aws-sdk-transfer 1.20.0 → 1.21.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 90dc7322cdebf9a63dc91e89550505d8602b4ecc4d9a25ae5985158aa165991f
-  data.tar.gz: b73403e5937ceb79803af79f963586e73b3be59c2696ae9d5b1a23afaf85ff76
+  metadata.gz: 67a0c6b2bf618b9a8b340f195400c14b6e421127dd8685ee7378e717d3def22d
+  data.tar.gz: aa5b8280984fc5a26d203eee779be235dedbe519e10884a510fba4173bec12c6
 SHA512:
-  metadata.gz: 3ac272cd20b7cf50e64aaf28e5cc7e8755c23572f4b53891358d279ee8bba3189078f7ded09f1618e227a537eb05a9c5d55dc5ddbce181e6f1334ee679695249
-  data.tar.gz: a7818347b0fe6a3763c4859604fec3755d245c99c7946e7a30f457e5201c4d6f4a20f8f0664a9046171cd95b8719b50f6d21a62fc7c53f4b50b67d22294bad95
+  metadata.gz: df790f8da05a6e03ad6820ef5820c3255766e0665796f621182aea1a544ff8f6fb43fb634331a3af4fb97048045db4aef8a36c4deae8b0a46c9cf36a830d4dd8
+  data.tar.gz: f85dde748a522956bfe04dc61debbc644e8e78d0e56549b901302e62ae60da1271e35a9b5687f27177838176167ca1e98471d770ecdd4b3eda6ffcf65cc10e45

data/lib/aws-sdk-transfer.rb

@@ -45,6 +45,6 @@ require_relative 'aws-sdk-transfer/customizations'
 # @service
 module Aws::Transfer
 
-  GEM_VERSION = '1.20.0'
+  GEM_VERSION = '1.21.0'
 
 end

data/lib/aws-sdk-transfer/client.rb

@@ -328,6 +328,41 @@ module Aws::Transfer
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
     #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key sizes
+    #   are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
+    #
     # @option params [Types::EndpointDetails] :endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are configured
     #   for your file transfer protocol-enabled server. When you host your
@@ -339,24 +374,32 @@ module Aws::Transfer
     # @option params [String] :endpoint_type
     #   The type of VPC endpoint that you want your file transfer
     #   protocol-enabled server to connect to. You can choose to connect to
-    #   the public internet or a virtual private cloud (VPC) endpoint. With a
-    #   VPC endpoint, you can restrict access to your server and resources
-    #   only within your VPC.
+    #   the public internet or a VPC endpoint. With a VPC endpoint, you can
+    #   restrict access to your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With this
+    #   endpoint type, you have the option to directly associate up to three
+    #   Elastic IPv4 addresses (BYO IP included) with your server's endpoint
+    #   and use VPC security groups to restrict traffic by the client's
+    #   public IP address. This is not possible with `EndpointType` set to
+    #   `VPC_ENDPOINT`.
+    #
+    #    </note>
     #
     # @option params [String] :host_key
-    #   The RSA private key as generated by the `ssh-keygen -N "" -f
+    #   The RSA private key as generated by the `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key` command.
     #
     #   If you aren't planning to migrate existing users from an existing
     #   SFTP-enabled server to a new server, don't update the host key.
     #   Accidentally changing a server's host key can be disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS Transfer
-    #   Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #
     # @option params [Types::IdentityProviderDetails] :identity_provider_details
     #   Required when `IdentityProviderType` is set to `API_GATEWAY`. Accepts
@@ -382,13 +425,29 @@ module Aws::Transfer
     #   transfer protocol client can connect to your server's endpoint. The
     #   available protocols are:
     #
-    #   * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over
-    #     SSH
+    #   * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
+    #     over SSH
     #
-    #   * File Transfer Protocol Secure (FTPS): File transfer with TLS
+    #   * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
     #     encryption
     #
-    #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
+    #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your server
+    #   when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the `EndpointType`
+    #   must be `VPC` and the `IdentityProviderType` must be `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set to
+    #   `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
     #
     # @option params [Array<Types::Tag>] :tags
     #   Key-value pairs that can be used to group and search for file transfer
@@ -451,7 +510,8 @@ module Aws::Transfer
     #   The landing directory (folder) for a user when they log in to the file
     #   transfer protocol-enabled server using the client.
     #
-    #   An example is `your-Amazon-S3-bucket-name>/home/username`.
+    #   An example is <i>
+    #   <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
     #
     # @option params [String] :home_directory_type
     #   The type of landing directory (folder) you want your users' home
@@ -468,8 +528,8 @@ module Aws::Transfer
     #   You will need to specify the "`Entry`" and "`Target`" pair, where
     #   `Entry` shows how the path is made visible and `Target` is the actual
     #   Amazon S3 path. If you only specify a target, it will be displayed as
-    #   is. You will need to also make sure that your AWS IAM Role provides
-    #   access to paths in `Target`. The following is an example.
