aws-sdk-transfer 1.33.0 → 1.37.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-transfer.rb +1 -1
- data/lib/aws-sdk-transfer/client.rb +263 -240
- data/lib/aws-sdk-transfer/client_api.rb +7 -0
- data/lib/aws-sdk-transfer/types.rb +502 -369
- metadata +4 -4
@@ -83,10 +83,12 @@ module Aws::Transfer
|
|
83
83
|
Message = Shapes::StringShape.new(name: 'Message')
|
84
84
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
85
85
|
NullableRole = Shapes::StringShape.new(name: 'NullableRole')
|
86
|
+
PassiveIp = Shapes::StringShape.new(name: 'PassiveIp')
|
86
87
|
Policy = Shapes::StringShape.new(name: 'Policy')
|
87
88
|
PosixId = Shapes::IntegerShape.new(name: 'PosixId')
|
88
89
|
PosixProfile = Shapes::StructureShape.new(name: 'PosixProfile')
|
89
90
|
Protocol = Shapes::StringShape.new(name: 'Protocol')
|
91
|
+
ProtocolDetails = Shapes::StructureShape.new(name: 'ProtocolDetails')
|
90
92
|
Protocols = Shapes::ListShape.new(name: 'Protocols')
|
91
93
|
Resource = Shapes::StringShape.new(name: 'Resource')
|
92
94
|
ResourceExistsException = Shapes::StructureShape.new(name: 'ResourceExistsException')
|
@@ -257,6 +259,7 @@ module Aws::Transfer
|
|
257
259
|
|
258
260
|
DescribedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
|
259
261
|
DescribedServer.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
262
|
+
DescribedServer.add_member(:protocol_details, Shapes::ShapeRef.new(shape: ProtocolDetails, location_name: "ProtocolDetails"))
|
260
263
|
DescribedServer.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
261
264
|
DescribedServer.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
262
265
|
DescribedServer.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
@@ -402,6 +405,9 @@ module Aws::Transfer
|
|
402
405
|
PosixProfile.add_member(:secondary_gids, Shapes::ShapeRef.new(shape: SecondaryGids, location_name: "SecondaryGids"))
|
403
406
|
PosixProfile.struct_class = Types::PosixProfile
|
404
407
|
|
408
|
+
ProtocolDetails.add_member(:passive_ip, Shapes::ShapeRef.new(shape: PassiveIp, location_name: "PassiveIp"))
|
409
|
+
ProtocolDetails.struct_class = Types::ProtocolDetails
|
410
|
+
|
405
411
|
Protocols.member = Shapes::ShapeRef.new(shape: Protocol)
|
406
412
|
|
407
413
|
ResourceExistsException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
@@ -487,6 +493,7 @@ module Aws::Transfer
|
|
487
493
|
UpdateAccessResponse.struct_class = Types::UpdateAccessResponse
|
488
494
|
|
489
495
|
UpdateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
496
|
+
UpdateServerRequest.add_member(:protocol_details, Shapes::ShapeRef.new(shape: ProtocolDetails, location_name: "ProtocolDetails"))
|
490
497
|
UpdateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
491
498
|
UpdateServerRequest.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
492
499
|
UpdateServerRequest.add_member(:host_key, Shapes::ShapeRef.new(shape: HostKey, location_name: "HostKey"))
