lib/aws-sdk-transfer/client.rb in aws-sdk-transfer-1.20.0 vs lib/aws-sdk-transfer/client.rb in aws-sdk-transfer-1.21.0
- old
+ new
@@ -326,10 +326,45 @@
#
# @option params [String] :certificate
# The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
# certificate. Required when `Protocols` is set to `FTPS`.
#
+ # To request a new public certificate, see [Request a public
+ # certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+ #
+ # To import an existing certificate into ACM, see [Importing
+ # certificates into ACM][2] in the <i> AWS Certificate Manager User
+ # Guide</i>.
+ #
+ # To request a private certificate to use FTPS through private IP
+ # addresses, see [Request a private certificate][3] in the <i> AWS
+ # Certificate Manager User Guide</i>.
+ #
+ # Certificates with the following cryptographic algorithms and key sizes
+ # are supported:
+ #
+ # * 2048-bit RSA (RSA\_2048)
+ #
+ # * 4096-bit RSA (RSA\_4096)
+ #
+ # * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+ #
+ # * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+ #
+ # * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+ #
+ # <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+ # with FQDN or IP address specified and information about the issuer.
+ #
+ # </note>
+ #
+ #
+ #
+ # [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+ # [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+ # [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
+ #
# @option params [Types::EndpointDetails] :endpoint_details
# The virtual private cloud (VPC) endpoint settings that are configured
# for your file transfer protocol-enabled server. When you host your
# endpoint within your VPC, you can make it accessible only to resources
# within your VPC, or you can attach Elastic IPs and make it accessible
@@ -337,28 +372,36 @@
# automatically assigned to your endpoint.
#
# @option params [String] :endpoint_type
# The type of VPC endpoint that you want your file transfer
# protocol-enabled server to connect to. You can choose to connect to
- # the public internet or a virtual private cloud (VPC) endpoint. With a
- # VPC endpoint, you can restrict access to your server and resources
- # only within your VPC.
+ # the public internet or a VPC endpoint. With a VPC endpoint, you can
+ # restrict access to your server and resources only within your VPC.
#
+ # <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With this
+ # endpoint type, you have the option to directly associate up to three
+ # Elastic IPv4 addresses (BYO IP included) with your server's endpoint
+ # and use VPC security groups to restrict traffic by the client's
+ # public IP address. This is not possible with `EndpointType` set to
+ # `VPC_ENDPOINT`.
+ #
+ # </note>
+ #
# @option params [String] :host_key
- # The RSA private key as generated by the `ssh-keygen -N "" -f
+ # The RSA private key as generated by the `ssh-keygen -N "" -m PEM -f
# my-new-server-key` command.
#
# If you aren't planning to migrate existing users from an existing
# SFTP-enabled server to a new server, don't update the host key.
# Accidentally changing a server's host key can be disruptive.
#
- # For more information, see [Changing the Host Key for Your AWS Transfer
- # Family Server][1] in the *AWS Transfer Family User Guide*.
+ # For more information, see [Change the host key for your SFTP-enabled
+ # server][1] in the *AWS Transfer Family User Guide*.
#
#
#
- # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
#
# @option params [Types::IdentityProviderDetails] :identity_provider_details
# Required when `IdentityProviderType` is set to `API_GATEWAY`. Accepts
# an array containing all of the information required to call a
# customer-supplied authentication API, including the API Gateway URL.
@@ -380,18 +423,34 @@
# @option params [Array<String>] :protocols
# Specifies the file transfer protocol or protocols over which your file
# transfer protocol client can connect to your server's endpoint. The
# available protocols are:
#
- # * Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over
- # SSH
+ # * `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer
+ # over SSH
#
- # * File Transfer Protocol Secure (FTPS): File transfer with TLS
+ # * `FTPS` (File Transfer Protocol Secure): File transfer with TLS
# encryption
#
- # * File Transfer Protocol (FTP): Unencrypted file transfer
+ # * `FTP` (File Transfer Protocol): Unencrypted file transfer
#
+ # <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+ # Certificate Manager (ACM) which will be used to identify your server
+ # when clients connect to it over FTPS.
+ #
+ # If `Protocol` includes either `FTP` or `FTPS`, then the `EndpointType`
+ # must be `VPC` and the `IdentityProviderType` must be `API_GATEWAY`.
+ #
+ # If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+ # associated.
+ #
+ # If `Protocol` is set only to `SFTP`, the `EndpointType` can be set to
+ # `PUBLIC` and the `IdentityProviderType` can be set to
+ # `SERVICE_MANAGED`.
+ #
+ # </note>
+ #
# @option params [Array<Types::Tag>] :tags
# Key-value pairs that can be used to group and search for file transfer
# protocol-enabled servers.
#
# @return [Types::CreateServerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -449,11 +508,12 @@
#
# @option params [String] :home_directory
# The landing directory (folder) for a user when they log in to the file
# transfer protocol-enabled server using the client.
#
- # An example is `your-Amazon-S3-bucket-name>/home/username`.
+ # An example is <i>
+ # <code>your-Amazon-S3-bucket-name>/home/username</code> </i>.
