cdk-lambda-subminute 2.0.397 → 2.0.399
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +3 -3
- package/lib/cdk-lambda-subminute.js +3 -3
- package/node_modules/aws-sdk/README.md +4 -4
- package/node_modules/aws-sdk/apis/appconfig-2019-10-09.min.json +9 -1
- package/node_modules/aws-sdk/apis/batch-2016-08-10.min.json +187 -158
- package/node_modules/aws-sdk/apis/bedrock-agent-runtime-2023-07-26.min.json +252 -252
- package/node_modules/aws-sdk/apis/ec2-2016-11-15.min.json +9 -1
- package/node_modules/aws-sdk/apis/grafana-2020-08-18.min.json +82 -75
- package/node_modules/aws-sdk/apis/payment-cryptography-data-2022-02-03.min.json +83 -62
- package/node_modules/aws-sdk/apis/wafv2-2019-07-29.min.json +106 -106
- package/node_modules/aws-sdk/clients/appconfig.d.ts +24 -14
- package/node_modules/aws-sdk/clients/batch.d.ts +36 -3
- package/node_modules/aws-sdk/clients/bedrockagentruntime.d.ts +363 -81
- package/node_modules/aws-sdk/clients/cloudtrail.d.ts +2 -2
- package/node_modules/aws-sdk/clients/codebuild.d.ts +4 -4
- package/node_modules/aws-sdk/clients/cognitoidentityserviceprovider.d.ts +32 -32
- package/node_modules/aws-sdk/clients/ec2.d.ts +17 -9
- package/node_modules/aws-sdk/clients/grafana.d.ts +26 -9
- package/node_modules/aws-sdk/clients/guardduty.d.ts +14 -14
- package/node_modules/aws-sdk/clients/lambda.d.ts +46 -46
- package/node_modules/aws-sdk/clients/paymentcryptographydata.d.ts +68 -36
- package/node_modules/aws-sdk/clients/rds.d.ts +5 -5
- package/node_modules/aws-sdk/clients/snowball.d.ts +1 -1
- package/node_modules/aws-sdk/clients/transfer.d.ts +8 -8
- package/node_modules/aws-sdk/clients/wafv2.d.ts +14 -13
- package/node_modules/aws-sdk/clients/workspaces.d.ts +5 -5
- package/node_modules/aws-sdk/dist/aws-sdk-core-react-native.js +4 -3
- package/node_modules/aws-sdk/dist/aws-sdk-react-native.js +11 -10
- package/node_modules/aws-sdk/dist/aws-sdk.js +15 -6
- package/node_modules/aws-sdk/dist/aws-sdk.min.js +38 -38
- package/node_modules/aws-sdk/lib/core.js +1 -1
- package/node_modules/aws-sdk/lib/maintenance_mode_message.js +3 -2
- package/node_modules/aws-sdk/package.json +1 -1
- package/package.json +3 -3
|
@@ -12,19 +12,19 @@ declare class PaymentCryptographyData extends Service {
|
|
|
12
12
|
constructor(options?: PaymentCryptographyData.Types.ClientConfiguration)
|
|
13
13
|
config: Config & PaymentCryptographyData.Types.ClientConfiguration;
|
|
14
14
|
/**
|
|
15
|
-
* Decrypts ciphertext data to plaintext using symmetric, asymmetric, or DUKPT
|
|
15
|
+
* Decrypts ciphertext data to plaintext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Decrypt data in the Amazon Web Services Payment Cryptography User Guide. You can use an encryption key generated within Amazon Web Services Payment Cryptography, or you can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Decrypt. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling GetPublicCertificate. For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV decryption, Amazon Web Services Payment Cryptography supports TDES algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports RSA. When you use TDES or TDES DUKPT, the ciphertext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the ciphertext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: EncryptData GetPublicCertificate ImportKey
|
|
16
16
|
*/
|
|
17
17
|
decryptData(params: PaymentCryptographyData.Types.DecryptDataInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.DecryptDataOutput) => void): Request<PaymentCryptographyData.Types.DecryptDataOutput, AWSError>;
|
|
18
18
|
/**
|
|
19
|
-
* Decrypts ciphertext data to plaintext using symmetric, asymmetric, or DUKPT
|
|
19
|
+
* Decrypts ciphertext data to plaintext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Decrypt data in the Amazon Web Services Payment Cryptography User Guide. You can use an encryption key generated within Amazon Web Services Payment Cryptography, or you can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Decrypt. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling GetPublicCertificate. For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV decryption, Amazon Web Services Payment Cryptography supports TDES algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports RSA. When you use TDES or TDES DUKPT, the ciphertext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the ciphertext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: EncryptData GetPublicCertificate ImportKey
|
|
20
20
|
*/
|
|
21
21
|
decryptData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.DecryptDataOutput) => void): Request<PaymentCryptographyData.Types.DecryptDataOutput, AWSError>;
|
|
22
22
|
/**
|
|
23
|
-
* Encrypts plaintext data to ciphertext using symmetric, asymmetric, or DUKPT
|
|
23
|
+
* Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide. You can generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey. You can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Encrypt. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling ImportKey. For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV encryption, Amazon Web Services Payment Cryptography supports TDES algorithms.For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA. When you use TDES or TDES DUKPT, the plaintext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled. To encrypt using DUKPT, you must already have a BDK (Base Derivation Key) key in your account with KeyModesOfUse set to DeriveKey, or you can generate a new DUKPT key by calling CreateKey. To encrypt using EMV, you must already have an IMK (Issuer Master Key) key in your account with KeyModesOfUse set to DeriveKey. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: DecryptData GetPublicCertificate ImportKey ReEncryptData
|
|
24
24
|
*/
|
|
25
25
|
encryptData(params: PaymentCryptographyData.Types.EncryptDataInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.EncryptDataOutput) => void): Request<PaymentCryptographyData.Types.EncryptDataOutput, AWSError>;
|
|
26
26
|
/**
|
|
27
|
-
* Encrypts plaintext data to ciphertext using symmetric, asymmetric, or DUKPT
|
|
27
|
+
* Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide. You can generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey. You can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Encrypt. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling ImportKey. For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV encryption, Amazon Web Services Payment Cryptography supports TDES algorithms.For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA. When you use TDES or TDES DUKPT, the plaintext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled. To encrypt using DUKPT, you must already have a BDK (Base Derivation Key) key in your account with KeyModesOfUse set to DeriveKey, or you can generate a new DUKPT key by calling CreateKey. To encrypt using EMV, you must already have an IMK (Issuer Master Key) key in your account with KeyModesOfUse set to DeriveKey. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: DecryptData GetPublicCertificate ImportKey ReEncryptData
|
|
28
28
|
*/
|
|
29
29
|
encryptData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.EncryptDataOutput) => void): Request<PaymentCryptographyData.Types.EncryptDataOutput, AWSError>;
|
|
30
30
|
/**
|
|
@@ -36,11 +36,11 @@ declare class PaymentCryptographyData extends Service {
|
|
|
36
36
|
*/
|
|
37
37
|
generateCardValidationData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.GenerateCardValidationDataOutput) => void): Request<PaymentCryptographyData.Types.GenerateCardValidationDataOutput, AWSError>;
|
|
38
38
|
/**
|
|
39
|
-
* Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. You can use this operation
|
|
39
|
+
* Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision. You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and they key must have KeyModesOfUse set to Generate and Verify. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: VerifyMac
|
|
40
40
|
*/
|
|
41
41
|
generateMac(params: PaymentCryptographyData.Types.GenerateMacInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.GenerateMacOutput) => void): Request<PaymentCryptographyData.Types.GenerateMacOutput, AWSError>;
|
|
42
42
|
/**
|
|
43
|
-
* Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. You can use this operation
|
|
43
|
+
* Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision. You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and they key must have KeyModesOfUse set to Generate and Verify. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: VerifyMac
|
|
44
44
|
*/
|
|
45
45
|
generateMac(callback?: (err: AWSError, data: PaymentCryptographyData.Types.GenerateMacOutput) => void): Request<PaymentCryptographyData.Types.GenerateMacOutput, AWSError>;
|
|
46
46
|
/**
|
|
@@ -60,11 +60,11 @@ declare class PaymentCryptographyData extends Service {
|
|
|
60
60
|
*/
|
|
61
61
|
reEncryptData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.ReEncryptDataOutput) => void): Request<PaymentCryptographyData.Types.ReEncryptDataOutput, AWSError>;
|
|
62
62
|
/**
|
|
63
|
-
* Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide. PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES and AES key derivation type for DUKPT
|
|
63
|
+
* Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide. PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES and AES key derivation type for DUKPT translations. The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Amazon Web Services Payment Cryptography currently supports ISO PIN block 4 translation for PIN block built using legacy PAN length. That is, PAN is the right most 12 digits excluding the check digits. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: GeneratePinData VerifyPinData
|
|
64
64
|
*/
|
|
65
65
|
translatePinData(params: PaymentCryptographyData.Types.TranslatePinDataInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.TranslatePinDataOutput) => void): Request<PaymentCryptographyData.Types.TranslatePinDataOutput, AWSError>;
|
|
66
66
|
/**
|
|
67
|
-
* Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide. PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES and AES key derivation type for DUKPT
