AWS Transfer Family Update: This release adds support for Amazon EFS, so customers can transfer files over SFTP, FTPS and FTP in and out of Amazon S3 as well as Amazon EFS.

AWS · AWS · commit e0c0d9cc17c7 · 2021-01-06T19:07:21.000Z
diff --git a/.changes/next-release/feature-AWSTransferFamily-a44096e.json b/.changes/next-release/feature-AWSTransferFamily-a44096e.json
@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS Transfer Family",
+    "contributor": "",
+    "description": "This release adds support for Amazon EFS, so customers can transfer files over SFTP, FTPS and FTP in and out of Amazon S3 as well as Amazon EFS."
+}
diff --git a/services/transfer/src/main/resources/codegen-resources/service-2.json b/services/transfer/src/main/resources/codegen-resources/service-2.json
@@ -384,6 +384,7 @@
           "shape":"Certificate",
           "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when <code>Protocols</code> is set to <code>FTPS</code>.</p> <p>To request a new public certificate, see <a href=\"https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html\">Request a public certificate</a> in the <i> AWS Certificate Manager User Guide</i>.</p> <p>To import an existing certificate into ACM, see <a href=\"https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html\">Importing certificates into ACM</a> in the <i> AWS Certificate Manager User Guide</i>.</p> <p>To request a private certificate to use FTPS through private IP addresses, see <a href=\"https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html\">Request a private certificate</a> in the <i> AWS Certificate Manager User Guide</i>.</p> <p>Certificates with the following cryptographic algorithms and key sizes are supported:</p> <ul> <li> <p>2048-bit RSA (RSA_2048)</p> </li> <li> <p>4096-bit RSA (RSA_4096)</p> </li> <li> <p>Elliptic Prime Curve 256 bit (EC_prime256v1)</p> </li> <li> <p>Elliptic Prime Curve 384 bit (EC_secp384r1)</p> </li> <li> <p>Elliptic Prime Curve 521 bit (EC_secp521r1)</p> </li> </ul> <note> <p>The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.</p> </note>"
         },
+        "Domain":{"shape":"Domain"},
         "EndpointDetails":{
           "shape":"EndpointDetails",
           "documentation":"<p>The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make it accessible only to resources within your VPC, or you can attach Elastic IPs and make it accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint.</p>"
@@ -456,6 +457,7 @@
           "shape":"Policy",
           "documentation":"<p>A scope-down policy for your user so you can use the same IAM role across multiple users. This policy scopes down user access to portions of their Amazon S3 bucket. Variables that you can use inside this policy include <code>${Transfer:UserName}</code>, <code>${Transfer:HomeDirectory}</code>, and <code>${Transfer:HomeBucket}</code>.</p> <note> <p>For scope-down policies, AWS Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the <code>Policy</code> argument.</p> <p>For an example of a scope-down policy, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/users.html#users-policies-scope-down\">Creating a scope-down policy</a>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html\">AssumeRole</a> in the <i>AWS Security Token Service API Reference</i>.</p> </note>"
         },
+        "PosixProfile":{"shape":"PosixProfile"},
         "Role":{
           "shape":"Role",
           "documentation":"<p>The IAM role that controls your users' access to your Amazon S3 bucket. The policies attached to this role will determine the level of access you want to provide your users when transferring files into and out of your Amazon S3 bucket or buckets. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.</p>"
@@ -662,6 +664,7 @@
           "shape":"Certificate",
           "documentation":"<p>Specifies the ARN of the AWS Certificate Manager (ACM) certificate. Required when <code>Protocols</code> is set to <code>FTPS</code>.</p>"
         },
+        "Domain":{"shape":"Domain"},
         "EndpointDetails":{
           "shape":"EndpointDetails",
           "documentation":"<p>Specifies the virtual private cloud (VPC) endpoint settings that you configured for your server.</p>"
@@ -737,6 +740,7 @@
           "shape":"Policy",
           "documentation":"<p>Specifies the name of the policy in use for the described user.</p>"
         },
+        "PosixProfile":{"shape":"PosixProfile"},
         "Role":{
           "shape":"Role",
           "documentation":"<p>Specifies the IAM role that controls your users' access to your Amazon S3 bucket. The policies attached to this role will determine the level of access you want to provide your users when transferring files into and out of your Amazon S3 bucket or buckets. The IAM role should also contain a trust relationship that allows a server to access your resources when servicing your users' transfer requests.</p>"
@@ -756,6 +760,13 @@
       },
       "documentation":"<p>Describes the properties of a user that was specified.</p>"
     },
+    "Domain":{
+      "type":"string",
+      "enum":[
+        "S3",
+        "EFS"
+      ]
+    },
     "EndpointDetails":{
       "type":"structure",
       "members":{
@@ -1064,6 +1075,7 @@
           "shape":"Arn",
           "documentation":"<p>Specifies the unique Amazon Resource Name (ARN) for a server to be listed.</p>"
         },
+        "Domain":{"shape":"Domain"},
         "IdentityProviderType":{
           "shape":"IdentityProviderType",
           "documentation":"<p>Specifies the authentication method used to validate a user for a server that was specified. This can include Secure Shell (SSH), user name and password combinations, or your own custom authentication method. Valid values include <code>SERVICE_MANAGED</code> or <code>API_GATEWAY</code>.</p>"
@@ -1160,6 +1172,23 @@
       "type":"string",
       "max":2048
     },
+    "PosixId":{
+      "type":"long",
+      "max":4294967295,
+      "min":0
+    },
+    "PosixProfile":{
+      "type":"structure",
+      "required":[
+        "Uid",
+        "Gid"
+      ],
+      "members":{
+        "Uid":{"shape":"PosixId"},
+        "Gid":{"shape":"PosixId"},
+        "SecondaryGids":{"shape":"SecondaryGids"}
+      }
+    },
     "Protocol":{
       "type":"string",
       "enum":[
@@ -1214,6 +1243,12 @@
       "min":20,
       "pattern":"arn:.*role/.*"
     },
+    "SecondaryGids":{
+      "type":"list",
+      "member":{"shape":"PosixId"},
+      "max":16,
+      "min":0
+    },
     "SecurityGroupId":{
       "type":"string",
       "max":20,
@@ -1550,6 +1585,7 @@
           "shape":"Policy",
           "documentation":"<p>Allows you to supply a scope-down policy for your user so you can use the same IAM role across multiple users. The policy scopes down user access to portions of your Amazon S3 bucket. Variables you can use inside this policy include <code>${Transfer:UserName}</code>, <code>${Transfer:HomeDirectory}</code>, and <code>${Transfer:HomeBucket}</code>.</p> <note> <p>For scope-down policies, AWS Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the <code>Policy</code> argument.</p> <p>For an example of a scope-down policy, see <a href=\"https://docs.aws.amazon.com/transfer/latest/userguide/users.html#users-policies-scope-down\">Creating a scope-down policy</a>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html\">AssumeRole</a> in the <i>AWS Security Token Service API Reference</i>.</p> </note>"
         },
+        "PosixProfile":{"shape":"PosixProfile"},
         "Role":{
           "shape":"Role",
           "documentation":"<p>The IAM role that controls your users' access to your Amazon S3 bucket. The policies attached to this role will determine the level of access you want to provide your users when transferring files into and out of your Amazon S3 bucket or buckets. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users' transfer requests.</p>"