#
# @option params [String] :home_directory_type
# The type of landing directory (folder) you want your users' home
# directory to be when they log into the file transfer protocol-enabled
# server. If you set it to `PATH`, the user will see the absolute Amazon
@@ -466,12 +526,12 @@
# Logical directory mappings that specify what Amazon S3 paths and keys
# should be visible to your user and how you want to make them visible.
# You will need to specify the "`Entry`" and "`Target`" pair, where
# `Entry` shows how the path is made visible and `Target` is the actual
# Amazon S3 path. If you only specify a target, it will be displayed as
- # is. You will need to also make sure that your AWS IAM Role provides
- # access to paths in `Target`. The following is an example.
+ # is. You will need to also make sure that your IAM role provides access
+ # to paths in `Target`. The following is an example.
#
# `'[ "/bucket2/documentation", \{ "Entry": "your-personal-report.pdf",
# "Target": "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \}
# ]'`
#
@@ -501,12 +561,12 @@
# <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
# JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
# You save the policy as a JSON blob and pass it in the `Policy`
# argument.
#
- # For an example of a scope-down policy, see [Creating a Scope-Down
- # Policy][1].
+ # For an example of a scope-down policy, see [Creating a scope-down
+ # policy][1].
#
# For more information, see [AssumeRole][2] in the *AWS Security Token
# Service API Reference*.
#
# </note>
@@ -1108,16 +1168,10 @@
# @option params [required, String] :server_id
# A system-assigned identifier for a specific file transfer
# protocol-enabled server. That server's user authentication method is
# tested with a user name and password.
#
- # @option params [required, String] :user_name
- # The name of the user account to be tested.
- #
- # @option params [String] :user_password
- # The password of the user account to be tested.
- #
# @option params [String] :server_protocol
# The type of file transfer protocol to be tested.
#
# The available protocols are:
#
@@ -1125,10 +1179,19 @@
#
# * File Transfer Protocol Secure (FTPS)
#
# * File Transfer Protocol (FTP)
#
+ # @option params [String] :source_ip
+ # The source IP address of the user account to be tested.
+ #
+ # @option params [required, String] :user_name
+ # The name of the user account to be tested.
+ #
+ # @option params [String] :user_password
+ # The password of the user account to be tested.
+ #
# @return [Types::TestIdentityProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::TestIdentityProviderResponse#response #response} => String
# * {Types::TestIdentityProviderResponse#status_code #status_code} => Integer
# * {Types::TestIdentityProviderResponse#message #message} => String
@@ -1136,13 +1199,14 @@
#
# @example Request syntax with placeholder values
#
# resp = client.test_identity_provider({
# server_id: "ServerId", # required
+ # server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
+ # source_ip: "SourceIp",
# user_name: "UserName", # required
# user_password: "UserPassword",
- # server_protocol: "SFTP", # accepts SFTP, FTP, FTPS
# })
#
# @example Response structure
#
# resp.response #=> String
@@ -1201,38 +1265,82 @@
#
# @option params [String] :certificate
# The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM)
# certificate. Required when `Protocols` is set to `FTPS`.
#
+ # To request a new public certificate, see [Request a public
+ # certificate][1] in the <i> AWS Certificate Manager User Guide</i>.
+ #
+ # To import an existing certificate into ACM, see [Importing
+ # certificates into ACM][2] in the <i> AWS Certificate Manager User
+ # Guide</i>.
+ #
+ # To request a private certificate to use FTPS through private IP
+ # addresses, see [Request a private certificate][3] in the <i> AWS
+ # Certificate Manager User Guide</i>.
+ #
+ # Certificates with the following cryptographic algorithms and key sizes
+ # are supported:
+ #
+ # * 2048-bit RSA (RSA\_2048)
+ #
+ # * 4096-bit RSA (RSA\_4096)
+ #
+ # * Elliptic Prime Curve 256 bit (EC\_prime256v1)
+ #
+ # * Elliptic Prime Curve 384 bit (EC\_secp384r1)
+ #
+ # * Elliptic Prime Curve 521 bit (EC\_secp521r1)
+ #
+ # <note markdown="1"> The certificate must be a valid SSL/TLS X.509 version 3 certificate
+ # with FQDN or IP address specified and information about the issuer.
+ #
+ # </note>
+ #
+ #
+ #
+ # [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
+ # [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+ # [3]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html
+ #
# @option params [Types::EndpointDetails] :endpoint_details
# The virtual private cloud (VPC) endpoint settings that are configured
# for your file transfer protocol-enabled server. With a VPC endpoint,
# you can restrict access to your server to resources only within your
# VPC. To control incoming internet traffic, you will need to associate
# one or more Elastic IP addresses with your server's endpoint.
#
# @option params [String] :endpoint_type
# The type of endpoint that you want your file transfer protocol-enabled
# server to connect to. You can choose to connect to the public internet
- # or a VPC endpoint. With a VPC endpoint, your server isn't accessible
- # over the public internet.
+ # or a VPC endpoint. With a VPC endpoint, you can restrict access to
+ # your server and resources only within your VPC.