|
|
67
|
+
* Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide. PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES and AES key derivation type for DUKPT translations. The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Amazon Web Services Payment Cryptography currently supports ISO PIN block 4 translation for PIN block built using legacy PAN length. That is, PAN is the right most 12 digits excluding the check digits. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: GeneratePinData VerifyPinData
|
|
68
68
|
*/
|
|
69
69
|
translatePinData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.TranslatePinDataOutput) => void): Request<PaymentCryptographyData.Types.TranslatePinDataOutput, AWSError>;
|
|
70
70
|
/**
|
|
@@ -84,11 +84,11 @@ declare class PaymentCryptographyData extends Service {
|
|
|
84
84
|
*/
|
|
85
85
|
verifyCardValidationData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.VerifyCardValidationDataOutput) => void): Request<PaymentCryptographyData.Types.VerifyCardValidationDataOutput, AWSError>;
|
|
86
86
|
/**
|
|
87
|
-
* Verifies a Message Authentication Code (MAC). You can use this operation
|
|
87
|
+
* Verifies a Message Authentication Code (MAC). You can use this operation to verify MAC for message data authentication such as . In this operation, you must use the same message data, secret encryption key and MAC algorithm that was used to generate MAC. You can use this operation to verify a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: GenerateMac
|
|
88
88
|
*/
|
|
89
89
|
verifyMac(params: PaymentCryptographyData.Types.VerifyMacInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.VerifyMacOutput) => void): Request<PaymentCryptographyData.Types.VerifyMacOutput, AWSError>;
|
|
90
90
|
/**
|
|
91
|
-
* Verifies a Message Authentication Code (MAC). You can use this operation
|
|
91
|
+
* Verifies a Message Authentication Code (MAC). You can use this operation to verify MAC for message data authentication such as . In this operation, you must use the same message data, secret encryption key and MAC algorithm that was used to generate MAC. You can use this operation to verify a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: GenerateMac
|
|
92
92
|
*/
|
|
93
93
|
verifyMac(callback?: (err: AWSError, data: PaymentCryptographyData.Types.VerifyMacOutput) => void): Request<PaymentCryptographyData.Types.VerifyMacOutput, AWSError>;
|
|
94
94
|
/**
|
|
@@ -257,11 +257,11 @@ declare namespace PaymentCryptographyData {
|
|
|
257
257
|
*/
|
|
258
258
|
KeyArn: KeyArn;
|
|
259
259
|
/**
|
|
260
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
260
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
261
261
|
*/
|
|
262
262
|
KeyCheckValue: KeyCheckValue;
|
|
263
263
|
/**
|
|
264
|
-
* The decrypted plaintext data.
|
|
264
|
+
* The decrypted plaintext data in hexBinary format.
|
|
265
265
|
*/
|
|
266
266
|
PlainText: HexEvenLengthBetween16And4096;
|
|
267
267
|
}
|
|
@@ -314,7 +314,7 @@ declare namespace PaymentCryptographyData {
|
|
|
314
314
|
*/
|
|
315
315
|
DukptKeyVariant?: DukptKeyVariant;
|
|
316
316
|
/**
|
|
317
|
-
* An input
|
|
317
|
+
* An input used to provide the intial state. If no value is provided, Amazon Web Services Payment Cryptography defaults it to zero.
|
|
318
318
|
*/
|
|
319
319
|
InitializationVector?: HexLength16Or32;
|
|
320
320
|
/**
|
|
@@ -322,7 +322,7 @@ declare namespace PaymentCryptographyData {
|
|
|
322
322
|
*/
|
|
323
323
|
KeySerialNumber: HexLengthBetween10And24;
|
|
324
324
|
/**
|
|
325
|
-
* The block cipher
|
|
325
|
+
* The block cipher method to use for encryption. The default is CBC.
|
|
326
326
|
*/
|
|
327
327
|
Mode?: DukptEncryptionMode;
|
|
328
328
|
}
|
|
@@ -364,6 +364,34 @@ declare namespace PaymentCryptographyData {
|
|
|
364
364
|
*/
|
|
365
365
|
ServiceCode: NumberLengthEquals3;
|
|
366
366
|
}
|
|
367
|
+
export interface EmvEncryptionAttributes {
|
|
368
|
+
/**
|
|
369
|
+
* An input used to provide the intial state. If no value is provided, Amazon Web Services Payment Cryptography defaults it to zero.
|
|
370
|
+
*/
|
|
371
|
+
InitializationVector?: HexLength16Or32;
|
|
372
|
+
/**
|
|
373
|
+
* The EMV derivation mode to use for ICC master key derivation as per EMV version 4.3 book 2.
|
|
374
|
+
*/
|
|
375
|
+
MajorKeyDerivationMode: EmvMajorKeyDerivationMode;
|
|
376
|
+
/**
|
|
377
|
+
* The block cipher method to use for encryption.
|
|
378
|
+
*/
|
|
379
|
+
Mode?: EmvEncryptionMode;
|
|
380
|
+
/**
|
|
381
|
+
* A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
|
|
382
|
+
*/
|
|
383
|
+
PanSequenceNumber: HexLengthEquals2;
|
|
384
|
+
/**
|
|
385
|
+
* The Primary Account Number (PAN), a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
|
|
386
|
+
*/
|
|
387
|
+
PrimaryAccountNumber: NumberLengthBetween12And19;
|
|
388
|
+
/**
|
|
389
|
+
* The derivation value used to derive the ICC session key. It is typically the application transaction counter value padded with zeros or previous ARQC value padded with zeros as per EMV version 4.3 book 2.
