aws-sdk-transfer 1.34.0 → 1.38.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-transfer/client.rb +192 -172
- data/lib/aws-sdk-transfer/client_api.rb +7 -0
- data/lib/aws-sdk-transfer/types.rb +323 -214
- data/lib/aws-sdk-transfer.rb +1 -1
- metadata +5 -5
|
@@ -83,10 +83,12 @@ module Aws::Transfer
|
|
|
83
83
|
Message = Shapes::StringShape.new(name: 'Message')
|
|
84
84
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
|
85
85
|
NullableRole = Shapes::StringShape.new(name: 'NullableRole')
|
|
86
|
+
PassiveIp = Shapes::StringShape.new(name: 'PassiveIp')
|
|
86
87
|
Policy = Shapes::StringShape.new(name: 'Policy')
|
|
87
88
|
PosixId = Shapes::IntegerShape.new(name: 'PosixId')
|
|
88
89
|
PosixProfile = Shapes::StructureShape.new(name: 'PosixProfile')
|
|
89
90
|
Protocol = Shapes::StringShape.new(name: 'Protocol')
|
|
91
|
+
ProtocolDetails = Shapes::StructureShape.new(name: 'ProtocolDetails')
|
|
90
92
|
Protocols = Shapes::ListShape.new(name: 'Protocols')
|
|
91
93
|
Resource = Shapes::StringShape.new(name: 'Resource')
|
|
92
94
|
ResourceExistsException = Shapes::StructureShape.new(name: 'ResourceExistsException')
|
|
@@ -257,6 +259,7 @@ module Aws::Transfer
|
|
|
257
259
|
|
|
258
260
|
DescribedServer.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
|
|
259
261
|
DescribedServer.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
|
262
|
+
DescribedServer.add_member(:protocol_details, Shapes::ShapeRef.new(shape: ProtocolDetails, location_name: "ProtocolDetails"))
|
|
260
263
|
DescribedServer.add_member(:domain, Shapes::ShapeRef.new(shape: Domain, location_name: "Domain"))
|
|
261
264
|
DescribedServer.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
|
262
265
|
DescribedServer.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
|
@@ -402,6 +405,9 @@ module Aws::Transfer
|
|
|
402
405
|
PosixProfile.add_member(:secondary_gids, Shapes::ShapeRef.new(shape: SecondaryGids, location_name: "SecondaryGids"))
|
|
403
406
|
PosixProfile.struct_class = Types::PosixProfile
|
|
404
407
|
|
|
408
|
+
ProtocolDetails.add_member(:passive_ip, Shapes::ShapeRef.new(shape: PassiveIp, location_name: "PassiveIp"))
|
|
409
|
+
ProtocolDetails.struct_class = Types::ProtocolDetails
|
|
410
|
+
|
|
405
411
|
Protocols.member = Shapes::ShapeRef.new(shape: Protocol)
|
|
406
412
|
|
|
407
413
|
ResourceExistsException.add_member(:message, Shapes::ShapeRef.new(shape: Message, required: true, location_name: "Message"))
|
|
@@ -487,6 +493,7 @@ module Aws::Transfer
|
|
|
487
493
|
UpdateAccessResponse.struct_class = Types::UpdateAccessResponse
|
|
488
494
|
|
|
489
495
|
UpdateServerRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: Certificate, location_name: "Certificate"))
|
|
496
|
+
UpdateServerRequest.add_member(:protocol_details, Shapes::ShapeRef.new(shape: ProtocolDetails, location_name: "ProtocolDetails"))
|
|
490
497
|
UpdateServerRequest.add_member(:endpoint_details, Shapes::ShapeRef.new(shape: EndpointDetails, location_name: "EndpointDetails"))
|
|
491
498
|
UpdateServerRequest.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location_name: "EndpointType"))
|
|
492
499
|
UpdateServerRequest.add_member(:host_key, Shapes::ShapeRef.new(shape: HostKey, location_name: "HostKey"))