+    #   is. You will need to also make sure that your IAM role provides access
+    #   to paths in `Target`. The following is an example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry": "your-personal-report.pdf",
     #   "Target": "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \}
@@ -503,8 +563,8 @@ module Aws::Transfer
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.
@@ -1110,12 +1170,6 @@ module Aws::Transfer
     #   protocol-enabled server. That server's user authentication method is
     #   tested with a user name and password.
     #
-    # @option params [required, String] :user_name
-    #   The name of the user account to be tested.
-    #
-    # @option params [String] :user_password
-    #   The password of the user account to be tested.
-    #
     # @option params [String] :server_protocol
     #   The type of file transfer protocol to be tested.
     #
@@ -1127,6 +1181,15 @@ module Aws::Transfer
     #
     #   * File Transfer Protocol (FTP)
     #
+    # @option params [String] :source_ip
+    #   The source IP address of the user account to be tested.
+    #
+    # @option params [required, String] :user_name
+    #   The name of the user account to be tested.
+    #
+    # @option params [String] :user_password
+    #   The password of the user account to be tested.
+    #
     # @return [Types::TestIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::TestIdentityProviderResponse#response #response} => String
@@ -1138,9 +1201,10 @@ module Aws::Transfer
     #
     #   resp = client.test_identity_provider({
     #     server_id: "ServerId", # required
+    #     server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
+    #     source_ip: "SourceIp",
     #     user_name: "UserName", # required
     #     user_password: "UserPassword",
-    #     server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
     #   })
     #
     # @example Response structure
@@ -1203,6 +1267,41 @@ module Aws::Transfer
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
     #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key sizes
+    #   are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
+    #
     # @option params [Types::EndpointDetails] :endpoint_details
     #   The virtual private cloud (VPC) endpoint settings that are configured
     #   for your file transfer protocol-enabled server. With a VPC endpoint,
@@ -1213,11 +1312,20 @@ module Aws::Transfer
     # @option params [String] :endpoint_type
     #   The type of endpoint that you want your file transfer protocol-enabled
     #   server to connect to. You can choose to connect to the public internet
-    #   or a VPC endpoint. With a VPC endpoint, your server isn't accessible
-    #   over the public internet.
+    #   or a VPC endpoint. With a VPC endpoint, you can restrict access to
+    #   your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With this
+    #   endpoint type, you have the option to directly associate up to three
+    #   Elastic IPv4 addresses (BYO IP included) with your server's endpoint
+    #   and use VPC security groups to restrict traffic by the client's
+    #   public IP address. This is not possible with `EndpointType` set to
+    #   `VPC_ENDPOINT`.
+    #
+    #    </note>
     #
     # @option params [String] :host_key
-    #   The RSA private key as generated by `ssh-keygen -N "" -f
+    #   The RSA private key as generated by `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key`.
     #
     #   If you aren't planning to migrate existing users from an existing
@@ -1225,12 +1333,12 @@ module Aws::Transfer
     #   the host key. Accidentally changing a server's host key can be
     #   disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS Transfer
-    #   Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #
     # @option params [Types::IdentityProviderDetails] :identity_provider_details
     #   An array containing all of the information required to call a
@@ -1254,6 +1362,22 @@ module Aws::Transfer
     #
     #   * File Transfer Protocol (FTP): Unencrypted file transfer
     #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your server
+    #   when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the `EndpointType`
+    #   must be `VPC` and the `IdentityProviderType` must be `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set to
+    #   `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
+    #
     # @option params [required, String] :server_id
     #   A system-assigned unique identifier for a file transfer
     #   protocol-enabled server instance that the user account is assigned to.
@@ -1325,8 +1449,8 @@ module Aws::Transfer
     #   You will need to specify the "`Entry`" and "`Target`" pair, where
     #   `Entry` shows how the path is made visible and `Target` is the actual
     #   Amazon S3 path. If you only specify a target, it will be displayed as
-    #   is. You will need to also make sure that your AWS IAM Role provides
-    #   access to paths in `Target`. The following is an example.
+    #   is. You will need to also make sure that your IAM role provides access
+    #   to paths in `Target`. The following is an example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry": "your-personal-report.pdf",
     #   "Target": "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \}
@@ -1350,19 +1474,18 @@ module Aws::Transfer
     #
     # @option params [String] :policy
     #   Allows you to supply a scope-down policy for your user so you can use
-    #   the same AWS Identity and Access Management (IAM) role across multiple
-    #   users. The policy scopes down user access to portions of your Amazon
-    #   S3 bucket. Variables you can use inside this policy include
-    #   `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
-    #   `$\{Transfer:HomeBucket\}`.