|
|
390
|
+
*/
|
|
391
|
+
SessionDerivationData: HexLengthEquals16;
|
|
392
|
+
}
|
|
393
|
+
export type EmvEncryptionMode = "ECB"|"CBC"|string;
|
|
394
|
+
export type EmvMajorKeyDerivationMode = "EMV_OPTION_A"|"EMV_OPTION_B"|string;
|
|
367
395
|
export interface EncryptDataInput {
|
|
368
396
|
/**
|
|
369
397
|
* The encryption key type and attributes for plaintext encryption.
|
|
@@ -374,7 +402,7 @@ declare namespace PaymentCryptographyData {
|
|
|
374
402
|
*/
|
|
375
403
|
KeyIdentifier: KeyArnOrKeyAliasType;
|
|
376
404
|
/**
|
|
377
|
-
* The plaintext to be encrypted.
|
|
405
|
+
* The plaintext to be encrypted. For encryption using asymmetric keys, plaintext data length is constrained by encryption key strength that you define in KeyAlgorithm and padding type that you define in AsymmetricEncryptionAttributes. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide.
|
|
378
406
|
*/
|
|
379
407
|
PlainText: HexEvenLengthBetween16And4064;
|
|
380
408
|
}
|
|
@@ -388,13 +416,17 @@ declare namespace PaymentCryptographyData {
|
|
|
388
416
|
*/
|
|
389
417
|
KeyArn: KeyArn;
|
|
390
418
|
/**
|
|
391
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
419
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
392
420
|
*/
|
|
393
421
|
KeyCheckValue?: KeyCheckValue;
|
|
394
422
|
}
|
|
395
423
|
export interface EncryptionDecryptionAttributes {
|
|
396
424
|
Asymmetric?: AsymmetricEncryptionAttributes;
|
|
397
425
|
Dukpt?: DukptEncryptionAttributes;
|
|
426
|
+
/**
|
|
427
|
+
* Parameters for plaintext encryption using EMV keys.
|
|
428
|
+
*/
|
|
429
|
+
Emv?: EmvEncryptionAttributes;
|
|
398
430
|
/**
|
|
399
431
|
* Parameters that are required to perform encryption and decryption using symmetric keys.
|
|
400
432
|
*/
|
|
@@ -425,7 +457,7 @@ declare namespace PaymentCryptographyData {
|
|
|
425
457
|
*/
|
|
426
458
|
KeyArn: KeyArn;
|
|
427
459
|
/**
|
|
428
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
460
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
429
461
|
*/
|
|
430
462
|
KeyCheckValue: KeyCheckValue;
|
|
431
463
|
/**
|
|
@@ -447,7 +479,7 @@ declare namespace PaymentCryptographyData {
|
|
|
447
479
|
*/
|
|
448
480
|
MacLength?: IntegerRangeBetween4And16;
|
|
449
481
|
/**
|
|
450
|
-
* The data for which a MAC is under generation.
|
|
482
|
+
* The data for which a MAC is under generation. This value must be hexBinary.
|
|
451
483
|
*/
|
|
452
484
|
MessageData: HexEvenLengthBetween2And4096;
|
|
453
485
|
}
|
|
@@ -457,7 +489,7 @@ declare namespace PaymentCryptographyData {
|
|
|
457
489
|
*/
|
|
458
490
|
KeyArn: KeyArn;
|
|
459
491
|
/**
|
|
460
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
492
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
461
493
|
*/
|
|
462
494
|
KeyCheckValue: KeyCheckValue;
|
|
463
495
|
/**
|
|
@@ -501,7 +533,7 @@ declare namespace PaymentCryptographyData {
|
|
|
501
533
|
*/
|
|
502
534
|
EncryptionKeyArn: KeyArn;
|
|
503
535
|
/**
|
|
504
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
536
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
505
537
|
*/
|
|
506
538
|
EncryptionKeyCheckValue: KeyCheckValue;
|
|
507
539
|
/**
|
|
@@ -509,7 +541,7 @@ declare namespace PaymentCryptographyData {
|
|
|
509
541
|
*/
|
|
510
542
|
GenerationKeyArn: KeyArn;
|
|
511
543
|
/**
|
|
512
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
544
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
513
545
|
*/
|
|
514
546
|
GenerationKeyCheckValue: KeyCheckValue;
|
|
515
547
|
/**
|
|
@@ -676,7 +708,7 @@ declare namespace PaymentCryptographyData {
|
|
|
676
708
|
*/
|
|
677
709
|
DukptIso9797Algorithm1?: MacAlgorithmDukpt;
|
|
678
710
|
/**
|
|
679
|
-
* Parameters that are required for MAC generation or verification using DUKPT ISO 9797
|
|
711
|
+
* Parameters that are required for MAC generation or verification using DUKPT ISO 9797 algorithm3.
