aws-sdk-transfer 1.55.0 → 1.58.0

data/lib/aws-sdk-transfer/types.rb

@@ -23,6 +23,86 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # Contains the details for a connector object. The connector object is
+    # used for AS2 outbound processes, to connect the Transfer Family
+    # customer with the trading partner.
+    #
+    # @note When making an API call, you may pass As2ConnectorConfig
+    #   data as a hash:
+    #
+    #       {
+    #         local_profile_id: "ProfileId",
+    #         partner_profile_id: "ProfileId",
+    #         message_subject: "MessageSubject",
+    #         compression: "ZLIB", # accepts ZLIB, DISABLED
+    #         encryption_algorithm: "AES128_CBC", # accepts AES128_CBC, AES192_CBC, AES256_CBC
+    #         signing_algorithm: "SHA256", # accepts SHA256, SHA384, SHA512, SHA1, NONE
+    #         mdn_signing_algorithm: "SHA256", # accepts SHA256, SHA384, SHA512, SHA1, NONE, DEFAULT
+    #         mdn_response: "SYNC", # accepts SYNC, NONE
+    #       }
+    #
+    # @!attribute [rw] local_profile_id
+    #   A unique identifier for the AS2 local profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] partner_profile_id
+    #   A unique identifier for the partner profile for the connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] message_subject
+    #   Used as the `Subject` HTTP header attribute in AS2 messages that are
+    #   being sent with the connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] compression
+    #   Specifies whether the AS2 file is compressed.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_algorithm
+    #   The algorithm that is used to encrypt the file.
+    #   @return [String]
+    #
+    # @!attribute [rw] signing_algorithm
+    #   The algorithm that is used to sign the AS2 messages sent with the
+    #   connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] mdn_signing_algorithm
+    #   The signing algorithm for the MDN response.
+    #
+    #   <note markdown="1"> If set to DEFAULT (or not set at all), the value for
+    #   `SigningAlogorithm` is used.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] mdn_response
+    #   Used for outbound requests (from an Transfer Family server to a
+    #   partner AS2 server) to determine whether the partner response for
+    #   transfers is synchronous or asynchronous. Specify either of the
+    #   following values:
+    #
+    #   * `SYNC`\: The system expects a synchronous MDN response, confirming
+    #     that the file was transferred successfully (or not).
+    #
+    #   * `NONE`\: Specifies that no MDN response is required.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/As2ConnectorConfig AWS API Documentation
+    #
+    class As2ConnectorConfig < Struct.new(
+      :local_profile_id,
+      :partner_profile_id,
+      :message_subject,
+      :compression,
+      :encryption_algorithm,
+      :signing_algorithm,
+      :mdn_signing_algorithm,
+      :mdn_response)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # This exception is thrown when the `UpdateServer` is called for a file
     # transfer protocol-enabled server that has VPC as the endpoint type and
     # the server's `VpcEndpointID` is not in the available state.
@@ -129,13 +209,13 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you want your users' home
-    #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
-    #   as is in their file transfer protocol clients. If you set it
+    #   The type of landing directory (folder) that you want your users'
+    #   home directory to be when they log in to the server. If you set it
+    #   to `PATH`, the user will see the absolute Amazon S3 bucket or EFS
+    #   paths as is in their file transfer protocol clients. If you set it
     #   `LOGICAL`, you need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
-    #   paths visible to your users.
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or Amazon
+    #   EFS paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_mappings
@@ -144,10 +224,10 @@ module Aws::Transfer
     #   make them visible. You must specify the `Entry` and `Target` pair,
     #   where `Entry` shows how the path is made visible and `Target` is the
     #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
-    #   it is displayed as is. You also must ensure that your Amazon Web
-    #   Services Identity and Access Management (IAM) role provides access
-    #   to paths in `Target`. This value can only be set when
-    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #   it is displayed as is. You also must ensure that your Identity and
+    #   Access Management (IAM) role provides access to paths in `Target`.
+    #   This value can be set only when `HomeDirectoryType` is set to
+    #   *LOGICAL*.
     #
     #   The following is an `Entry` and `Target` pair example.
     #
@@ -165,24 +245,24 @@ module Aws::Transfer
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] policy
-    #   A session policy for your user so that you can use the same IAM role
-    #   across multiple users. This policy scopes down user access to
-    #   portions of their Amazon S3 bucket. Variables that you can use
-    #   inside this policy include `$\{Transfer:UserName\}`,
-    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
+    #   A session policy for your user so that you can use the same Identity
+    #   and Access Management (IAM) role across multiple users. This policy
+    #   scopes down a user's access to portions of their Amazon S3 bucket.
+    #   Variables that you can use inside this policy include
+    #   `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
+    #   `$\{Transfer:HomeBucket\}`.
     #
-    #   <note markdown="1"> This only applies when the domain of `ServerId` is S3. EFS does not
-    #   use session policies.
+    #   <note markdown="1"> This policy applies only when the domain of `ServerId` is Amazon S3.
+    #   Amazon EFS does not use session policies.
     #
-    #    For session policies, Amazon Web Services Transfer Family stores the
-    #   policy as a JSON blob, instead of the Amazon Resource Name (ARN) of
-    #   the policy. You save the policy as a JSON blob and pass it in the
-    #   `Policy` argument.
+    #    For session policies, Transfer Family stores the policy as a JSON
+    #   blob, instead of the Amazon Resource Name (ARN) of the policy. You
+    #   save the policy as a JSON blob and pass it in the `Policy` argument.
     #
     #    For an example of a session policy, see [Example session policy][1].
     #
-    #    For more information, see [AssumeRole][2] in the *Amazon Web
-    #   Services Security Token Service API Reference*.
+    #    For more information, see [AssumeRole][2] in the *Security Token
+    #   Service API Reference*.
     #
     #    </note>
     #
@@ -202,14 +282,14 @@ module Aws::Transfer
     #   @return [Types::PosixProfile]
     #
     # @!attribute [rw] role
-    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
-    #   controls your users' access to your Amazon S3 bucket or EFS file
-    #   system. The policies attached to this role determine the level of
-    #   access that you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
-    #   role should also contain a trust relationship that allows the server
-    #   to access your resources when servicing your users' transfer
-    #   requests.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that controls your users' access to your Amazon S3
+    #   bucket or Amazon EFS file system. The policies attached to this role
+    #   determine the level of access that you want to provide your users
+    #   when transferring files into and out of your Amazon S3 bucket or
+    #   Amazon EFS file system. The IAM role should also contain a trust
+    #   relationship that allows the server to access your resources when
+    #   servicing your users' transfer requests.
     #   @return [String]
     #
     # @!attribute [rw] server_id
@@ -221,9 +301,9 @@ module Aws::Transfer
     #   A unique identifier that is required to identify specific groups
     #   within your directory. The users of the group that you associate
     #   have access to your Amazon S3 or Amazon EFS resources over the
-    #   enabled protocols using Amazon Web Services Transfer Family. If you
-    #   know the group name, you can view the SID values by running the
-    #   following command using Windows PowerShell.
+    #   enabled protocols using Transfer Family. If you know the group name,
+    #   you can view the SID values by running the following command using
+    #   Windows PowerShell.
     #
     #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
     #   -Properties * | Select SamAccountName,ObjectSid`
@@ -231,10 +311,10 @@ module Aws::Transfer
     #   In that command, replace *YourGroupName* with the name of your
     #   Active Directory group.
     #
-    #   The regex used to validate this parameter is a string of characters
-    #   consisting of uppercase and lowercase alphanumeric characters with
-    #   no spaces. You can also include underscores or any of the following
-    #   characters: =,.@:/-
+    #   The regular expression used to validate this parameter is a string
+    #   of characters consisting of uppercase and lowercase alphanumeric
+    #   characters with no spaces. You can also include underscores or any
+    #   of the following characters: =,.@:/-
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessRequest AWS API Documentation
@@ -258,8 +338,8 @@ module Aws::Transfer
     #
     # @!attribute [rw] external_id
     #   The external ID of the group whose users have access to your Amazon
-    #   S3 or Amazon EFS resources over the enabled protocols using Amazon
-    #   Web Services Transfer Family.
+    #   S3 or Amazon EFS resources over the enabled protocols using Transfer
+    #   Family.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAccessResponse AWS API Documentation
@@ -271,6 +351,255 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreateAgreementRequest
+    #   data as a hash:
+    #
+    #       {
+    #         description: "Description",
+    #         server_id: "ServerId", # required
+    #         local_profile_id: "ProfileId", # required
+    #         partner_profile_id: "ProfileId", # required
+    #         base_directory: "HomeDirectory", # required
+    #         access_role: "Role", # required
+    #         status: "ACTIVE", # accepts ACTIVE, INACTIVE
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] description
+    #   A name or short description to identify the agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server instance. This is
+    #   the specific server that the agreement uses.
+    #   @return [String]
+    #
+    # @!attribute [rw] local_profile_id
+    #   A unique identifier for the AS2 local profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] partner_profile_id
+    #   A unique identifier for the partner profile used in the agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] base_directory
+    #   The landing directory (folder) for files transferred by using the
+    #   AS2 protocol.
+    #
+    #   A `BaseDirectory` example is `/DOC-EXAMPLE-BUCKET/home/mydirectory
+    #   `.
+    #   @return [String]
+    #
+    # @!attribute [rw] access_role
+    #   With AS2, you can send files by calling `StartFileTransfer` and
+    #   specifying the file paths in the request parameter, `SendFilePaths`.
+    #   We use the file’s parent directory (for example, for
+    #   `--send-file-paths /bucket/dir/file.txt`, parent directory is
+    #   `/bucket/dir/`) to temporarily store a processed AS2 message file,
+    #   store the MDN when we receive them from the partner, and write a
+    #   final JSON file containing relevant metadata of the transmission.
+    #   So, the `AccessRole` needs to provide read and write access to the
+    #   parent directory of the file location used in the
+    #   `StartFileTransfer` request. Additionally, you need to provide read
+    #   and write access to the parent directory of the files that you
+    #   intend to send with `StartFileTransfer`.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The status of the agreement. The agreement can be either `ACTIVE` or
+    #   `INACTIVE`.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   Key-value pairs that can be used to group and search for agreements.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAgreementRequest AWS API Documentation
+    #
+    class CreateAgreementRequest < Struct.new(
+      :description,
+      :server_id,
+      :local_profile_id,
+      :partner_profile_id,
+      :base_directory,
+      :access_role,
+      :status,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] agreement_id
+    #   The unique identifier for the agreement. Use this ID for deleting,
+    #   or updating an agreement, as well as in any other API calls that
+    #   require that you specify the agreement ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateAgreementResponse AWS API Documentation
+    #
+    class CreateAgreementResponse < Struct.new(
+      :agreement_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass CreateConnectorRequest
+    #   data as a hash:
+    #
+    #       {
+    #         url: "Url", # required
+    #         as_2_config: { # required
+    #           local_profile_id: "ProfileId",
+    #           partner_profile_id: "ProfileId",
+    #           message_subject: "MessageSubject",
+    #           compression: "ZLIB", # accepts ZLIB, DISABLED
+    #           encryption_algorithm: "AES128_CBC", # accepts AES128_CBC, AES192_CBC, AES256_CBC
+    #           signing_algorithm: "SHA256", # accepts SHA256, SHA384, SHA512, SHA1, NONE
+    #           mdn_signing_algorithm: "SHA256", # accepts SHA256, SHA384, SHA512, SHA1, NONE, DEFAULT
+    #           mdn_response: "SYNC", # accepts SYNC, NONE
+    #         },
+    #         access_role: "Role", # required
+    #         logging_role: "Role",
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] url
+    #   The URL of the partner's AS2 endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] as_2_config
+    #   A structure that contains the parameters for a connector object.
+    #   @return [Types::As2ConnectorConfig]
+    #
+    # @!attribute [rw] access_role
+    #   With AS2, you can send files by calling `StartFileTransfer` and
+    #   specifying the file paths in the request parameter, `SendFilePaths`.
+    #   We use the file’s parent directory (for example, for
+    #   `--send-file-paths /bucket/dir/file.txt`, parent directory is
+    #   `/bucket/dir/`) to temporarily store a processed AS2 message file,
+    #   store the MDN when we receive them from the partner, and write a
+    #   final JSON file containing relevant metadata of the transmission.
+    #   So, the `AccessRole` needs to provide read and write access to the
+    #   parent directory of the file location used in the
+    #   `StartFileTransfer` request. Additionally, you need to provide read
+    #   and write access to the parent directory of the files that you
+    #   intend to send with `StartFileTransfer`.
+    #   @return [String]
+    #
+    # @!attribute [rw] logging_role
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that allows a connector to turn on CloudWatch logging for
+    #   Amazon S3 events. When set, you can view connector activity in your
+    #   CloudWatch logs.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   Key-value pairs that can be used to group and search for connectors.
+    #   Tags are metadata attached to connectors for any purpose.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateConnectorRequest AWS API Documentation
+    #
+    class CreateConnectorRequest < Struct.new(
+      :url,
+      :as_2_config,
+      :access_role,
+      :logging_role,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] connector_id
+    #   The unique identifier for the connector, returned after the API call
+    #   succeeds.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateConnectorResponse AWS API Documentation
+    #
+    class CreateConnectorResponse < Struct.new(
+      :connector_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass CreateProfileRequest
+    #   data as a hash:
+    #
+    #       {
+    #         as_2_id: "As2Id", # required
+    #         profile_type: "LOCAL", # required, accepts LOCAL, PARTNER
+    #         certificate_ids: ["CertificateId"],
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] as_2_id
+    #   The `As2Id` is the *AS2-name*, as defined in the [RFC 4130][1]. For
+    #   inbound transfers, this is the `AS2-From` header for the AS2
+    #   messages sent from the partner. For outbound connectors, this is the
+    #   `AS2-To` header for the AS2 messages sent to the partner using the
+    #   `StartFileTransfer` API operation. This ID cannot include spaces.