|
|
@@ -84,10 +84,10 @@ module Aws::Transfer
|
|
|
84
84
|
# make them visible. You must specify the `Entry` and `Target` pair,
|
|
85
85
|
# where `Entry` shows how the path is made visible and `Target` is the
|
|
86
86
|
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
|
87
|
-
# it
|
|
88
|
-
# Identity and Access Management (IAM) role provides access
|
|
89
|
-
# in `Target`. This value can only be set when
|
|
90
|
-
# set to *LOGICAL*.
|
|
87
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
|
88
|
+
# Services Identity and Access Management (IAM) role provides access
|
|
89
|
+
# to paths in `Target`. This value can only be set when
|
|
90
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
|
91
91
|
#
|
|
92
92
|
# The following is an `Entry` and `Target` pair example.
|
|
93
93
|
#
|
|
@@ -101,19 +101,16 @@ module Aws::Transfer
|
|
|
101
101
|
#
|
|
102
102
|
# The following is an `Entry` and `Target` pair example for `chroot`.
|
|
103
103
|
#
|
|
104
|
-
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
|
104
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
|
105
105
|
#
|
|
106
106
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
|
107
|
-
# S3 or
|
|
108
|
-
#
|
|
109
|
-
#
|
|
110
|
-
#
|
|
111
|
-
#
|
|
112
|
-
#
|
|
113
|
-
#
|
|
114
|
-
#
|
|
115
|
-
# The end of the key name must end in a `/` for it to be considered a
|
|
116
|
-
# folder.
|
|
107
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
|
108
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
|
109
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
|
110
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
|
111
|
+
# operation. For example, you use the following: `aws s3api put-object
|
|
112
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
|
113
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
|
117
114
|
#
|
|
118
115
|
# </note>
|
|
119
116
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
|
@@ -128,16 +125,16 @@ module Aws::Transfer
|
|
|
128
125
|
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
|
129
126
|
# not use scope-down policies.
|
|
130
127
|
#
|
|
131
|
-
# For scope-down policies,
|
|
132
|
-
# JSON blob, instead of the Amazon Resource Name (ARN)
|
|
133
|
-
# You save the policy as a JSON blob and pass it in the
|
|
134
|
-
# argument.
|
|
128
|
+
# For scope-down policies, Amazon Web Services Transfer Family stores
|
|
129
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
|
130
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
|
131
|
+
# `Policy` argument.
|
|
135
132
|
#
|
|
136
133
|
# For an example of a scope-down policy, see [Example scope-down
|
|
137
134
|
# policy][1].
|
|
138
135
|
#
|
|
139
|
-
# For more information, see [AssumeRole][2] in the *
|
|
140
|
-
# Service API Reference*.
|
|
136
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
|
137
|
+
# Services Security Token Service API Reference*.
|
|
141
138
|
#
|
|
142
139
|
# </note>
|
|
143
140
|
#
|
|
@@ -176,9 +173,9 @@ module Aws::Transfer
|
|
|
176
173
|
# A unique identifier that is required to identify specific groups
|
|
177
174
|
# within your directory. The users of the group that you associate
|
|
178
175
|
# have access to your Amazon S3 or Amazon EFS resources over the
|
|
179
|
-
# enabled protocols using
|
|
180
|
-
# name, you can view the SID values by running the
|
|
181
|
-
# using Windows PowerShell.
|
|
176
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
|
177
|
+
# know the group name, you can view the SID values by running the
|
|
178
|
+
# following command using Windows PowerShell.
|
|
182
179
|
#
|
|
183
180
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
|
184
181
|
# -Properties * | Select SamAccountName,ObjectSid`
|
|
@@ -213,8 +210,8 @@ module Aws::Transfer
|
|
|
213
210
|
#
|
|
214
211
|
# @!attribute [rw] external_id
|
|
215
212
|
# The external ID of the group whose users have access to your Amazon
|
|
216
|
-
# S3 or Amazon EFS resources over the enabled protocols using
|
|
217
|
-
# Transfer Family.
|
|
213
|
+
# S3 or Amazon EFS resources over the enabled protocols using Amazon
|
|
214
|
+
# Web Services Transfer Family.
|
|
218
215
|
# @return [String]
|
|
219
216
|
#
|
|
220
217
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessResponse AWS API Documentation