|
|
680
712
|
*/
|
|
681
713
|
DukptIso9797Algorithm3?: MacAlgorithmDukpt;
|
|
682
714
|
/**
|
|
@@ -772,7 +804,7 @@ declare namespace PaymentCryptographyData {
|
|
|
772
804
|
*/
|
|
773
805
|
KeyArn: KeyArn;
|
|
774
806
|
/**
|
|
775
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
807
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
776
808
|
*/
|
|
777
809
|
KeyCheckValue: KeyCheckValue;
|
|
778
810
|
}
|
|
@@ -884,11 +916,11 @@ declare namespace PaymentCryptographyData {
|
|
|
884
916
|
}
|
|
885
917
|
export interface SymmetricEncryptionAttributes {
|
|
886
918
|
/**
|
|
887
|
-
* An input
|
|
919
|
+
* An input used to provide the intial state. If no value is provided, Amazon Web Services Payment Cryptography defaults it to zero.
|
|
888
920
|
*/
|
|
889
921
|
InitializationVector?: HexLength16Or32;
|
|
890
922
|
/**
|
|
891
|
-
* The block cipher
|
|
923
|
+
* The block cipher method to use for encryption.
|
|
892
924
|
*/
|
|
893
925
|
Mode: EncryptionMode;
|
|
894
926
|
/**
|
|
@@ -902,7 +934,7 @@ declare namespace PaymentCryptographyData {
|
|
|
902
934
|
*/
|
|
903
935
|
EncryptedPinBlock: HexEvenLengthBetween16And32;
|
|
904
936
|
/**
|
|
905
|
-
* The attributes and values to use for incoming DUKPT encryption key for PIN block
|
|
937
|
+
* The attributes and values to use for incoming DUKPT encryption key for PIN block translation.
|
|
906
938
|
*/
|
|
907
939
|
IncomingDukptAttributes?: DukptDerivationAttributes;
|
|
908
940
|
/**
|
|
@@ -910,7 +942,7 @@ declare namespace PaymentCryptographyData {
|
|
|
910
942
|
*/
|
|
911
943
|
IncomingKeyIdentifier: KeyArnOrKeyAliasType;
|
|
912
944
|
/**
|
|
913
|
-
* The format of the incoming PIN block data for
|
|
945
|
+
* The format of the incoming PIN block data for translation within Amazon Web Services Payment Cryptography.
|
|
914
946
|
*/
|
|
915
947
|
IncomingTranslationAttributes: TranslationIsoFormats;
|
|
916
948
|
/**
|
|
@@ -922,7 +954,7 @@ declare namespace PaymentCryptographyData {
|
|
|
922
954
|
*/
|
|
923
955
|
OutgoingKeyIdentifier: KeyArnOrKeyAliasType;
|
|
924
956
|
/**
|
|
925
|
-
* The format of the outgoing PIN block data after
|
|
957
|
+
* The format of the outgoing PIN block data after translation by Amazon Web Services Payment Cryptography.
|
|
926
958
|
*/
|
|
927
959
|
OutgoingTranslationAttributes: TranslationIsoFormats;
|
|
928
960
|
}
|
|
@@ -932,11 +964,11 @@ declare namespace PaymentCryptographyData {
|
|
|
932
964
|
*/
|
|
933
965
|
KeyArn: KeyArn;
|
|
934
966
|
/**
|
|
935
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
967
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
936
968
|
*/
|
|
937
969
|
KeyCheckValue: KeyCheckValue;
|
|
938
970
|
/**
|
|
939
|
-
* The
|
|
971
|
+
* The outgoing encrypted PIN block data after translation.
|
|
940
972
|
*/
|
|
941
973
|
PinBlock: HexLengthBetween16And32;
|
|
942
974
|
}
|
|
@@ -1002,7 +1034,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1002
1034
|
*/
|
|
1003
1035
|
KeyArn: KeyArn;
|
|
1004
1036
|
/**
|
|
1005
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1037
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1006
1038
|
*/
|
|
1007
1039
|
KeyCheckValue: KeyCheckValue;
|
|
1008
1040
|
}
|
|
@@ -1030,7 +1062,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1030
1062
|
*/
|
|
1031
1063
|
KeyArn: KeyArn;
|
|
1032
1064
|
/**
|
|
1033
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1065
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1034
1066
|
*/
|
|
1035
1067
|
KeyCheckValue: KeyCheckValue;
|
|
1036
1068
|
}
|
|
@@ -1048,7 +1080,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1048
1080
|
*/
|
|
1049
1081
|
MacLength?: IntegerRangeBetween4And16;
|
|
1050
1082
|
/**
|
|
1051
|
-
* The data on for which MAC is under verification.
|
|
1083
|
+
* The data on for which MAC is under verification. This value must be hexBinary.