+    #   the same IAM role across multiple users. The policy scopes down user
+    #   access to portions of your Amazon S3 bucket. Variables you can use
+    #   inside this policy include `$\{Transfer:UserName\}`,
+    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
     #
     #   <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
     #   JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.
@@ -1444,7 +1567,7 @@ module Aws::Transfer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-transfer'
-      context[:gem_version] = '1.20.0'
+      context[:gem_version] = '1.21.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-transfer/client_api.rb

@@ -75,6 +75,7 @@ module Aws::Transfer
     ServerId = Shapes::StringShape.new(name: 'ServerId')
     ServiceErrorMessage = Shapes::StringShape.new(name: 'ServiceErrorMessage')
     ServiceUnavailableException = Shapes::StructureShape.new(name: 'ServiceUnavailableException')
+    SourceIp = Shapes::StringShape.new(name: 'SourceIp')
     SshPublicKey = Shapes::StructureShape.new(name: 'SshPublicKey')
     SshPublicKeyBody = Shapes::StringShape.new(name: 'SshPublicKeyBody')
     SshPublicKeyCount = Shapes::IntegerShape.new(name: 'SshPublicKeyCount')
@@ -323,9 +324,10 @@ module Aws::Transfer
     Tags.member = Shapes::ShapeRef.new(shape: Tag)
 
     TestIdentityProviderRequest.add_member(:server_id, Shapes::ShapeRef.new(shape: ServerId, required: true, location_name: "ServerId"))
+    TestIdentityProviderRequest.add_member(:server_protocol, Shapes::ShapeRef.new(shape: Protocol, location_name: "ServerProtocol"))
+    TestIdentityProviderRequest.add_member(:source_ip, Shapes::ShapeRef.new(shape: SourceIp, location_name: "SourceIp"))
     TestIdentityProviderRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: UserName, required: true, location_name: "UserName"))
     TestIdentityProviderRequest.add_member(:user_password, Shapes::ShapeRef.new(shape: UserPassword, location_name: "UserPassword"))
-    TestIdentityProviderRequest.add_member(:server_protocol, Shapes::ShapeRef.new(shape: Protocol, location_name: "ServerProtocol"))
     TestIdentityProviderRequest.struct_class = Types::TestIdentityProviderRequest
 
     TestIdentityProviderResponse.add_member(:response, Shapes::ShapeRef.new(shape: Response, location_name: "Response"))

data/lib/aws-sdk-transfer/types.rb

@@ -65,6 +65,41 @@ module Aws::Transfer
     # @!attribute [rw] certificate
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
+    #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key
+    #   sizes are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
     #   @return [String]
     #
     # @!attribute [rw] endpoint_details
@@ -79,25 +114,33 @@ module Aws::Transfer
     # @!attribute [rw] endpoint_type
     #   The type of VPC endpoint that you want your file transfer
     #   protocol-enabled server to connect to. You can choose to connect to
-    #   the public internet or a virtual private cloud (VPC) endpoint. With
-    #   a VPC endpoint, you can restrict access to your server and resources
-    #   only within your VPC.
+    #   the public internet or a VPC endpoint. With a VPC endpoint, you can
+    #   restrict access to your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With
+    #   this endpoint type, you have the option to directly associate up to
+    #   three Elastic IPv4 addresses (BYO IP included) with your server's
+    #   endpoint and use VPC security groups to restrict traffic by the
+    #   client's public IP address. This is not possible with
+    #   `EndpointType` set to `VPC_ENDPOINT`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] host_key
-    #   The RSA private key as generated by the `ssh-keygen -N "" -f
+    #   The RSA private key as generated by the `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key` command.
     #
     #   If you aren't planning to migrate existing users from an existing
     #   SFTP-enabled server to a new server, don't update the host key.
     #   Accidentally changing a server's host key can be disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS
-    #   Transfer Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_details
@@ -128,13 +171,30 @@ module Aws::Transfer
     #   file transfer protocol client can connect to your server's
     #   endpoint. The available protocols are:
     #
-    #   * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer
+    #   * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
     #     over SSH
     #
-    #   * File Transfer Protocol Secure (FTPS): File transfer with TLS
+    #   * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
     #     encryption
     #
-    #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
+    #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your server
+    #   when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the
+    #   `EndpointType` must be `VPC` and the `IdentityProviderType` must be
+    #   `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
+    #   to `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
     #   @return [Array<String>]
     #
     # @!attribute [rw] tags
@@ -198,7 +258,8 @@ module Aws::Transfer
     #   The landing directory (folder) for a user when they log in to the
     #   file transfer protocol-enabled server using the client.
     #
-    #   An example is `your-Amazon-S3-bucket-name>/home/username`.
