer Family User Guide*.
     #
     #
     #
@@ -1908,9 +2837,11 @@ module Aws::Transfer
     #   @return [Types::IdentityProviderDetails]
     #
     # @!attribute [rw] logging_role
-    #   Changes the AWS Identity and Access Management (IAM) role that
-    #   allows Amazon S3 events to be logged in Amazon CloudWatch, turning
-    #   logging on or off.
+    #   Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
+    #   Identity and Access Management (IAM) role that allows a server to
+    #   turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
+    #   events. When set, user activity can be viewed in your CloudWatch
+    #   logs.
     #   @return [String]
     #
     # @!attribute [rw] protocols
@@ -1926,13 +2857,13 @@ module Aws::Transfer
     #
     #   * File Transfer Protocol (FTP): Unencrypted file transfer
     #
-    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
-    #   Certificate Manager (ACM) which will be used to identify your server
-    #   when clients connect to it over FTPS.
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
+    #   Web ServicesCertificate Manager (ACM) which will be used to identify
+    #   your server when clients connect to it over FTPS.
     #
     #    If `Protocol` includes either `FTP` or `FTPS`, then the
     #   `EndpointType` must be `VPC` and the `IdentityProviderType` must be
-    #   `API_GATEWAY`.
+    #   `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
     #
     #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
     #   associated.
@@ -1958,6 +2889,7 @@ module Aws::Transfer
     #
     class UpdateServerRequest < Struct.new(
       :certificate,
+      :protocol_details,
       :endpoint_details,
       :endpoint_type,
       :host_key,
@@ -2007,69 +2939,79 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] home_directory
-    #   Specifies the landing directory (folder) for a user when they log in
-    #   to the server using their file transfer protocol client.
+    #   The landing directory (folder) for a user when they log in to the
+    #   server using the client.
     #
-    #   An example is `your-Amazon-S3-bucket-name>/home/username`.
+    #   A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
     #   The type of landing directory (folder) you want your users' home
     #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket paths as is
-    #   in their file transfer protocol clients. If you set it `LOGICAL`,
-    #   you will need to provide mappings in the `HomeDirectoryMappings` for
-    #   how you want to make Amazon S3 paths visible to your users.
+    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
+    #   as is in their file transfer protocol clients. If you set it
+    #   `LOGICAL`, you will need to provide mappings in the
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
+    #   paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_mappings
-    #   Logical directory mappings that specify what Amazon S3 paths and
-    #   keys should be visible to your user and how you want to make them
-    #   visible. You will need to specify the "`Entry`" and "`Target`"
-    #   pair, where `Entry` shows how the path is made visible and `Target`
-    #   is the actual Amazon S3 path. If you only specify a target, it will
-    #   be displayed as is. You will need to also make sure that your IAM
-    #   role provides access to paths in `Target`. The following is an
-    #   example.
-    #
-    #   `'[ "/bucket2/documentation", \{ "Entry":
-    #   "your-personal-report.pdf", "Target":
-    #   "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]'`
+    #   Logical directory mappings that specify what Amazon S3 or Amazon EFS
+    #   paths and keys should be visible to your user and how you want to
+    #   make them visible. You must specify the `Entry` and `Target` pair,
+    #   where `Entry` shows how the path is made visible and `Target` is the
+    #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
+    #   it is displayed as is. You also must ensure that your Amazon Web
+    #   Services Identity and Access Management (IAM) role provides access
+    #   to paths in `Target`. This value can only be set when
+    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #
+    #   The following is an `Entry` and `Target` pair example.
+    #
+    #   `[ \{ "Entry": "your-personal-report.pdf", "Target":
+    #   "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
     #
     #   In most cases, you can use this value instead of the scope-down
-    #   policy to lock your user down to the designated home directory
-    #   ("chroot"). To do this, you can set `Entry` to '/' and set
+    #   policy to lock down your user to the designated home directory
+    #   ("`chroot`"). To do this, you can set `Entry` to '/' and set
     #   `Target` to the HomeDirectory parameter value.
     #
+    #   The following is an `Entry` and `Target` pair example for `chroot`.
+    #
+    #   `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
+    #
     #   <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
-    #   S3, the entry will be ignored. As a workaround, you can use the
-    #   Amazon S3 API to create 0 byte objects as place holders for your
-    #   directory. If using the CLI, use the `s3api` call instead of `s3` so
-    #   you can use the put-object operation. For example, you use the
-    #   following: `aws s3api put-object --bucket bucketname --key
-    #   path/to/folder/`. Make sure that the end of the key name ends in a /
-    #   for it to be considered a folder.
+    #   S3 or EFS, the entry is ignored. As a workaround, you can use the
+    #   Amazon S3 API or EFS API to create 0 byte objects as place holders
+    #   for your directory. If using the CLI, use the `s3api` or `efsapi`
+    #   call instead of `s3` or `efs` so you can use the put-object
+    #   operation. For example, you use the following: `aws s3api put-object
+    #   --bucket bucketname --key path/to/folder/`. Make sure that the end
+    #   of the key name ends in a `/` for it to be considered a folder.
     #
     #    </note>
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] policy
-    #   Allows you to supply a scope-down policy for your user so you can
-    #   use the same IAM role across multiple users. The policy scopes down
-    #   user access to portions of your Amazon S3 bucket. Variables you can
-    #   use inside this policy include `$\{Transfer:UserName\}`,
+    #   A scope-down policy for your user so that you can use the same IAM
+    #   role across multiple users. This policy scopes down user access to
+    #   portions of their Amazon S3 bucket. Variables that you can use
+    #   inside this policy include `$\{Transfer:UserName\}`,
     #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
     #
-    #   <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
-    #   JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
-    #   You save the policy as a JSON blob and pass it in the `Policy`
-    #   argument.
+    #   <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
+    #   not use scope-down policies.
+    #
+    #    For scope-down policies, Amazon Web ServicesTransfer Family stores
+    #   the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
+    #   of the policy. You save the policy as a JSON blob and pass it in the
+    #   `Policy` argument.
     #
     #    For an example of a scope-down policy, see [Creating a scope-down
     #   policy][1].
     #
-    #    For more information, see [AssumeRole][2] in the *AWS Security Token
-    #   Service API Reference*.
+    #    For more information, see [AssumeRole][2] in the *Amazon Web
+    #   Services Security Token Service API Reference*.
     #
     #    </note>
     #
@@ -2080,15 +3022,24 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] posix_profile
+    #   Specifies the full POSIX identity, including user ID (`Uid`), group
+    #   ID (`Gid`), and any secondary groups IDs (`SecondaryGids`), that
+    #   controls your users' access to your Amazon Elastic File Systems
+    #   (Amazon EFS). The POSIX permissions that are set on files and
+    #   directories in your file system determines the level of access your
+    #   users get when transferring files into and out of your Amazon EFS
+    #   file systems.
     #   @return [Types::PosixProfile]
     #
     # @!attribute [rw] role
-    #   The IAM role that controls your users' access to your Amazon S3
-    #   bucket. The policies attached to this role will determine the level
-    #   of access you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or buckets. The IAM role
-    #   should also contain a trust relationship that allows the server to
-    #   access your resources when servicing your users' transfer requests.
+    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
+    #   controls your users' access to your Amazon S3 bucket or EFS file
+    #   system. The policies attached to this role determine the level of
+    #   access that you want to provide your users when transferring files
+    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
+    #   role should also contain a trust relationship that allows the server
+    #   to access your resources when servicing your users' transfer
+    #   requests.
     #   @return [String]
     #
     # @!attribute [rw] server_id