+    #
+    #
+    #
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc4130
+    #   @return [String]
+    #
+    # @!attribute [rw] profile_type
+    #   Indicates whether to list only `LOCAL` type profiles or only
+    #   `PARTNER` type profiles. If not supplied in the request, the command
+    #   lists all types of profiles.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_ids
+    #   An array of identifiers for the imported certificates. You use this
+    #   identifier for working with profiles and partner profiles.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] tags
+    #   Key-value pairs that can be used to group and search for AS2
+    #   profiles.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateProfileRequest AWS API Documentation
+    #
+    class CreateProfileRequest < Struct.new(
+      :as_2_id,
+      :profile_type,
+      :certificate_ids,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] profile_id
+    #   The unique identifier for the AS2 profile, returned after the API
+    #   call succeeds.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateProfileResponse AWS API Documentation
+    #
+    class CreateProfileResponse < Struct.new(
+      :profile_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateServerRequest
     #   data as a hash:
     #
@@ -296,11 +625,12 @@ module Aws::Transfer
     #         logging_role: "Role",
     #         post_authentication_login_banner: "PostAuthenticationLoginBanner",
     #         pre_authentication_login_banner: "PreAuthenticationLoginBanner",
-    #         protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
+    #         protocols: ["SFTP"], # accepts SFTP, FTP, FTPS, AS2
     #         protocol_details: {
     #           passive_ip: "PassiveIp",
     #           tls_session_resumption_mode: "DISABLED", # accepts DISABLED, ENABLED, ENFORCED
     #           set_stat_option: "DEFAULT", # accepts DEFAULT, ENABLE_NO_OP
+    #           as_2_transports: ["HTTP"], # accepts HTTP
     #         },
     #         security_policy_name: "SecurityPolicyName",
     #         tags: [
@@ -320,21 +650,18 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] certificate
-    #   The Amazon Resource Name (ARN) of the Amazon Web Services
-    #   Certificate Manager (ACM) certificate. Required when `Protocols` is
-    #   set to `FTPS`.
+    #   The Amazon Resource Name (ARN) of the Certificate Manager (ACM)
+    #   certificate. Required when `Protocols` is set to `FTPS`.
     #
     #   To request a new public certificate, see [Request a public
-    #   certificate][1] in the <i> Amazon Web Services Certificate Manager
-    #   User Guide</i>.
+    #   certificate][1] in the *Certificate Manager User Guide*.
     #
     #   To import an existing certificate into ACM, see [Importing
-    #   certificates into ACM][2] in the <i> Amazon Web Services Certificate
-    #   Manager User Guide</i>.
+    #   certificates into ACM][2] in the *Certificate Manager User Guide*.
     #
     #   To request a private certificate to use FTPS through private IP
-    #   addresses, see [Request a private certificate][3] in the <i> Amazon
-    #   Web Services Certificate Manager User Guide</i>.
+    #   addresses, see [Request a private certificate][3] in the
+    #   *Certificate Manager User Guide*.
     #
     #   Certificates with the following cryptographic algorithms and key
     #   sizes are supported:
@@ -375,10 +702,10 @@ module Aws::Transfer
     # @!attribute [rw] endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are
     #   configured for your server. When you host your endpoint within your
-    #   VPC, you can make it accessible only to resources within your VPC,
-    #   or you can attach Elastic IP addresses and make it accessible to
-    #   clients over the internet. Your VPC's default security groups are
-    #   automatically assigned to your endpoint.
+    #   VPC, you can make your endpoint accessible only to resources within
+    #   your VPC, or you can attach Elastic IP addresses and make your
+    #   endpoint accessible to clients over the internet. Your VPC's
+    #   default security groups are automatically assigned to your endpoint.
     #   @return [Types::EndpointDetails]
     #
     # @!attribute [rw] endpoint_type
@@ -410,15 +737,37 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] host_key
-    #   The RSA private key as generated by the `ssh-keygen -N "" -m PEM -f
-    #   my-new-server-key` command.
+    #   The RSA, ECDSA, or ED25519 private key to use for your server.
+    #
+    #   Use the following command to generate an RSA 2048 bit key with no
+    #   passphrase:
+    #
+    #   `ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key`.
+    #
+    #   Use a minimum value of 2048 for the `-b` option. You can create a
+    #   stronger key by using 3072 or 4096.
+    #
+    #   Use the following command to generate an ECDSA 256 bit key with no
+    #   passphrase:
+    #
+    #   `ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key`.
+    #
+    #   Valid values for the `-b` option for ECDSA are 256, 384, and 521.
+    #
+    #   Use the following command to generate an ED25519 key with no
+    #   passphrase:
+    #
+    #   `ssh-keygen -t ed25519 -N "" -f my-new-server-key`.
+    #
+    #   For all of these commands, you can replace *my-new-server-key* with
+    #   a string of your choice.
     #
     #   If you aren't planning to migrate existing users from an existing
     #   SFTP-enabled server to a new server, don't update the host key.
     #   Accidentally changing a server's host key can be disruptive.
     #
     #   For more information, see [Change the host key for your SFTP-enabled
-    #   server][1] in the *Amazon Web Services Transfer Family User Guide*.
+    #   server][1] in the *Transfer Family User Guide*.
     #
     #
     #
@@ -435,38 +784,37 @@ module Aws::Transfer
     #   @return [Types::IdentityProviderDetails]
     #
     # @!attribute [rw] identity_provider_type
-    #   Specifies the mode of authentication for a server. The default value
-    #   is `SERVICE_MANAGED`, which allows you to store and access user
-    #   credentials within the Amazon Web Services Transfer Family service.
+    #   The mode of authentication for a server. The default value is
+    #   `SERVICE_MANAGED`, which allows you to store and access user
+    #   credentials within the Transfer Family service.
     #
     #   Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
-    #   groups in Amazon Web Services Managed Active Directory or Microsoft
-    #   Active Directory in your on-premises environment or in Amazon Web
-    #   Services using AD Connectors. This option also requires you to
-    #   provide a Directory ID using the `IdentityProviderDetails`
+    #   groups in Directory Service for Microsoft Active Directory or
+    #   Microsoft Active Directory in your on-premises environment or in
+    #   Amazon Web Services using AD Connector. This option also requires
+    #   you to provide a Directory ID by using the `IdentityProviderDetails`
     #   parameter.
     #
     #   Use the `API_GATEWAY` value to integrate with an identity provider
     #   of your choosing. The `API_GATEWAY` setting requires you to provide
-    #   an API Gateway endpoint URL to call for authentication using the
-    #   `IdentityProviderDetails` parameter.
+    #   an Amazon API Gateway endpoint URL to call for authentication by
+    #   using the `IdentityProviderDetails` parameter.
     #
-    #   Use the `AWS_LAMBDA` value to directly use a Lambda function as your
-    #   identity provider. If you choose this value, you must specify the
-    #   ARN for the lambda function in the `Function` parameter for the
+    #   Use the `AWS_LAMBDA` value to directly use an Lambda function as
+    #   your identity provider. If you choose this value, you must specify
+    #   the ARN for the Lambda function in the `Function` parameter or the
     #   `IdentityProviderDetails` data type.
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
-    #   Identity and Access Management (IAM) role that allows a server to
-    #   turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
-    #   events. When set, user activity can be viewed in your CloudWatch
-    #   logs.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that allows a server to turn on Amazon CloudWatch logging
+    #   for Amazon S3 or Amazon EFSevents. When set, you can view user
+    #   activity in your CloudWatch logs.
     #   @return [String]
     #
     # @!attribute [rw] post_authentication_login_banner
-    #   Specify a string to display when users connect to a server. This
+    #   Specifies a string to display when users connect to a server. This
     #   string is displayed after the user authenticates.
     #
     #   <note markdown="1"> The SFTP protocol does not support post-authentication display
@@ -476,9 +824,9 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] pre_authentication_login_banner
-    #   Specify a string to display when users connect to a server. This
+    #   Specifies a string to display when users connect to a server. This
     #   string is displayed before the user authenticates. For example, the
-    #   following banner displays details about using the system.
+    #   following banner displays details about using the system:
     #
     #   `This system is for the use of authorized users only. Individuals
     #   using this computer system without authority, or in excess of their
@@ -499,20 +847,26 @@ module Aws::Transfer
     #
     #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
     #
-    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
-    #   Web Services Certificate Manager (ACM) which is used to identify
-    #   your server when clients connect to it over FTPS.
+    #   * `AS2` (Applicability Statement 2): used for transporting
+    #     structured business-to-business data
+    #
+    #   <note markdown="1"> * If you select `FTPS`, you must choose a certificate stored in
+    #     Certificate Manager (ACM) which is used to identify your server
+    #     when clients connect to it over FTPS.
     #
-    #    If `Protocol` includes either `FTP` or `FTPS`, then the
-    #   `EndpointType` must be `VPC` and the `IdentityProviderType` must be
-    #   `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
+    #   * If `Protocol` includes either `FTP` or `FTPS`, then the
+    #     `EndpointType` must be `VPC` and the `IdentityProviderType` must
+    #     be `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
     #
-    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
-    #   associated.
+    #   * If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot
+    #     be associated.
     #
-    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
-    #   to `PUBLIC` and the `IdentityProviderType` can be set to
-    #   `SERVICE_MANAGED`.
+    #   * If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
+    #     to `PUBLIC` and the `IdentityProviderType` can be set to
+    #     `SERVICE_MANAGED`.
+    #
+    #   * If `Protocol` includes `AS2`, then the `EndpointType` must be
+    #     `VPC`, and domain must be Amazon S3.
     #
     #    </note>
     #   @return [Array<String>]
@@ -520,23 +874,27 @@ module Aws::Transfer
     # @!attribute [rw] protocol_details
     #   The protocol settings that are configured for your server.
     #
-    #   * Use the `PassiveIp` parameter to indicate passive mode (for FTP
-    #     and FTPS protocols). Enter a single dotted-quad IPv4 address, such
-    #     as the external IP address of a firewall, router, or load
+    #   * To indicate passive mode (for FTP and FTPS protocols), use the
+    #     `PassiveIp` parameter. Enter a single dotted-quad IPv4 address,
+    #     such as the external IP address of a firewall, router, or load
     #     balancer.
     #
-    #   * Use the `SetStatOption` to ignore the error that is generated when
-    #     the client attempts to use SETSTAT on a file you are uploading to
-    #     an S3 bucket. Set the value to `ENABLE_NO_OP` to have the Transfer
-    #     Family server ignore the SETSTAT command, and upload files without
-    #     needing to make any changes to your SFTP client. Note that with
-    #     `SetStatOption` set to `ENABLE_NO_OP`, Transfer generates a log
-    #     entry to CloudWatch Logs, so you can determine when the client is
-    #     making a SETSTAT call.
-    #
-    #   * Use the `TlsSessionResumptionMode` parameter to determine whether
-    #     or not your Transfer server resumes recent, negotiated sessions
-    #     through a unique session ID.
+    #   * To ignore the error that is generated when the client attempts to
+    #     use the `SETSTAT` command on a file that you are uploading to an
+    #     Amazon S3 bucket, use the `SetStatOption` parameter. To have the
+    #     Transfer Family server ignore the `SETSTAT` command and upload
+    #     files without needing to make any changes to your SFTP client, set
+    #     the value to `ENABLE_NO_OP`. If you set the `SetStatOption`
+    #     parameter to `ENABLE_NO_OP`, Transfer Family generates a log entry
+    #     to Amazon CloudWatch Logs, so that you can determine when the
+    #     client is making a `SETSTAT` call.
+    #
+    #   * To determine whether your Transfer Family server resumes recent,
+    #     negotiated sessions through a unique session ID, use the
+    #     `TlsSessionResumptionMode` parameter.
+    #
+    #   * `As2Transports` indicates the transport method for the AS2
+    #     messages. Currently, only HTTP is supported.
     #   @return [Types::ProtocolDetails]
     #
     # @!attribute [rw] security_policy_name
@@ -550,7 +908,7 @@ module Aws::Transfer
     #
     # @!attribute [rw] workflow_details
     #   Specifies the workflow ID for the workflow to assign and the
-    #   execution role used for executing the workflow.
+    #   execution role that's used for executing the workflow.
     #   @return [Types::WorkflowDetails]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/CreateServerRequest AWS API Documentation
@@ -625,13 +983,13 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you want your users' home
-    #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
-    #   as is in their file transfer protocol clients. If you set it
+    #   The type of landing directory (folder) that you want your users'
+    #   home directory to be when they log in to the server. If you set it
+    #   to `PATH`, the user will see the absolute Amazon S3 bucket or EFS
+    #   paths as is in their file transfer protocol clients. If you set it
     #   `LOGICAL`, you need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
-    #   paths visible to your users.
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or Amazon
+    #   EFS paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_mappings
@@ -640,10 +998,10 @@ module Aws::Transfer
     #   make them visible. You must specify the `Entry` and `Target` pair,
     #   where `Entry` shows how the path is made visible and `Target` is the
     #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
-    #   it is displayed as is. You also must ensure that your Amazon Web
-    #   Services Identity and Access Management (IAM) role provides access
-    #   to paths in `Target`. This value can only be set when
-    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #   it is displayed as is. You also must ensure that your Identity and
+    #   Access Management (IAM) role provides access to paths in `Target`.
+    #   This value can be set only when `HomeDirectoryType` is set to
+    #   *LOGICAL*.
     #
     #   The following is an `Entry` and `Target` pair example.
     #
@@ -661,19 +1019,19 @@ module Aws::Transfer
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] policy
-    #   A session policy for your user so that you can use the same IAM role
-    #   across multiple users. This policy scopes down user access to
-    #   portions of their Amazon S3 bucket. Variables that you can use
-    #   inside this policy include `$\{Transfer:UserName\}`,
-    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
+    #   A session policy for your user so that you can use the same Identity
+    #   and Access Management (IAM) role across multiple users. This policy
+    #   scopes down a user's access to portions of their Amazon S3 bucket.
+    #   Variables that you can use inside this policy include
+    #   `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
+    #   `$\{Transfer:HomeBucket\}`.
     #
-    #   <note markdown="1"> This only applies when the domain of `ServerId` is S3. EFS does not
-    #   use session policies.
+    #   <note markdown="1"> This policy applies only when the domain of `ServerId` is Amazon S3.
+    #   Amazon EFS does not use session policies.
     #
-    #    For session policies, Amazon Web Services Transfer Family stores the
-    #   policy as a JSON blob, instead of the Amazon Resource Name (ARN) of
-    #   the policy. You save the policy as a JSON blob and pass it in the
-    #   `Policy` argument.
+    #    For session policies, Transfer Family stores the policy as a JSON
+    #   blob, instead of the Amazon Resource Name (ARN) of the policy. You
+    #   save the policy as a JSON blob and pass it in the `Policy` argument.