+    #   An example is <i>
+    #   <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
@@ -217,8 +278,8 @@ module Aws::Transfer
     #   visible. You will need to specify the "`Entry`" and "`Target`"
     #   pair, where `Entry` shows how the path is made visible and `Target`
     #   is the actual Amazon S3 path. If you only specify a target, it will
-    #   be displayed as is. You will need to also make sure that your AWS
-    #   IAM Role provides access to paths in `Target`. The following is an
+    #   be displayed as is. You will need to also make sure that your IAM
+    #   role provides access to paths in `Target`. The following is an
     #   example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry":
@@ -254,8 +315,8 @@ module Aws::Transfer
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.
@@ -491,9 +552,11 @@ module Aws::Transfer
 
     # Describes the properties of a file transfer protocol-enabled server
     # that was specified. Information returned includes the following: the
-    # server Amazon Resource Name (ARN), the authentication configuration
-    # and type, the logging role, the server ID and state, and assigned tags
-    # or metadata.
+    # server Amazon Resource Name (ARN), the certificate ARN (if the FTPS
+    # protocol was selected), the endpoint type and details, the
+    # authentication configuration and type, the logging role, the file
+    # transfer protocol or protocols, the server ID and state, and assigned
+    # tags or metadata.
     #
     # @!attribute [rw] arn
     #   Specifies the unique Amazon Resource Name (ARN) for a file transfer
@@ -501,25 +564,26 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] certificate
-    #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
-    #   certificate. Required when `Protocols` is set to `FTPS`.
+    #   Specifies the ARN of the AWS Certificate Manager (ACM) certificate.
+    #   Required when `Protocols` is set to `FTPS`.
     #   @return [String]
     #
     # @!attribute [rw] endpoint_details
-    #   The virtual private cloud (VPC) endpoint settings that you
+    #   Specifies the virtual private cloud (VPC) endpoint settings that you
     #   configured for your file transfer protocol-enabled server.
     #   @return [Types::EndpointDetails]
     #
     # @!attribute [rw] endpoint_type
-    #   The type of endpoint that your file transfer protocol-enabled server
-    #   is connected to. If your server is connected to a VPC endpoint, your
-    #   server isn't accessible over the public internet.
+    #   Defines the type of endpoint that your file transfer
+    #   protocol-enabled server is connected to. If your server is connected
+    #   to a VPC endpoint, your server isn't accessible over the public
+    #   internet.
     #   @return [String]
     #
     # @!attribute [rw] host_key_fingerprint
-    #   Contains the message-digest algorithm (MD5) hash of a file transfer
-    #   protocol-enabled server's host key. This value is equivalent to the
-    #   output of the `ssh-keygen -l -E md5 -f my-new-server-key` command.
+    #   Specifies the Base64-encoded SHA256 fingerprint of the server's
+    #   host key. This value is equivalent to the output of the `ssh-keygen
+    #   -l -f my-new-server-key` command.
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_details
@@ -529,19 +593,19 @@ module Aws::Transfer
     #   @return [Types::IdentityProviderDetails]
     #
     # @!attribute [rw] identity_provider_type
-    #   Defines the mode of authentication method enabled for this service.
-    #   A value of `SERVICE_MANAGED` means that you are using this file
-    #   transfer protocol-enabled server to store and access user
+    #   Specifies the mode of authentication method enabled for this
+    #   service. A value of `SERVICE_MANAGED` means that you are using this
+    #   file transfer protocol-enabled server to store and access user
     #   credentials within the service. A value of `API_GATEWAY` indicates
     #   that you have integrated an API Gateway endpoint that will be
     #   invoked for authenticating your user into the service.
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   An AWS Identity and Access Management (IAM) entity that allows a
-    #   file transfer protocol-enabled server to turn on Amazon CloudWatch
-    #   logging for Amazon S3 events. When set, user activity can be viewed
-    #   in your CloudWatch logs.
+    #   Specifies the AWS Identity and Access Management (IAM) role that
+    #   allows a file transfer protocol-enabled server to turn on Amazon
+    #   CloudWatch logging for Amazon S3 events. When set, user activity can
+    #   be viewed in your CloudWatch logs.