|
@@ -65,16 +65,17 @@ module Aws::Transfer
|
|
65
65
|
# The landing directory (folder) for a user when they log in to the
|
66
66
|
# server using the client.
|
67
67
|
#
|
68
|
-
# A `HomeDirectory` example is `/
|
68
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
69
69
|
# @return [String]
|
70
70
|
#
|
71
71
|
# @!attribute [rw] home_directory_type
|
72
|
-
# The type of landing directory (folder)
|
73
|
-
#
|
74
|
-
#
|
75
|
-
# is in their file transfer protocol clients. If you set it
|
76
|
-
# you
|
77
|
-
# want to make Amazon S3
|
72
|
+
# The type of landing directory (folder) you want your users' home
|
73
|
+
# directory to be when they log into the server. If you set it to
|
74
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
75
|
+
# as is in their file transfer protocol clients. If you set it
|
76
|
+
# `LOGICAL`, you will need to provide mappings in the
|
77
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
78
|
+
# paths visible to your users.
|
78
79
|
# @return [String]
|
79
80
|
#
|
80
81
|
# @!attribute [rw] home_directory_mappings
|
@@ -83,10 +84,10 @@ module Aws::Transfer
|
|
83
84
|
# make them visible. You must specify the `Entry` and `Target` pair,
|
84
85
|
# where `Entry` shows how the path is made visible and `Target` is the
|
85
86
|
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
86
|
-
# it
|
87
|
-
# Identity and Access Management (IAM) role provides access
|
88
|
-
# in `Target`. This value can only be set when
|
89
|
-
# set to *LOGICAL*.
|
87
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
88
|
+
# Services Identity and Access Management (IAM) role provides access
|
89
|
+
# to paths in `Target`. This value can only be set when
|
90
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
90
91
|
#
|
91
92
|
# The following is an `Entry` and `Target` pair example.
|
92
93
|
#
|
@@ -100,23 +101,18 @@ module Aws::Transfer
|
|
100
101
|
#
|
101
102
|
# The following is an `Entry` and `Target` pair example for `chroot`.
|
102
103
|
#
|
103
|
-
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
104
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
104
105
|
#
|
105
106
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
106
|
-
# S3 or
|
107
|
-
#
|
108
|
-
#
|
109
|
-
#
|
110
|
-
#
|
111
|
-
#
|
112
|
-
#
|
113
|
-
#
|
114
|
-
# The end of the key name must end in a `/` for it to be considered a
|
115
|
-
# folder.
|
107
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
108
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
109
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
110
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
111
|
+
# operation. For example, you use the following: `aws s3api put-object
|
112
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
113
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
116
114
|
#
|
117
115
|
# </note>
|
118
|
-
#
|
119
|
-
# Required: No
|
120
116
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
121
117
|
#
|
122
118
|
# @!attribute [rw] policy
|
@@ -127,18 +123,18 @@ module Aws::Transfer
|
|
127
123
|
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
128
124
|
#
|
129
125
|
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
130
|
-
# not use scope
|
126
|
+
# not use scope-down policies.
|
131
127
|
#
|
132
|
-
# For scope-down policies,
|
133
|
-
# JSON blob, instead of the Amazon Resource Name (ARN)
|
134
|
-
# You save the policy as a JSON blob and pass it in the
|
135
|
-
# argument.
|
128
|
+
# For scope-down policies, Amazon Web Services Transfer Family stores
|
129
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
130
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
131
|
+
# `Policy` argument.
|
136
132
|
#
|
137
133
|
# For an example of a scope-down policy, see [Example scope-down
|
138
134
|
# policy][1].
|
139
135
|
#
|
140
|
-
# For more information, see [AssumeRole][2] in the *
|
141
|
-
# Service API Reference*.
|
136
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
137
|
+
# Services Security Token Service API Reference*.
|
142
138
|
#
|
143
139
|
# </note>
|
144
140
|
#
|
@@ -158,13 +154,14 @@ module Aws::Transfer
|
|
158
154
|
# @return [Types::PosixProfile]
|
159
155
|
#
|
160
156
|
# @!attribute [rw] role
|
161
|
-
# Specifies the
|
162
|
-
# Amazon S3 bucket or EFS file
|
163
|
-
#
|
164
|
-
#
|
165
|
-
# or EFS file system. The IAM
|
166
|
-
# relationship that allows the server
|
167
|
-
# servicing your users' transfer
|
157
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
158
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
159
|
+
# system. The policies attached to this role determine the level of
|
160
|
+
# access that you want to provide your users when transferring files
|
161
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
162
|
+
# role should also contain a trust relationship that allows the server
|
163
|
+
# to access your resources when servicing your users' transfer
|
164
|
+
# requests.
|
168
165
|
# @return [String]
|
169
166
|
#
|
170
167
|
# @!attribute [rw] server_id
|
@@ -176,12 +173,12 @@ module Aws::Transfer
|
|
176
173
|
# A unique identifier that is required to identify specific groups
|
177
174
|
# within your directory. The users of the group that you associate
|
178
175
|
# have access to your Amazon S3 or Amazon EFS resources over the
|
179
|
-
# enabled protocols using
|
180
|
-
# name, you can view the SID values by running the
|
181
|
-
# using Windows PowerShell.
|
176
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
177
|
+
# know the group name, you can view the SID values by running the
|
178
|
+
# following command using Windows PowerShell.
|
182
179
|
#
|
183
180
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
184
|
-
# -Properties * | Select
|
181
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
185
182
|
#
|
186
183
|
# In that command, replace *YourGroupName* with the name of your
|
187
184
|
# Active Directory group.
|
@@ -213,8 +210,8 @@ module Aws::Transfer
|
|
213
210
|
#
|
214
211
|
# @!attribute [rw] external_id
|
215
212
|
# The external ID of the group whose users have access to your Amazon
|
216
|
-
# S3 or Amazon EFS resources over the enabled protocols using
|
217
|
-
# Transfer Family.
|
213
|
+
# S3 or Amazon EFS resources over the enabled protocols using Amazon
|
214
|
+
# Web Services Transfer Family.
|
218
215
|
# @return [String]
|
219
216
|
#
|
220
217
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessResponse AWS API Documentation