|
|
@@ -259,19 +256,21 @@ module Aws::Transfer
|
|
|
259
256
|
# }
|
|
260
257
|
#
|
|
261
258
|
# @!attribute [rw] certificate
|
|
262
|
-
# The Amazon Resource Name (ARN) of the
|
|
263
|
-
# certificate. Required when `Protocols` is
|
|
259
|
+
# The Amazon Resource Name (ARN) of the Amazon Web Services
|
|
260
|
+
# Certificate Manager (ACM) certificate. Required when `Protocols` is
|
|
261
|
+
# set to `FTPS`.
|
|
264
262
|
#
|
|
265
263
|
# To request a new public certificate, see [Request a public
|
|
266
|
-
# certificate][1] in the <i>
|
|
264
|
+
# certificate][1] in the <i> Amazon Web Services Certificate Manager
|
|
265
|
+
# User Guide</i>.
|
|
267
266
|
#
|
|
268
267
|
# To import an existing certificate into ACM, see [Importing
|
|
269
|
-
# certificates into ACM][2] in the <i>
|
|
270
|
-
# Guide</i>.
|
|
268
|
+
# certificates into ACM][2] in the <i> Amazon Web Services Certificate
|
|
269
|
+
# Manager User Guide</i>.
|
|
271
270
|
#
|
|
272
271
|
# To request a private certificate to use FTPS through private IP
|
|
273
|
-
# addresses, see [Request a private certificate][3] in the <i>
|
|
274
|
-
# Certificate Manager User Guide</i>.
|
|
272
|
+
# addresses, see [Request a private certificate][3] in the <i> Amazon
|
|
273
|
+
# Web Services Certificate Manager User Guide</i>.
|
|
275
274
|
#
|
|
276
275
|
# Certificates with the following cryptographic algorithms and key
|
|
277
276
|
# sizes are supported:
|
|
@@ -327,11 +326,11 @@ module Aws::Transfer
|
|
|
327
326
|
# Elastic IP addresses directly to it.
|
|
328
327
|
#
|
|
329
328
|
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
|
330
|
-
# `EndpointType=VPC_ENDPOINT` in your
|
|
331
|
-
# hasn't already done so before May 19, 2021. If you
|
|
332
|
-
# created servers with `EndpointType=VPC_ENDPOINT` in
|
|
333
|
-
# on or before May 19, 2021, you will
|
|
334
|
-
# date, use `EndpointType`=`VPC`.
|
|
329
|
+
# `EndpointType=VPC_ENDPOINT` in your Amazon Web Services account if
|
|
330
|
+
# your account hasn't already done so before May 19, 2021. If you
|
|
331
|
+
# have already created servers with `EndpointType=VPC_ENDPOINT` in
|
|
332
|
+
# your Amazon Web Services account on or before May 19, 2021, you will
|
|
333
|
+
# not be affected. After this date, use `EndpointType`=`VPC`.
|
|
335
334
|
#
|
|
336
335
|
# For more information, see
|
|
337
336
|
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
|
@@ -355,7 +354,7 @@ module Aws::Transfer
|
|
|
355
354
|
# Accidentally changing a server's host key can be disruptive.
|
|
356
355
|
#
|
|
357
356
|
# For more information, see [Change the host key for your SFTP-enabled
|
|
358
|
-
# server][1] in the *
|
|
357
|
+
# server][1] in the *Amazon Web Services Transfer Family User Guide*.
|
|
359
358
|
#
|
|
360
359
|
#
|
|
361
360
|
#
|
|
@@ -374,21 +373,27 @@ module Aws::Transfer
|
|
|
374
373
|
# @!attribute [rw] identity_provider_type
|
|
375
374
|
# Specifies the mode of authentication for a server. The default value
|
|
376
375
|
# is `SERVICE_MANAGED`, which allows you to store and access user
|
|
377
|
-
# credentials within the
|
|
378
|
-
#
|
|
379
|
-
#
|
|
380
|
-
#
|
|
381
|
-
#
|
|
382
|
-
#
|
|
383
|
-
#
|
|
384
|
-
#
|
|
385
|
-
#
|
|
376
|
+
# credentials within the Amazon Web Services Transfer Family service.
|
|
377
|
+
#
|
|
378
|
+
# Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
|
|
379
|
+
# groups in Amazon Web Services Managed Active Directory or Microsoft
|
|
380
|
+
# Active Directory in your on-premises environment or in Amazon Web
|
|
381
|
+
# Services using AD Connectors. This option also requires you to
|
|
382
|
+
# provide a Directory ID using the `IdentityProviderDetails`
|
|
383
|
+
# parameter.
|
|
384
|
+
#
|
|
385
|
+
# Use the `API_GATEWAY` value to integrate with an identity provider
|
|
386
|
+
# of your choosing. The `API_GATEWAY` setting requires you to provide
|
|
387
|
+
# an API Gateway endpoint URL to call for authentication using the
|
|
386
388
|
# `IdentityProviderDetails` parameter.
|
|
387
389
|
# @return [String]
|
|
388
390
|
#
|
|
389
391
|
# @!attribute [rw] logging_role
|
|
390
|
-
#
|
|
391
|
-
#
|
|
392
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
|
393
|
+
# Identity and Access Management (IAM) role that allows a server to
|
|
394
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
|
395
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
|
396
|
+
# logs.
|
|
392
397
|
# @return [String]
|
|
393
398
|
#
|
|
394
399
|
# @!attribute [rw] protocols
|
|
@@ -404,9 +409,9 @@ module Aws::Transfer
|
|
|
404
409
|
#
|
|
405
410
|
# * `FTP` (File Transfer Protocol): Unencrypted file transfer
|
|
406
411
|
#
|
|
407
|
-
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in
|
|
408
|
-
# Certificate Manager (ACM) which
|
|
409
|
-
# when clients connect to it over FTPS.
|
|
412
|
+
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
|
|
413
|
+
# Web Services Certificate Manager (ACM) which is used to identify
|
|
414
|
+
# your server when clients connect to it over FTPS.
|
|
410
415
|
#
|
|
411
416
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
|
412
417
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
|
@@ -509,14 +514,15 @@ module Aws::Transfer
|
|
|
509
514
|
# @return [String]
|
|
510
515
|
#
|
|
511
516
|
# @!attribute [rw] home_directory_mappings
|
|
512
|
-
# Logical directory mappings that specify what Amazon S3 or EFS
|
|
513
|
-
# and keys should be visible to your user and how you want to
|
|
514
|
-
# them visible. You
|
|
515
|
-
#
|
|
516
|
-
#
|
|
517
|
-
# it
|
|
518
|
-
#
|
|
519
|
-
#
|
|
517
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
|
518
|
+
# paths and keys should be visible to your user and how you want to
|
|
519
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
|
520
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
|
521
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
|
522
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
|
523
|
+
# Services Identity and Access Management (IAM) role provides access
|
|
524
|
+
# to paths in `Target`. This value can only be set when
|
|
525
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
|
520
526
|
#
|
|
521
527
|
# The following is an `Entry` and `Target` pair example.
|
|
522
528
|
#
|
|
@@ -530,13 +536,13 @@ module Aws::Transfer
|
|
|
530
536
|
#
|
|
531
537
|
# The following is an `Entry` and `Target` pair example for `chroot`.
|
|
532
538
|
#
|
|
533
|
-
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
|
539
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
|
534
540
|
#
|
|
535
541
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
|
536
|
-
# S3 or EFS, the entry
|
|
537
|
-
#
|
|
538
|
-
#
|
|
539
|
-
#
|
|
542
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
|
543
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
|
544
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
|
545
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
|
540
546
|
# operation. For example, you use the following: `aws s3api put-object
|
|
541
547
|
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
|
542
548
|
# of the key name ends in a `/` for it to be considered a folder.
|
|
@@ -554,16 +560,16 @@ module Aws::Transfer
|
|
|
554
560
|
# <note markdown="1"> This only applies when domain of ServerId is S3. EFS does not use
|
|
555
561
|
# scope down policy.
|
|
556
562
|
#
|
|
557
|
-
# For scope-down policies,
|
|
558
|
-
# JSON blob, instead of the Amazon Resource Name (ARN)
|
|
559
|
-
# You save the policy as a JSON blob and pass it in the
|
|
560
|
-
# argument.
|
|
563
|
+
# For scope-down policies, Amazon Web Services Transfer Family stores
|
|
564
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
|
565
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
|
566
|
+
# `Policy` argument.
|
|
561
567
|
#
|
|
562
568
|
# For an example of a scope-down policy, see [Example scope-down
|
|
563
569
|
# policy][1].
|
|
564
570
|
#
|
|
565
|
-
# For more information, see [AssumeRole][2] in the *
|
|
566
|
-
# Service API Reference*.
|
|
571
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
|
572
|
+
# Services Security Token Service API Reference*.
|
|
567
573
|
#
|
|
568
574
|
# </note>
|
|
569
575
|
#
|
|
@@ -669,9 +675,9 @@ module Aws::Transfer
|
|
|
669
675
|
# A unique identifier that is required to identify specific groups
|
|
670
676
|
# within your directory. The users of the group that you associate
|
|
671
677
|
# have access to your Amazon S3 or Amazon EFS resources over the
|
|
672
|
-
# enabled protocols using
|
|
673
|
-
# name, you can view the SID values by running the
|
|
674
|
-
# using Windows PowerShell.
|
|
678
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
|
679
|
+
# know the group name, you can view the SID values by running the
|
|
680
|
+
# following command using Windows PowerShell.
|
|
675
681
|
#
|
|
676
682
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
|
677
683
|
# -Properties * | Select SamAccountName,ObjectSid`
|
|
@@ -790,9 +796,9 @@ module Aws::Transfer
|
|
|
790
796
|
# A unique identifier that is required to identify specific groups
|
|
791
797
|
# within your directory. The users of the group that you associate
|
|
792
798
|
# have access to your Amazon S3 or Amazon EFS resources over the
|
|
793
|
-
# enabled protocols using
|
|
794
|
-
# name, you can view the SID values by running the
|
|
795
|
-
# using Windows PowerShell.
|
|
799
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
|
800
|
+
# know the group name, you can view the SID values by running the
|
|
801
|
+
# following command using Windows PowerShell.
|
|
796
802
|
#
|
|
797
803
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
|
798
804
|
# -Properties * | Select SamAccountName,ObjectSid`
|
|
@@ -912,8 +918,8 @@ module Aws::Transfer
|
|
|
912
918
|
#
|
|
913
919
|
# @!attribute [rw] user_name
|
|
914
920
|
# The name of the user assigned to one or more servers. User names are
|
|
915
|
-
# part of the sign-in credentials to use the
|
|
916
|
-
# service and perform file transfer tasks.
|
|
921
|
+
# part of the sign-in credentials to use the Amazon Web Services
|
|
922
|
+
# Transfer Family service and perform file transfer tasks.
|
|
917
923
|
# @return [String]
|
|
918
924
|
#
|
|
919
925
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeUserRequest AWS API Documentation