     #
     #    For an example of a session policy, see [Example session policy][1].
     #
@@ -698,14 +1056,14 @@ module Aws::Transfer
     #   @return [Types::PosixProfile]
     #
     # @!attribute [rw] role
-    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
-    #   controls your users' access to your Amazon S3 bucket or EFS file
-    #   system. The policies attached to this role determine the level of
-    #   access that you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
-    #   role should also contain a trust relationship that allows the server
-    #   to access your resources when servicing your users' transfer
-    #   requests.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that controls your users' access to your Amazon S3
+    #   bucket or Amazon EFS file system. The policies attached to this role
+    #   determine the level of access that you want to provide your users
+    #   when transferring files into and out of your Amazon S3 bucket or
+    #   Amazon EFS file system. The IAM role should also contain a trust
+    #   relationship that allows the server to access your resources when
+    #   servicing your users' transfer requests.
     #   @return [String]
     #
     # @!attribute [rw] server_id
@@ -717,10 +1075,7 @@ module Aws::Transfer
     #   The public portion of the Secure Shell (SSH) key used to
     #   authenticate the user to the server.
     #
-    #   <note markdown="1"> Currently, Transfer Family does not accept elliptical curve keys
-    #   (keys beginning with `ecdsa`).
-    #
-    #    </note>
+    #   Transfer Family accepts RSA, ECDSA, and ED25519 keys.
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -875,20 +1230,20 @@ module Aws::Transfer
     #   The `TYPE` specifies which of the following actions is being taken
     #   for this step.
     #
-    #   * *COPY*\: copy the file to another location
+    #   * *COPY*\: Copy the file to another location.
     #
-    #   * *CUSTOM*\: custom step with a lambda target
+    #   * *CUSTOM*\: Perform a custom step with an Lambda function target.
     #
-    #   * *DELETE*\: delete the file
+    #   * *DELETE*\: Delete the file.
     #
-    #   * *TAG*\: add a tag to the file
+    #   * *TAG*\: Add a tag to the file.
     #
     #   <note markdown="1"> Currently, copying and tagging are supported only on S3.
     #
     #    </note>
     #
     #   For file location, you specify either the S3 bucket and key, or the
-    #   EFS filesystem ID and path.
+    #   EFS file system ID and path.
     #   @return [Array<Types::WorkflowStep>]
     #
     # @!attribute [rw] on_exception_steps
@@ -996,9 +1351,9 @@ module Aws::Transfer
     #   A unique identifier that is required to identify specific groups
     #   within your directory. The users of the group that you associate
     #   have access to your Amazon S3 or Amazon EFS resources over the
-    #   enabled protocols using Amazon Web Services Transfer Family. If you
-    #   know the group name, you can view the SID values by running the
-    #   following command using Windows PowerShell.
+    #   enabled protocols using Transfer Family. If you know the group name,
+    #   you can view the SID values by running the following command using
+    #   Windows PowerShell.
     #
     #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
     #   -Properties * | Select SamAccountName,ObjectSid`
@@ -1006,10 +1361,10 @@ module Aws::Transfer
     #   In that command, replace *YourGroupName* with the name of your
     #   Active Directory group.
     #
-    #   The regex used to validate this parameter is a string of characters
-    #   consisting of uppercase and lowercase alphanumeric characters with
-    #   no spaces. You can also include underscores or any of the following
-    #   characters: =,.@:/-
+    #   The regular expression used to validate this parameter is a string
+    #   of characters consisting of uppercase and lowercase alphanumeric
+    #   characters with no spaces. You can also include underscores or any
+    #   of the following characters: =,.@:/-
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DeleteAccessRequest AWS API Documentation
@@ -1021,6 +1376,89 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteAgreementRequest
+    #   data as a hash:
+    #
+    #       {
+    #         agreement_id: "AgreementId", # required
+    #         server_id: "ServerId", # required
+    #       }
+    #
+    # @!attribute [rw] agreement_id
+    #   A unique identifier for the agreement. This identifier is returned
+    #   when you create an agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   The server ID associated with the agreement that you are deleting.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DeleteAgreementRequest AWS API Documentation
+    #
+    class DeleteAgreementRequest < Struct.new(
+      :agreement_id,
+      :server_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteCertificateRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_id: "CertificateId", # required
+    #       }
+    #
+    # @!attribute [rw] certificate_id
+    #   The ID of the certificate object that you are deleting.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DeleteCertificateRequest AWS API Documentation
+    #
+    class DeleteCertificateRequest < Struct.new(
+      :certificate_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteConnectorRequest
+    #   data as a hash:
+    #
+    #       {
+    #         connector_id: "ConnectorId", # required
+    #       }
+    #
+    # @!attribute [rw] connector_id
+    #   The unique identifier for the connector.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DeleteConnectorRequest AWS API Documentation
+    #
+    class DeleteConnectorRequest < Struct.new(
+      :connector_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteProfileRequest
+    #   data as a hash:
+    #
+    #       {
+    #         profile_id: "ProfileId", # required
+    #       }
+    #
+    # @!attribute [rw] profile_id
+    #   The ID of the profile that you are deleting.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DeleteProfileRequest AWS API Documentation
+    #
+    class DeleteProfileRequest < Struct.new(
+      :profile_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteServerRequest
     #   data as a hash:
     #
@@ -1172,9 +1610,9 @@ module Aws::Transfer
     #   A unique identifier that is required to identify specific groups
     #   within your directory. The users of the group that you associate
     #   have access to your Amazon S3 or Amazon EFS resources over the
-    #   enabled protocols using Amazon Web Services Transfer Family. If you
-    #   know the group name, you can view the SID values by running the
-    #   following command using Windows PowerShell.
+    #   enabled protocols using Transfer Family. If you know the group name,
+    #   you can view the SID values by running the following command using
+    #   Windows PowerShell.
     #
     #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
     #   -Properties * | Select SamAccountName,ObjectSid`
@@ -1182,10 +1620,10 @@ module Aws::Transfer
     #   In that command, replace *YourGroupName* with the name of your
     #   Active Directory group.
     #
-    #   The regex used to validate this parameter is a string of characters
-    #   consisting of uppercase and lowercase alphanumeric characters with
-    #   no spaces. You can also include underscores or any of the following
-    #   characters: =,.@:/-
+    #   The regular expression used to validate this parameter is a string
+    #   of characters consisting of uppercase and lowercase alphanumeric
+    #   characters with no spaces. You can also include underscores or any
+    #   of the following characters: =,.@:/-
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAccessRequest AWS API Documentation
@@ -1215,49 +1653,182 @@ module Aws::Transfer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeExecutionRequest
+    # @note When making an API call, you may pass DescribeAgreementRequest
     #   data as a hash:
     #
     #       {
-    #         execution_id: "ExecutionId", # required
-    #         workflow_id: "WorkflowId", # required
+    #         agreement_id: "AgreementId", # required
+    #         server_id: "ServerId", # required
     #       }
     #
-    # @!attribute [rw] execution_id
-    #   A unique identifier for the execution of a workflow.
+    # @!attribute [rw] agreement_id
+    #   A unique identifier for the agreement. This identifier is returned
+    #   when you create an agreement.
     #   @return [String]
     #
-    # @!attribute [rw] workflow_id
-    #   A unique identifier for the workflow.
+    # @!attribute [rw] server_id
+    #   The server ID that's associated with the agreement.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeExecutionRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAgreementRequest AWS API Documentation
     #
-    class DescribeExecutionRequest < Struct.new(
-      :execution_id,
-      :workflow_id)
+    class DescribeAgreementRequest < Struct.new(
+      :agreement_id,
+      :server_id)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] workflow_id
-    #   A unique identifier for the workflow.
-    #   @return [String]
-    #
-    # @!attribute [rw] execution
-    #   The structure that contains the details of the workflow' execution.
-    #   @return [Types::DescribedExecution]
+    # @!attribute [rw] agreement
+    #   The details for the specified agreement, returned as a
+    #   `DescribedAgreement` object.
+    #   @return [Types::DescribedAgreement]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeExecutionResponse AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeAgreementResponse AWS API Documentation
     #
-    class DescribeExecutionResponse < Struct.new(
-      :workflow_id,
-      :execution)
+    class DescribeAgreementResponse < Struct.new(
+      :agreement)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeSecurityPolicyRequest
+    # @note When making an API call, you may pass DescribeCertificateRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_id: "CertificateId", # required
+    #       }
+    #
+    # @!attribute [rw] certificate_id
+    #   An array of identifiers for the imported certificates. You use this
+    #   identifier for working with profiles and partner profiles.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeCertificateRequest AWS API Documentation
+    #
+    class DescribeCertificateRequest < Struct.new(
+      :certificate_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] certificate
+    #   The details for the specified certificate, returned as an object.
+    #   @return [Types::DescribedCertificate]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeCertificateResponse AWS API Documentation
+    #
+    class DescribeCertificateResponse < Struct.new(
+      :certificate)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DescribeConnectorRequest
+    #   data as a hash:
+    #
+    #       {
+    #         connector_id: "ConnectorId", # required
+    #       }
+    #
+    # @!attribute [rw] connector_id
+    #   The unique identifier for the connector.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeConnectorRequest AWS API Documentation
+    #
+    class DescribeConnectorRequest < Struct.new(
+      :connector_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] connector
+    #   The structure that contains the details of the connector.
+    #   @return [Types::DescribedConnector]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeConnectorResponse AWS API Documentation
+    #
+    class DescribeConnectorResponse < Struct.new(
+      :connector)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DescribeExecutionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         execution_id: "ExecutionId", # required
+    #         workflow_id: "WorkflowId", # required
+    #       }
+    #
+    # @!attribute [rw] execution_id
+    #   A unique identifier for the execution of a workflow.
+    #   @return [String]
+    #
+    # @!attribute [rw] workflow_id
+    #   A unique identifier for the workflow.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeExecutionRequest AWS API Documentation
+    #
+    class DescribeExecutionRequest < Struct.new(
+      :execution_id,
+      :workflow_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] workflow_id
+    #   A unique identifier for the workflow.
+    #   @return [String]
+    #
+    # @!attribute [rw] execution
+    #   The structure that contains the details of the workflow' execution.
+    #   @return [Types::DescribedExecution]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeExecutionResponse AWS API Documentation
+    #
+    class DescribeExecutionResponse < Struct.new(
+      :workflow_id,
+      :execution)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DescribeProfileRequest
+    #   data as a hash:
+    #
+    #       {
+    #         profile_id: "ProfileId", # required
+    #       }
+    #
+    # @!attribute [rw] profile_id
+    #   The identifier of the profile that you want described.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeProfileRequest AWS API Documentation
+    #
+    class DescribeProfileRequest < Struct.new(
+      :profile_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] profile
+    #   The details of the specified profile, returned as an object.
+    #   @return [Types::DescribedProfile]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeProfileResponse AWS API Documentation
+    #
+    class DescribeProfileResponse < Struct.new(
+      :profile)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DescribeSecurityPolicyRequest
     #   data as a hash:
     #
     #       {
@@ -1336,8 +1907,8 @@ module Aws::Transfer
     #
     # @!attribute [rw] user_name
     #   The name of the user assigned to one or more servers. User names are
-    #   part of the sign-in credentials to use the Amazon Web Services
-    #   Transfer Family service and perform file transfer tasks.
+    #   part of the sign-in credentials to use the Transfer Family service
+    #   and perform file transfer tasks.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribeUserRequest AWS API Documentation
@@ -1414,10 +1985,10 @@ module Aws::Transfer
     #   make them visible. You must specify the `Entry` and `Target` pair,
     #   where `Entry` shows how the path is made visible and `Target` is the
     #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
-    #   it is displayed as is. You also must ensure that your Amazon Web
-    #   Services Identity and Access Management (IAM) role provides access
-    #   to paths in `Target`. This value can only be set when
-    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #   it is displayed as is. You also must ensure that your Identity and
+    #   Access Management (IAM) role provides access to paths in `Target`.
+    #   This value can be set only when `HomeDirectoryType` is set to
+    #   *LOGICAL*.
     #
     #   In most cases, you can use this value instead of the session policy
     #   to lock down the associated access to the designated home directory
@@ -1426,21 +1997,22 @@ module Aws::Transfer
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you want your users' home
-    #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
-    #   as is in their file transfer protocol clients. If you set it
+    #   The type of landing directory (folder) that you want your users'
+    #   home directory to be when they log in to the server. If you set it
+    #   to `PATH`, the user will see the absolute Amazon S3 bucket or EFS
+    #   paths as is in their file transfer protocol clients. If you set it
     #   `LOGICAL`, you need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
-    #   paths visible to your users.
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or Amazon
+    #   EFS paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] policy
-    #   A session policy for your user so that you can use the same IAM role
-    #   across multiple users. This policy scopes down user access to
-    #   portions of their Amazon S3 bucket. Variables that you can use
-    #   inside this policy include `$\{Transfer:UserName\}`,
-    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
+    #   A session policy for your user so that you can use the same Identity
+    #   and Access Management (IAM) role across multiple users. This policy
+    #   scopes down a user's access to portions of their Amazon S3 bucket.
+    #   Variables that you can use inside this policy include
+    #   `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
+    #   `$\{Transfer:HomeBucket\}`.
     #   @return [String]
     #
     # @!attribute [rw] posix_profile
@@ -1453,23 +2025,23 @@ module Aws::Transfer
     #   @return [Types::PosixProfile]
     #
     # @!attribute [rw] role
-    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
-    #   controls your users' access to your Amazon S3 bucket or EFS file
-    #   system. The policies attached to this role determine the level of
-    #   access that you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
-    #   role should also contain a trust relationship that allows the server
-    #   to access your resources when servicing your users' transfer
-    #   requests.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that controls your users' access to your Amazon S3
+    #   bucket or Amazon EFS file system. The policies attached to this role
+    #   determine the level of access that you want to provide your users
+    #   when transferring files into and out of your Amazon S3 bucket or
+    #   Amazon EFS file system. The IAM role should also contain a trust
+    #   relationship that allows the server to access your resources when
+    #   servicing your users' transfer requests.
     #   @return [String]
     #
     # @!attribute [rw] external_id
     #   A unique identifier that is required to identify specific groups
     #   within your directory. The users of the group that you associate
     #   have access to your Amazon S3 or Amazon EFS resources over the
-    #   enabled protocols using Amazon Web Services Transfer Family. If you
-    #   know the group name, you can view the SID values by running the
-    #   following command using Windows PowerShell.
+    #   enabled protocols using Transfer Family. If you know the group name,
+    #   you can view the SID values by running the following command using
+    #   Windows PowerShell.