#
+ # <note markdown="1"> It is recommended that you use `VPC` as the `EndpointType`. With this
+ # endpoint type, you have the option to directly associate up to three
+ # Elastic IPv4 addresses (BYO IP included) with your server's endpoint
+ # and use VPC security groups to restrict traffic by the client's
+ # public IP address. This is not possible with `EndpointType` set to
+ # `VPC_ENDPOINT`.
+ #
+ # </note>
+ #
# @option params [String] :host_key
- # The RSA private key as generated by `ssh-keygen -N "" -f
+ # The RSA private key as generated by `ssh-keygen -N "" -m PEM -f
# my-new-server-key`.
#
# If you aren't planning to migrate existing users from an existing
# file transfer protocol-enabled server to a new server, don't update
# the host key. Accidentally changing a server's host key can be
# disruptive.
#
- # For more information, see [Changing the Host Key for Your AWS Transfer
- # Family Server][1] in the *AWS Transfer Family User Guide*.
+ # For more information, see [Change the host key for your SFTP-enabled
+ # server][1] in the *AWS Transfer Family User Guide*.
#
#
#
- # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/configuring-servers.html#change-host-key
+ # [1]: https://docs.aws.amazon.com/transfer/latest/userguide/edit-server-config.html#configuring-servers-change-host-key
#
# @option params [Types::IdentityProviderDetails] :identity_provider_details
# An array containing all of the information required to call a
# customer's authentication API method.
#
@@ -1252,10 +1360,26 @@
# * File Transfer Protocol Secure (FTPS): File transfer with TLS
# encryption
#
# * File Transfer Protocol (FTP): Unencrypted file transfer
#
+ # <note markdown="1"> If you select `FTPS`, you must choose a certificate stored in AWS
+ # Certificate Manager (ACM) which will be used to identify your server
+ # when clients connect to it over FTPS.
+ #
+ # If `Protocol` includes either `FTP` or `FTPS`, then the `EndpointType`
+ # must be `VPC` and the `IdentityProviderType` must be `API_GATEWAY`.
+ #
+ # If `Protocol` includes `FTP`, then `AddressAllocationIds` cannot be
+ # associated.
+ #
+ # If `Protocol` is set only to `SFTP`, the `EndpointType` can be set to
+ # `PUBLIC` and the `IdentityProviderType` can be set to
+ # `SERVICE_MANAGED`.
+ #
+ # </note>
+ #
# @option params [required, String] :server_id
# A system-assigned unique identifier for a file transfer
# protocol-enabled server instance that the user account is assigned to.
#
# @return [Types::UpdateServerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -1323,12 +1447,12 @@
# Logical directory mappings that specify what Amazon S3 paths and keys
# should be visible to your user and how you want to make them visible.
# You will need to specify the "`Entry`" and "`Target`" pair, where
# `Entry` shows how the path is made visible and `Target` is the actual
# Amazon S3 path. If you only specify a target, it will be displayed as
- # is. You will need to also make sure that your AWS IAM Role provides
- # access to paths in `Target`. The following is an example.
+ # is. You will need to also make sure that your IAM role provides access
+ # to paths in `Target`. The following is an example.
#
# `'[ "/bucket2/documentation", \{ "Entry": "your-personal-report.pdf",
# "Target": "/bucket3/customized-reports/$\{transfer:UserName\}.pdf" \}
# ]'`
#
@@ -1348,23 +1472,22 @@
#
# </note>
#
# @option params [String] :policy
# Allows you to supply a scope-down policy for your user so you can use
- # the same AWS Identity and Access Management (IAM) role across multiple
- # users. The policy scopes down user access to portions of your Amazon
- # S3 bucket. Variables you can use inside this policy include
- # `$\{Transfer:UserName\}`, `$\{Transfer:HomeDirectory\}`, and
- # `$\{Transfer:HomeBucket\}`.
+ # the same IAM role across multiple users. The policy scopes down user
+ # access to portions of your Amazon S3 bucket. Variables you can use
+ # inside this policy include `$\{Transfer:UserName\}`,
+ # `$\{Transfer:HomeDirectory\}`, and `$\{Transfer:HomeBucket\}`.
#
# <note markdown="1"> For scope-down policies, AWS Transfer Family stores the policy as a
# JSON blob, instead of the Amazon Resource Name (ARN) of the policy.
# You save the policy as a JSON blob and pass it in the `Policy`
# argument.
#
- # For an example of a scope-down policy, see [Creating a Scope-Down
- # Policy][1].
+ # For an example of a scope-down policy, see [Creating a scope-down
+ # policy][1].
#
# For more information, see [AssumeRole][2] in the *AWS Security Token
# Service API Reference*.
#
# </note>
@@ -1442,10 +1565,10 @@
operation: config.api.operation(operation_name),
client: self,
params: params,
config: config)
context[:gem_name] = 'aws-sdk-transfer'
- context[:gem_version] = '1.20.0'
+ context[:gem_version] = '1.21.0'
Seahorse::Client::Request.new(handlers, context)
end
# @api private
# @deprecated