|
|
@@ -954,14 +960,15 @@ module Aws::Transfer
|
|
|
954
960
|
# @return [String]
|
|
955
961
|
#
|
|
956
962
|
# @!attribute [rw] home_directory_mappings
|
|
957
|
-
#
|
|
958
|
-
#
|
|
959
|
-
#
|
|
960
|
-
#
|
|
961
|
-
#
|
|
962
|
-
#
|
|
963
|
-
#
|
|
964
|
-
#
|
|
963
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
|
964
|
+
# paths and keys should be visible to your user and how you want to
|
|
965
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
|
966
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
|
967
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
|
968
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
|
969
|
+
# Services Identity and Access Management (IAM) role provides access
|
|
970
|
+
# to paths in `Target`. This value can only be set when
|
|
971
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
|
965
972
|
#
|
|
966
973
|
# In most cases, you can use this value instead of the scope-down
|
|
967
974
|
# policy to lock down the associated access to the designated home
|
|
@@ -1011,9 +1018,9 @@ module Aws::Transfer
|
|
|
1011
1018
|
# A unique identifier that is required to identify specific groups
|
|
1012
1019
|
# within your directory. The users of the group that you associate
|
|
1013
1020
|
# have access to your Amazon S3 or Amazon EFS resources over the
|
|
1014
|
-
# enabled protocols using
|
|
1015
|
-
# name, you can view the SID values by running the
|
|
1016
|
-
# using Windows PowerShell.
|
|
1021
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
|
1022
|
+
# know the group name, you can view the SID values by running the
|
|
1023
|
+
# following command using Windows PowerShell.
|
|
1017
1024
|
#
|
|
1018
1025
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
|
1019
1026
|
# -Properties * | Select SamAccountName,ObjectSid`
|
|
@@ -1102,18 +1109,30 @@ module Aws::Transfer
|
|
|
1102
1109
|
# @return [String]
|
|
1103
1110
|
#
|
|
1104
1111
|
# @!attribute [rw] certificate
|
|
1105
|
-
# Specifies the ARN of the
|
|
1106
|
-
# Required when `Protocols` is set to `FTPS`.
|
|
1112
|
+
# Specifies the ARN of the Amazon Web ServicesCertificate Manager
|
|
1113
|
+
# (ACM) certificate. Required when `Protocols` is set to `FTPS`.
|
|
1107
1114
|
# @return [String]
|
|
1108
1115
|
#
|
|
1116
|
+
# @!attribute [rw] protocol_details
|
|
1117
|
+
# The protocol settings that are configured for your server.
|
|
1118
|
+
#
|
|
1119
|
+
# Use the `PassiveIp` parameter to indicate passive mode. Enter a
|
|
1120
|
+
# single dotted-quad IPv4 address, such as the external IP address of
|
|
1121
|
+
# a firewall, router, or load balancer.
|
|
1122
|
+
# @return [Types::ProtocolDetails]
|
|
1123
|
+
#
|
|
1109
1124
|
# @!attribute [rw] domain
|
|
1110
1125
|
# Specifies the domain of the storage system that is used for file
|
|
1111
1126
|
# transfers.
|
|
1112
1127
|
# @return [String]
|
|
1113
1128
|
#
|
|
1114
1129
|
# @!attribute [rw] endpoint_details
|
|
1115
|
-
#
|
|
1116
|
-
# configured for your server.
|
|
1130
|
+
# The virtual private cloud (VPC) endpoint settings that are
|
|
1131
|
+
# configured for your server. When you host your endpoint within your
|
|
1132
|
+
# VPC, you can make it accessible only to resources within your VPC,
|
|
1133
|
+
# or you can attach Elastic IP addresses and make it accessible to
|
|
1134
|
+
# clients over the internet. Your VPC's default security groups are
|
|
1135
|
+
# automatically assigned to your endpoint.
|
|
1117
1136
|
# @return [Types::EndpointDetails]
|
|
1118
1137
|
#
|
|
1119
1138
|
# @!attribute [rw] endpoint_type
|
|
@@ -1135,22 +1154,29 @@ module Aws::Transfer
|
|
|
1135
1154
|
# @return [Types::IdentityProviderDetails]
|
|
1136
1155
|
#
|
|
1137
1156
|
# @!attribute [rw] identity_provider_type
|
|
1138
|
-
# Specifies the mode of authentication
|
|
1139
|
-
#
|
|
1140
|
-
#
|
|
1141
|
-
#
|
|
1142
|
-
#
|
|
1143
|
-
#
|
|
1144
|
-
#
|
|
1145
|
-
#
|
|
1146
|
-
#
|
|
1157
|
+
# Specifies the mode of authentication for a server. The default value
|
|
1158
|
+
# is `SERVICE_MANAGED`, which allows you to store and access user
|
|
1159
|
+
# credentials within the Amazon Web Services Transfer Family service.
|
|
1160
|
+
#
|
|
1161
|
+
# Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
|
|
1162
|
+
# groups in Amazon Web Services Managed Active Directory or Microsoft
|
|
1163
|
+
# Active Directory in your on-premises environment or in Amazon Web
|
|
1164
|
+
# Services using AD Connectors. This option also requires you to
|
|
1165
|
+
# provide a Directory ID using the `IdentityProviderDetails`
|
|
1166
|
+
# parameter.
|
|
1167
|
+
#
|
|
1168
|
+
# Use the `API_GATEWAY` value to integrate with an identity provider
|
|
1169
|
+
# of your choosing. The `API_GATEWAY` setting requires you to provide
|
|
1170
|
+
# an API Gateway endpoint URL to call for authentication using the
|
|
1171
|
+
# `IdentityProviderDetails` parameter.
|
|
1147
1172
|
# @return [String]
|
|
1148
1173
|
#
|
|
1149
1174
|
# @!attribute [rw] logging_role
|
|
1150
|
-
# Specifies the
|
|
1151
|
-
#
|
|
1152
|
-
#
|
|
1153
|
-
# CloudWatch
|
|
1175
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
|
1176
|
+
# Identity and Access Management (IAM) role that allows a server to
|
|
1177
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
|
1178
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
|
1179
|
+
# logs.
|
|
1154
1180
|
# @return [String]
|
|
1155
1181
|
#
|
|
1156
1182
|
# @!attribute [rw] protocols
|
|
@@ -1204,6 +1230,7 @@ module Aws::Transfer
|
|
|
1204
1230
|
class DescribedServer < Struct.new(
|
|
1205
1231
|
:arn,
|
|
1206
1232
|
:certificate,
|
|
1233
|
+
:protocol_details,
|
|
1207
1234
|
:domain,
|
|
1208
1235
|
:endpoint_details,
|
|
1209
1236
|
:endpoint_type,
|
|
@@ -1236,14 +1263,15 @@ module Aws::Transfer
|
|
|
1236
1263
|
# @return [String]
|
|
1237
1264
|
#
|
|
1238
1265
|
# @!attribute [rw] home_directory_mappings
|
|
1239
|
-
#
|
|
1240
|
-
#
|
|
1241
|
-
#
|
|
1242
|
-
#
|
|
1243
|
-
#
|
|
1244
|
-
#
|
|
1245
|
-
#
|
|
1246
|
-
#
|
|
1266
|
+
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
|
1267
|
+
# paths and keys should be visible to your user and how you want to
|
|
1268
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
|
1269
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
|
1270
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
|
1271
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
|
1272
|
+
# Services Identity and Access Management (IAM) role provides access
|
|
1273
|
+
# to paths in `Target`. This value can only be set when
|
|
1274
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
|
1247
1275
|
#
|
|
1248
1276
|
# In most cases, you can use this value instead of the scope-down
|
|
1249
1277
|
# policy to lock your user down to the designated home directory
|
|
@@ -1330,11 +1358,11 @@ module Aws::Transfer
|
|
|
1330
1358
|
# API and attach an Elastic IP address to your server's endpoint.
|
|
1331
1359
|
#
|
|
1332
1360
|
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
|
1333
|
-
# `EndpointType=VPC_ENDPOINT` in your
|
|
1334
|
-
# hasn't already done so before May 19, 2021. If you have
|
|
1335
|
-
# created servers with `EndpointType=VPC_ENDPOINT` in your
|
|
1336
|
-
# on or before May 19, 2021, you will not be
|
|
1337
|
-
# use `EndpointType`=`VPC`.
|
|
1361
|
+
# `EndpointType=VPC_ENDPOINT` in your Amazon Web Servicesaccount if your
|
|
1362
|
+
# account hasn't already done so before May 19, 2021. If you have
|
|
1363
|
+
# already created servers with `EndpointType=VPC_ENDPOINT` in your
|
|
1364
|
+
# Amazon Web Servicesaccount on or before May 19, 2021, you will not be
|
|
1365
|
+
# affected. After this date, use `EndpointType`=`VPC`.
|
|
1338
1366
|
#
|
|
1339
1367
|
# For more information, see
|
|
1340
1368
|
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
|
@@ -1426,6 +1454,21 @@ module Aws::Transfer
|
|
|
1426
1454
|
# Represents an object that contains entries and targets for
|
|
1427
1455
|
# `HomeDirectoryMappings`.
|
|
1428
1456
|
#
|
|
1457
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
|
1458
|
+
#
|
|
1459
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
|
1460
|
+
#
|
|
1461
|
+
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon S3
|
|
1462
|
+
# or EFS, the entry is ignored. As a workaround, you can use the Amazon
|
|
1463
|
+
# S3 API or EFS API to create 0 byte objects as place holders for your
|
|
1464
|
+
# directory. If using the CLI, use the `s3api` or `efsapi` call instead
|
|
1465
|
+
# of `s3` or `efs` so you can use the put-object operation. For example,
|
|
1466
|
+
# you use the following: `aws s3api put-object --bucket bucketname --key
|
|
1467
|
+
# path/to/folder/`. Make sure that the end of the key name ends in a `/`
|
|
1468
|
+
# for it to be considered a folder.
|
|
1469
|
+
#
|
|
1470
|
+
# </note>
|
|
1471
|
+
#
|
|
1429
1472
|
# @note When making an API call, you may pass HomeDirectoryMapEntry
|
|
1430
1473
|
# data as a hash:
|
|
1431
1474
|
#
|
|
@@ -1435,7 +1478,7 @@ module Aws::Transfer
|
|
|
1435
1478
|
# }
|
|
1436
1479
|
#
|
|
1437
1480
|
# @!attribute [rw] entry
|
|
1438
|
-
# Represents an entry
|
|
1481
|
+
# Represents an entry for `HomeDirectoryMappings`.
|
|
1439
1482
|
# @return [String]
|
|
1440
1483
|
#
|
|
1441
1484
|
# @!attribute [rw] target
|
|
@@ -1475,8 +1518,8 @@ module Aws::Transfer
|
|
|
1475
1518
|
# @return [String]
|
|
1476
1519
|
#
|
|
1477
1520
|
# @!attribute [rw] directory_id
|
|
1478
|
-
# The identifier of the
|
|
1479
|
-
# to stop sharing.
|
|
1521
|
+
# The identifier of the Amazon Web ServicesDirectory Service directory
|
|
1522
|
+
# that you want to stop sharing.
|
|
1480
1523
|
# @return [String]
|
|
1481
1524
|
#
|
|
1482
1525
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/IdentityProviderDetails AWS API Documentation