|
@@ -259,19 +256,21 @@ module Aws::Transfer
|
|
259
256
|
# }
|
260
257
|
#
|
261
258
|
# @!attribute [rw] certificate
|
262
|
-
# The Amazon Resource Name (ARN) of the
|
263
|
-
# certificate. Required when `Protocols` is
|
259
|
+
# The Amazon Resource Name (ARN) of the Amazon Web Services
|
260
|
+
# Certificate Manager (ACM) certificate. Required when `Protocols` is
|
261
|
+
# set to `FTPS`.
|
264
262
|
#
|
265
263
|
# To request a new public certificate, see [Request a public
|
266
|
-
# certificate][1] in the <i>
|
264
|
+
# certificate][1] in the <i> Amazon Web Services Certificate Manager
|
265
|
+
# User Guide</i>.
|
267
266
|
#
|
268
267
|
# To import an existing certificate into ACM, see [Importing
|
269
|
-
# certificates into ACM][2] in the <i>
|
270
|
-
# Guide</i>.
|
268
|
+
# certificates into ACM][2] in the <i> Amazon Web Services Certificate
|
269
|
+
# Manager User Guide</i>.
|
271
270
|
#
|
272
271
|
# To request a private certificate to use FTPS through private IP
|
273
|
-
# addresses, see [Request a private certificate][3] in the <i>
|
274
|
-
# Certificate Manager User Guide</i>.
|
272
|
+
# addresses, see [Request a private certificate][3] in the <i> Amazon
|
273
|
+
# Web Services Certificate Manager User Guide</i>.
|
275
274
|
#
|
276
275
|
# Certificates with the following cryptographic algorithms and key
|
277
276
|
# sizes are supported:
|
@@ -326,12 +325,12 @@ module Aws::Transfer
|
|
326
325
|
# within your VPC or choose to make it internet facing by attaching
|
327
326
|
# Elastic IP addresses directly to it.
|
328
327
|
#
|
329
|
-
# <note markdown="1"> After
|
330
|
-
# `EndpointType=VPC_ENDPOINT` in your
|
331
|
-
# hasn't already done so before
|
332
|
-
# created servers with `EndpointType=VPC_ENDPOINT` in
|
333
|
-
# on or before
|
334
|
-
# date, use `EndpointType`=`VPC`.
|
328
|
+
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
329
|
+
# `EndpointType=VPC_ENDPOINT` in your Amazon Web Services account if
|
330
|
+
# your account hasn't already done so before May 19, 2021. If you
|
331
|
+
# have already created servers with `EndpointType=VPC_ENDPOINT` in
|
332
|
+
# your Amazon Web Services account on or before May 19, 2021, you will
|
333
|
+
# not be affected. After this date, use `EndpointType`=`VPC`.
|
335
334
|
#
|
336
335
|
# For more information, see
|
337
336
|
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
@@ -355,7 +354,7 @@ module Aws::Transfer
|
|
355
354
|
# Accidentally changing a server's host key can be disruptive.
|
356
355
|
#
|
357
356
|
# For more information, see [Change the host key for your SFTP-enabled
|
358
|
-
# server][1] in the *
|
357
|
+
# server][1] in the *Amazon Web Services Transfer Family User Guide*.
|
359
358
|
#
|
360
359
|
#
|
361
360
|
#
|
@@ -374,21 +373,27 @@ module Aws::Transfer
|
|
374
373
|
# @!attribute [rw] identity_provider_type
|
375
374
|
# Specifies the mode of authentication for a server. The default value
|
376
375
|
# is `SERVICE_MANAGED`, which allows you to store and access user
|
377
|
-
# credentials within the
|
378
|
-
#
|
379
|
-
#
|
380
|
-
#
|
381
|
-
#
|
382
|
-
#
|
383
|
-
#
|
384
|
-
#
|
385
|
-
#
|
376
|
+
# credentials within the Amazon Web Services Transfer Family service.
|
377
|
+
#
|
378
|
+
# Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
|
379
|
+
# groups in Amazon Web Services Managed Active Directory or Microsoft
|
380
|
+
# Active Directory in your on-premises environment or in Amazon Web
|
381
|
+
# Services using AD Connectors. This option also requires you to
|
382
|
+
# provide a Directory ID using the `IdentityProviderDetails`
|
383
|
+
# parameter.
|
384
|
+
#
|
385
|
+
# Use the `API_GATEWAY` value to integrate with an identity provider
|
386
|
+
# of your choosing. The `API_GATEWAY` setting requires you to provide
|
387
|
+
# an API Gateway endpoint URL to call for authentication using the
|
386
388
|
# `IdentityProviderDetails` parameter.
|
387
389
|
# @return [String]
|
388
390
|
#
|
389
391
|
# @!attribute [rw] logging_role
|
390
|
-
#
|
391
|
-
#
|
392
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
393
|
+
# Identity and Access Management (IAM) role that allows a server to
|
394
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
395
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
396
|
+
# logs.
|
392
397
|
# @return [String]
|
393
398
|
#
|
394
399
|
# @!attribute [rw] protocols
|
@@ -404,9 +409,9 @@ module Aws::Transfer
|
|
404
409
|
#
|
405
410
|
# * `FTP` (File Transfer Protocol): Unencrypted file transfer
|
406
411
|
#
|
407
|
-
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in
|
408
|
-
# Certificate Manager (ACM) which
|
409
|
-
# when clients connect to it over FTPS.
|
412
|
+
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
|
413
|
+
# Web Services Certificate Manager (ACM) which is used to identify
|
414
|
+
# your server when clients connect to it over FTPS.
|
410
415
|
#
|
411
416
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
412
417
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
@@ -501,21 +506,23 @@ module Aws::Transfer
|
|
501
506
|
# @!attribute [rw] home_directory_type
|
502
507
|
# The type of landing directory (folder) you want your users' home
|
503
508
|
# directory to be when they log into the server. If you set it to
|
504
|
-
# `PATH`, the user will see the absolute Amazon S3 bucket
|
505
|
-
# in their file transfer protocol clients. If you set it
|
506
|
-
# you will need to provide mappings in the
|
507
|
-
# how you want to make Amazon S3
|
509
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
510
|
+
# as is in their file transfer protocol clients. If you set it
|
511
|
+
# `LOGICAL`, you will need to provide mappings in the
|
512
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
513
|
+
# paths visible to your users.
|
508
514
|
# @return [String]
|
509
515
|
#
|
510
516
|
# @!attribute [rw] home_directory_mappings
|
511
|
-
# Logical directory mappings that specify what Amazon S3 or EFS
|
512
|
-
# and keys should be visible to your user and how you want to
|
513
|
-
# them visible. You
|
514
|
-
#
|
515
|
-
#
|
516
|
-
# it
|
517
|
-
#
|
518
|
-
#
|
517
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
518
|
+
# paths and keys should be visible to your user and how you want to
|
519
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
520
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
521
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
522
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
523
|
+
# Services Identity and Access Management (IAM) role provides access
|
524
|
+
# to paths in `Target`. This value can only be set when
|
525
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
519
526
|
#
|
520
527
|
# The following is an `Entry` and `Target` pair example.
|
521
528
|
#
|
@@ -529,13 +536,13 @@ module Aws::Transfer
|
|
529
536
|
#
|
530
537
|
# The following is an `Entry` and `Target` pair example for `chroot`.
|
531
538
|
#
|
532
|
-
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
539
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
533
540
|
#
|
534
541
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
535
|
-
# S3 or EFS, the entry
|
536
|
-
#
|
537
|
-
#
|
538
|
-
#
|
542
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
543
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
544
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
545
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
539
546
|
# operation. For example, you use the following: `aws s3api put-object
|
540
547
|
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
541
548
|
# of the key name ends in a `/` for it to be considered a folder.
|
@@ -544,8 +551,8 @@ module Aws::Transfer
|
|
544
551
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
545
552
|
#
|
546
553
|
# @!attribute [rw] policy
|
547
|
-
# A scope-down policy for your user so you can use the same IAM
|
548
|
-
# across multiple users. This policy scopes down user access to
|
554
|
+
# A scope-down policy for your user so that you can use the same IAM
|
555
|
+
# role across multiple users. This policy scopes down user access to
|
549
556
|
# portions of their Amazon S3 bucket. Variables that you can use
|
550
557
|
# inside this policy include `$\{Transfer:UserName\}`,
|
551
558
|
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
@@ -553,16 +560,16 @@ module Aws::Transfer
|
|
553
560
|
# <note markdown="1"> This only applies when domain of ServerId is S3. EFS does not use
|
554
561
|
# scope down policy.
|
555
562
|
#
|
556
|
-
# For scope-down policies,
|
557
|
-
# JSON blob, instead of the Amazon Resource Name (ARN)
|
558
|
-
# You save the policy as a JSON blob and pass it in the
|
559
|
-
# argument.
|
563
|
+
# For scope-down policies, Amazon Web Services Transfer Family stores
|
564
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
565
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
566
|
+
# `Policy` argument.
|
560
567
|
#
|
561
568
|
# For an example of a scope-down policy, see [Example scope-down
|
562
569
|
# policy][1].
|
563
570
|
#
|
564
|
-
# For more information, see [AssumeRole][2] in the *
|
565
|
-
# Service API Reference*.
|
571
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
572
|
+
# Services Security Token Service API Reference*.
|
566
573
|
#
|
567
574
|
# </note>
|
568
575
|
#
|
@@ -582,13 +589,14 @@ module Aws::Transfer
|
|
582
589
|
# @return [Types::PosixProfile]
|
583
590
|
#
|
584
591
|
# @!attribute [rw] role
|
585
|
-
# Specifies the
|
586
|
-
# Amazon S3 bucket or EFS file
|
587
|
-
#
|
588
|
-
#
|
589
|
-
# or EFS file system. The IAM
|
590
|
-
# relationship that allows the server
|
591
|
-
# servicing your users' transfer
|
592
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
593
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
594
|
+
# system. The policies attached to this role determine the level of
|
595
|
+
# access that you want to provide your users when transferring files
|
596
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
597
|
+
# role should also contain a trust relationship that allows the server
|
598
|
+
# to access your resources when servicing your users' transfer
|
599
|
+
# requests.
|
592
600
|
# @return [String]
|
593
601
|
#
|
594
602
|
# @!attribute [rw] server_id
|
@@ -667,12 +675,12 @@ module Aws::Transfer
|
|
667
675
|
# A unique identifier that is required to identify specific groups
|
668
676
|
# within your directory. The users of the group that you associate
|
669
677
|
# have access to your Amazon S3 or Amazon EFS resources over the
|
670
|
-
# enabled protocols using
|
671
|
-
# name, you can view the SID values by running the
|
672
|
-
# using Windows PowerShell.
|
678
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
679
|
+
# know the group name, you can view the SID values by running the
|
680
|
+
# following command using Windows PowerShell.
|
673
681
|
#
|
674
682
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
675
|
-
# -Properties * | Select
|
683
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
676
684
|
#
|
677
685
|
# In that command, replace *YourGroupName* with the name of your
|
678
686
|
# Active Directory group.
|
@@ -786,14 +794,14 @@ module Aws::Transfer
|
|
786
794
|
#
|
787
795
|
# @!attribute [rw] external_id
|
788
796
|
# A unique identifier that is required to identify specific groups
|
789
|
-
# within your directory. The users of the group you associate
|
790
|
-
# access to your Amazon S3 or Amazon EFS resources over the
|
791
|
-
# protocols using
|
792
|
-
# can view the SID values by running the
|
793
|
-
# Windows PowerShell.
|
797
|
+
# within your directory. The users of the group that you associate
|
798
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
799
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
800
|
+
# know the group name, you can view the SID values by running the
|
801
|
+
# following command using Windows PowerShell.
|
794
802
|
#
|
795
803
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
796
|
-
# -Properties * | Select
|
804
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
797
805
|
#
|
798
806
|
# In that command, replace *YourGroupName* with the name of your
|
799
807
|
# Active Directory group.
|
@@ -910,8 +918,8 @@ module Aws::Transfer
|
|
910
918
|
#
|
911
919
|
# @!attribute [rw] user_name
|
912
920
|
# The name of the user assigned to one or more servers. User names are
|
913
|
-
# part of the sign-in credentials to use the
|
914
|
-
# service and perform file transfer tasks.
|
921
|
+
# part of the sign-in credentials to use the Amazon Web Services
|
922
|
+
# Transfer Family service and perform file transfer tasks.
|
915
923
|
# @return [String]
|
916
924
|
#
|
917
925
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeUserRequest AWS API Documentation