     #   @return [String]
     #
     # @!attribute [rw] protocols
@@ -549,25 +613,25 @@ module Aws::Transfer
     #   file transfer protocol client can connect to your server's
     #   endpoint. The available protocols are:
     #
-    #   * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer
+    #   * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
     #     over SSH
     #
-    #   * File Transfer Protocol Secure (FTPS): File transfer with TLS
+    #   * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
     #     encryption
     #
-    #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #   * `FTP` (File Transfer Protocol): Unencrypted file transfer
     #   @return [Array<String>]
     #
     # @!attribute [rw] server_id
-    #   Unique system-assigned identifier for a file transfer
+    #   Specifies the unique system-assigned identifier for a file transfer
     #   protocol-enabled server that you instantiate.
     #   @return [String]
     #
     # @!attribute [rw] state
-    #   The condition of a file transfer protocol-enabled server for the
-    #   server that was described. A value of `ONLINE` indicates that the
-    #   server can accept jobs and transfer files. A `State` value of
-    #   `OFFLINE` means that the server cannot perform file transfer
+    #   Specifies the condition of a file transfer protocol-enabled server
+    #   for the server that was described. A value of `ONLINE` indicates
+    #   that the server can accept jobs and transfer files. A `State` value
+    #   of `OFFLINE` means that the server cannot perform file transfer
     #   operations.
     #
     #   The states of `STARTING` and `STOPPING` indicate that the server is
@@ -577,13 +641,13 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   Contains the key-value pairs that you can use to search for and
+    #   Specifies the key-value pairs that you can use to search for and
     #   group file transfer protocol-enabled servers that were assigned to
     #   the server that was described.
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] user_count
-    #   The number of users that are assigned to a file transfer
+    #   Specifies the number of users that are assigned to a file transfer
     #   protocol-enabled server you specified with the `ServerId`.
     #   @return [Integer]
     #
@@ -609,25 +673,26 @@ module Aws::Transfer
     # Returns properties of the user that you want to describe.
     #
     # @!attribute [rw] arn
-    #   Contains the unique Amazon Resource Name (ARN) for the user that was
-    #   requested to be described.
+    #   Specifies the unique Amazon Resource Name (ARN) for the user that
+    #   was requested to be described.
     #   @return [String]
     #
     # @!attribute [rw] home_directory
     #   Specifies the landing directory (or folder), which is the location
-    #   that files are written to or read from in an Amazon S3 bucket for
-    #   the described user. An example is `/your s3 bucket
-    #   name/home/username `.
+    #   that files are written to or read from in an Amazon S3 bucket, for
+    #   the described user. An example is <i>
+    #   <code>your-Amazon-S3-bucket-name&gt;/home/username</code> </i>.
     #   @return [String]
     #
     # @!attribute [rw] home_directory_mappings
-    #   Logical directory mappings that you specified for what Amazon S3
+    #   Specifies the logical directory mappings that specify what Amazon S3
     #   paths and keys should be visible to your user and how you want to
     #   make them visible. You will need to specify the "`Entry`" and
     #   "`Target`" pair, where `Entry` shows how the path is made visible
     #   and `Target` is the actual Amazon S3 path. If you only specify a
     #   target, it will be displayed as is. You will need to also make sure
-    #   that your AWS IAM Role provides access to paths in `Target`.
+    #   that your AWS Identity and Access Management (IAM) role provides
+    #   access to paths in `Target`.
     #
     #   In most cases, you can use this value instead of the scope-down
     #   policy to lock your user down to the designated home directory
@@ -636,13 +701,13 @@ module Aws::Transfer
     #   @return [Array<Types::HomeDirectoryMapEntry>]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you mapped for your users to
-    #   see when they log into the file transfer protocol-enabled server. If
-    #   you set it to `PATH`, the user will see the absolute Amazon S3
-    #   bucket paths as is in their file transfer protocol clients. If you
-    #   set it `LOGICAL`, you will need to provide mappings in the
-    #   `HomeDirectoryMappings` for how you want to make Amazon S3 paths
-    #   visible to your users.
+    #   Specifies the type of landing directory (folder) you mapped for your
+    #   users to see when they log into the file transfer protocol-enabled
+    #   server. If you set it to `PATH`, the user will see the absolute
+    #   Amazon S3 bucket paths as is in their file transfer protocol
+    #   clients. If you set it `LOGICAL`, you will need to provide mappings
+    #   in the `HomeDirectoryMappings` for how you want to make Amazon S3
+    #   paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] policy
@@ -660,20 +725,20 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_keys
-    #   Contains the public key portion of the Secure Shell (SSH) keys
+    #   Specifies the public key portion of the Secure Shell (SSH) keys
     #   stored for the described user.
     #   @return [Array<Types::SshPublicKey>]
     #
     # @!attribute [rw] tags
-    #   Contains the key-value pairs for the user requested. Tag can be used
-    #   to search for and group users for a variety of purposes.
+    #   Specifies the key-value pairs for the user requested. Tag can be
+    #   used to search for and group users for a variety of purposes.
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] user_name
-    #   The name of the user that was requested to be described. User names
-    #   are used for authentication purposes. This is the string that will
-    #   be used by your user when they log in to your file transfer
-    #   protocol-enabled server.
+    #   Specifies the name of the user that was requested to be described.