|
|
@@ -1547,8 +1590,8 @@ module Aws::Transfer
|
|
|
1547
1590
|
include Aws::Structure
|
|
1548
1591
|
end
|
|
1549
1592
|
|
|
1550
|
-
# This exception is thrown when an error occurs in the
|
|
1551
|
-
# Family service.
|
|
1593
|
+
# This exception is thrown when an error occurs in the Amazon Web
|
|
1594
|
+
# ServicesTransfer Family service.
|
|
1552
1595
|
#
|
|
1553
1596
|
# @!attribute [rw] message
|
|
1554
1597
|
# @return [String]
|
|
@@ -1758,8 +1801,8 @@ module Aws::Transfer
|
|
|
1758
1801
|
#
|
|
1759
1802
|
# @!attribute [rw] arn
|
|
1760
1803
|
# Requests the tags associated with a particular Amazon Resource Name
|
|
1761
|
-
# (ARN). An ARN is an identifier for a specific
|
|
1762
|
-
# a server, user, or role.
|
|
1804
|
+
# (ARN). An ARN is an identifier for a specific Amazon Web Services
|
|
1805
|
+
# resource, such as a server, user, or role.
|
|
1763
1806
|
# @return [String]
|
|
1764
1807
|
#
|
|
1765
1808
|
# @!attribute [rw] max_results
|
|
@@ -1908,9 +1951,9 @@ module Aws::Transfer
|
|
|
1908
1951
|
# A unique identifier that is required to identify specific groups
|
|
1909
1952
|
# within your directory. The users of the group that you associate
|
|
1910
1953
|
# have access to your Amazon S3 or Amazon EFS resources over the
|
|
1911
|
-
# enabled protocols using
|
|
1912
|
-
# name, you can view the SID values by running the
|
|
1913
|
-
# using Windows PowerShell.
|
|
1954
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
|
1955
|
+
# know the group name, you can view the SID values by running the
|
|
1956
|
+
# following command using Windows PowerShell.
|
|
1914
1957
|
#
|
|
1915
1958
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
|
1916
1959
|
# -Properties * | Select SamAccountName,ObjectSid`
|
|
@@ -1949,10 +1992,21 @@ module Aws::Transfer
|
|
|
1949
1992
|
# @return [String]
|
|
1950
1993
|
#
|
|
1951
1994
|
# @!attribute [rw] identity_provider_type
|
|
1952
|
-
# Specifies the
|
|
1953
|
-
#
|
|
1954
|
-
#
|
|
1955
|
-
#
|
|
1995
|
+
# Specifies the mode of authentication for a server. The default value
|
|
1996
|
+
# is `SERVICE_MANAGED`, which allows you to store and access user
|
|
1997
|
+
# credentials within the Amazon Web Services Transfer Family service.
|
|
1998
|
+
#
|
|
1999
|
+
# Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
|
|
2000
|
+
# groups in Amazon Web Services Managed Active Directory or Microsoft
|
|
2001
|
+
# Active Directory in your on-premises environment or in Amazon Web
|
|
2002
|
+
# Services using AD Connectors. This option also requires you to
|
|
2003
|
+
# provide a Directory ID using the `IdentityProviderDetails`
|
|
2004
|
+
# parameter.
|
|
2005
|
+
#
|
|
2006
|
+
# Use the `API_GATEWAY` value to integrate with an identity provider
|
|
2007
|
+
# of your choosing. The `API_GATEWAY` setting requires you to provide
|
|
2008
|
+
# an API Gateway endpoint URL to call for authentication using the
|
|
2009
|
+
# `IdentityProviderDetails` parameter.
|
|
1956
2010
|
# @return [String]
|
|
1957
2011
|
#
|
|
1958
2012
|
# @!attribute [rw] endpoint_type
|
|
@@ -1962,8 +2016,11 @@ module Aws::Transfer
|
|
|
1962
2016
|
# @return [String]
|
|
1963
2017
|
#
|
|
1964
2018
|
# @!attribute [rw] logging_role
|
|
1965
|
-
# Specifies the
|
|
1966
|
-
#
|
|
2019
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
|
2020
|
+
# Identity and Access Management (IAM) role that allows a server to
|
|
2021
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
|
2022
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
|
2023
|
+
# logs.
|
|
1967
2024
|
# @return [String]
|
|
1968
2025
|
#
|
|
1969
2026
|
# @!attribute [rw] server_id
|
|
@@ -2110,6 +2167,38 @@ module Aws::Transfer
|
|
|
2110
2167
|
include Aws::Structure
|
|
2111
2168
|
end
|
|
2112
2169
|
|
|
2170
|
+
# The protocol settings that are configured for your server.
|
|
2171
|
+
#
|
|
2172
|
+
# <note markdown="1"> This type is only valid in the `UpdateServer` API.
|
|
2173
|
+
#
|
|
2174
|
+
# </note>
|
|
2175
|
+
#
|
|
2176
|
+
# @note When making an API call, you may pass ProtocolDetails
|
|
2177
|
+
# data as a hash:
|
|
2178
|
+
#
|
|
2179
|
+
# {
|
|
2180
|
+
# passive_ip: "PassiveIp",
|
|
2181
|
+
# }
|
|
2182
|
+
#
|
|
2183
|
+
# @!attribute [rw] passive_ip
|
|
2184
|
+
# Indicates passive mode, for FTP and FTPS protocols. Enter a single
|
|
2185
|
+
# dotted-quad IPv4 address, such as the external IP address of a
|
|
2186
|
+
# firewall, router, or load balancer. For example:
|
|
2187
|
+
#
|
|
2188
|
+
# ` aws transfer update-server --protocol-details PassiveIp=0.0.0.0 `
|
|
2189
|
+
#
|
|
2190
|
+
# Replace ` 0.0.0.0 ` in the example above with the actual IP address
|
|
2191
|
+
# you want to use.
|
|
2192
|
+
# @return [String]
|
|
2193
|
+
#
|
|
2194
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ProtocolDetails AWS API Documentation
|
|
2195
|
+
#
|
|
2196
|
+
class ProtocolDetails < Struct.new(
|
|
2197
|
+
:passive_ip)
|
|
2198
|
+
SENSITIVE = []