     #
     #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
     #   -Properties * | Select SamAccountName,ObjectSid`
@@ -1477,10 +2049,10 @@ module Aws::Transfer
     #   In that command, replace *YourGroupName* with the name of your
     #   Active Directory group.
     #
-    #   The regex used to validate this parameter is a string of characters
-    #   consisting of uppercase and lowercase alphanumeric characters with
-    #   no spaces. You can also include underscores or any of the following
-    #   characters: =,.@:/-
+    #   The regular expression used to validate this parameter is a string
+    #   of characters consisting of uppercase and lowercase alphanumeric
+    #   characters with no spaces. You can also include underscores or any
+    #   of the following characters: =,.@:/-
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedAccess AWS API Documentation
@@ -1497,6 +2069,226 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # Describes the properties of an agreement.
+    #
+    # @!attribute [rw] arn
+    #   The unique Amazon Resource Name (ARN) for the agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] agreement_id
+    #   A unique identifier for the agreement. This identifier is returned
+    #   when you create an agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The name or short description that's used to identify the
+    #   agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the agreement, either `ACTIVE` or `INACTIVE`.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server instance. This
+    #   identifier indicates the specific server that the agreement uses.
+    #   @return [String]
+    #
+    # @!attribute [rw] local_profile_id
+    #   A unique identifier for the AS2 local profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] partner_profile_id
+    #   A unique identifier for the partner profile used in the agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] base_directory
+    #   The landing directory (folder) for files that are transferred by
+    #   using the AS2 protocol.
+    #   @return [String]
+    #
+    # @!attribute [rw] access_role
+    #   With AS2, you can send files by calling `StartFileTransfer` and
+    #   specifying the file paths in the request parameter, `SendFilePaths`.
+    #   We use the file’s parent directory (for example, for
+    #   `--send-file-paths /bucket/dir/file.txt`, parent directory is
+    #   `/bucket/dir/`) to temporarily store a processed AS2 message file,
+    #   store the MDN when we receive them from the partner, and write a
+    #   final JSON file containing relevant metadata of the transmission.
+    #   So, the `AccessRole` needs to provide read and write access to the
+    #   parent directory of the file location used in the
+    #   `StartFileTransfer` request. Additionally, you need to provide read
+    #   and write access to the parent directory of the files that you
+    #   intend to send with `StartFileTransfer`.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   Key-value pairs that can be used to group and search for agreements.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedAgreement AWS API Documentation
+    #
+    class DescribedAgreement < Struct.new(
+      :arn,
+      :agreement_id,
+      :description,
+      :status,
+      :server_id,
+      :local_profile_id,
+      :partner_profile_id,
+      :base_directory,
+      :access_role,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes the properties of a certificate.
+    #
+    # @!attribute [rw] arn
+    #   The unique Amazon Resource Name (ARN) for the certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_id
+    #   An array of identifiers for the imported certificates. You use this
+    #   identifier for working with profiles and partner profiles.
+    #   @return [String]
+    #
+    # @!attribute [rw] usage
+    #   Specifies whether this certificate is used for signing or
+    #   encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The certificate can be either `ACTIVE`, `PENDING_ROTATION`, or
+    #   `INACTIVE`. `PENDING_ROTATION` means that this certificate will
+    #   replace the current certificate when it expires.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate
+    #   The file name for the certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_chain
+    #   The list of certificates that make up the chain for the certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] active_date
+    #   An optional date that specifies when the certificate becomes active.
+    #   @return [Time]
+    #
+    # @!attribute [rw] inactive_date
+    #   An optional date that specifies when the certificate becomes
+    #   inactive.
+    #   @return [Time]
+    #
+    # @!attribute [rw] serial
+    #   The serial number for the certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] not_before_date
+    #   The earliest date that the certificate is valid.
+    #   @return [Time]
+    #
+    # @!attribute [rw] not_after_date
+    #   The final date that the certificate is valid.
+    #   @return [Time]
+    #
+    # @!attribute [rw] type
+    #   If a private key has been specified for the certificate, its type is
+    #   `CERTIFICATE_WITH_PRIVATE_KEY`. If there is no private key, the type
+    #   is `CERTIFICATE`.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The name or description that's used to identity the certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   Key-value pairs that can be used to group and search for
+    #   certificates.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedCertificate AWS API Documentation
+    #
+    class DescribedCertificate < Struct.new(
+      :arn,
+      :certificate_id,
+      :usage,
+      :status,
+      :certificate,
+      :certificate_chain,
+      :active_date,
+      :inactive_date,
+      :serial,
+      :not_before_date,
+      :not_after_date,
+      :type,
+      :description,
+      :tags)
+      SENSITIVE = [:certificate, :certificate_chain]
+      include Aws::Structure
+    end
+
+    # Describes the parameters for the connector, as identified by the
+    # `ConnectorId`.
+    #
+    # @!attribute [rw] arn
+    #   The unique Amazon Resource Name (ARN) for the connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] connector_id
+    #   The unique identifier for the connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] url
+    #   The URL of the partner's AS2 endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] as_2_config
+    #   A structure that contains the parameters for a connector object.
+    #   @return [Types::As2ConnectorConfig]
+    #
+    # @!attribute [rw] access_role
+    #   With AS2, you can send files by calling `StartFileTransfer` and
+    #   specifying the file paths in the request parameter, `SendFilePaths`.
+    #   We use the file’s parent directory (for example, for
+    #   `--send-file-paths /bucket/dir/file.txt`, parent directory is
+    #   `/bucket/dir/`) to temporarily store a processed AS2 message file,
+    #   store the MDN when we receive them from the partner, and write a
+    #   final JSON file containing relevant metadata of the transmission.
+    #   So, the `AccessRole` needs to provide read and write access to the
+    #   parent directory of the file location used in the
+    #   `StartFileTransfer` request. Additionally, you need to provide read
+    #   and write access to the parent directory of the files that you
+    #   intend to send with `StartFileTransfer`.
+    #   @return [String]
+    #
+    # @!attribute [rw] logging_role
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that allows a connector to turn on CloudWatch logging for
+    #   Amazon S3 events. When set, you can view connector activity in your
+    #   CloudWatch logs.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   Key-value pairs that can be used to group and search for connectors.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedConnector AWS API Documentation
+    #
+    class DescribedConnector < Struct.new(
+      :arn,
+      :connector_id,
+      :url,
+      :as_2_config,
+      :access_role,
+      :logging_role,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The details for an execution object.
     #
     # @!attribute [rw] execution_id
@@ -1511,8 +2303,8 @@ module Aws::Transfer
     #   @return [Types::FileLocation]
     #
     # @!attribute [rw] service_metadata
-    #   A container object for the session details associated with a
-    #   workflow.
+    #   A container object for the session details that are associated with
+    #   a workflow.
     #   @return [Types::ServiceMetadata]
     #
     # @!attribute [rw] execution_role
@@ -1558,6 +2350,56 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # The details for a local or partner AS2 profile. profile.
+    #
+    # @!attribute [rw] arn
+    #   The unique Amazon Resource Name (ARN) for the profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] profile_id
+    #   A unique identifier for the local or partner AS2 profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] profile_type
+    #   Indicates whether to list only `LOCAL` type profiles or only
+    #   `PARTNER` type profiles. If not supplied in the request, the command
+    #   lists all types of profiles.
+    #   @return [String]
+    #
+    # @!attribute [rw] as_2_id
+    #   The `As2Id` is the *AS2-name*, as defined in the [RFC 4130][1]. For
+    #   inbound transfers, this is the `AS2-From` header for the AS2
+    #   messages sent from the partner. For outbound connectors, this is the
+    #   `AS2-To` header for the AS2 messages sent to the partner using the
+    #   `StartFileTransfer` API operation. This ID cannot include spaces.
+    #
+    #
+    #
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc4130
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_ids
+    #   An array of identifiers for the imported certificates. You use this
+    #   identifier for working with profiles and partner profiles.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] tags
+    #   Key-value pairs that can be used to group and search for profiles.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedProfile AWS API Documentation
+    #
+    class DescribedProfile < Struct.new(
+      :arn,
+      :profile_id,
+      :profile_type,
+      :as_2_id,
+      :certificate_ids,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes the properties of a security policy that was specified. For
     # more information about security policies, see [Working with security
     # policies][1].
@@ -1626,9 +2468,27 @@ module Aws::Transfer
     # @!attribute [rw] protocol_details
     #   The protocol settings that are configured for your server.
     #
-    #   Use the `PassiveIp` parameter to indicate passive mode. Enter a
-    #   single dotted-quad IPv4 address, such as the external IP address of
-    #   a firewall, router, or load balancer.
+    #   * To indicate passive mode (for FTP and FTPS protocols), use the
+    #     `PassiveIp` parameter. Enter a single dotted-quad IPv4 address,
+    #     such as the external IP address of a firewall, router, or load
+    #     balancer.
+    #
+    #   * To ignore the error that is generated when the client attempts to
+    #     use the `SETSTAT` command on a file that you are uploading to an
+    #     Amazon S3 bucket, use the `SetStatOption` parameter. To have the
+    #     Transfer Family server ignore the `SETSTAT` command and upload
+    #     files without needing to make any changes to your SFTP client, set
+    #     the value to `ENABLE_NO_OP`. If you set the `SetStatOption`
+    #     parameter to `ENABLE_NO_OP`, Transfer Family generates a log entry
+    #     to Amazon CloudWatch Logs, so that you can determine when the
+    #     client is making a `SETSTAT` call.
+    #
+    #   * To determine whether your Transfer Family server resumes recent,
+    #     negotiated sessions through a unique session ID, use the
+    #     `TlsSessionResumptionMode` parameter.
+    #
+    #   * `As2Transports` indicates the transport method for the AS2
+    #     messages. Currently, only HTTP is supported.
     #   @return [Types::ProtocolDetails]
     #
     # @!attribute [rw] domain
@@ -1639,10 +2499,10 @@ module Aws::Transfer
     # @!attribute [rw] endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are
     #   configured for your server. When you host your endpoint within your
-    #   VPC, you can make it accessible only to resources within your VPC,
-    #   or you can attach Elastic IP addresses and make it accessible to
-    #   clients over the internet. Your VPC's default security groups are
-    #   automatically assigned to your endpoint.
+    #   VPC, you can make your endpoint accessible only to resources within
+    #   your VPC, or you can attach Elastic IP addresses and make your
+    #   endpoint accessible to clients over the internet. Your VPC's
+    #   default security groups are automatically assigned to your endpoint.
     #   @return [Types::EndpointDetails]
     #
     # @!attribute [rw] endpoint_type
@@ -1664,38 +2524,37 @@ module Aws::Transfer
     #   @return [Types::IdentityProviderDetails]
     #
     # @!attribute [rw] identity_provider_type
-    #   Specifies the mode of authentication for a server. The default value
-    #   is `SERVICE_MANAGED`, which allows you to store and access user
-    #   credentials within the Amazon Web Services Transfer Family service.
+    #   The mode of authentication for a server. The default value is
+    #   `SERVICE_MANAGED`, which allows you to store and access user
+    #   credentials within the Transfer Family service.
     #
     #   Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
-    #   groups in Amazon Web Services Managed Active Directory or Microsoft
-    #   Active Directory in your on-premises environment or in Amazon Web
-    #   Services using AD Connectors. This option also requires you to
-    #   provide a Directory ID using the `IdentityProviderDetails`
+    #   groups in Directory Service for Microsoft Active Directory or
+    #   Microsoft Active Directory in your on-premises environment or in
+    #   Amazon Web Services using AD Connector. This option also requires
+    #   you to provide a Directory ID by using the `IdentityProviderDetails`
     #   parameter.
     #
     #   Use the `API_GATEWAY` value to integrate with an identity provider
     #   of your choosing. The `API_GATEWAY` setting requires you to provide
-    #   an API Gateway endpoint URL to call for authentication using the
-    #   `IdentityProviderDetails` parameter.
+    #   an Amazon API Gateway endpoint URL to call for authentication by
+    #   using the `IdentityProviderDetails` parameter.
     #
-    #   Use the `AWS_LAMBDA` value to directly use a Lambda function as your
-    #   identity provider. If you choose this value, you must specify the
-    #   ARN for the lambda function in the `Function` parameter for the
+    #   Use the `AWS_LAMBDA` value to directly use an Lambda function as
+    #   your identity provider. If you choose this value, you must specify
+    #   the ARN for the Lambda function in the `Function` parameter or the
     #   `IdentityProviderDetails` data type.
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
-    #   Identity and Access Management (IAM) role that allows a server to
-    #   turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
-    #   events. When set, user activity can be viewed in your CloudWatch
-    #   logs.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that allows a server to turn on Amazon CloudWatch logging
+    #   for Amazon S3 or Amazon EFSevents. When set, you can view user
+    #   activity in your CloudWatch logs.
     #   @return [String]
     #
     # @!attribute [rw] post_authentication_login_banner
-    #   Specify a string to display when users connect to a server. This
+    #   Specifies a string to display when users connect to a server. This
     #   string is displayed after the user authenticates.
     #
     #   <note markdown="1"> The SFTP protocol does not support post-authentication display
@@ -1705,9 +2564,9 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] pre_authentication_login_banner
-    #   Specify a string to display when users connect to a server. This
+    #   Specifies a string to display when users connect to a server. This
     #   string is displayed before the user authenticates. For example, the
-    #   following banner displays details about using the system.
+    #   following banner displays details about using the system:
     #
     #   `This system is for the use of authorized users only. Individuals
     #   using this computer system without authority, or in excess of their
@@ -1727,6 +2586,29 @@ module Aws::Transfer
     #     encryption
     #
     #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
+    #
+    #   * `AS2` (Applicability Statement 2): used for transporting
+    #     structured business-to-business data
+    #
+    #   <note markdown="1"> * If you select `FTPS`, you must choose a certificate stored in
+    #     Certificate Manager (ACM) which is used to identify your server
+    #     when clients connect to it over FTPS.
+    #
+    #   * If `Protocol` includes either `FTP` or `FTPS`, then the
+    #     `EndpointType` must be `VPC` and the `IdentityProviderType` must
+    #     be `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
+    #
+    #   * If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot
+    #     be associated.
+    #
+    #   * If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
+    #     to `PUBLIC` and the `IdentityProviderType` can be set to
+    #     `SERVICE_MANAGED`.
+    #
+    #   * If `Protocol` includes `AS2`, then the `EndpointType` must be
+    #     `VPC`, and domain must be Amazon S3.
+    #
+    #    </note>
     #   @return [Array<String>]
     #
     # @!attribute [rw] security_policy_name
@@ -1740,10 +2622,10 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] state
-    #   Specifies the condition of a server for the server that was
-    #   described. A value of `ONLINE` indicates that the server can accept
-    #   jobs and transfer files. A `State` value of `OFFLINE` means that the
-    #   server cannot perform file transfer operations.