+    #   User names are used for authentication purposes. This is the string
+    #   that will be used by your user when they log in to your file
+    #   transfer protocol-enabled server.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/DescribedUser AWS API Documentation
@@ -720,15 +785,28 @@ module Aws::Transfer
     # @!attribute [rw] subnet_ids
     #   A list of subnet IDs that are required to host your file transfer
     #   protocol-enabled server endpoint in your VPC.
+    #
+    #   <note markdown="1"> This property can only be used when `EndpointType` is set to `VPC`.
+    #
+    #    </note>
     #   @return [Array<String>]
     #
     # @!attribute [rw] vpc_endpoint_id
     #   The ID of the VPC endpoint.
+    #
+    #   <note markdown="1"> This property can only be used when `EndpointType` is set to
+    #   `VPC_ENDPOINT`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] vpc_id
     #   The VPC ID of the VPC in which a file transfer protocol-enabled
     #   server's endpoint will be hosted.
+    #
+    #   <note markdown="1"> This property can only be used when `EndpointType` is set to `VPC`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/EndpointDetails AWS API Documentation
@@ -781,7 +859,7 @@ module Aws::Transfer
     #       }
     #
     # @!attribute [rw] url
-    #   Contains the location of the service endpoint used to authenticate
+    #   Provides the location of the service endpoint used to authenticate
     #   users.
     #   @return [String]
     #
@@ -1068,37 +1146,38 @@ module Aws::Transfer
     # specified.
     #
     # @!attribute [rw] arn
-    #   The unique Amazon Resource Name (ARN) for a file transfer
+    #   Specifies the unique Amazon Resource Name (ARN) for a file transfer
     #   protocol-enabled server to be listed.
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_type
-    #   The authentication method used to validate a user for a file
-    #   transfer protocol-enabled server that was specified. This can
+    #   Specifies the authentication method used to validate a user for a
+    #   file transfer protocol-enabled server that was specified. This can
     #   include Secure Shell (SSH), user name and password combinations, or
     #   your own custom authentication method. Valid values include
     #   `SERVICE_MANAGED` or `API_GATEWAY`.
     #   @return [String]
     #
     # @!attribute [rw] endpoint_type
-    #   The type of VPC endpoint that your file transfer protocol-enabled
-    #   server is connected to. If your server is connected to a VPC
-    #   endpoint, your server isn't accessible over the public internet.
+    #   Specifies the type of VPC endpoint that your file transfer
+    #   protocol-enabled server is connected to. If your server is connected
+    #   to a VPC endpoint, your server isn't accessible over the public
+    #   internet.
     #   @return [String]
     #
     # @!attribute [rw] logging_role
-    #   The AWS Identity and Access Management (IAM) entity that allows a
-    #   file transfer protocol-enabled server to turn on Amazon CloudWatch
-    #   logging.
+    #   Specifies the AWS Identity and Access Management (IAM) role that
+    #   allows a file transfer protocol-enabled server to turn on Amazon
+    #   CloudWatch logging.
     #   @return [String]
     #
     # @!attribute [rw] server_id
-    #   The unique system assigned identifier for a file transfer
+    #   Specifies the unique system assigned identifier for a file transfer
     #   protocol-enabled servers that were listed.
     #   @return [String]
     #
     # @!attribute [rw] state
-    #   Describes the condition of a file transfer protocol-enabled server
+    #   Specifies the condition of a file transfer protocol-enabled server
     #   for the server that was described. A value of `ONLINE` indicates
     #   that the server can accept jobs and transfer files. A `State` value
     #   of `OFFLINE` means that the server cannot perform file transfer
@@ -1111,9 +1190,8 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] user_count
-    #   A numeric value that indicates the number of users that are assigned
-    #   to a file transfer protocol-enabled server you specified with the
-    #   `ServerId`.
+    #   Specifies the number of users that are assigned to a file transfer
+    #   protocol-enabled server you specified with the `ServerId`.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedServer AWS API Documentation
@@ -1132,8 +1210,8 @@ module Aws::Transfer
     # Returns properties of the user that you specify.
     #
     # @!attribute [rw] arn
-    #   The unique Amazon Resource Name (ARN) for the user that you want to
-    #   learn about.
+    #   Provides the unique Amazon Resource Name (ARN) for the user that you
+    #   want to learn about.