|
|
2199
|
+
include Aws::Structure
|
|
2200
|
+
end
|
|
2201
|
+
|
|
2113
2202
|
# The requested resource does not exist.
|
|
2114
2203
|
#
|
|
2115
2204
|
# @!attribute [rw] message
|
|
@@ -2131,8 +2220,8 @@ module Aws::Transfer
|
|
|
2131
2220
|
include Aws::Structure
|
|
2132
2221
|
end
|
|
2133
2222
|
|
|
2134
|
-
# This exception is thrown when a resource is not found by the
|
|
2135
|
-
#
|
|
2223
|
+
# This exception is thrown when a resource is not found by the Amazon
|
|
2224
|
+
# Web ServicesTransfer Family service.
|
|
2136
2225
|
#
|
|
2137
2226
|
# @!attribute [rw] message
|
|
2138
2227
|
# @return [String]
|
|
@@ -2153,8 +2242,8 @@ module Aws::Transfer
|
|
|
2153
2242
|
include Aws::Structure
|
|
2154
2243
|
end
|
|
2155
2244
|
|
|
2156
|
-
# The request has failed because the
|
|
2157
|
-
# available.
|
|
2245
|
+
# The request has failed because the Amazon Web ServicesTransfer Family
|
|
2246
|
+
# service is not available.
|
|
2158
2247
|
#
|
|
2159
2248
|
# @!attribute [rw] message
|
|
2160
2249
|
# @return [String]
|
|
@@ -2284,8 +2373,8 @@ module Aws::Transfer
|
|
|
2284
2373
|
# }
|
|
2285
2374
|
#
|
|
2286
2375
|
# @!attribute [rw] arn
|
|
2287
|
-
# An Amazon Resource Name (ARN) for a specific
|
|
2288
|
-
# server, user, or role.
|
|
2376
|
+
# An Amazon Resource Name (ARN) for a specific Amazon Web Services
|
|
2377
|
+
# resource, such as a server, user, or role.
|
|
2289
2378
|
# @return [String]
|
|
2290
2379
|
#
|
|
2291
2380
|
# @!attribute [rw] tags
|
|
@@ -2407,8 +2496,8 @@ module Aws::Transfer
|
|
|
2407
2496
|
#
|
|
2408
2497
|
# @!attribute [rw] arn
|
|
2409
2498
|
# The value of the resource that will have the tag removed. An Amazon
|
|
2410
|
-
# Resource Name (ARN) is an identifier for a specific
|
|
2411
|
-
# such as a server, user, or role.
|
|
2499
|
+
# Resource Name (ARN) is an identifier for a specific Amazon Web
|
|
2500
|
+
# Services resource, such as a server, user, or role.
|
|
2412
2501
|
# @return [String]
|
|
2413
2502
|
#
|
|
2414
2503
|
# @!attribute [rw] tag_keys
|
|
@@ -2472,10 +2561,10 @@ module Aws::Transfer
|
|
|
2472
2561
|
# make them visible. You must specify the `Entry` and `Target` pair,
|
|
2473
2562
|
# where `Entry` shows how the path is made visible and `Target` is the
|
|
2474
2563
|
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
|
2475
|
-
# it
|
|
2476
|
-
# Identity and Access Management (IAM) role provides access
|
|
2477
|
-
# in `Target`. This value can only be set when
|
|
2478
|
-
# set to *LOGICAL*.
|
|
2564
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
|
2565
|
+
# Services Identity and Access Management (IAM) role provides access
|
|
2566
|
+
# to paths in `Target`. This value can only be set when
|
|
2567
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
|
2479
2568
|
#
|
|
2480
2569
|
# The following is an `Entry` and `Target` pair example.
|
|
2481
2570
|
#
|
|
@@ -2489,19 +2578,16 @@ module Aws::Transfer
|
|
|
2489
2578
|
#
|
|
2490
2579
|
# The following is an `Entry` and `Target` pair example for `chroot`.
|
|
2491
2580
|
#
|
|
2492
|
-
# `[ \{ "Entry": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
|
2581
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
|
2493
2582
|
#
|
|
2494
2583
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
|
2495
|
-
# S3 or
|
|
2496
|
-
#
|
|
2497
|
-
#
|
|
2498
|
-
#
|
|
2499
|
-
#
|
|
2500
|
-
#
|
|
2501
|
-
#
|
|
2502
|
-
#
|
|
2503
|
-
# The end of the key name must end in a `/` for it to be considered a
|
|
2504
|
-
# folder.
|
|
2584
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
|
2585
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
|
2586
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
|
2587
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
|
2588
|
+
# operation. For example, you use the following: `aws s3api put-object
|
|
2589
|
+
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
|
2590
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
|
2505
2591
|
#
|
|
2506
2592
|
# </note>
|
|
2507
2593
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
|
@@ -2516,16 +2602,16 @@ module Aws::Transfer
|
|
|
2516
2602
|
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
|
2517
2603
|
# not use scope down policy.
|
|
2518
2604
|
#
|
|
2519
|
-
# For scope-down policies,
|
|
2520
|
-
# JSON blob, instead of the Amazon Resource Name (ARN)
|
|
2521
|
-
# You save the policy as a JSON blob and pass it in the
|
|
2522
|
-
# argument.
|
|
2605
|
+
# For scope-down policies, Amazon Web ServicesTransfer Family stores
|
|
2606
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
|
2607
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
|
2608
|
+
# `Policy` argument.
|
|
2523
2609
|
#
|
|
2524
2610
|
# For an example of a scope-down policy, see [Example scope-down
|
|
2525
2611
|
# policy][1].
|
|
2526
2612
|
#
|
|
2527
|
-
# For more information, see [AssumeRole][2] in the *
|
|
2528
|
-
# Service API Reference*.
|
|
2613
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
|
2614
|
+
# ServicesSecurity Token Service API Reference*.
|
|
2529
2615
|
#
|
|
2530
2616
|
# </note>
|
|
2531
2617
|
#
|
|
@@ -2564,9 +2650,9 @@ module Aws::Transfer
|
|
|
2564
2650
|
# A unique identifier that is required to identify specific groups
|
|
2565
2651
|
# within your directory. The users of the group that you associate
|
|
2566
2652
|
# have access to your Amazon S3 or Amazon EFS resources over the
|
|
2567
|
-
# enabled protocols using
|
|
2568
|
-
# name, you can view the SID values by running the
|