|
@@ -945,20 +953,22 @@ module Aws::Transfer
|
|
945
953
|
# Describes the properties of the access that was specified.
|
946
954
|
#
|
947
955
|
# @!attribute [rw] home_directory
|
948
|
-
#
|
949
|
-
#
|
950
|
-
#
|
956
|
+
# The landing directory (folder) for a user when they log in to the
|
957
|
+
# server using the client.
|
958
|
+
#
|
959
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
951
960
|
# @return [String]
|
952
961
|
#
|
953
962
|
# @!attribute [rw] home_directory_mappings
|
954
|
-
#
|
955
|
-
#
|
956
|
-
#
|
957
|
-
#
|
958
|
-
#
|
959
|
-
#
|
960
|
-
#
|
961
|
-
#
|
963
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
964
|
+
# paths and keys should be visible to your user and how you want to
|
965
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
966
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
967
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
968
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
969
|
+
# Services Identity and Access Management (IAM) role provides access
|
970
|
+
# to paths in `Target`. This value can only be set when
|
971
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
962
972
|
#
|
963
973
|
# In most cases, you can use this value instead of the scope-down
|
964
974
|
# policy to lock down the associated access to the designated home
|
@@ -967,21 +977,21 @@ module Aws::Transfer
|
|
967
977
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
968
978
|
#
|
969
979
|
# @!attribute [rw] home_directory_type
|
970
|
-
# The type of landing directory (folder)
|
971
|
-
#
|
972
|
-
#
|
973
|
-
# is in their file transfer protocol clients. If you set it
|
974
|
-
# `LOGICAL`, you
|
975
|
-
# for how you want to make Amazon S3
|
980
|
+
# The type of landing directory (folder) you want your users' home
|
981
|
+
# directory to be when they log into the server. If you set it to
|
982
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
983
|
+
# as is in their file transfer protocol clients. If you set it
|
984
|
+
# `LOGICAL`, you will need to provide mappings in the
|
985
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
986
|
+
# paths visible to your users.
|
976
987
|
# @return [String]
|
977
988
|
#
|
978
989
|
# @!attribute [rw] policy
|
979
|
-
# A scope-down policy for your user so that you can use the same
|
980
|
-
#
|
981
|
-
#
|
982
|
-
#
|
983
|
-
# `$\{Transfer:
|
984
|
-
# `$\{Transfer:HomeBucket\}`.
|
990
|
+
# A scope-down policy for your user so that you can use the same IAM
|
991
|
+
# role across multiple users. This policy scopes down user access to
|
992
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
993
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
994
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
985
995
|
# @return [String]
|
986
996
|
#
|
987
997
|
# @!attribute [rw] posix_profile
|
@@ -994,27 +1004,29 @@ module Aws::Transfer
|
|
994
1004
|
# @return [Types::PosixProfile]
|
995
1005
|
#
|
996
1006
|
# @!attribute [rw] role
|
997
|
-
#
|
998
|
-
#
|
999
|
-
#
|
1000
|
-
#
|
1001
|
-
# Amazon S3 bucket or
|
1002
|
-
# trust relationship that allows
|
1003
|
-
#
|
1007
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
1008
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
1009
|
+
# system. The policies attached to this role determine the level of
|
1010
|
+
# access that you want to provide your users when transferring files
|
1011
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
1012
|
+
# role should also contain a trust relationship that allows the server
|
1013
|
+
# to access your resources when servicing your users' transfer
|
1014
|
+
# requests.
|
1004
1015
|
# @return [String]
|
1005
1016
|
#
|
1006
1017
|
# @!attribute [rw] external_id
|
1007
|
-
# A unique identifier that
|
1008
|
-
#
|
1009
|
-
#
|
1010
|
-
#
|
1011
|
-
# the
|
1012
|
-
#
|
1013
|
-
#
|
1014
|
-
#
|
1015
|
-
#
|
1016
|
-
#
|
1017
|
-
#
|
1018
|
+
# A unique identifier that is required to identify specific groups
|
1019
|
+
# within your directory. The users of the group that you associate
|
1020
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
1021
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
1022
|
+
# know the group name, you can view the SID values by running the
|
1023
|
+
# following command using Windows PowerShell.
|
1024
|
+
#
|
1025
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
1026
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
1027
|
+
#
|
1028
|
+
# In that command, replace *YourGroupName* with the name of your
|
1029
|
+
# Active Directory group.
|
1018
1030
|
#
|
1019
1031
|
# The regex used to validate this parameter is a string of characters
|
1020
1032
|
# consisting of uppercase and lowercase alphanumeric characters with
|
@@ -1097,18 +1109,30 @@ module Aws::Transfer
|
|
1097
1109
|
# @return [String]
|
1098
1110
|
#
|
1099
1111
|
# @!attribute [rw] certificate
|
1100
|
-
# Specifies the ARN of the
|
1101
|
-
# Required when `Protocols` is set to `FTPS`.
|
1112
|
+
# Specifies the ARN of the Amazon Web ServicesCertificate Manager
|
1113
|
+
# (ACM) certificate. Required when `Protocols` is set to `FTPS`.
|
1102
1114
|
# @return [String]
|
1103
1115
|
#
|
1116
|
+
# @!attribute [rw] protocol_details
|
1117
|
+
# The protocol settings that are configured for your server.
|
1118
|
+
#
|
1119
|
+
# Use the `PassiveIp` parameter to indicate passive mode. Enter a
|
1120
|
+
# single dotted-quad IPv4 address, such as the external IP address of
|
1121
|
+
# a firewall, router, or load balancer.
|
1122
|
+
# @return [Types::ProtocolDetails]
|
1123
|
+
#
|
1104
1124
|
# @!attribute [rw] domain
|
1105
1125
|
# Specifies the domain of the storage system that is used for file
|
1106
1126
|
# transfers.
|
1107
1127
|
# @return [String]
|
1108
1128
|
#
|
1109
1129
|
# @!attribute [rw] endpoint_details
|
1110
|
-
#
|
1111
|
-
# configured for your server.
|
1130
|
+
# The virtual private cloud (VPC) endpoint settings that are
|
1131
|
+
# configured for your server. When you host your endpoint within your
|
1132
|
+
# VPC, you can make it accessible only to resources within your VPC,
|
1133
|
+
# or you can attach Elastic IP addresses and make it accessible to
|
1134
|
+
# clients over the internet. Your VPC's default security groups are
|
1135
|
+
# automatically assigned to your endpoint.
|
1112
1136
|
# @return [Types::EndpointDetails]
|
1113
1137
|
#
|
1114
1138
|
# @!attribute [rw] endpoint_type
|
@@ -1130,22 +1154,29 @@ module Aws::Transfer
|
|
1130
1154
|
# @return [Types::IdentityProviderDetails]
|
1131
1155
|
#
|
1132
1156
|
# @!attribute [rw] identity_provider_type
|
1133
|
-
# Specifies the mode of authentication
|
1134
|
-
#
|
1135
|
-
#
|
1136
|
-
#
|
1137
|
-
#
|
1138
|
-
#
|
1139
|
-
#
|
1140
|
-
#
|
1141
|
-
#
|
1157
|
+
# Specifies the mode of authentication for a server. The default value
|
1158
|
+
# is `SERVICE_MANAGED`, which allows you to store and access user
|
1159
|
+
# credentials within the Amazon Web Services Transfer Family service.
|
1160
|
+
#
|
1161
|
+
# Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
|
1162
|
+
# groups in Amazon Web Services Managed Active Directory or Microsoft
|
1163
|
+
# Active Directory in your on-premises environment or in Amazon Web
|
1164
|
+
# Services using AD Connectors. This option also requires you to
|
1165
|
+
# provide a Directory ID using the `IdentityProviderDetails`
|
1166
|
+
# parameter.
|
1167
|
+
#
|
1168
|
+