+    #   The condition of the server that was described. A value of `ONLINE`
+    #   indicates that the server can accept jobs and transfer files. A
+    #   `State` value of `OFFLINE` means that the server cannot perform file
+    #   transfer operations.
     #
     #   The states of `STARTING` and `STOPPING` indicate that the server is
     #   in an intermediate state, either not fully able to respond, or not
@@ -1763,7 +2645,7 @@ module Aws::Transfer
     #
     # @!attribute [rw] workflow_details
     #   Specifies the workflow ID for the workflow to assign and the
-    #   execution role used for executing the workflow.
+    #   execution role that's used for executing the workflow.
     #   @return [Types::WorkflowDetails]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedServer AWS API Documentation
@@ -1812,10 +2694,10 @@ module Aws::Transfer
     #   make them visible. You must specify the `Entry` and `Target` pair,
     #   where `Entry` shows how the path is made visible and `Target` is the
     #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
-    #   it is displayed as is. You also must ensure that your Amazon Web
-    #   Services Identity and Access Management (IAM) role provides access
-    #   to paths in `Target`. This value can only be set when
-    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #   it is displayed as is. You also must ensure that your Identity and
+    #   Access Management (IAM) role provides access to paths in `Target`.
+    #   This value can be set only when `HomeDirectoryType` is set to
+    #   *LOGICAL*.
     #
     #   In most cases, you can use this value instead of the session policy
     #   to lock your user down to the designated home directory
@@ -1824,21 +2706,22 @@ module Aws::Transfer
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you want your users' home
-    #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
-    #   as is in their file transfer protocol clients. If you set it
+    #   The type of landing directory (folder) that you want your users'
+    #   home directory to be when they log in to the server. If you set it
+    #   to `PATH`, the user will see the absolute Amazon S3 bucket or EFS
+    #   paths as is in their file transfer protocol clients. If you set it
     #   `LOGICAL`, you need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
-    #   paths visible to your users.
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or Amazon
+    #   EFS paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] policy
-    #   A session policy for your user so that you can use the same IAM role
-    #   across multiple users. This policy scopes down user access to
-    #   portions of their Amazon S3 bucket. Variables that you can use
-    #   inside this policy include `$\{Transfer:UserName\}`,
-    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
+    #   A session policy for your user so that you can use the same Identity
+    #   and Access Management (IAM) role across multiple users. This policy
+    #   scopes down a user's access to portions of their Amazon S3 bucket.
+    #   Variables that you can use inside this policy include
+    #   `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
+    #   `$\{Transfer:HomeBucket\}`.
     #   @return [String]
     #
     # @!attribute [rw] posix_profile
@@ -1852,14 +2735,14 @@ module Aws::Transfer
     #   @return [Types::PosixProfile]
     #
     # @!attribute [rw] role
-    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
-    #   controls your users' access to your Amazon S3 bucket or EFS file
-    #   system. The policies attached to this role determine the level of
-    #   access that you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
-    #   role should also contain a trust relationship that allows the server
-    #   to access your resources when servicing your users' transfer
-    #   requests.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that controls your users' access to your Amazon S3
+    #   bucket or Amazon EFS file system. The policies attached to this role
+    #   determine the level of access that you want to provide your users
+    #   when transferring files into and out of your Amazon S3 bucket or
+    #   Amazon EFS file system. The IAM role should also contain a trust
+    #   relationship that allows the server to access your resources when
+    #   servicing your users' transfer requests.
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_keys
@@ -2144,13 +3027,13 @@ module Aws::Transfer
     # @!attribute [rw] step_type
     #   One of the available step types.
     #
-    #   * *COPY*\: copy the file to another location
+    #   * *COPY*\: Copy the file to another location.
     #
-    #   * *CUSTOM*\: custom step with a lambda target
+    #   * *CUSTOM*\: Perform a custom step with an Lambda function target.
     #
-    #   * *DELETE*\: delete the file
+    #   * *DELETE*\: Delete the file.
     #
-    #   * *TAG*\: add a tag to the file
+    #   * *TAG*\: Add a tag to the file.
     #   @return [String]
     #
     # @!attribute [rw] outputs
@@ -2160,7 +3043,7 @@ module Aws::Transfer
     #
     # @!attribute [rw] error
     #   Specifies the details for an error, if it occurred during execution
-    #   of the specified workfow step.
+    #   of the specified workflow step.
     #   @return [Types::ExecutionError]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ExecutionStepResult AWS API Documentation
@@ -2177,7 +3060,7 @@ module Aws::Transfer
     #
     # @!attribute [rw] s3_file_location
     #   Specifies the S3 details for the file being used, such as bucket,
-    #   Etag, and so forth.
+    #   ETag, and so forth.
     #   @return [Types::S3FileLocation]
     #
     # @!attribute [rw] efs_file_location
@@ -2250,8 +3133,8 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] directory_id
-    #   The identifier of the Amazon Web Services Directory Service
-    #   directory that you want to stop sharing.
+    #   The identifier of the Directory Service directory that you want to
+    #   stop sharing.
     #   @return [String]
     #
     # @!attribute [rw] function
@@ -2269,6 +3152,90 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ImportCertificateRequest
+    #   data as a hash:
+    #
+    #       {
+    #         usage: "SIGNING", # required, accepts SIGNING, ENCRYPTION
+    #         certificate: "CertificateBodyType", # required
+    #         certificate_chain: "CertificateChainType",
+    #         private_key: "PrivateKeyType",
+    #         active_date: Time.now,
+    #         inactive_date: Time.now,
+    #         description: "Description",
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] usage
+    #   Specifies whether this certificate is used for signing or
+    #   encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate
+    #   The file that contains the certificate to import.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_chain
+    #   An optional list of certificates that make up the chain for the
+    #   certificate that's being imported.
+    #   @return [String]
+    #
+    # @!attribute [rw] private_key
+    #   The file that contains the private key for the certificate that's
+    #   being imported.
+    #   @return [String]
+    #
+    # @!attribute [rw] active_date
+    #   An optional date that specifies when the certificate becomes active.
+    #   @return [Time]
+    #
+    # @!attribute [rw] inactive_date
+    #   An optional date that specifies when the certificate becomes
+    #   inactive.
+    #   @return [Time]
+    #
+    # @!attribute [rw] description
+    #   A short description that helps identify the certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   Key-value pairs that can be used to group and search for
+    #   certificates.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ImportCertificateRequest AWS API Documentation
+    #
+    class ImportCertificateRequest < Struct.new(
+      :usage,
+      :certificate,
+      :certificate_chain,
+      :private_key,
+      :active_date,
+      :inactive_date,
+      :description,
+      :tags)
+      SENSITIVE = [:certificate, :certificate_chain, :private_key]
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] certificate_id
+    #   An array of identifiers for the imported certificates. You use this
+    #   identifier for working with profiles and partner profiles.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ImportCertificateResponse AWS API Documentation
+    #
+    class ImportCertificateResponse < Struct.new(
+      :certificate_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ImportSshPublicKeyRequest
     #   data as a hash:
     #
@@ -2284,6 +3251,8 @@ module Aws::Transfer
     #
     # @!attribute [rw] ssh_public_key_body
     #   The public key portion of an SSH key pair.
+    #
+    #   Transfer Family accepts RSA, ECDSA, and ED25519 keys.
     #   @return [String]
     #
     # @!attribute [rw] user_name
@@ -2463,6 +3432,154 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListAgreementsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #         server_id: "ServerId", # required
+    #       }
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of agreements to return.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   When you can get additional results from the `ListAgreements` call,
+    #   a `NextToken` parameter is returned in the output. You can then pass
+    #   in a subsequent command to the `NextToken` parameter to continue
+    #   listing additional agreements.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   The identifier of the server for which you want a list of
+    #   agreements.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAgreementsRequest AWS API Documentation
+    #
+    class ListAgreementsRequest < Struct.new(
+      :max_results,
+      :next_token,
+      :server_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   Returns a token that you can use to call `ListAgreements` again and
+    #   receive additional results, if there are any.
+    #   @return [String]
+    #
+    # @!attribute [rw] agreements
+    #   Returns an array, where each item contains the details of an
+    #   agreement.
+    #   @return [Array<Types::ListedAgreement>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListAgreementsResponse AWS API Documentation
+    #
+    class ListAgreementsResponse < Struct.new(
+      :next_token,
+      :agreements)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListCertificatesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #       }
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of certificates to return.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   When you can get additional results from the `ListCertificates`
+    #   call, a `NextToken` parameter is returned in the output. You can
+    #   then pass in a subsequent command to the `NextToken` parameter to
+    #   continue listing additional certificates.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListCertificatesRequest AWS API Documentation
+    #
+    class ListCertificatesRequest < Struct.new(
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   Returns the next token, which you can use to list the next
+    #   certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificates
+    #   Returns an array of the certificates that are specified in the
+    #   `ListCertificates` call.
+    #   @return [Array<Types::ListedCertificate>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListCertificatesResponse AWS API Documentation
+    #
+    class ListCertificatesResponse < Struct.new(
+      :next_token,
+      :certificates)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListConnectorsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #       }
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of connectors to return.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   When you can get additional results from the `ListConnectors` call,
+    #   a `NextToken` parameter is returned in the output. You can then pass
+    #   in a subsequent command to the `NextToken` parameter to continue
+    #   listing additional connectors.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListConnectorsRequest AWS API Documentation
+    #
+    class ListConnectorsRequest < Struct.new(
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   Returns a token that you can use to call `ListConnectors` again and
+    #   receive additional results, if there are any.
+    #   @return [String]
+    #
+    # @!attribute [rw] connectors
+    #   Returns an array, where each item contains the details of a
+    #   connector.
+    #   @return [Array<Types::ListedConnector>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListConnectorsResponse AWS API Documentation
+    #
+    class ListConnectorsResponse < Struct.new(
+      :next_token,
+      :connectors)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListExecutionsRequest
     #   data as a hash:
     #
@@ -2473,7 +3590,7 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] max_results
-    #   Specifies the aximum number of executions to return.
+    #   Specifies the maximum number of executions to return.
     #   @return [Integer]
     #
     # @!attribute [rw] next_token
@@ -2483,13 +3600,13 @@ module Aws::Transfer
     #
     #   This is useful for pagination, for instance. If you have 100
     #   executions for a workflow, you might only want to list first 10. If
-    #   so, callthe API by specifing the `max-results`\:
+    #   so, call the API by specifying the `max-results`\:
     #
     #   `aws transfer list-executions --max-results 10`
     #
     #   This returns details for the first 10 executions, as well as the
     #   pointer (`NextToken`) to the eleventh execution. You can now call
-    #   the API again, suppling the `NextToken` value you received:
+    #   the API again, supplying the `NextToken` value you received:
     #
     #   `aws transfer list-executions --max-results 10 --next-token
     #   $somePointerReturnedFromPreviousListResult`
@@ -2549,6 +3666,59 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListProfilesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #         profile_type: "LOCAL", # accepts LOCAL, PARTNER
+    #       }
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of profiles to return.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   When there are additional results that were not returned, a
+    #   `NextToken` parameter is returned. You can use that value for a
+    #   subsequent call to `ListProfiles` to continue listing results.
+    #   @return [String]
+    #
+    # @!attribute [rw] profile_type
+    #   Indicates whether to list only `LOCAL` type profiles or only
+    #   `PARTNER` type profiles. If not supplied in the request, the command
+    #   lists all types of profiles.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListProfilesRequest AWS API Documentation
+    #
+    class ListProfilesRequest < Struct.new(
+      :max_results,
+      :next_token,
+      :profile_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   Returns a token that you can use to call `ListProfiles` again and
+    #   receive additional results, if there are any.
+    #   @return [String]
+    #
+    # @!attribute [rw] profiles
+    #   Returns an array, where each item contains the details of a profile.
+    #   @return [Array<Types::ListedProfile>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListProfilesResponse AWS API Documentation
+    #
+    class ListProfilesResponse < Struct.new(
+      :next_token,
+      :profiles)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListSecurityPoliciesRequest
     #   data as a hash:
     #
@@ -2831,33 +4001,33 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you want your users' home
-    #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
-    #   as is in their file transfer protocol clients. If you set it
+    #   The type of landing directory (folder) that you want your users'
+    #   home directory to be when they log in to the server. If you set it
+    #   to `PATH`, the user will see the absolute Amazon S3 bucket or EFS
+    #   paths as is in their file transfer protocol clients. If you set it
     #   `LOGICAL`, you need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
-    #   paths visible to your users.
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or Amazon
+    #   EFS paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] role
-    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
-    #   controls your users' access to your Amazon S3 bucket or EFS file
-    #   system. The policies attached to this role determine the level of
-    #   access that you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
-    #   role should also contain a trust relationship that allows the server
-    #   to access your resources when servicing your users' transfer
-    #   requests.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that controls your users' access to your Amazon S3
+    #   bucket or Amazon EFS file system. The policies attached to this role
+    #   determine the level of access that you want to provide your users
+    #   when transferring files into and out of your Amazon S3 bucket or
+    #   Amazon EFS file system. The IAM role should also contain a trust
+    #   relationship that allows the server to access your resources when
+    #   servicing your users' transfer requests.
     #   @return [String]
     #
     # @!attribute [rw] external_id
     #   A unique identifier that is required to identify specific groups
     #   within your directory. The users of the group that you associate
     #   have access to your Amazon S3 or Amazon EFS resources over the
-    #   enabled protocols using Amazon Web Services Transfer Family. If you
-    #   know the group name, you can view the SID values by running the
-    #   following command using Windows PowerShell.
+    #   enabled protocols using Transfer Family. If you know the group name,
+    #   you can view the SID values by running the following command using
+    #   Windows PowerShell.
     #
     #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
     #   -Properties * | Select SamAccountName,ObjectSid`
@@ -2865,10 +4035,10 @@ module Aws::Transfer
     #   In that command, replace *YourGroupName* with the name of your
     #   Active Directory group.
     #
-    #   The regex used to validate this parameter is a string of characters
-    #   consisting of uppercase and lowercase alphanumeric characters with
-    #   no spaces. You can also include underscores or any of the following
-    #   characters: =,.@:/-
+    #   The regular expression used to validate this parameter is a string
+    #   of characters consisting of uppercase and lowercase alphanumeric
+    #   characters with no spaces. You can also include underscores or any
+    #   of the following characters: =,.@:/-
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedAccess AWS API Documentation
@@ -2882,6 +4052,134 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # Describes the properties of an agreement.