|
2569
|
-
# using Windows PowerShell.
|
|
2653
|
+
# enabled protocols using Amazon Web Services Transfer Family. If you
|
|
2654
|
+
# know the group name, you can view the SID values by running the
|
|
2655
|
+
# following command using Windows PowerShell.
|
|
2570
2656
|
#
|
|
2571
2657
|
# `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
|
|
2572
2658
|
# -Properties * | Select SamAccountName,ObjectSid`
|
|
@@ -2601,8 +2687,8 @@ module Aws::Transfer
|
|
|
2601
2687
|
#
|
|
2602
2688
|
# @!attribute [rw] external_id
|
|
2603
2689
|
# The external ID of the group whose users have access to your Amazon
|
|
2604
|
-
# S3 or Amazon EFS resources over the enabled protocols using
|
|
2605
|
-
#
|
|
2690
|
+
# S3 or Amazon EFS resources over the enabled protocols using Amazon
|
|
2691
|
+
# Web ServicesTransfer Family.
|
|
2606
2692
|
# @return [String]
|
|
2607
2693
|
#
|
|
2608
2694
|
# @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessResponse AWS API Documentation
|
|
@@ -2619,6 +2705,9 @@ module Aws::Transfer
|
|
|
2619
2705
|
#
|
|
2620
2706
|
# {
|
|
2621
2707
|
# certificate: "Certificate",
|
|
2708
|
+
# protocol_details: {
|
|
2709
|
+
# passive_ip: "PassiveIp",
|
|
2710
|
+
# },
|
|
2622
2711
|
# endpoint_details: {
|
|
2623
2712
|
# address_allocation_ids: ["AddressAllocationId"],
|
|
2624
2713
|
# subnet_ids: ["SubnetId"],
|
|
@@ -2640,19 +2729,21 @@ module Aws::Transfer
|
|
|
2640
2729
|
# }
|
|
2641
2730
|
#
|
|
2642
2731
|
# @!attribute [rw] certificate
|
|
2643
|
-
# The Amazon Resource Name (ARN) of the
|
|
2644
|
-
# certificate. Required when `Protocols` is set to
|
|
2732
|
+
# The Amazon Resource Name (ARN) of the Amazon Web ServicesCertificate
|
|
2733
|
+
# Manager (ACM) certificate. Required when `Protocols` is set to
|
|
2734
|
+
# `FTPS`.
|
|
2645
2735
|
#
|
|
2646
2736
|
# To request a new public certificate, see [Request a public
|
|
2647
|
-
# certificate][1] in the <i>
|
|
2737
|
+
# certificate][1] in the <i> Amazon Web ServicesCertificate Manager
|
|
2738
|
+
# User Guide</i>.
|
|
2648
2739
|
#
|
|
2649
2740
|
# To import an existing certificate into ACM, see [Importing
|
|
2650
|
-
# certificates into ACM][2] in the <i>
|
|
2651
|
-
# Guide</i>.
|
|
2741
|
+
# certificates into ACM][2] in the <i> Amazon Web ServicesCertificate
|
|
2742
|
+
# Manager User Guide</i>.
|
|
2652
2743
|
#
|
|
2653
2744
|
# To request a private certificate to use FTPS through private IP
|
|
2654
|
-
# addresses, see [Request a private certificate][3] in the <i>
|
|
2655
|
-
#
|
|
2745
|
+
# addresses, see [Request a private certificate][3] in the <i> Amazon
|
|
2746
|
+
# Web ServicesCertificate Manager User Guide</i>.
|
|
2656
2747
|
#
|
|
2657
2748
|
# Certificates with the following cryptographic algorithms and key
|
|
2658
2749
|
# sizes are supported:
|
|
@@ -2679,12 +2770,21 @@ module Aws::Transfer
|
|
|
2679
2770
|
# [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
|
|
2680
2771
|
# @return [String]
|
|
2681
2772
|
#
|
|
2773
|
+
# @!attribute [rw] protocol_details
|
|
2774
|
+
# The protocol settings that are configured for your server.
|
|
2775
|
+
#
|
|
2776
|
+
# Use the `PassiveIp` parameter to indicate passive mode (for FTP and
|
|
2777
|
+
# FTPS protocols). Enter a single dotted-quad IPv4 address, such as
|
|
2778
|
+
# the external IP address of a firewall, router, or load balancer.
|
|
2779
|
+
# @return [Types::ProtocolDetails]
|
|
2780
|
+
#
|
|
2682
2781
|
# @!attribute [rw] endpoint_details
|
|
2683
2782
|
# The virtual private cloud (VPC) endpoint settings that are
|
|
2684
|
-
# configured for your server.
|
|
2685
|
-
#
|
|
2686
|
-
#
|
|
2687
|
-
#
|
|
2783
|
+
# configured for your server. When you host your endpoint within your
|
|
2784
|
+
# VPC, you can make it accessible only to resources within your VPC,
|
|
2785
|
+
# or you can attach Elastic IP addresses and make it accessible to
|
|
2786
|
+
# clients over the internet. Your VPC's default security groups are
|
|
2787
|
+
# automatically assigned to your endpoint.
|
|
2688
2788
|
# @return [Types::EndpointDetails]
|
|
2689
2789
|
#
|
|
2690
2790
|
# @!attribute [rw] endpoint_type
|
|
@@ -2696,11 +2796,11 @@ module Aws::Transfer
|
|
|
2696
2796
|
# Elastic IP addresses directly to it.
|
|
2697
2797
|
#
|
|
2698
2798
|
# <note markdown="1"> After May 19, 2021, you won't be able to create a server using
|
|
2699
|
-
# `EndpointType=VPC_ENDPOINT` in your
|
|
2700
|
-
# hasn't already done so before May 19, 2021. If you
|
|
2701
|
-
# created servers with `EndpointType=VPC_ENDPOINT` in
|
|
2702
|
-
# on or before May 19, 2021, you will
|
|
2703
|
-
# date, use `EndpointType`=`VPC`.
|
|
2799
|
+
# `EndpointType=VPC_ENDPOINT` in your Amazon Web Servicesaccount if
|
|
2800
|
+
# your account hasn't already done so before May 19, 2021. If you
|
|
2801
|
+
# have already created servers with `EndpointType=VPC_ENDPOINT` in
|
|
2802
|
+
# your Amazon Web Servicesaccount on or before May 19, 2021, you will
|
|
2803
|
+
# not be affected. After this date, use `EndpointType`=`VPC`.
|
|
2704
2804
|
#
|
|
2705
2805
|
# For more information, see
|
|
2706
2806
|
# https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
|
|
@@ -2724,7 +2824,7 @@ module Aws::Transfer
|
|
|
2724
2824
|
# changing a server's host key can be disruptive.
|
|
2725
2825
|
#
|
|
2726
2826
|
# For more information, see [Change the host key for your SFTP-enabled
|
|
2727
|
-
# server][1] in the *
|
|
2827
|
+
# server][1] in the *Amazon Web ServicesTransfer Family User Guide*.
|