# Use the `API_GATEWAY` value to integrate with an identity provider
|
1169
|
+
# of your choosing. The `API_GATEWAY` setting requires you to provide
|
1170
|
+
# an API Gateway endpoint URL to call for authentication using the
|
1171
|
+
# `IdentityProviderDetails` parameter.
|
1142
1172
|
# @return [String]
|
1143
1173
|
#
|
1144
1174
|
# @!attribute [rw] logging_role
|
1145
|
-
# Specifies the
|
1146
|
-
#
|
1147
|
-
#
|
1148
|
-
# CloudWatch
|
1175
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
1176
|
+
# Identity and Access Management (IAM) role that allows a server to
|
1177
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
1178
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
1179
|
+
# logs.
|
1149
1180
|
# @return [String]
|
1150
1181
|
#
|
1151
1182
|
# @!attribute [rw] protocols
|
@@ -1199,6 +1230,7 @@ module Aws::Transfer
|
|
1199
1230
|
class DescribedServer < Struct.new(
|
1200
1231
|
:arn,
|
1201
1232
|
:certificate,
|
1233
|
+
:protocol_details,
|
1202
1234
|
:domain,
|
1203
1235
|
:endpoint_details,
|
1204
1236
|
:endpoint_type,
|
@@ -1224,21 +1256,22 @@ module Aws::Transfer
|
|
1224
1256
|
# @return [String]
|
1225
1257
|
#
|
1226
1258
|
# @!attribute [rw] home_directory
|
1227
|
-
#
|
1228
|
-
#
|
1229
|
-
#
|
1230
|
-
#
|
1259
|
+
# The landing directory (folder) for a user when they log in to the
|
1260
|
+
# server using the client.
|
1261
|
+
#
|
1262
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
1231
1263
|
# @return [String]
|
1232
1264
|
#
|
1233
1265
|
# @!attribute [rw] home_directory_mappings
|
1234
|
-
#
|
1235
|
-
#
|
1236
|
-
#
|
1237
|
-
#
|
1238
|
-
#
|
1239
|
-
#
|
1240
|
-
#
|
1241
|
-
#
|
1266
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
1267
|
+
# paths and keys should be visible to your user and how you want to
|
1268
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
1269
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
1270
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
1271
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
1272
|
+
# Services Identity and Access Management (IAM) role provides access
|
1273
|
+
# to paths in `Target`. This value can only be set when
|
1274
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
1242
1275
|
#
|
1243
1276
|
# In most cases, you can use this value instead of the scope-down
|
1244
1277
|
# policy to lock your user down to the designated home directory
|
@@ -1247,17 +1280,21 @@ module Aws::Transfer
|
|
1247
1280
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
1248
1281
|
#
|
1249
1282
|
# @!attribute [rw] home_directory_type
|
1250
|
-
#
|
1251
|
-
#
|
1252
|
-
#
|
1253
|
-
#
|
1254
|
-
#
|
1255
|
-
#
|
1256
|
-
#
|
1283
|
+
# The type of landing directory (folder) you want your users' home
|
1284
|
+
# directory to be when they log into the server. If you set it to
|
1285
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
1286
|
+
# as is in their file transfer protocol clients. If you set it
|
1287
|
+
# `LOGICAL`, you will need to provide mappings in the
|
1288
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
1289
|
+
# paths visible to your users.
|
1257
1290
|
# @return [String]
|
1258
1291
|
#
|
1259
1292
|
# @!attribute [rw] policy
|
1260
|
-
#
|
1293
|
+
# A scope-down policy for your user so that you can use the same IAM
|
1294
|
+
# role across multiple users. This policy scopes down user access to
|
1295
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
1296
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
1297
|
+
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
1261
1298
|
# @return [String]
|
1262
1299
|
#
|
1263
1300
|
# @!attribute [rw] posix_profile
|
@@ -1271,12 +1308,14 @@ module Aws::Transfer
|
|
1271
1308
|
# @return [Types::PosixProfile]
|
1272
1309
|
#
|
1273
1310
|
# @!attribute [rw] role
|
1274
|
-
#
|
1275
|
-
#
|
1276
|
-
#
|
1277
|
-
#
|
1278
|
-
#
|
1279
|
-
#
|
1311
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
1312
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
1313
|
+
# system. The policies attached to this role determine the level of
|
1314
|
+
# access that you want to provide your users when transferring files
|
1315
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
1316
|
+
# role should also contain a trust relationship that allows the server
|
1317
|
+
# to access your resources when servicing your users' transfer
|
1318
|
+
# requests.
|
1280
1319
|
# @return [String]
|
1281
1320
|
#
|
1282
1321
|
# @!attribute [rw] ssh_public_keys
|
@@ -1318,12 +1357,12 @@ module Aws::Transfer
|
|
1318
1357
|
# VPC. To control incoming internet traffic, invoke the `UpdateServer`
|
1319
1358
|
# API and attach an Elastic IP address to your server's endpoint.
|
1320
1359
|
#
|
1321
|
-
# <note markdown="1"> After
|
1322
|
-
# `EndpointType=VPC_ENDPOINT` in your
|
1323
|
-
# hasn't already done so before
|
1324
|
-
# created servers with `EndpointType=VPC_ENDPOINT` in your
|
1325
|
-
# on or before
|
1326
|
-
# date, use `EndpointType`=`VPC`.
|
1360
|
+
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
1361
|
+
# `EndpointType=VPC_ENDPOINT` in your Amazon Web Servicesaccount if your
|
1362
|
+
# account hasn't already done so before May 19, 2021. If you have
|
1363
|
+
# already created servers with `EndpointType=VPC_ENDPOINT` in your
|
1364
|
+
# Amazon Web Servicesaccount on or before May 19, 2021, you will not be
|
1365
|
+
# affected. After this date, use `EndpointType`=`VPC`.
|
1327
1366
|
#
|
1328
1367
|
# For more information, see
|
1329
1368
|
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
@@ -1415,6 +1454,21 @@ module Aws::Transfer
|
|
1415
1454
|
# Represents an object that contains entries and targets for
|
1416
1455
|
# `HomeDirectoryMappings`.
|
1417
1456
|
#
|
1457
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
1458
|
+
#
|
1459
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
1460
|
+
#
|
1461
|
+
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon S3
|
1462
|
+
# or EFS, the entry is ignored. As a workaround, you can use the Amazon
|
1463
|
+
# S3 API or EFS API to create 0 byte objects as place holders for your
|
1464
|
+
# directory. If using the CLI, use the `s3api` or `efsapi` call instead
|
1465
|
+
# of `s3` or `efs` so you can use the put-object operation. For example,
|
1466
|
+
# you use the following: `aws s3api put-object --bucket bucketname --key
|
1467
|
+
# path/to/folder/`. Make sure that the end of the key name ends in a `/`
|
1468
|
+
# for it to be considered a folder.
|
1469
|
+
#
|
1470
|
+
# </note>
|
1471
|
+
#
|
1418
1472
|
# @note When making an API call, you may pass HomeDirectoryMapEntry
|
1419
1473
|
# data as a hash:
|
1420
1474
|
#
|
@@ -1424,7 +1478,7 @@ module Aws::Transfer
|
|
1424
1478
|
# }
|
1425
1479
|
#
|
1426
1480
|
# @!attribute [rw] entry
|
1427
|
-
# Represents an entry
|
1481
|
+
# Represents an entry for `HomeDirectoryMappings`.
|
1428
1482
|
# @return [String]
|
1429
1483
|
#
|
1430
1484
|
# @!attribute [rw] target
|
@@ -1464,8 +1518,8 @@ module Aws::Transfer
|
|
1464
1518
|
# @return [String]
|
1465
1519
|
#
|
1466
1520
|
# @!attribute [rw] directory_id
|
1467
|
-
# The identifier of the
|
1468
|
-
# to stop sharing.
|
1521
|
+
# The identifier of the Amazon Web ServicesDirectory Service directory
|
1522
|
+
# that you want to stop sharing.
|
1469
1523
|
# @return [String]
|
1470
1524
|
#
|
1471
1525
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/IdentityProviderDetails AWS API Documentation