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the specified agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] agreement_id
+    #   A unique identifier for the agreement. This identifier is returned
+    #   when you create an agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The current description for the agreement. You can change it by
+    #   calling the `UpdateAgreement` operation and providing a new
+    #   description.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The agreement can be either `ACTIVE` or `INACTIVE`.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   The unique identifier for the agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] local_profile_id
+    #   A unique identifier for the AS2 local profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] partner_profile_id
+    #   A unique identifier for the partner profile.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedAgreement AWS API Documentation
+    #
+    class ListedAgreement < Struct.new(
+      :arn,
+      :agreement_id,
+      :description,
+      :status,
+      :server_id,
+      :local_profile_id,
+      :partner_profile_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes the properties of a certificate.
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the specified certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_id
+    #   An array of identifiers for the imported certificates. You use this
+    #   identifier for working with profiles and partner profiles.
+    #   @return [String]
+    #
+    # @!attribute [rw] usage
+    #   Specifies whether this certificate is used for signing or
+    #   encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The certificate can be either `ACTIVE`, `PENDING_ROTATION`, or
+    #   `INACTIVE`. `PENDING_ROTATION` means that this certificate will
+    #   replace the current certificate when it expires.
+    #   @return [String]
+    #
+    # @!attribute [rw] active_date
+    #   An optional date that specifies when the certificate becomes active.
+    #   @return [Time]
+    #
+    # @!attribute [rw] inactive_date
+    #   An optional date that specifies when the certificate becomes
+    #   inactive.
+    #   @return [Time]
+    #
+    # @!attribute [rw] type
+    #   The type for the certificate. If a private key has been specified
+    #   for the certificate, its type is `CERTIFICATE_WITH_PRIVATE_KEY`. If
+    #   there is no private key, the type is `CERTIFICATE`.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The name or short description that's used to identify the
+    #   certificate.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedCertificate AWS API Documentation
+    #
+    class ListedCertificate < Struct.new(
+      :arn,
+      :certificate_id,
+      :usage,
+      :status,
+      :active_date,
+      :inactive_date,
+      :type,
+      :description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Returns details of the connector that is specified.
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the specified connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] connector_id
+    #   The unique identifier for the connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] url
+    #   The URL of the partner's AS2 endpoint.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedConnector AWS API Documentation
+    #
+    class ListedConnector < Struct.new(
+      :arn,
+      :connector_id,
+      :url)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Returns properties of the execution that is specified.
     #
     # @!attribute [rw] execution_id
@@ -2896,8 +4194,8 @@ module Aws::Transfer
     #   @return [Types::FileLocation]
     #
     # @!attribute [rw] service_metadata
-    #   A container object for the session details associated with a
-    #   workflow.
+    #   A container object for the session details that are associated with
+    #   a workflow.
     #   @return [Types::ServiceMetadata]
     #
     # @!attribute [rw] status
@@ -2916,6 +4214,45 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # Returns the properties of the profile that was specified.
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the specified profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] profile_id
+    #   A unique identifier for the local or partner AS2 profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] as_2_id
+    #   The `As2Id` is the *AS2-name*, as defined in the [RFC 4130][1]. For
+    #   inbound transfers, this is the `AS2-From` header for the AS2
+    #   messages sent from the partner. For outbound connectors, this is the
+    #   `AS2-To` header for the AS2 messages sent to the partner using the
+    #   `StartFileTransfer` API operation. This ID cannot include spaces.
+    #
+    #
+    #
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc4130
+    #   @return [String]
+    #
+    # @!attribute [rw] profile_type
+    #   Indicates whether to list only `LOCAL` type profiles or only
+    #   `PARTNER` type profiles. If not supplied in the request, the command
+    #   lists all types of profiles.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedProfile AWS API Documentation
+    #
+    class ListedProfile < Struct.new(
+      :arn,
+      :profile_id,
+      :as_2_id,
+      :profile_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Returns properties of a file transfer protocol-enabled server that was
     # specified.
     #
@@ -2930,25 +4267,25 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_type
-    #   Specifies the mode of authentication for a server. The default value
-    #   is `SERVICE_MANAGED`, which allows you to store and access user
-    #   credentials within the Amazon Web Services Transfer Family service.
+    #   The mode of authentication for a server. The default value is
+    #   `SERVICE_MANAGED`, which allows you to store and access user
+    #   credentials within the Transfer Family service.
     #
     #   Use `AWS_DIRECTORY_SERVICE` to provide access to Active Directory
-    #   groups in Amazon Web Services Managed Active Directory or Microsoft
-    #   Active Directory in your on-premises environment or in Amazon Web
-    #   Services using AD Connectors. This option also requires you to
-    #   provide a Directory ID using the `IdentityProviderDetails`
+    #   groups in Directory Service for Microsoft Active Directory or
+    #   Microsoft Active Directory in your on-premises environment or in
+    #   Amazon Web Services using AD Connector. This option also requires
+    #   you to provide a Directory ID by using the `IdentityProviderDetails`
     #   parameter.
     #
     #   Use the `API_GATEWAY` value to integrate with an identity provider
     #   of your choosing. The `API_GATEWAY` setting requires you to provide
-    #   an API Gateway endpoint URL to call for authentication using the
-    #   `IdentityProviderDetails` parameter.
+    #   an Amazon API Gateway endpoint URL to call for authentication by
+    #   using the `IdentityProviderDetails` parameter.
     #
-    #   Use the `AWS_LAMBDA` value to directly use a Lambda function as your
-    #   identity provider. If you choose this value, you must specify the
-    #   ARN for the lambda function in the `Function` parameter for the
+    #   Use the `AWS_LAMBDA` value to directly use an Lambda function as
+    #   your identity provider. If you choose this value, you must specify
+    #   the ARN for the Lambda function in the `Function` parameter or the
     #   `IdentityProviderDetails` data type.
     #   @return [String]
     #
@@ -2959,11 +4296,10 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
-    #   Identity and Access Management (IAM) role that allows a server to
-    #   turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
-    #   events. When set, user activity can be viewed in your CloudWatch
-    #   logs.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that allows a server to turn on Amazon CloudWatch logging
+    #   for Amazon S3 or Amazon EFSevents. When set, you can view user
+    #   activity in your CloudWatch logs.
     #   @return [String]
     #
     # @!attribute [rw] server_id
@@ -2972,10 +4308,10 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] state
-    #   Specifies the condition of a server for the server that was
-    #   described. A value of `ONLINE` indicates that the server can accept
-    #   jobs and transfer files. A `State` value of `OFFLINE` means that the
-    #   server cannot perform file transfer operations.
+    #   The condition of the server that was described. A value of `ONLINE`
+    #   indicates that the server can accept jobs and transfer files. A
+    #   `State` value of `OFFLINE` means that the server cannot perform file
+    #   transfer operations.
     #
     #   The states of `STARTING` and `STOPPING` indicate that the server is
     #   in an intermediate state, either not fully able to respond, or not
@@ -3018,24 +4354,24 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you want your users' home
-    #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
-    #   as is in their file transfer protocol clients. If you set it
+    #   The type of landing directory (folder) that you want your users'
+    #   home directory to be when they log in to the server. If you set it
+    #   to `PATH`, the user will see the absolute Amazon S3 bucket or EFS
+    #   paths as is in their file transfer protocol clients. If you set it
     #   `LOGICAL`, you need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
-    #   paths visible to your users.
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or Amazon
+    #   EFS paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] role
-    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
-    #   controls your users' access to your Amazon S3 bucket or EFS file
-    #   system. The policies attached to this role determine the level of
-    #   access that you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
-    #   role should also contain a trust relationship that allows the server
-    #   to access your resources when servicing your users' transfer
-    #   requests.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that controls your users' access to your Amazon S3
+    #   bucket or Amazon EFS file system. The policies attached to this role
+    #   determine the level of access that you want to provide your users
+    #   when transferring files into and out of your Amazon S3 bucket or
+    #   Amazon EFS file system. The IAM role should also contain a trust
+    #   relationship that allows the server to access your resources when
+    #   servicing your users' transfer requests.
     #
     #   <note markdown="1"> The IAM role that controls your users' access to your Amazon S3
     #   bucket for servers with `Domain=S3`, or your EFS file system for
@@ -3099,16 +4435,15 @@ module Aws::Transfer
     # Consists of the logging role and the log group name.
     #
     # @!attribute [rw] logging_role
-    #   Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
-    #   Identity and Access Management (IAM) role that allows a server to
-    #   turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
-    #   events. When set, user activity can be viewed in your CloudWatch
-    #   logs.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that allows a server to turn on Amazon CloudWatch logging
+    #   for Amazon S3 or Amazon EFSevents. When set, you can view user
+    #   activity in your CloudWatch logs.
     #   @return [String]
     #
     # @!attribute [rw] log_group_name
-    #   The name of the CloudWatch logging group for the Amazon Web Services
-    #   Transfer server to which this workflow belongs.
+    #   The name of the CloudWatch logging group for the Transfer Family
+    #   server to which this workflow belongs.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/LoggingConfiguration AWS API Documentation
@@ -3168,12 +4503,13 @@ module Aws::Transfer
     #         passive_ip: "PassiveIp",
     #         tls_session_resumption_mode: "DISABLED", # accepts DISABLED, ENABLED, ENFORCED
     #         set_stat_option: "DEFAULT", # accepts DEFAULT, ENABLE_NO_OP
+    #         as_2_transports: ["HTTP"], # accepts HTTP
     #       }
     #
     # @!attribute [rw] passive_ip
     #   Indicates passive mode, for FTP and FTPS protocols. Enter a single
-    #   dotted-quad IPv4 address, such as the external IP address of a
-    #   firewall, router, or load balancer. For example:
+    #   IPv4 address, such as the public IP address of a firewall, router,
+    #   or load balancer. For example:
     #
     #   ` aws transfer update-server --protocol-details PassiveIp=0.0.0.0 `
     #
@@ -3181,10 +4517,10 @@ module Aws::Transfer
     #   you want to use.
     #
     #   <note markdown="1"> If you change the `PassiveIp` value, you must stop and then restart
-    #   your Transfer server for the change to take effect. For details on
-    #   using Passive IP (PASV) in a NAT environment, see [Configuring your
-    #   FTPS server behind a firewall or NAT with Amazon Web Services
-    #   Transfer Family][1].
+    #   your Transfer Family server for the change to take effect. For
+    #   details on using passive mode (PASV) in a NAT environment, see
+    #   [Configuring your FTPS server behind a firewall or NAT with Transfer
+    #   Family][1].
     #
     #    </note>
     #
@@ -3194,14 +4530,15 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] tls_session_resumption_mode
-    #   A property used with Transfer servers that use the FTPS protocol.
-    #   TLS Session Resumption provides a mechanism to resume or share a
-    #   negotiated secret key between the control and data connection for an
-    #   FTPS session. `TlsSessionResumptionMode` determines whether or not
-    #   the server resumes recent, negotiated sessions through a unique
-    #   session ID. This property is available during `CreateServer` and
-    #   `UpdateServer` calls. If a `TlsSessionResumptionMode` value is not
-    #   specified during CreateServer, it is set to `ENFORCED` by default.
+    #   A property used with Transfer Family servers that use the FTPS
+    #   protocol. TLS Session Resumption provides a mechanism to resume or
+    #   share a negotiated secret key between the control and data
+    #   connection for an FTPS session. `TlsSessionResumptionMode`
+    #   determines whether or not the server resumes recent, negotiated
+    #   sessions through a unique session ID. This property is available
+    #   during `CreateServer` and `UpdateServer` calls. If a
+    #   `TlsSessionResumptionMode` value is not specified during
+    #   `CreateServer`, it is set to `ENFORCED` by default.
     #
     #   * `DISABLED`\: the server does not process TLS session resumption
     #     client requests and creates a new TLS session for each request.
@@ -3228,37 +4565,43 @@ module Aws::Transfer
     #
     # @!attribute [rw] set_stat_option
     #   Use the `SetStatOption` to ignore the error that is generated when
-    #   the client attempts to use SETSTAT on a file you are uploading to an
-    #   S3 bucket.
+    #   the client attempts to use `SETSTAT` on a file you are uploading to
+    #   an S3 bucket.
     #
     #   Some SFTP file transfer clients can attempt to change the attributes
     #   of remote files, including timestamp and permissions, using
-    #   commands, such as SETSTAT when uploading the file. However, these
+    #   commands, such as `SETSTAT` when uploading the file. However, these
     #   commands are not compatible with object storage systems, such as
     #   Amazon S3. Due to this incompatibility, file uploads from these
     #   clients can result in errors even when the file is otherwise
     #   successfully uploaded.
     #
     #   Set the value to `ENABLE_NO_OP` to have the Transfer Family server
-    #   ignore the SETSTAT command, and upload files without needing to make
-    #   any changes to your SFTP client. While the `SetStatOption`
+    #   ignore the `SETSTAT` command, and upload files without needing to
+    #   make any changes to your SFTP client. While the `SetStatOption`
     #   `ENABLE_NO_OP` setting ignores the error, it does generate a log
-    #   entry in CloudWatch Logs, so you can determine when the client is
-    #   making a SETSTAT call.
+    #   entry in Amazon CloudWatch Logs, so you can determine when the
+    #   client is making a `SETSTAT` call.
     #
     #   <note markdown="1"> If you want to preserve the original timestamp for your file, and
-    #   modify other file attributes using SETSTAT, you can use Amazon EFS
+    #   modify other file attributes using `SETSTAT`, you can use Amazon EFS
     #   as backend storage with Transfer Family.
     #
     #    </note>
     #   @return [String]
     #
+    # @!attribute [rw] as_2_transports
+    #   Indicates the transport method for the AS2 messages. Currently, only
+    #   HTTP is supported.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ProtocolDetails AWS API Documentation
     #
     class ProtocolDetails < Struct.new(
       :passive_ip,
       :tls_session_resumption_mode,
-      :set_stat_option)
+      :set_stat_option,
+      :as_2_transports)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3306,16 +4649,16 @@ module Aws::Transfer
       include Aws::Structure
     end
 
-    # Specifies the details for the file location for the file being used in
-    # the workflow. Only applicable if you are using S3 storage.
+    # Specifies the details for the file location for the file that's being
+    # used in the workflow. Only applicable if you are using S3 storage.
     #
     # @!attribute [rw] bucket
     #   Specifies the S3 bucket that contains the file being used.
     #   @return [String]
     #
     # @!attribute [rw] key
-    #   The name assigned to the file when it was created in S3. You use the
-    #   object key to retrieve the object.
+    #   The name assigned to the file when it was created in Amazon S3. You
+    #   use the object key to retrieve the object.