|
|
1052
1084
|
*/
|
|
1053
1085
|
MessageData: HexEvenLengthBetween2And4096;
|
|
1054
1086
|
/**
|
|
@@ -1062,7 +1094,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1062
1094
|
*/
|
|
1063
1095
|
KeyArn: KeyArn;
|
|
1064
1096
|
/**
|
|
1065
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1097
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1066
1098
|
*/
|
|
1067
1099
|
KeyCheckValue: KeyCheckValue;
|
|
1068
1100
|
}
|
|
@@ -1106,7 +1138,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1106
1138
|
*/
|
|
1107
1139
|
EncryptionKeyArn: KeyArn;
|
|
1108
1140
|
/**
|
|
1109
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1141
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1110
1142
|
*/
|
|
1111
1143
|
EncryptionKeyCheckValue: KeyCheckValue;
|
|
1112
1144
|
/**
|
|
@@ -1114,7 +1146,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1114
1146
|
*/
|
|
1115
1147
|
VerificationKeyArn: KeyArn;
|
|
1116
1148
|
/**
|
|
1117
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1149
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1118
1150
|
*/
|
|
1119
1151
|
VerificationKeyCheckValue: KeyCheckValue;
|
|
1120
1152
|
}
|
|
@@ -2176,7 +2176,7 @@ declare namespace RDS {
|
|
|
2176
2176
|
*/
|
|
2177
2177
|
AllocatedStorage?: IntegerOptional;
|
|
2178
2178
|
/**
|
|
2179
|
-
* The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters. This setting is required to create a Multi-AZ DB cluster. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: Aurora DB clusters - aurora | aurora-iopt1 Multi-AZ DB clusters - io1 Default: Aurora DB clusters - aurora Multi-AZ DB clusters - io1 When you create an Aurora DB cluster with the storage type set to aurora-iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to aurora.
|
|
2179
|
+
* The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters. This setting is required to create a Multi-AZ DB cluster. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: Aurora DB clusters - aurora | aurora-iopt1 Multi-AZ DB clusters - io1 | io2 | gp3 Default: Aurora DB clusters - aurora Multi-AZ DB clusters - io1 When you create an Aurora DB cluster with the storage type set to aurora-iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to aurora.
|
|
2180
2180
|
*/
|
|
2181
2181
|
StorageType?: String;
|
|
2182
2182
|
/**
|
|
@@ -2237,7 +2237,7 @@ declare namespace RDS {
|
|
|
2237
2237
|
*/
|
|
2238
2238
|
EnableLocalWriteForwarding?: BooleanOptional;
|
|
2239
2239
|
/**
|
|
2240
|
-
* The CA certificate identifier to use for the DB cluster's server certificate. Valid for Cluster Type: Multi-AZ DB clusters
|
|
2240
|
+
* The CA certificate identifier to use for the DB cluster's server certificate. For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide. Valid for Cluster Type: Multi-AZ DB clusters
|
|
2241
2241
|
*/
|
|
2242
2242
|
CACertificateIdentifier?: String;
|
|
2243
2243
|
/**
|
|
@@ -7431,7 +7431,7 @@ declare namespace RDS {
|
|
|
7431
7431
|
*/
|
|
7432
7432
|
AllocatedStorage?: IntegerOptional;
|
|
7433
7433
|
/**
|
|
7434
|
-
* The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: Aurora DB clusters - aurora | aurora-iopt1 Multi-AZ DB clusters - io1 Default: Aurora DB clusters - aurora Multi-AZ DB clusters - io1
|
|
7434
|
+
* The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: Aurora DB clusters - aurora | aurora-iopt1 Multi-AZ DB clusters - io1 | io2 | gp3 Default: Aurora DB clusters - aurora Multi-AZ DB clusters - io1
|
|
7435
7435
|
*/
|
|
7436
7436
|
StorageType?: String;
|
|
7437
7437
|
/**
|
|
@@ -7500,7 +7500,7 @@ declare namespace RDS {
|
|
|
7500
7500
|
*/
|
|
7501
7501
|
EnableLimitlessDatabase?: BooleanOptional;
|
|
7502
7502
|
/**
|
|
7503
|
-
* The CA certificate identifier to use for the DB cluster's server certificate. Valid for Cluster Type: Multi-AZ DB clusters
|
|
7503
|
+
* The CA certificate identifier to use for the DB cluster's server certificate. For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide. Valid for Cluster Type: Multi-AZ DB clusters
|
|
7504
7504
|
*/
|
|
7505
7505
|
CACertificateIdentifier?: String;
|
|
7506
7506
|
}
|
|
@@ -7620,7 +7620,7 @@ declare namespace RDS {
|
|
|
7620
7620
|
*/
|
|
7621
7621
|
NewDBInstanceIdentifier?: String;
|
|
7622
7622
|
/**
|
|
7623
|
-
* The storage type to associate with the DB instance. If you specify io1
|
|
7623
|
+
* The storage type to associate with the DB instance. If you specify io1, io2, or gp3 you must also include a value for the Iops parameter. If you choose to migrate your DB instance from using standard storage to using Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the process can take time. The duration of the migration depends on several factors such as database load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if any), and the number of prior scale storage operations. Typical migration times are under 24 hours, but the process can take up to several days in some cases. During the migration, the DB instance is available for use, but might experience performance degradation. While the migration takes place, nightly backups for the instance are suspended. No other Amazon RDS operations can take place for the instance, including modifying the instance, rebooting the instance, deleting the instance, creating a read replica for the instance, and creating a DB snapshot of the instance. Valid Values: gp2 | gp3 | io1 | io2 | standard Default: io1, if the Iops parameter is specified. Otherwise, gp2.