|
@@ -1536,8 +1590,8 @@ module Aws::Transfer
|
|
1536
1590
|
include Aws::Structure
|
1537
1591
|
end
|
1538
1592
|
|
1539
|
-
# This exception is thrown when an error occurs in the
|
1540
|
-
# Family service.
|
1593
|
+
# This exception is thrown when an error occurs in the Amazon Web
|
1594
|
+
# ServicesTransfer Family service.
|
1541
1595
|
#
|
1542
1596
|
# @!attribute [rw] message
|
1543
1597
|
# @return [String]
|
@@ -1747,8 +1801,8 @@ module Aws::Transfer
|
|
1747
1801
|
#
|
1748
1802
|
# @!attribute [rw] arn
|
1749
1803
|
# Requests the tags associated with a particular Amazon Resource Name
|
1750
|
-
# (ARN). An ARN is an identifier for a specific
|
1751
|
-
# a server, user, or role.
|
1804
|
+
# (ARN). An ARN is an identifier for a specific Amazon Web Services
|
1805
|
+
# resource, such as a server, user, or role.
|
1752
1806
|
# @return [String]
|
1753
1807
|
#
|
1754
1808
|
# @!attribute [rw] max_results
|
@@ -1866,43 +1920,46 @@ module Aws::Transfer
|
|
1866
1920
|
# Lists the properties for one or more specified associated accesses.
|
1867
1921
|
#
|
1868
1922
|
# @!attribute [rw] home_directory
|
1869
|
-
#
|
1870
|
-
#
|
1871
|
-
#
|
1923
|
+
# The landing directory (folder) for a user when they log in to the
|
1924
|
+
# server using the client.
|
1925
|
+
#
|
1926
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
1872
1927
|
# @return [String]
|
1873
1928
|
#
|
1874
1929
|
# @!attribute [rw] home_directory_type
|
1875
|
-
# The type of landing directory (folder)
|
1876
|
-
#
|
1877
|
-
#
|
1878
|
-
# is in their file transfer protocol clients. If you set it
|
1879
|
-
# `LOGICAL`, you
|
1880
|
-
# for how you want to make Amazon S3
|
1930
|
+
# The type of landing directory (folder) you want your users' home
|
1931
|
+
# directory to be when they log into the server. If you set it to
|
1932
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
1933
|
+
# as is in their file transfer protocol clients. If you set it
|
1934
|
+
# `LOGICAL`, you will need to provide mappings in the
|
1935
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
1936
|
+
# paths visible to your users.
|
1881
1937
|
# @return [String]
|
1882
1938
|
#
|
1883
1939
|
# @!attribute [rw] role
|
1884
|
-
#
|
1885
|
-
# access to your Amazon S3 bucket
|
1886
|
-
#
|
1887
|
-
#
|
1888
|
-
#
|
1889
|
-
#
|
1890
|
-
#
|
1891
|
-
#
|
1940
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
1941
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
1942
|
+
# system. The policies attached to this role determine the level of
|
1943
|
+
# access that you want to provide your users when transferring files
|
1944
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
1945
|
+
# role should also contain a trust relationship that allows the server
|
1946
|
+
# to access your resources when servicing your users' transfer
|
1947
|
+
# requests.
|
1892
1948
|
# @return [String]
|
1893
1949
|
#
|
1894
1950
|
# @!attribute [rw] external_id
|
1895
|
-
# A unique identifier that
|
1896
|
-
#
|
1897
|
-
#
|
1898
|
-
#
|
1899
|
-
# the
|
1900
|
-
#
|
1901
|
-
#
|
1902
|
-
#
|
1903
|
-
#
|
1904
|
-
#
|
1905
|
-
#
|
1951
|
+
# A unique identifier that is required to identify specific groups
|
1952
|
+
# within your directory. The users of the group that you associate
|
1953
|
+
# have access to your Amazon S3 or Amazon EFS resources over the
|
1954
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
1955
|
+
# know the group name, you can view the SID values by running the
|
1956
|
+
# following command using Windows PowerShell.
|
1957
|
+
#
|
1958
|
+
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
1959
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
1960
|
+
#
|
1961
|
+
# In that command, replace *YourGroupName* with the name of your
|
1962
|
+
# Active Directory group.
|
1906
1963
|
#
|
1907
1964
|
# The regex used to validate this parameter is a string of characters
|
1908
1965
|
# consisting of uppercase and lowercase alphanumeric characters with
|
@@ -1935,10 +1992,21 @@ module Aws::Transfer
|
|
1935
1992
|
# @return [String]
|
1936
1993
|
#
|
1937
1994
|
# @!attribute [rw] identity_provider_type
|
1938
|
-
# Specifies the
|
1939
|
-
#
|
1940
|
-
#
|
1941
|
-
#
|
1995
|
+
# Specifies the mode of authentication for a server. The default value
|
1996
|
+
# is `SERVICE_MANAGED`, which allows you to store and access user
|
1997
|
+
# credentials within the Amazon Web Services Transfer Family service.
|
1998
|
+
#
|
1999
|
+
# Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
|
2000
|
+
# groups in Amazon Web Services Managed Active Directory or Microsoft
|
2001
|
+
# Active Directory in your on-premises environment or in Amazon Web
|
2002
|
+
# Services using AD Connectors. This option also requires you to
|
2003
|
+
# provide a Directory ID using the `IdentityProviderDetails`
|
2004
|
+
# parameter.
|
2005
|
+
#
|
2006
|
+
# Use the `API_GATEWAY` value to integrate with an identity provider
|
2007
|
+
# of your choosing. The `API_GATEWAY` setting requires you to provide
|
2008
|
+
# an API Gateway endpoint URL to call for authentication using the
|
2009
|
+
# `IdentityProviderDetails` parameter.
|
1942
2010
|
# @return [String]
|
1943
2011
|
#
|
1944
2012
|
# @!attribute [rw] endpoint_type
|
@@ -1948,8 +2016,11 @@ module Aws::Transfer
|
|
1948
2016
|
# @return [String]
|
1949
2017
|
#
|
1950
2018
|
# @!attribute [rw] logging_role
|
1951
|
-
# Specifies the
|
1952
|
-
#
|
2019
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
2020
|
+
# Identity and Access Management (IAM) role that allows a server to
|
2021
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
2022
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
2023
|
+
# logs.
|
1953
2024
|
# @return [String]
|
1954
2025
|
#
|
1955
2026
|
# @!attribute [rw] server_id
|
@@ -1997,26 +2068,31 @@ module Aws::Transfer
|
|
1997
2068
|
# @return [String]
|
1998
2069
|
#
|
1999
2070
|
# @!attribute [rw] home_directory
|
2000
|
-
#
|
2001
|
-
#
|
2071
|
+
# The landing directory (folder) for a user when they log in to the
|
2072
|
+
# server using the client.
|
2073
|
+
#
|
2074
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
2002
2075
|
# @return [String]
|
2003
2076
|
#
|
2004
2077
|
# @!attribute [rw] home_directory_type
|
2005
|
-
#
|
2006
|
-
#
|
2007
|
-
# the absolute Amazon S3 bucket
|
2008
|
-
# protocol clients. If you set it
|
2009
|
-
#
|
2010
|
-
#
|
2078
|
+
# The type of landing directory (folder) you want your users' home
|
2079
|
+
# directory to be when they log into the server. If you set it to
|
2080
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
2081
|
+
# as is in their file transfer protocol clients. If you set it
|
2082
|
+
# `LOGICAL`, you will need to provide mappings in the
|
2083
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
2084
|
+
# paths visible to your users.
|
2011
2085
|
# @return [String]
|
2012
2086
|
#
|
2013
2087
|
# @!attribute [rw] role
|
2014
|
-
# Specifies the
|
2015
|
-
#
|
2016
|
-
#
|
2017
|
-
#
|
2018
|
-
#
|
2019
|
-
#
|
2088
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
2089
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
2090
|
+
# system. The policies attached to this role determine the level of
|
2091
|
+
# access that you want to provide your users when transferring files
|
2092
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
2093
|
+
# role should also contain a trust relationship that allows the server
|
2094
|
+
# to access your resources when servicing your users' transfer
|
2095
|
+
# requests.
|
2020
2096
|
#
|
2021
2097
|
# <note markdown="1"> The IAM role that controls your users' access to your Amazon S3
|
2022
2098
|
# bucket for servers with `Domain=S3`, or your EFS file system for
|
@@ -2091,6 +2167,38 @@ module Aws::Transfer
|
|
2091
2167
|
include Aws::Structure
|
2092
2168
|
end
|
2093
2169
|
|
2170
|
+
# The protocol settings that are configured for your server.
|
2171
|
+
#
|
2172
|
+
# <note markdown="1"> This type is only valid in the `UpdateServer` API.
|
2173
|
+
#
|
2174
|
+
# </note>
|
2175
|
+
#
|
2176
|
+
# @note When making an API call, you may pass ProtocolDetails
|
2177
|
+
# data as a hash:
|
2178
|
+
#
|
2179
|
+
# {
|
2180
|
+
# passive_ip: "PassiveIp",
|
2181
|
+
# }
|
2182
|
+
#
|
2183
|
+
# @!attribute [rw] passive_ip
|
2184
|
+
# Indicates passive mode, for FTP and FTPS protocols. Enter a single
|
2185
|
+
# dotted-quad IPv4 address, such as the external IP address of a
|
2186
|
+
# firewall, router, or load balancer. For example:
|
2187
|
+
#
|
2188
|
+
# ` aws transfer update-server --protocol-details PassiveIp=0.0.0.0 `
|
2189
|
+
#
|
2190
|
+
# Replace ` 0.0.0.0 ` in the example above with the actual IP address
|
2191
|
+
# you want to use.
|
2192
|
+
# @return [String]
|
2193
|
+
#
|
2194
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ProtocolDetails AWS API Documentation
|
2195
|
+
#
|
2196
|
+
class ProtocolDetails < Struct.new(
|
2197
|
+
:passive_ip)
|
2198
|
+
SENSITIVE = []