     #   @return [String]
     #
     # @!attribute [rw] home_directory
@@ -1142,29 +1220,31 @@ module Aws::Transfer
     #   @return [String]
     #
     # @!attribute [rw] home_directory_type
-    #   The type of landing directory (folder) you mapped for your users'
-    #   home directory. If you set it to `PATH`, the user will see the
-    #   absolute Amazon S3 bucket paths as is in their file transfer
+    #   Specifies the type of landing directory (folder) you mapped for your
+    #   users' home directory. If you set it to `PATH`, the user will see
+    #   the absolute Amazon S3 bucket paths as is in their file transfer
     #   protocol clients. If you set it `LOGICAL`, you will need to provide
     #   mappings in the `HomeDirectoryMappings` for how you want to make
     #   Amazon S3 paths visible to your users.
     #   @return [String]
     #
     # @!attribute [rw] role
-    #   The role in use by this user. A *role* is an AWS Identity and Access
-    #   Management (IAM) entity that, in this case, allows a file transfer
-    #   protocol-enabled server to act on a user's behalf. It allows the
-    #   server to inherit the trust relationship that enables that user to
-    #   perform file operations to their Amazon S3 bucket.
+    #   Specifies the role that is in use by this user. A *role* is an AWS
+    #   Identity and Access Management (IAM) entity that, in this case,
+    #   allows a file transfer protocol-enabled server to act on a user's
+    #   behalf. It allows the server to inherit the trust relationship that
+    #   enables that user to perform file operations to their Amazon S3
+    #   bucket.
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_key_count
-    #   The number of SSH public keys stored for the user you specified.
+    #   Specifies the number of SSH public keys stored for the user you
+    #   specified.
     #   @return [Integer]
     #
     # @!attribute [rw] user_name
-    #   The name of the user whose ARN was specified. User names are used
-    #   for authentication purposes.
+    #   Specifies the name of the user whose ARN was specified. User names
+    #   are used for authentication purposes.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ListedUser AWS API Documentation
@@ -1241,16 +1321,18 @@ module Aws::Transfer
     # public key associated with their user name on a specific server.
     #
     # @!attribute [rw] date_imported
-    #   The date that the public key was added to the user account.
+    #   Specifies the date that the public key was added to the user
+    #   account.
     #   @return [Time]
     #
     # @!attribute [rw] ssh_public_key_body
-    #   The content of the SSH public key as specified by the `PublicKeyId`.
+    #   Specifies the content of the SSH public key as specified by the
+    #   `PublicKeyId`.
     #   @return [String]
     #
     # @!attribute [rw] ssh_public_key_id
-    #   The `SshPublicKeyId` parameter contains the identifier of the public
-    #   key.
+    #   Specifies the `SshPublicKeyId` parameter contains the identifier of
+    #   the public key.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/SshPublicKey AWS API Documentation
@@ -1369,9 +1451,10 @@ module Aws::Transfer
     #
     #       {
     #         server_id: "ServerId", # required
+    #         server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
+    #         source_ip: "SourceIp",
     #         user_name: "UserName", # required
     #         user_password: "UserPassword",
-    #         server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
     #       }
     #
     # @!attribute [rw] server_id
@@ -1380,14 +1463,6 @@ module Aws::Transfer
     #   is tested with a user name and password.
     #   @return [String]
     #
-    # @!attribute [rw] user_name
-    #   The name of the user account to be tested.
-    #   @return [String]
-    #
-    # @!attribute [rw] user_password
-    #   The password of the user account to be tested.
-    #   @return [String]
-    #
     # @!attribute [rw] server_protocol
     #   The type of file transfer protocol to be tested.
     #
@@ -1400,13 +1475,26 @@ module Aws::Transfer
     #   * File Transfer Protocol (FTP)
     #   @return [String]
     #
+    # @!attribute [rw] source_ip
+    #   The source IP address of the user account to be tested.
+    #   @return [String]
+    #
+    # @!attribute [rw] user_name
+    #   The name of the user account to be tested.
+    #   @return [String]
+    #
+    # @!attribute [rw] user_password
+    #   The password of the user account to be tested.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/TestIdentityProviderRequest AWS API Documentation
     #
     class TestIdentityProviderRequest < Struct.new(
       :server_id,
+      :server_protocol,
+      :source_ip,
       :user_name,
-      :user_password,
-      :server_protocol)
+      :user_password)
       include Aws::Structure
     end
 
@@ -1503,6 +1591,41 @@ module Aws::Transfer
     # @!attribute [rw] certificate
     #   The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
     #   certificate. Required when `Protocols` is set to `FTPS`.
+    #
+    #   To request a new public certificate, see [Request a public
+    #   certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+    #
+    #   To import an existing certificate into ACM, see [Importing
+    #   certificates into ACM][2] in the <i> AWS Certificate Manager User
+    #   Guide</i>.
+    #
+    #   To request a private certificate to use FTPS through private IP
+    #   addresses, see [Request a private certificate][3] in the <i> AWS
+    #   Certificate Manager User Guide</i>.