|
|
7624
7624
|
*/
|
|
7625
7625
|
StorageType?: String;
|
|
7626
7626
|
/**
|
|
@@ -741,7 +741,7 @@ declare namespace Snowball {
|
|
|
741
741
|
*/
|
|
742
742
|
KubernetesVersion?: String;
|
|
743
743
|
/**
|
|
744
|
-
* The version of EKS Anywhere on the Snow Family device.
|
|
744
|
+
* The optional version of EKS Anywhere on the Snow Family device.
|
|
745
745
|
*/
|
|
746
746
|
EKSAnywhereVersion?: String;
|
|
747
747
|
}
|
|
@@ -29,11 +29,11 @@ declare class Transfer extends Service {
|
|
|
29
29
|
*/
|
|
30
30
|
createAgreement(callback?: (err: AWSError, data: Transfer.Types.CreateAgreementResponse) => void): Request<Transfer.Types.CreateAgreementResponse, AWSError>;
|
|
31
31
|
/**
|
|
32
|
-
* Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see
|
|
32
|
+
* Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see Configure AS2 connectors and Create SFTP connectors. You must specify exactly one configuration object: either for AS2 (As2Config) or SFTP (SftpConfig).
|
|
33
33
|
*/
|
|
34
34
|
createConnector(params: Transfer.Types.CreateConnectorRequest, callback?: (err: AWSError, data: Transfer.Types.CreateConnectorResponse) => void): Request<Transfer.Types.CreateConnectorResponse, AWSError>;
|
|
35
35
|
/**
|
|
36
|
-
* Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see
|
|
36
|
+
* Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see Configure AS2 connectors and Create SFTP connectors. You must specify exactly one configuration object: either for AS2 (As2Config) or SFTP (SftpConfig).
|
|
37
37
|
*/
|
|
38
38
|
createConnector(callback?: (err: AWSError, data: Transfer.Types.CreateConnectorResponse) => void): Request<Transfer.Types.CreateConnectorResponse, AWSError>;
|
|
39
39
|
/**
|
|
@@ -477,11 +477,11 @@ declare class Transfer extends Service {
|
|
|
477
477
|
*/
|
|
478
478
|
updateServer(callback?: (err: AWSError, data: Transfer.Types.UpdateServerResponse) => void): Request<Transfer.Types.UpdateServerResponse, AWSError>;
|
|
479
479
|
/**
|
|
480
|
-
* Assigns new properties to a user. Parameters you pass modify any or all of the following: the home directory, role, and policy for the UserName and ServerId you specify. The response returns the ServerId and the UserName for the updated user.
|
|
480
|
+
* Assigns new properties to a user. Parameters you pass modify any or all of the following: the home directory, role, and policy for the UserName and ServerId you specify. The response returns the ServerId and the UserName for the updated user. In the console, you can select Restricted when you create or update a user. This ensures that the user can't access anything outside of their home directory. The programmatic way to configure this behavior is to update the user. Set their HomeDirectoryType to LOGICAL, and specify HomeDirectoryMappings with Entry as root (/) and Target as their home directory. For example, if the user's home directory is /test/admin-user, the following command updates the user so that their configuration in the console shows the Restricted flag as selected. aws transfer update-user --server-id <server-id> --user-name admin-user --home-directory-type LOGICAL --home-directory-mappings "[{\"Entry\":\"/\", \"Target\":\"/test/admin-user\"}]"
|
|
481
481
|
*/
|
|
482
482
|
updateUser(params: Transfer.Types.UpdateUserRequest, callback?: (err: AWSError, data: Transfer.Types.UpdateUserResponse) => void): Request<Transfer.Types.UpdateUserResponse, AWSError>;
|
|
483
483
|
/**
|
|
484
|
-
* Assigns new properties to a user. Parameters you pass modify any or all of the following: the home directory, role, and policy for the UserName and ServerId you specify. The response returns the ServerId and the UserName for the updated user.