|
2199
|
+
include Aws::Structure
|
2200
|
+
end
|
2201
|
+
|
2094
2202
|
# The requested resource does not exist.
|
2095
2203
|
#
|
2096
2204
|
# @!attribute [rw] message
|
@@ -2112,8 +2220,8 @@ module Aws::Transfer
|
|
2112
2220
|
include Aws::Structure
|
2113
2221
|
end
|
2114
2222
|
|
2115
|
-
# This exception is thrown when a resource is not found by the
|
2116
|
-
#
|
2223
|
+
# This exception is thrown when a resource is not found by the Amazon
|
2224
|
+
# Web ServicesTransfer Family service.
|
2117
2225
|
#
|
2118
2226
|
# @!attribute [rw] message
|
2119
2227
|
# @return [String]
|
@@ -2134,8 +2242,8 @@ module Aws::Transfer
|
|
2134
2242
|
include Aws::Structure
|
2135
2243
|
end
|
2136
2244
|
|
2137
|
-
# The request has failed because the
|
2138
|
-
# available.
|
2245
|
+
# The request has failed because the Amazon Web ServicesTransfer Family
|
2246
|
+
# service is not available.
|
2139
2247
|
#
|
2140
2248
|
# @!attribute [rw] message
|
2141
2249
|
# @return [String]
|
@@ -2265,8 +2373,8 @@ module Aws::Transfer
|
|
2265
2373
|
# }
|
2266
2374
|
#
|
2267
2375
|
# @!attribute [rw] arn
|
2268
|
-
# An Amazon Resource Name (ARN) for a specific
|
2269
|
-
# server, user, or role.
|
2376
|
+
# An Amazon Resource Name (ARN) for a specific Amazon Web Services
|
2377
|
+
# resource, such as a server, user, or role.
|
2270
2378
|
# @return [String]
|
2271
2379
|
#
|
2272
2380
|
# @!attribute [rw] tags
|
@@ -2388,8 +2496,8 @@ module Aws::Transfer
|
|
2388
2496
|
#
|
2389
2497
|
# @!attribute [rw] arn
|
2390
2498
|
# The value of the resource that will have the tag removed. An Amazon
|
2391
|
-
# Resource Name (ARN) is an identifier for a specific
|
2392
|
-
# such as a server, user, or role.
|
2499
|
+
# Resource Name (ARN) is an identifier for a specific Amazon Web
|
2500
|
+
# Services resource, such as a server, user, or role.
|
2393
2501
|
# @return [String]
|
2394
2502
|
#
|
2395
2503
|
# @!attribute [rw] tag_keys
|
@@ -2434,16 +2542,17 @@ module Aws::Transfer
|
|
2434
2542
|
# The landing directory (folder) for a user when they log in to the
|
2435
2543
|
# server using the client.
|
2436
2544
|
#
|
2437
|
-
# A `HomeDirectory` example is `/
|
2545
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
2438
2546
|
# @return [String]
|
2439
2547
|
#
|
2440
2548
|
# @!attribute [rw] home_directory_type
|
2441
|
-
# The type of landing directory (folder)
|
2442
|
-
#
|
2443
|
-
#
|
2444
|
-
# is in their file transfer protocol clients. If you set it
|
2445
|
-
# you
|
2446
|
-
# want to make Amazon S3
|
2549
|
+
# The type of landing directory (folder) you want your users' home
|
2550
|
+
# directory to be when they log into the server. If you set it to
|
2551
|
+
# `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
|
2552
|
+
# as is in their file transfer protocol clients. If you set it
|
2553
|
+
# `LOGICAL`, you will need to provide mappings in the
|
2554
|
+
# `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
|
2555
|
+
# paths visible to your users.
|
2447
2556
|
# @return [String]
|
2448
2557
|
#
|
2449
2558
|
# @!attribute [rw] home_directory_mappings
|
@@ -2452,10 +2561,10 @@ module Aws::Transfer
|
|
2452
2561
|
# make them visible. You must specify the `Entry` and `Target` pair,
|
2453
2562
|
# where `Entry` shows how the path is made visible and `Target` is the
|
2454
2563
|
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
2455
|
-
# it
|
2456
|
-
# Identity and Access Management (IAM) role provides access
|
2457
|
-
# in `Target`. This value can only be set when
|
2458
|
-
# set to *LOGICAL*.
|
2564
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
2565
|
+
# Services Identity and Access Management (IAM) role provides access
|
2566
|
+
# to paths in `Target`. This value can only be set when
|
2567
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
2459
2568
|
#
|
2460
2569
|
# The following is an `Entry` and `Target` pair example.
|
2461
2570
|
#
|
@@ -2469,23 +2578,18 @@ module Aws::Transfer
|
|
2469
2578
|
#
|
2470
2579
|
# The following is an `Entry` and `Target` pair example for `chroot`.
|
2471
2580
|
#
|
2472
|
-
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
2581
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
2473
2582
|
#
|
2474
2583
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
2475
|
-
# S3 or
|
2476
|
-
#
|
2477
|
-
#
|
2478
|
-
#
|
2479
|
-
#
|
2480
|
-
#
|
2481
|
-
#
|
2482
|
-
#
|
2483
|
-
# The end of the key name must end in a `/` for it to be considered a
|
2484
|
-
# folder.
|
2584
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
2585
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
2586
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
2587
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
2588
|
+
# operation. For example, you use the following: `aws s3api put-object
|
2589
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
2590
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
2485
2591
|
#
|
2486
2592
|
# </note>
|
2487
|
-
#
|
2488
|
-
# Required: No
|
2489
2593
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
2490
2594
|
#
|
2491
2595
|
# @!attribute [rw] policy
|
@@ -2498,16 +2602,16 @@ module Aws::Transfer
|
|
2498
2602
|
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
2499
2603
|
# not use scope down policy.
|
2500
2604
|
#
|
2501
|
-
# For scope-down policies,
|
2502
|
-
# JSON blob, instead of the Amazon Resource Name (ARN)
|
2503
|
-
# You save the policy as a JSON blob and pass it in the
|
2504
|
-
# argument.
|
2605
|
+
# For scope-down policies, Amazon Web ServicesTransfer Family stores
|
2606
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
2607
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
2608
|
+
# `Policy` argument.
|
2505
2609
|
#
|
2506
2610
|
# For an example of a scope-down policy, see [Example scope-down
|
2507
2611
|
# policy][1].
|
2508
2612
|
#
|
2509
|
-
# For more information, see [AssumeRole][2] in the *
|
2510
|
-
# Service API Reference*.
|
2613
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
2614
|
+
# ServicesSecurity Token Service API Reference*.
|
2511
2615
|
#
|
2512
2616
|
# </note>
|
2513
2617
|
#
|
@@ -2527,13 +2631,14 @@ module Aws::Transfer
|
|
2527
2631
|
# @return [Types::PosixProfile]
|
2528
2632
|
#
|
2529
2633
|
# @!attribute [rw] role
|
2530
|
-
# Specifies the
|
2531
|
-
# Amazon S3 bucket or EFS file
|
2532
|
-
#
|
2533
|
-
#
|
2534
|
-
# or EFS file system. The IAM
|
2535
|
-
# relationship that allows the server
|
2536
|
-
# servicing your users' transfer
|
2634
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
2635
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
2636
|
+
# system. The policies attached to this role determine the level of
|
2637
|
+
# access that you want to provide your users when transferring files
|
2638
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
2639
|
+
# role should also contain a trust relationship that allows the server
|
2640
|
+
# to access your resources when servicing your users' transfer
|
2641
|
+
# requests.
|
2537
2642
|
# @return [String]
|
2538
2643
|
#
|
2539
2644
|
# @!attribute [rw] server_id
|
@@ -2545,12 +2650,12 @@ module Aws::Transfer
|
|
2545
2650
|
# A unique identifier that is required to identify specific groups
|
2546
2651
|
# within your directory. The users of the group that you associate
|
2547
2652
|
# have access to your Amazon S3 or Amazon EFS resources over the
|
2548
|
-
# enabled protocols using
|
2549
|
-
# name, you can view the SID values by running the
|
2550
|
-
# using Windows PowerShell.
|
2653
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
2654
|
+
# know the group name, you can view the SID values by running the
|
2655
|
+
# following command using Windows PowerShell.
|
2551
2656
|
#
|
2552
2657
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
2553
|
-
# -Properties * | Select
|
2658
|
+
# -Properties * | Select SamAccountName,ObjectSid`
|
2554
2659
|
#
|
2555
2660
|
# In that command, replace *YourGroupName* with the name of your
|
2556
2661
|
# Active Directory group.
|
@@ -2582,8 +2687,8 @@ module Aws::Transfer
|
|
2582
2687
|
#
|
2583
2688
|
# @!attribute [rw] external_id
|
2584
2689
|
# The external ID of the group whose users have access to your Amazon
|
2585
|
-
# S3 or Amazon EFS resources over the enabled protocols using
|
2586
|
-
#
|
2690
|
+
# S3 or Amazon EFS resources over the enabled protocols using Amazon
|
2691
|
+
# Web ServicesTransfer Family.
|
2587
2692
|
# @return [String]
|
2588
2693
|
#
|
2589
2694
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessResponse AWS API Documentation