+    #
+    #   Certificates with the following cryptographic algorithms and key
+    #   sizes are supported:
+    #
+    #   * 2048-bit RSA (RSA\_2048)
+    #
+    #   * 4096-bit RSA (RSA\_4096)
+    #
+    #   * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+    #
+    #   * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+    #
+    #   * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+    #
+    #   <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+    #   with FQDN or IP address specified and information about the issuer.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
     #   @return [String]
     #
     # @!attribute [rw] endpoint_details
@@ -1517,12 +1640,21 @@ module Aws::Transfer
     # @!attribute [rw] endpoint_type
     #   The type of endpoint that you want your file transfer
     #   protocol-enabled server to connect to. You can choose to connect to
-    #   the public internet or a VPC endpoint. With a VPC endpoint, your
-    #   server isn't accessible over the public internet.
+    #   the public internet or a VPC endpoint. With a VPC endpoint, you can
+    #   restrict access to your server and resources only within your VPC.
+    #
+    #   <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With
+    #   this endpoint type, you have the option to directly associate up to
+    #   three Elastic IPv4 addresses (BYO IP included) with your server's
+    #   endpoint and use VPC security groups to restrict traffic by the
+    #   client's public IP address. This is not possible with
+    #   `EndpointType` set to `VPC_ENDPOINT`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] host_key
-    #   The RSA private key as generated by `ssh-keygen -N "" -f
+    #   The RSA private key as generated by `ssh-keygen -N "" -m PEM -f
     #   my-new-server-key`.
     #
     #   If you aren't planning to migrate existing users from an existing
@@ -1530,12 +1662,12 @@ module Aws::Transfer
     #   the host key. Accidentally changing a server's host key can be
     #   disruptive.
     #
-    #   For more information, see [Changing the Host Key for Your AWS
-    #   Transfer Family Server][1] in the *AWS Transfer Family User Guide*.
+    #   For more information, see [Change the host key for your SFTP-enabled
+    #   server][1] in the *AWS Transfer Family User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+    #   [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
     #   @return [String]
     #
     # @!attribute [rw] identity_provider_details
@@ -1561,6 +1693,23 @@ module Aws::Transfer
     #     encryption
     #
     #   * File Transfer Protocol (FTP): Unencrypted file transfer
+    #
+    #   <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+    #   Certificate Manager (ACM) which will be used to identify your server
+    #   when clients connect to it over FTPS.
+    #
+    #    If `Protocol` includes either `FTP` or `FTPS`, then the
+    #   `EndpointType` must be `VPC` and the `IdentityProviderType` must be
+    #   `API_GATEWAY`.
+    #
+    #    If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+    #   associated.
+    #
+    #    If `Protocol` is set only to `SFTP`, the `EndpointType` can be set
+    #   to `PUBLIC` and the `IdentityProviderType` can be set to
+    #   `SERVICE_MANAGED`.
+    #
+    #    </note>
     #   @return [Array<String>]
     #
     # @!attribute [rw] server_id
@@ -1637,8 +1786,8 @@ module Aws::Transfer
     #   visible. You will need to specify the "`Entry`" and "`Target`"
     #   pair, where `Entry` shows how the path is made visible and `Target`
     #   is the actual Amazon S3 path. If you only specify a target, it will
-    #   be displayed as is. You will need to also make sure that your AWS
-    #   IAM Role provides access to paths in `Target`. The following is an
+    #   be displayed as is. You will need to also make sure that your IAM
+    #   role provides access to paths in `Target`. The following is an
     #   example.
     #
     #   `'[ "/bucket2/documentation", \{ "Entry":
@@ -1664,19 +1813,18 @@ module Aws::Transfer
     #
     # @!attribute [rw] policy
     #   Allows you to supply a scope-down policy for your user so you can
-    #   use the same AWS Identity and Access Management (IAM) role across
-    #   multiple users. The policy scopes down user access to portions of
-    #   your Amazon S3 bucket. Variables you can use inside this policy
-    #   include `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
-    #   `$\{Transfer:HomeBucket\}`.
+    #   use the same IAM role across multiple users. The policy scopes down
+    #   user access to portions of your Amazon S3 bucket. Variables you can
+    #   use inside this policy include `$\{Transfer:UserName\}`,
+    #   `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
     #
     #   <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
     #   JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
     #   You save the policy as a JSON blob and pass it in the `Policy`
     #   argument.
     #
-    #    For an example of a scope-down policy, see [Creating a Scope-Down
-    #   Policy][1].
+    #    For an example of a scope-down policy, see [Creating a scope-down
+    #   policy][1].
     #
     #    For more information, see [AssumeRole][2] in the *AWS Security Token
     #   Service API Reference*.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-transfer
 version: !ruby/object:Gem::Version
-  version: 1.20.0
+  version: 1.21.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-28 00:00:00.000000000 Z
+date: 2020-06-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core