|
2728
2828
|
#
|
|
2729
2829
|
#
|
|
2730
2830
|
#
|
|
@@ -2737,9 +2837,11 @@ module Aws::Transfer
|
|
|
2737
2837
|
# @return [Types::IdentityProviderDetails]
|
|
2738
2838
|
#
|
|
2739
2839
|
# @!attribute [rw] logging_role
|
|
2740
|
-
#
|
|
2741
|
-
#
|
|
2742
|
-
# CloudWatch
|
|
2840
|
+
# Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
|
|
2841
|
+
# Identity and Access Management (IAM) role that allows a server to
|
|
2842
|
+
# turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
|
|
2843
|
+
# events. When set, user activity can be viewed in your CloudWatch
|
|
2844
|
+
# logs.
|
|
2743
2845
|
# @return [String]
|
|
2744
2846
|
#
|
|
2745
2847
|
# @!attribute [rw] protocols
|
|
@@ -2755,9 +2857,9 @@ module Aws::Transfer
|
|
|
2755
2857
|
#
|
|
2756
2858
|
# * File Transfer Protocol (FTP): Unencrypted file transfer
|
|
2757
2859
|
#
|
|
2758
|
-
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in
|
|
2759
|
-
#
|
|
2760
|
-
# when clients connect to it over FTPS.
|
|
2860
|
+
# <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
|
|
2861
|
+
# Web ServicesCertificate Manager (ACM) which will be used to identify
|
|
2862
|
+
# your server when clients connect to it over FTPS.
|
|
2761
2863
|
#
|
|
2762
2864
|
# If `Protocol` includes either `FTP` or `FTPS`, then the
|
|
2763
2865
|
# `EndpointType` must be `VPC` and the `IdentityProviderType` must be
|
|
@@ -2787,6 +2889,7 @@ module Aws::Transfer
|
|
|
2787
2889
|
#
|
|
2788
2890
|
class UpdateServerRequest < Struct.new(
|
|
2789
2891
|
:certificate,
|
|
2892
|
+
:protocol_details,
|
|
2790
2893
|
:endpoint_details,
|
|
2791
2894
|
:endpoint_type,
|
|
2792
2895
|
:host_key,
|
|
@@ -2855,30 +2958,36 @@ module Aws::Transfer
|
|
|
2855
2958
|
# @!attribute [rw] home_directory_mappings
|
|
2856
2959
|
# Logical directory mappings that specify what Amazon S3 or Amazon EFS
|
|
2857
2960
|
# paths and keys should be visible to your user and how you want to
|
|
2858
|
-
# make them visible. You
|
|
2859
|
-
#
|
|
2860
|
-
#
|
|
2861
|
-
#
|
|
2862
|
-
#
|
|
2863
|
-
#
|
|
2961
|
+
# make them visible. You must specify the `Entry` and `Target` pair,
|
|
2962
|
+
# where `Entry` shows how the path is made visible and `Target` is the
|
|
2963
|
+
# actual Amazon S3 or Amazon EFS path. If you only specify a target,
|
|
2964
|
+
# it is displayed as is. You also must ensure that your Amazon Web
|
|
2965
|
+
# Services Identity and Access Management (IAM) role provides access
|
|
2966
|
+
# to paths in `Target`. This value can only be set when
|
|
2967
|
+
# `HomeDirectoryType` is set to *LOGICAL*.
|
|
2864
2968
|
#
|
|
2865
|
-
# `
|
|
2866
|
-
#
|
|
2867
|
-
# "
|
|
2969
|
+
# The following is an `Entry` and `Target` pair example.
|
|
2970
|
+
#
|
|
2971
|
+
# `[ \{ "Entry": "your-personal-report.pdf", "Target":
|
|
2972
|
+
# "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \} ]`
|
|
2868
2973
|
#
|
|
2869
2974
|
# In most cases, you can use this value instead of the scope-down
|
|
2870
2975
|
# policy to lock down your user to the designated home directory
|
|
2871
2976
|
# ("`chroot`"). To do this, you can set `Entry` to '/' and set
|
|
2872
2977
|
# `Target` to the HomeDirectory parameter value.
|
|
2873
2978
|
#
|
|
2979
|
+
# The following is an `Entry` and `Target` pair example for `chroot`.
|
|
2980
|
+
#
|
|
2981
|
+
# `[ \{ "Entry:": "/", "Target": "/bucket_name/home/mydirectory" \} ]`
|
|
2982
|
+
#
|
|
2874
2983
|
# <note markdown="1"> If the target of a logical directory entry does not exist in Amazon
|
|
2875
|
-
# S3 or EFS, the entry
|
|
2876
|
-
#
|
|
2877
|
-
#
|
|
2878
|
-
#
|
|
2984
|
+
# S3 or EFS, the entry is ignored. As a workaround, you can use the
|
|
2985
|
+
# Amazon S3 API or EFS API to create 0 byte objects as place holders
|
|
2986
|
+
# for your directory. If using the CLI, use the `s3api` or `efsapi`
|
|
2987
|
+
# call instead of `s3` or `efs` so you can use the put-object
|
|
2879
2988
|
# operation. For example, you use the following: `aws s3api put-object
|
|
2880
2989
|
# --bucket bucketname --key path/to/folder/`. Make sure that the end
|
|
2881
|
-
# of the key name ends in a
|
|
2990
|
+
# of the key name ends in a `/` for it to be considered a folder.
|
|
2882
2991
|
#
|
|
2883
2992
|
# </note>
|
|
2884
2993
|
# @return [Array<Types::HomeDirectoryMapEntry>]
|
|
@@ -2893,16 +3002,16 @@ module Aws::Transfer
|
|
|
2893
3002
|
# <note markdown="1"> This only applies when domain of `ServerId` is S3. Amazon EFS does
|
|
2894
3003
|
# not use scope-down policies.
|
|
2895
3004
|
#
|
|
2896
|
-
# For scope-down policies,
|
|
2897
|
-
# JSON blob, instead of the Amazon Resource Name (ARN)
|
|
2898
|
-
# You save the policy as a JSON blob and pass it in the
|
|
2899
|
-
# argument.
|
|
3005
|
+
# For scope-down policies, Amazon Web ServicesTransfer Family stores
|
|
3006
|
+
# the policy as a JSON blob, instead of the Amazon Resource Name (ARN)
|
|
3007
|
+
# of the policy. You save the policy as a JSON blob and pass it in the
|
|
3008
|
+
# `Policy` argument.
|
|
2900
3009
|
#
|
|
2901
3010
|
# For an example of a scope-down policy, see [Creating a scope-down
|
|
2902
3011
|
# policy][1].
|
|
2903
3012
|
#
|
|
2904
|
-
# For more information, see [AssumeRole][2] in the *
|
|
2905
|
-
# Service API Reference*.
|
|
3013
|
+
# For more information, see [AssumeRole][2] in the *Amazon Web
|
|
3014
|
+
# Services Security Token Service API Reference*.
|
|
2906
3015
|
#
|
|
2907
3016
|
# </note>
|
|
2908
3017
|
#
|