|
|
484
|
+
* Assigns new properties to a user. Parameters you pass modify any or all of the following: the home directory, role, and policy for the UserName and ServerId you specify. The response returns the ServerId and the UserName for the updated user. In the console, you can select Restricted when you create or update a user. This ensures that the user can't access anything outside of their home directory. The programmatic way to configure this behavior is to update the user. Set their HomeDirectoryType to LOGICAL, and specify HomeDirectoryMappings with Entry as root (/) and Target as their home directory. For example, if the user's home directory is /test/admin-user, the following command updates the user so that their configuration in the console shows the Restricted flag as selected. aws transfer update-user --server-id <server-id> --user-name admin-user --home-directory-type LOGICAL --home-directory-mappings "[{\"Entry\":\"/\", \"Target\":\"/test/admin-user\"}]"
|
|
485
485
|
*/
|
|
486
486
|
updateUser(callback?: (err: AWSError, data: Transfer.Types.UpdateUserResponse) => void): Request<Transfer.Types.UpdateUserResponse, AWSError>;
|
|
487
487
|
/**
|
|
@@ -525,7 +525,7 @@ declare namespace Transfer {
|
|
|
525
525
|
*/
|
|
526
526
|
Compression?: CompressionEnum;
|
|
527
527
|
/**
|
|
528
|
-
* The algorithm that is used to encrypt the file.
|
|
528
|
+
* The algorithm that is used to encrypt the file. Note the following: Do not use the DES_EDE3_CBC algorithm unless you must support a legacy client that requires it, as it is a weak encryption algorithm. You can only specify NONE if the URL for your connector uses HTTPS. Using HTTPS ensures that no traffic is sent in clear text.
|
|
529
529
|
*/
|
|
530
530
|
EncryptionAlgorithm?: EncryptionAlg;
|
|
531
531
|
/**
|
|
@@ -1623,11 +1623,11 @@ declare namespace Transfer {
|
|
|
1623
1623
|
}
|
|
1624
1624
|
export type EfsFileSystemId = string;
|
|
1625
1625
|
export type EfsPath = string;
|
|
1626
|
-
export type EncryptionAlg = "AES128_CBC"|"AES192_CBC"|"AES256_CBC"|"NONE"|string;
|
|
1626
|
+
export type EncryptionAlg = "AES128_CBC"|"AES192_CBC"|"AES256_CBC"|"DES_EDE3_CBC"|"NONE"|string;
|
|
1627
1627
|
export type EncryptionType = "PGP"|string;
|
|
1628
1628
|
export interface EndpointDetails {
|
|
1629
1629
|
/**
|
|
1630
|
-
* A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint. This property can only be set
|
|
1630
|
+
* A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint. An address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the allocationId field from the Amazon EC2 Address data type. One way to retrieve this value is by calling the EC2 DescribeAddresses API. This parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see Create an internet-facing endpoint for your server. This property can only be set as follows: EndpointType must be set to VPC The Transfer Family server must be offline. You cannot set this parameter for Transfer Family servers that use the FTP protocol. The server must already have SubnetIds populated (SubnetIds and AddressAllocationIds cannot be updated simultaneously). AddressAllocationIds can't contain duplicates, and must be equal in length to SubnetIds. For example, if you have three subnet IDs, you must also specify three address allocation IDs. Call the UpdateServer API to set or change this parameter.
|
|
1631
1631
|
*/
|
|
1632
1632
|
AddressAllocationIds?: AddressAllocationIds;
|
|
1633
1633
|
/**
|
|
@@ -2548,7 +2548,7 @@ declare namespace Transfer {
|
|
|
2548
2548
|
*/
|
|
2549
2549
|
UserSecretId?: SecretId;
|
|
2550
2550
|
/**
|
|
2551
|
-
* The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the ssh-keyscan command against the SFTP server to retrieve the necessary key. The three standard SSH public key format elements are <key type>, <body base64>, and an optional <comment>, with spaces between each element. Specify only the <key type> and <body base64>: do not enter the <comment> portion of the key. For the trusted host key, Transfer Family accepts RSA and ECDSA keys. For RSA keys, the <key type> string is ssh-rsa. For ECDSA keys, the <key type> string is either ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521, depending on the size of the key you generated.
|
|
2551
|
+
* The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the ssh-keyscan command against the SFTP server to retrieve the necessary key. The three standard SSH public key format elements are <key type>, <body base64>, and an optional <comment>, with spaces between each element. Specify only the <key type> and <body base64>: do not enter the <comment> portion of the key. For the trusted host key, Transfer Family accepts RSA and ECDSA keys. For RSA keys, the <key type> string is ssh-rsa. For ECDSA keys, the <key type> string is either ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521, depending on the size of the key you generated. Run this command to retrieve the SFTP server host key, where your SFTP server name is ftp.host.com. ssh-keyscan ftp.host.com This prints the public host key to standard output. ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key Copy and paste this string into the TrustedHostKeys field for the create-connector command or into the Trusted host keys field in the console.
|
|
2552
2552
|
*/
|
|
2553
2553
|
TrustedHostKeys?: SftpConnectorTrustedHostKeyList;
|
|
2554
2554
|
}
|