     #   @return [String]
     #
     # @!attribute [rw] version_id
@@ -3369,8 +4712,8 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] key
-    #   The name assigned to the file when it was created in S3. You use the
-    #   object key to retrieve the object.
+    #   The name assigned to the file when it was created in Amazon S3. You
+    #   use the object key to retrieve the object.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/S3InputFileLocation AWS API Documentation
@@ -3452,7 +4795,8 @@ module Aws::Transfer
     #
     class SendWorkflowStepStateResponse < Aws::EmptyStructure; end
 
-    # A container object for the session details associated with a workflow.
+    # A container object for the session details that are associated with a
+    # workflow.
     #
     # @!attribute [rw] user_details
     #   The Server ID (`ServerId`), Session ID (`SessionId`) and user
@@ -3496,6 +4840,8 @@ module Aws::Transfer
     # @!attribute [rw] ssh_public_key_body
     #   Specifies the content of the SSH public key as specified by the
     #   `PublicKeyId`.
+    #
+    #   Transfer Family accepts RSA, ECDSA, and ED25519 keys.
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_key_id
@@ -3513,6 +4859,45 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass StartFileTransferRequest
+    #   data as a hash:
+    #
+    #       {
+    #         connector_id: "ConnectorId", # required
+    #         send_file_paths: ["FilePath"], # required
+    #       }
+    #
+    # @!attribute [rw] connector_id
+    #   The unique identifier for the connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] send_file_paths
+    #   An array of strings. Each string represents the absolute path for
+    #   one outbound file transfer. For example, `
+    #   DOC-EXAMPLE-BUCKET/myfile.txt `.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/StartFileTransferRequest AWS API Documentation
+    #
+    class StartFileTransferRequest < Struct.new(
+      :connector_id,
+      :send_file_paths)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transfer_id
+    #   Returns the unique identifier for this file transfer.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/StartFileTransferResponse AWS API Documentation
+    #
+    class StartFileTransferResponse < Struct.new(
+      :transfer_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass StartServerRequest
     #   data as a hash:
     #
@@ -3672,7 +5057,7 @@ module Aws::Transfer
     #
     #       {
     #         server_id: "ServerId", # required
-    #         server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
+    #         server_protocol: "SFTP", # accepts SFTP, FTP, FTPS, AS2
     #         source_ip: "SourceIp",
     #         user_name: "UserName", # required
     #         user_password: "UserPassword",
@@ -3753,8 +5138,6 @@ module Aws::Transfer
 
     # The request was denied due to request throttling.
     #
-    # HTTP Status Code: 400
-    #
     # @!attribute [rw] retry_after_seconds
     #   @return [String]
     #
@@ -3826,13 +5209,13 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you want your users' home
-    #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
-    #   as is in their file transfer protocol clients. If you set it
+    #   The type of landing directory (folder) that you want your users'
+    #   home directory to be when they log in to the server. If you set it
+    #   to `PATH`, the user will see the absolute Amazon S3 bucket or EFS
+    #   paths as is in their file transfer protocol clients. If you set it
     #   `LOGICAL`, you need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
-    #   paths visible to your users.
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or Amazon
+    #   EFS paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_mappings
@@ -3841,10 +5224,10 @@ module Aws::Transfer
     #   make them visible. You must specify the `Entry` and `Target` pair,
     #   where `Entry` shows how the path is made visible and `Target` is the
     #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
-    #   it is displayed as is. You also must ensure that your Amazon Web
-    #   Services Identity and Access Management (IAM) role provides access
-    #   to paths in `Target`. This value can only be set when
-    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #   it is displayed as is. You also must ensure that your Identity and
+    #   Access Management (IAM) role provides access to paths in `Target`.
+    #   This value can be set only when `HomeDirectoryType` is set to
+    #   *LOGICAL*.
     #
     #   The following is an `Entry` and `Target` pair example.
     #
@@ -3862,19 +5245,19 @@ module Aws::Transfer
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] policy
-    #   A session policy for your user so that you can use the same IAM role
-    #   across multiple users. This policy scopes down user access to
-    #   portions of their Amazon S3 bucket. Variables that you can use
-    #   inside this policy include `$\{Transfer:UserName\}`,
-    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
+    #   A session policy for your user so that you can use the same Identity
+    #   and Access Management (IAM) role across multiple users. This policy
+    #   scopes down a user's access to portions of their Amazon S3 bucket.
+    #   Variables that you can use inside this policy include
+    #   `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
+    #   `$\{Transfer:HomeBucket\}`.
     #
-    #   <note markdown="1"> This only applies when the domain of `ServerId` is S3. EFS does not
-    #   use session policies.
+    #   <note markdown="1"> This policy applies only when the domain of `ServerId` is Amazon S3.
+    #   Amazon EFS does not use session policies.
     #
-    #    For session policies, Amazon Web Services Transfer Family stores the
-    #   policy as a JSON blob, instead of the Amazon Resource Name (ARN) of
-    #   the policy. You save the policy as a JSON blob and pass it in the
-    #   `Policy` argument.
+    #    For session policies, Transfer Family stores the policy as a JSON
+    #   blob, instead of the Amazon Resource Name (ARN) of the policy. You
+    #   save the policy as a JSON blob and pass it in the `Policy` argument.
     #
     #    For an example of a session policy, see [Example session policy][1].
     #
@@ -3899,14 +5282,14 @@ module Aws::Transfer
     #   @return [Types::PosixProfile]
     #
     # @!attribute [rw] role
-    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
-    #   controls your users' access to your Amazon S3 bucket or EFS file
-    #   system. The policies attached to this role determine the level of
-    #   access that you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
-    #   role should also contain a trust relationship that allows the server
-    #   to access your resources when servicing your users' transfer
-    #   requests.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that controls your users' access to your Amazon S3
+    #   bucket or Amazon EFS file system. The policies attached to this role
+    #   determine the level of access that you want to provide your users
+    #   when transferring files into and out of your Amazon S3 bucket or
+    #   Amazon EFS file system. The IAM role should also contain a trust
+    #   relationship that allows the server to access your resources when
+    #   servicing your users' transfer requests.
     #   @return [String]
     #
     # @!attribute [rw] server_id
@@ -3918,9 +5301,9 @@ module Aws::Transfer
     #   A unique identifier that is required to identify specific groups
     #   within your directory. The users of the group that you associate
     #   have access to your Amazon S3 or Amazon EFS resources over the
-    #   enabled protocols using Amazon Web Services Transfer Family. If you
-    #   know the group name, you can view the SID values by running the
-    #   following command using Windows PowerShell.
+    #   enabled protocols using Transfer Family. If you know the group name,
+    #   you can view the SID values by running the following command using
+    #   Windows PowerShell.
     #
     #   `Get-ADGroup -Filter \{samAccountName -like "YourGroupName*"\}
     #   -Properties * | Select SamAccountName,ObjectSid`
@@ -3928,10 +5311,10 @@ module Aws::Transfer
     #   In that command, replace *YourGroupName* with the name of your
     #   Active Directory group.
     #
-    #   The regex used to validate this parameter is a string of characters
-    #   consisting of uppercase and lowercase alphanumeric characters with
-    #   no spaces. You can also include underscores or any of the following
-    #   characters: =,.@:/-
+    #   The regular expression used to validate this parameter is a string
+    #   of characters consisting of uppercase and lowercase alphanumeric
+    #   characters with no spaces. You can also include underscores or any
+    #   of the following characters: =,.@:/-
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAccessRequest AWS API Documentation
@@ -3968,6 +5351,268 @@ module Aws::Transfer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass UpdateAgreementRequest
+    #   data as a hash:
+    #
+    #       {
+    #         agreement_id: "AgreementId", # required
+    #         server_id: "ServerId", # required
+    #         description: "Description",
+    #         status: "ACTIVE", # accepts ACTIVE, INACTIVE
+    #         local_profile_id: "ProfileId",
+    #         partner_profile_id: "ProfileId",
+    #         base_directory: "HomeDirectory",
+    #         access_role: "Role",
+    #       }
+    #
+    # @!attribute [rw] agreement_id
+    #   A unique identifier for the agreement. This identifier is returned
+    #   when you create an agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] server_id
+    #   A system-assigned unique identifier for a server instance. This is
+    #   the specific server that the agreement uses.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   To replace the existing description, provide a short description for
+    #   the agreement.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   You can update the status for the agreement, either activating an
+    #   inactive agreement or the reverse.
+    #   @return [String]
+    #
+    # @!attribute [rw] local_profile_id
+    #   A unique identifier for the AS2 local profile.
+    #
+    #   To change the local profile identifier, provide a new value here.
+    #   @return [String]
+    #
+    # @!attribute [rw] partner_profile_id
+    #   A unique identifier for the partner profile. To change the partner
+    #   profile identifier, provide a new value here.
+    #   @return [String]
+    #
+    # @!attribute [rw] base_directory
+    #   To change the landing directory (folder) for files that are
+    #   transferred, provide the bucket folder that you want to use; for
+    #   example, `/DOC-EXAMPLE-BUCKET/home/mydirectory `.
+    #   @return [String]
+    #
+    # @!attribute [rw] access_role
+    #   With AS2, you can send files by calling `StartFileTransfer` and
+    #   specifying the file paths in the request parameter, `SendFilePaths`.
+    #   We use the file’s parent directory (for example, for
+    #   `--send-file-paths /bucket/dir/file.txt`, parent directory is
+    #   `/bucket/dir/`) to temporarily store a processed AS2 message file,
+    #   store the MDN when we receive them from the partner, and write a
+    #   final JSON file containing relevant metadata of the transmission.
+    #   So, the `AccessRole` needs to provide read and write access to the
+    #   parent directory of the file location used in the
+    #   `StartFileTransfer` request. Additionally, you need to provide read
+    #   and write access to the parent directory of the files that you
+    #   intend to send with `StartFileTransfer`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAgreementRequest AWS API Documentation
+    #
+    class UpdateAgreementRequest < Struct.new(
+      :agreement_id,
+      :server_id,
+      :description,
+      :status,
+      :local_profile_id,
+      :partner_profile_id,
+      :base_directory,
+      :access_role)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] agreement_id
+    #   A unique identifier for the agreement. This identifier is returned
+    #   when you create an agreement.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateAgreementResponse AWS API Documentation
+    #
+    class UpdateAgreementResponse < Struct.new(
+      :agreement_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass UpdateCertificateRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_id: "CertificateId", # required
+    #         active_date: Time.now,
+    #         inactive_date: Time.now,
+    #         description: "Description",
+    #       }
+    #
+    # @!attribute [rw] certificate_id
+    #   The identifier of the certificate object that you are updating.
+    #   @return [String]
+    #
+    # @!attribute [rw] active_date
+    #   An optional date that specifies when the certificate becomes active.
+    #   @return [Time]
+    #
+    # @!attribute [rw] inactive_date
+    #   An optional date that specifies when the certificate becomes
+    #   inactive.
+    #   @return [Time]
+    #
+    # @!attribute [rw] description
+    #   A short description to help identify the certificate.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateCertificateRequest AWS API Documentation
+    #
+    class UpdateCertificateRequest < Struct.new(
+      :certificate_id,
+      :active_date,
+      :inactive_date,
+      :description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] certificate_id
+    #   Returns the identifier of the certificate object that you are
+    #   updating.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateCertificateResponse AWS API Documentation
+    #
+    class UpdateCertificateResponse < Struct.new(
+      :certificate_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass UpdateConnectorRequest
+    #   data as a hash:
+    #
+    #       {
+    #         connector_id: "ConnectorId", # required
+    #         url: "Url",
+    #         as_2_config: {
+    #           local_profile_id: "ProfileId",
+    #           partner_profile_id: "ProfileId",
+    #           message_subject: "MessageSubject",
+    #           compression: "ZLIB", # accepts ZLIB, DISABLED
+    #           encryption_algorithm: "AES128_CBC", # accepts AES128_CBC, AES192_CBC, AES256_CBC
+    #           signing_algorithm: "SHA256", # accepts SHA256, SHA384, SHA512, SHA1, NONE
+    #           mdn_signing_algorithm: "SHA256", # accepts SHA256, SHA384, SHA512, SHA1, NONE, DEFAULT
+    #           mdn_response: "SYNC", # accepts SYNC, NONE
+    #         },
+    #         access_role: "Role",
+    #         logging_role: "Role",
+    #       }
+    #
+    # @!attribute [rw] connector_id
+    #   The unique identifier for the connector.
+    #   @return [String]
+    #
+    # @!attribute [rw] url
+    #   The URL of the partner's AS2 endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] as_2_config
+    #   A structure that contains the parameters for a connector object.
+    #   @return [Types::As2ConnectorConfig]
+    #
+    # @!attribute [rw] access_role
+    #   With AS2, you can send files by calling `StartFileTransfer` and
+    #   specifying the file paths in the request parameter, `SendFilePaths`.
+    #   We use the file’s parent directory (for example, for
+    #   `--send-file-paths /bucket/dir/file.txt`, parent directory is
+    #   `/bucket/dir/`) to temporarily store a processed AS2 message file,
+    #   store the MDN when we receive them from the partner, and write a
+    #   final JSON file containing relevant metadata of the transmission.
+    #   So, the `AccessRole` needs to provide read and write access to the
+    #   parent directory of the file location used in the
+    #   `StartFileTransfer` request. Additionally, you need to provide read
+    #   and write access to the parent directory of the files that you
+    #   intend to send with `StartFileTransfer`.