|
@@ -2600,6 +2705,9 @@ module Aws::Transfer
|
|
2600
2705
|
#
|
2601
2706
|
# {
|
2602
2707
|
# certificate: "Certificate",
|
2708
|
+
# protocol_details: {
|
2709
|
+
# passive_ip: "PassiveIp",
|
2710
|
+
# },
|
2603
2711
|
# endpoint_details: {
|
2604
2712
|
# address_allocation_ids: ["AddressAllocationId"],
|
2605
2713
|
# subnet_ids: ["SubnetId"],
|
@@ -2621,19 +2729,21 @@ module Aws::Transfer
|
|
2621
2729
|
# }
|
2622
2730
|
#
|
2623
2731
|
# @!attribute [rw] certificate
|
2624
|
-
# The Amazon Resource Name (ARN) of the
|
2625
|
-
# certificate. Required when `Protocols` is set to
|
2732
|
+
# The Amazon Resource Name (ARN) of the Amazon Web ServicesCertificate
|
2733
|
+
# Manager (ACM) certificate. Required when `Protocols` is set to
|
2734
|
+
# `FTPS`.
|
2626
2735
|
#
|
2627
2736
|
# To request a new public certificate, see [Request a public
|
2628
|
-
# certificate][1] in the <i>
|
2737
|
+
# certificate][1] in the <i> Amazon Web ServicesCertificate Manager
|
2738
|
+
# User Guide</i>.
|
2629
2739
|
#
|
2630
2740
|
# To import an existing certificate into ACM, see [Importing
|
2631
|
-
# certificates into ACM][2] in the <i>
|
2632
|
-
# Guide</i>.
|
2741
|
+
# certificates into ACM][2] in the <i> Amazon Web ServicesCertificate
|
2742
|
+
# Manager User Guide</i>.
|
2633
2743
|
#
|
2634
2744
|
# To request a private certificate to use FTPS through private IP
|
2635
|
-
# addresses, see [Request a private certificate][3] in the <i>
|
2636
|
-
#
|
2745
|
+
# addresses, see [Request a private certificate][3] in the <i> Amazon
|
2746
|
+
# Web ServicesCertificate Manager User Guide</i>.
|
2637
2747
|
#
|
2638
2748
|
# Certificates with the following cryptographic algorithms and key
|
2639
2749
|
# sizes are supported:
|
@@ -2660,12 +2770,21 @@ module Aws::Transfer
|
|
2660
2770
|
# [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
|
2661
2771
|
# @return [String]
|
2662
2772
|
#
|
2773
|
+
# @!attribute [rw] protocol_details
|
2774
|
+
# The protocol settings that are configured for your server.
|
2775
|
+
#
|
2776
|
+
# Use the `PassiveIp` parameter to indicate passive mode (for FTP and
|
2777
|
+
# FTPS protocols). Enter a single dotted-quad IPv4 address, such as
|
2778
|
+
# the external IP address of a firewall, router, or load balancer.
|
2779
|
+
# @return [Types::ProtocolDetails]
|
2780
|
+
#
|
2663
2781
|
# @!attribute [rw] endpoint_details
|
2664
2782
|
# The virtual private cloud (VPC) endpoint settings that are
|
2665
|
-
# configured for your server.
|
2666
|
-
#
|
2667
|
-
#
|
2668
|
-
#
|
2783
|
+
# configured for your server. When you host your endpoint within your
|
2784
|
+
# VPC, you can make it accessible only to resources within your VPC,
|
2785
|
+
# or you can attach Elastic IP addresses and make it accessible to
|
2786
|
+
# clients over the internet. Your VPC's default security groups are
|
2787
|
+
# automatically assigned to your endpoint.
|
2669
2788
|
# @return [Types::EndpointDetails]
|
2670
2789
|
#
|
2671
2790
|
# @!attribute [rw] endpoint_type
|
@@ -2676,12 +2795,12 @@ module Aws::Transfer
|
|
2676
2795
|
# within your VPC or choose to make it internet facing by attaching
|
2677
2796
|
# Elastic IP addresses directly to it.
|
2678
2797
|
#
|
2679
|
-
# <note markdown="1"> After
|
2680
|
-
# `EndpointType=VPC_ENDPOINT` in your
|
2681
|
-
# hasn't already done so before
|
2682
|
-
# created servers with `EndpointType=VPC_ENDPOINT` in
|
2683
|
-
# on or before
|
2684
|
-
# date, use `EndpointType`=`VPC`.
|
2798
|
+
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
2799
|
+
# `EndpointType=VPC_ENDPOINT` in your Amazon Web Servicesaccount if
|
2800
|
+
# your account hasn't already done so before May 19, 2021. If you
|
2801
|
+
# have already created servers with `EndpointType=VPC_ENDPOINT` in
|
2802
|
+
# your Amazon Web Servicesaccount on or before May 19, 2021, you will
|
2803
|
+
# not be affected. After this date, use `EndpointType`=`VPC`.
|
2685
2804
|
#
|
2686
2805
|
# For more information, see
|
2687
2806
|
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
@@ -2705,7 +2824,7 @@ module Aws::Transfer
|
|
2705
2824
|
# changing a server's host key can be disruptive.
|
2706
2825
|
#
|
2707
2826
|
# For more information, see [Change the host key for your SFTP-enabled
|
2708
|
-
# server][1] in the *
|
2827
|
+
# server][1] in the *Amazon Web ServicesTransfer Family User Guide*.
|
2709
2828
|
#
|
2710
2829
|
#
|
2711
2830
|
#
|
@@ -2718,9 +2837,11 @@ module Aws::Transfer
|
|
2718
2837
|
# @return [Types::IdentityProviderDetails]
|
2719
2838
|
#
|
2720
2839
|
# @!attribute [rw] logging_role
|
2721
|
-
#
|
2722
|
-
#
|
2723
|
-
# CloudWatch
|
2840
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
2841
|
+
# Identity and Access Management (IAM) role that allows a server to
|
2842
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
2843
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
2844
|
+
# logs.
|
2724
2845
|
# @return [String]
|
2725
2846
|
#
|
2726
2847
|
# @!attribute [rw] protocols
|
@@ -2736,9 +2857,9 @@ module Aws::Transfer
|
|
2736
2857
|
#
|
2737
2858
|
# * File Transfer Protocol (FTP): Unencrypted file transfer
|
2738
2859
|
#
|
2739
|
-
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in
|
2740
|
-
#
|
2741
|
-
# when clients connect to it over FTPS.
|
2860
|
+
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
|
2861
|
+
# Web ServicesCertificate Manager (ACM) which will be used to identify
|
2862
|
+
# your server when clients connect to it over FTPS.
|
2742
2863
|
#
|
2743
2864
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
2744
2865
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
@@ -2768,6 +2889,7 @@ module Aws::Transfer
|
|
2768
2889
|
#
|
2769
2890
|
class UpdateServerRequest < Struct.new(
|
2770
2891
|
:certificate,
|
2892
|
+
:protocol_details,
|
2771
2893
|
:endpoint_details,
|
2772
2894
|
:endpoint_type,
|
2773
2895
|
:host_key,
|
@@ -2817,10 +2939,10 @@ module Aws::Transfer
|
|
2817
2939
|
# }
|
2818
2940
|
#
|
2819
2941
|
# @!attribute [rw] home_directory
|
2820
|
-
#
|
2821
|
-
#
|
2942
|
+
# The landing directory (folder) for a user when they log in to the
|
2943
|
+
# server using the client.
|
2822
2944
|
#
|
2823
|
-
#
|
2945
|
+
# A `HomeDirectory` example is `/bucket_name/home/mydirectory`.
|
2824
2946
|
# @return [String]
|
2825
2947
|
#
|
2826
2948
|
# @!attribute [rw] home_directory_type
|
@@ -2836,51 +2958,60 @@ module Aws::Transfer
|
|
2836
2958
|
# @!attribute [rw] home_directory_mappings
|
2837
2959
|
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
2838
2960
|
# paths and keys should be visible to your user and how you want to
|
2839
|
-
# make them visible. You
|
2840
|
-
#
|
2841
|
-
#
|
2842
|
-
#
|
2843
|
-
#
|
2844
|
-
#
|
2961
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
2962
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
2963
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
2964
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
2965
|
+
# Services Identity and Access Management (IAM) role provides access
|
2966
|
+
# to paths in `Target`. This value can only be set when
|
2967
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
2845
2968
|
#
|
2846
|
-
# `
|
2847
|
-
#
|
2848
|
-
# "
|
2969
|
+
# The following is an `Entry` and `Target` pair example.
|
2970
|
+
#
|
2971
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
2972
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
2849
2973
|
#
|
2850
2974
|
# In most cases, you can use this value instead of the scope-down
|
2851
2975
|
# policy to lock down your user to the designated home directory
|
2852
2976
|
# ("`chroot`"). To do this, you can set `Entry` to '/' and set
|
2853
2977
|
# `Target` to the HomeDirectory parameter value.
|
2854
2978
|
#
|
2979
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
2980
|
+
#
|
2981
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
2982
|
+
#
|
2855
2983
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
2856
|
-
# S3 or EFS, the entry
|
2857
|
-
#
|
2858
|
-
#
|
2859
|
-
#
|
2984
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
2985
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
2986
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
2987
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
2860
2988
|
# operation. For example, you use the following: `aws s3api put-object
|
2861
2989
|
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
2862
|
-
# of the key name ends in a
|
2990
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
2863
2991
|
#
|
2864
2992
|
# </note>
|
2865
2993
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
2866
2994
|
#
|
2867
2995
|
# @!attribute [rw] policy
|
2868
|
-
#
|
2869
|
-
#
|
2870
|
-
#
|
2871
|
-
#
|
2996
|
+
# A scope-down policy for your user so that you can use the same IAM
|
2997
|
+
# role across multiple users. This policy scopes down user access to
|
2998
|
+
# portions of their Amazon S3 bucket. Variables that you can use
|
2999
|
+
# inside this policy include `$\{Transfer:UserName\}`,
|
2872
3000
|
# `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
|
2873
3001
|
#
|
2874
|
-
# <note markdown="1">
|
2875
|
-
#
|
2876
|
-
#
|
2877
|
-
#
|
3002
|
+
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
3003
|
+
# not use scope-down policies.
|
3004
|
+
#
|
3005
|
+
# For scope-down policies, Amazon Web ServicesTransfer Family stores
|
3006
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
3007
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
3008
|
+
# `Policy` argument.
|
2878
3009
|
#
|
2879
3010
|
# For an example of a scope-down policy, see [Creating a scope-down
|
2880
3011
|
# policy][1].
|
2881
3012
|
#
|
2882
|
-
# For more information, see [AssumeRole][2] in the *
|
2883
|
-
# Service API Reference*.
|
3013
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
3014
|
+
# Services Security Token Service API Reference*.
|
2884
3015
|
#
|
2885
3016
|
# </note>
|
2886
3017
|
#
|
@@ -2901,12 +3032,14 @@ module Aws::Transfer
|
|
2901
3032
|
# @return [Types::PosixProfile]
|
2902
3033
|
#
|
2903
3034
|
# @!attribute [rw] role
|
2904
|
-
#
|
2905
|
-
#
|
2906
|
-
#
|
2907
|
-
#
|
2908
|
-
#
|
2909
|
-
#
|
3035
|
+
# Specifies the Amazon Resource Name (ARN) of the IAM role that
|
3036
|
+
# controls your users' access to your Amazon S3 bucket or EFS file
|
3037
|
+
# system. The policies attached to this role determine the level of
|
3038
|
+
# access that you want to provide your users when transferring files
|
3039
|
+
# into and out of your Amazon S3 bucket or EFS file system. The IAM
|
3040
|
+
# role should also contain a trust relationship that allows the server
|
3041
|
+
# to access your resources when servicing your users' transfer
|
3042
|
+
# requests.
|
2910
3043
|
# @return [String]
|
2911
3044
|
#
|
2912
3045
|
# @!attribute [rw] server_id
|