+    #   @return [String]
+    #
+    # @!attribute [rw] logging_role
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that allows a connector to turn on CloudWatch logging for
+    #   Amazon S3 events. When set, you can view connector activity in your
+    #   CloudWatch logs.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateConnectorRequest AWS API Documentation
+    #
+    class UpdateConnectorRequest < Struct.new(
+      :connector_id,
+      :url,
+      :as_2_config,
+      :access_role,
+      :logging_role)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] connector_id
+    #   Returns the identifier of the connector object that you are
+    #   updating.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateConnectorResponse AWS API Documentation
+    #
+    class UpdateConnectorResponse < Struct.new(
+      :connector_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass UpdateProfileRequest
+    #   data as a hash:
+    #
+    #       {
+    #         profile_id: "ProfileId", # required
+    #         certificate_ids: ["CertificateId"],
+    #       }
+    #
+    # @!attribute [rw] profile_id
+    #   The identifier of the profile object that you are updating.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_ids
+    #   An array of identifiers for the imported certificates. You use this
+    #   identifier for working with profiles and partner profiles.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateProfileRequest AWS API Documentation
+    #
+    class UpdateProfileRequest < Struct.new(
+      :profile_id,
+      :certificate_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] profile_id
+    #   Returns the identifier for the profile that's being updated.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/UpdateProfileResponse AWS API Documentation
+    #
+    class UpdateProfileResponse < Struct.new(
+      :profile_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateServerRequest
     #   data as a hash:
     #
@@ -3977,6 +5622,7 @@ module Aws::Transfer
     #           passive_ip: "PassiveIp",
     #           tls_session_resumption_mode: "DISABLED", # accepts DISABLED, ENABLED, ENFORCED
     #           set_stat_option: "DEFAULT", # accepts DEFAULT, ENABLE_NO_OP
+    #           as_2_transports: ["HTTP"], # accepts HTTP
     #         },
     #         endpoint_details: {
     #           address_allocation_ids: ["AddressAllocationId"],
@@ -3996,7 +5642,7 @@ module Aws::Transfer
     #         logging_role: "NullableRole",
     #         post_authentication_login_banner: "PostAuthenticationLoginBanner",
     #         pre_authentication_login_banner: "PreAuthenticationLoginBanner",
-    #         protocols: ["SFTP"], # accepts SFTP, FTP, FTPS
+    #         protocols: ["SFTP"], # accepts SFTP, FTP, FTPS, AS2
     #         security_policy_name: "SecurityPolicyName",
     #         server_id: "ServerId", # required
     #         workflow_details: {
@@ -4054,32 +5700,36 @@ module Aws::Transfer
     # @!attribute [rw] protocol_details
     #   The protocol settings that are configured for your server.
     #
-    #   * Use the `PassiveIp` parameter to indicate passive mode (for FTP
-    #     and FTPS protocols). Enter a single dotted-quad IPv4 address, such
-    #     as the external IP address of a firewall, router, or load
+    #   * To indicate passive mode (for FTP and FTPS protocols), use the
+    #     `PassiveIp` parameter. Enter a single dotted-quad IPv4 address,
+    #     such as the external IP address of a firewall, router, or load
     #     balancer.
     #
-    #   * Use the `SetStatOption` to ignore the error that is generated when
-    #     the client attempts to use SETSTAT on a file you are uploading to
-    #     an S3 bucket. Set the value to `ENABLE_NO_OP` to have the Transfer
-    #     Family server ignore the SETSTAT command, and upload files without
-    #     needing to make any changes to your SFTP client. Note that with
-    #     `SetStatOption` set to `ENABLE_NO_OP`, Transfer generates a log
-    #     entry to CloudWatch Logs, so you can determine when the client is
-    #     making a SETSTAT call.
-    #
-    #   * Use the `TlsSessionResumptionMode` parameter to determine whether
-    #     or not your Transfer server resumes recent, negotiated sessions
-    #     through a unique session ID.
+    #   * To ignore the error that is generated when the client attempts to
+    #     use the `SETSTAT` command on a file that you are uploading to an
+    #     Amazon S3 bucket, use the `SetStatOption` parameter. To have the
+    #     Transfer Family server ignore the `SETSTAT` command and upload
+    #     files without needing to make any changes to your SFTP client, set
+    #     the value to `ENABLE_NO_OP`. If you set the `SetStatOption`
+    #     parameter to `ENABLE_NO_OP`, Transfer Family generates a log entry
+    #     to Amazon CloudWatch Logs, so that you can determine when the
+    #     client is making a `SETSTAT` call.
+    #
+    #   * To determine whether your Transfer Family server resumes recent,
+    #     negotiated sessions through a unique session ID, use the
+    #     `TlsSessionResumptionMode` parameter.
+    #
+    #   * `As2Transports` indicates the transport method for the AS2
+    #     messages. Currently, only HTTP is supported.
     #   @return [Types::ProtocolDetails]
     #
     # @!attribute [rw] endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are
     #   configured for your server. When you host your endpoint within your
-    #   VPC, you can make it accessible only to resources within your VPC,
-    #   or you can attach Elastic IP addresses and make it accessible to
-    #   clients over the internet. Your VPC's default security groups are
-    #   automatically assigned to your endpoint.
+    #   VPC, you can make your endpoint accessible only to resources within
+    #   your VPC, or you can attach Elastic IP addresses and make your
+    #   endpoint accessible to clients over the internet. Your VPC's
+    #   default security groups are automatically assigned to your endpoint.
     #   @return [Types::EndpointDetails]
     #
     # @!attribute [rw] endpoint_type
@@ -4111,15 +5761,37 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] host_key
-    #   The RSA private key as generated by `ssh-keygen -N "" -m PEM -f
-    #   my-new-server-key`.
+    #   The RSA, ECDSA, or ED25519 private key to use for your server.
+    #
+    #   Use the following command to generate an RSA 2048 bit key with no
+    #   passphrase:
+    #
+    #   `ssh-keygen -t rsa -b 2048 -N "" -m PEM -f my-new-server-key`.
+    #
+    #   Use a minimum value of 2048 for the `-b` option. You can create a
+    #   stronger key by using 3072 or 4096.
+    #
+    #   Use the following command to generate an ECDSA 256 bit key with no
+    #   passphrase:
+    #
+    #   `ssh-keygen -t ecdsa -b 256 -N "" -m PEM -f my-new-server-key`.
+    #
+    #   Valid values for the `-b` option for ECDSA are 256, 384, and 521.
+    #
+    #   Use the following command to generate an ED25519 key with no
+    #   passphrase:
+    #
+    #   `ssh-keygen -t ed25519 -N "" -f my-new-server-key`.
+    #
+    #   For all of these commands, you can replace *my-new-server-key* with
+    #   a string of your choice.
     #
     #   If you aren't planning to migrate existing users from an existing
-    #   server to a new server, don't update the host key. Accidentally
-    #   changing a server's host key can be disruptive.
+    #   SFTP-enabled server to a new server, don't update the host key.
+    #   Accidentally changing a server's host key can be disruptive.
     #
     #   For more information, see [Change the host key for your SFTP-enabled
-    #   server][1] in the *Amazon Web ServicesTransfer Family User Guide*.
+    #   server][1] in the *Transfer Family User Guide*.
     #
     #
     #
@@ -4132,15 +5804,14 @@ module Aws::Transfer
     #   @return [Types::IdentityProviderDetails]
     #
     # @!attribute [rw] logging_role
-    #   Specifies the Amazon Resource Name (ARN) of the Amazon Web Services
-    #   Identity and Access Management (IAM) role that allows a server to
-    #   turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS
-    #   events. When set, user activity can be viewed in your CloudWatch
-    #   logs.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that allows a server to turn on Amazon CloudWatch logging
+    #   for Amazon S3 or Amazon EFSevents. When set, you can view user
+    #   activity in your CloudWatch logs.
     #   @return [String]
     #
     # @!attribute [rw] post_authentication_login_banner
-    #   Specify a string to display when users connect to a server. This
+    #   Specifies a string to display when users connect to a server. This
     #   string is displayed after the user authenticates.
     #
     #   <note markdown="1"> The SFTP protocol does not support post-authentication display
@@ -4150,9 +5821,9 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] pre_authentication_login_banner
-    #   Specify a string to display when users connect to a server. This
+    #   Specifies a string to display when users connect to a server. This
     #   string is displayed before the user authenticates. For example, the
-    #   following banner displays details about using the system.
+    #   following banner displays details about using the system:
     #
     #   `This system is for the use of authorized users only. Individuals
     #   using this computer system without authority, or in excess of their
@@ -4165,28 +5836,34 @@ module Aws::Transfer
     #   file transfer protocol client can connect to your server's
     #   endpoint. The available protocols are:
     #
-    #   * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer
+    #   * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
     #     over SSH
     #
-    #   * File Transfer Protocol Secure (FTPS): File transfer with TLS
+    #   * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
     #     encryption
     #
-    #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
+    #
+    #   * `AS2` (Applicability Statement 2): used for transporting
+    #     structured business-to-business data
+    #
+    #   <note markdown="1"> * If you select `FTPS`, you must choose a certificate stored in
+    #     Certificate Manager (ACM) which is used to identify your server
+    #     when clients connect to it over FTPS.
     #
-    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in Amazon
-    #   Web ServicesCertificate Manager (ACM) which will be used to identify
-    #   your server when clients connect to it over FTPS.
+    #   * If `Protocol` includes either `FTP` or `FTPS`, then the
+    #     `EndpointType` must be `VPC` and the `IdentityProviderType` must
+    #     be `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
     #
-    #    If `Protocol` includes either `FTP` or `FTPS`, then the
-    #   `EndpointType` must be `VPC` and the `IdentityProviderType` must be
-    #   `AWS_DIRECTORY_SERVICE` or `API_GATEWAY`.
+    #   * If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot
+    #     be associated.
     #
-    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
-    #   associated.
+    #   * If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
+    #     to `PUBLIC` and the `IdentityProviderType` can be set to
+    #     `SERVICE_MANAGED`.
     #
-    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
-    #   to `PUBLIC` and the `IdentityProviderType` can be set to
-    #   `SERVICE_MANAGED`.
+    #   * If `Protocol` includes `AS2`, then the `EndpointType` must be
+    #     `VPC`, and domain must be Amazon S3.
     #
     #    </note>
     #   @return [Array<String>]
@@ -4203,7 +5880,7 @@ module Aws::Transfer
     #
     # @!attribute [rw] workflow_details
     #   Specifies the workflow ID for the workflow to assign and the
-    #   execution role used for executing the workflow.
+    #   execution role that's used for executing the workflow.
     #
     #   To remove an associated workflow from a server, you can provide an
     #   empty `OnUpload` object, as in the following example.
@@ -4276,13 +5953,13 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you want your users' home
-    #   directory to be when they log into the server. If you set it to
-    #   `PATH`, the user will see the absolute Amazon S3 bucket or EFS paths
-    #   as is in their file transfer protocol clients. If you set it
+    #   The type of landing directory (folder) that you want your users'
+    #   home directory to be when they log in to the server. If you set it
+    #   to `PATH`, the user will see the absolute Amazon S3 bucket or EFS
+    #   paths as is in their file transfer protocol clients. If you set it
     #   `LOGICAL`, you need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or EFS
-    #   paths visible to your users.
+    #   `HomeDirectoryMappings` for how you want to make Amazon S3 or Amazon
+    #   EFS paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_mappings
@@ -4291,10 +5968,10 @@ module Aws::Transfer
     #   make them visible. You must specify the `Entry` and `Target` pair,
     #   where `Entry` shows how the path is made visible and `Target` is the
     #   actual Amazon S3 or Amazon EFS path. If you only specify a target,
-    #   it is displayed as is. You also must ensure that your Amazon Web
-    #   Services Identity and Access Management (IAM) role provides access
-    #   to paths in `Target`. This value can only be set when
-    #   `HomeDirectoryType` is set to *LOGICAL*.
+    #   it is displayed as is. You also must ensure that your Identity and
+    #   Access Management (IAM) role provides access to paths in `Target`.
+    #   This value can be set only when `HomeDirectoryType` is set to
+    #   *LOGICAL*.
     #
     #   The following is an `Entry` and `Target` pair example.
     #
@@ -4312,19 +5989,19 @@ module Aws::Transfer
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] policy
-    #   A session policy for your user so that you can use the same IAM role
-    #   across multiple users. This policy scopes down user access to
-    #   portions of their Amazon S3 bucket. Variables that you can use
-    #   inside this policy include `$\{Transfer:UserName\}`,
-    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
+    #   A session policy for your user so that you can use the same Identity
+    #   and Access Management (IAM) role across multiple users. This policy
+    #   scopes down a user's access to portions of their Amazon S3 bucket.
+    #   Variables that you can use inside this policy include
+    #   `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
+    #   `$\{Transfer:HomeBucket\}`.
     #
-    #   <note markdown="1"> This only applies when the domain of `ServerId` is S3. EFS does not
-    #   use session policies.
+    #   <note markdown="1"> This policy applies only when the domain of `ServerId` is Amazon S3.
+    #   Amazon EFS does not use session policies.
     #
-    #    For session policies, Amazon Web Services Transfer Family stores the
-    #   policy as a JSON blob, instead of the Amazon Resource Name (ARN) of
-    #   the policy. You save the policy as a JSON blob and pass it in the
-    #   `Policy` argument.
+    #    For session policies, Transfer Family stores the policy as a JSON
+    #   blob, instead of the Amazon Resource Name (ARN) of the policy. You
+    #   save the policy as a JSON blob and pass it in the `Policy` argument.
     #
     #    For an example of a session policy, see [Creating a session
     #   policy][1].
@@ -4351,14 +6028,14 @@ module Aws::Transfer
     #   @return [Types::PosixProfile]
     #
     # @!attribute [rw] role
-    #   Specifies the Amazon Resource Name (ARN) of the IAM role that
-    #   controls your users' access to your Amazon S3 bucket or EFS file
-    #   system. The policies attached to this role determine the level of
-    #   access that you want to provide your users when transferring files
-    #   into and out of your Amazon S3 bucket or EFS file system. The IAM
-    #   role should also contain a trust relationship that allows the server
-    #   to access your resources when servicing your users' transfer
-    #   requests.
+    #   The Amazon Resource Name (ARN) of the Identity and Access Management
+    #   (IAM) role that controls your users' access to your Amazon S3
+    #   bucket or Amazon EFS file system. The policies attached to this role
+    #   determine the level of access that you want to provide your users
+    #   when transferring files into and out of your Amazon S3 bucket or
+    #   Amazon EFS file system. The IAM role should also contain a trust
+    #   relationship that allows the server to access your resources when
+    #   servicing your users' transfer requests.
     #   @return [String]
     #
     # @!attribute [rw] server_id
@@ -4440,7 +6117,7 @@ module Aws::Transfer
     end
 
     # Specifies the workflow ID for the workflow to assign and the execution
-    # role used for executing the workflow.
+    # role that's used for executing the workflow.
     #
     # @note When making an API call, you may pass WorkflowDetail
     #   data as a hash:
@@ -4550,13 +6227,13 @@ module Aws::Transfer
     # @!attribute [rw] type
     #   Currently, the following step types are supported.
     #
-    #   * *COPY*\: copy the file to another location
+    #   * *COPY*\: Copy the file to another location.
     #
-    #   * *CUSTOM*\: custom step with a lambda target
+    #   * *CUSTOM*\: Perform a custom step with an Lambda function target.
     #
-    #   * *DELETE*\: delete the file
+    #   * *DELETE*\: Delete the file.
     #
-    #   * *TAG*\: add a tag to the file
+    #   * *TAG*\: Add a tag to the file.
     #   @return [String]
     #
     # @!attribute [rw] copy_step_details