// Code generated by smithy-go-codegen DO NOT EDIT.
package types
import (
smithydocument "github.com/aws/smithy-go/document"
"time"
)
// Contains the details for an AS2 connector object. The connector object is used
// for AS2 outbound processes, to connect the Transfer Family customer with the
// trading partner.
type As2ConnectorConfig struct {
// Provides Basic authentication support to the AS2 Connectors API. To use Basic
// authentication, you must provide the name or Amazon Resource Name (ARN) of a
// secret in Secrets Manager. The default value for this parameter is null , which
// indicates that Basic authentication is not enabled for the connector. If the
// connector should use Basic authentication, the secret needs to be in the
// following format: { "Username": "user-name", "Password": "user-password" }
// Replace user-name and user-password with the credentials for the actual user
// that is being authenticated. Note the following:
// - You are storing these credentials in Secrets Manager, not passing them
// directly into this API.
// - If you are using the API, SDKs, or CloudFormation to configure your
// connector, then you must create the secret before you can enable Basic
// authentication. However, if you are using the Amazon Web Services management
// console, you can have the system create the secret for you.
// If you have previously enabled Basic authentication for a connector, you can
// disable it by using the UpdateConnector API call. For example, if you are using
// the CLI, you can run the following command to remove Basic authentication:
// update-connector --connector-id my-connector-id --as2-config
// 'BasicAuthSecretId=""'
BasicAuthSecretId *string
// Specifies whether the AS2 file is compressed.
Compression CompressionEnum
// The algorithm that is used to encrypt the file. You can only specify NONE if
// the URL for your connector uses HTTPS. This ensures that no traffic is sent in
// clear text.
EncryptionAlgorithm EncryptionAlg
// A unique identifier for the AS2 local profile.
LocalProfileId *string
// Used for outbound requests (from an Transfer Family server to a partner AS2
// server) to determine whether the partner response for transfers is synchronous
// or asynchronous. Specify either of the following values:
// - SYNC : The system expects a synchronous MDN response, confirming that the
// file was transferred successfully (or not).
// - NONE : Specifies that no MDN response is required.
MdnResponse MdnResponse
// The signing algorithm for the MDN response. If set to DEFAULT (or not set at
// all), the value for SigningAlgorithm is used.
MdnSigningAlgorithm MdnSigningAlg
// Used as the Subject HTTP header attribute in AS2 messages that are being sent
// with the connector.
MessageSubject *string
// A unique identifier for the partner profile for the connector.
PartnerProfileId *string
// The algorithm that is used to sign the AS2 messages sent with the connector.
SigningAlgorithm SigningAlg
noSmithyDocumentSerde
}
// Each step type has its own StepDetails structure.
type CopyStepDetails struct {
// Specifies the location for the file being copied. Use ${Transfer:UserName} or
// ${Transfer:UploadDate} in this field to parametrize the destination prefix by
// username or uploaded date.
// - Set the value of DestinationFileLocation to ${Transfer:UserName} to copy
// uploaded files to an Amazon S3 bucket that is prefixed with the name of the
// Transfer Family user that uploaded the file.
// - Set the value of DestinationFileLocation to ${Transfer:UploadDate} to copy
// uploaded files to an Amazon S3 bucket that is prefixed with the date of the
// upload. The system resolves UploadDate to a date format of YYYY-MM-DD, based
// on the date the file is uploaded in UTC.
DestinationFileLocation *InputFileLocation
// The name of the step, used as an identifier.
Name *string
// A flag that indicates whether to overwrite an existing file of the same name.
// The default is FALSE . If the workflow is processing a file that has the same
// name as an existing file, the behavior is as follows:
// - If OverwriteExisting is TRUE , the existing file is replaced with the file
// being processed.
// - If OverwriteExisting is FALSE , nothing happens, and the workflow processing
// stops.
OverwriteExisting OverwriteExisting
// Specifies which file to use as input to the workflow step: either the output
// from the previous step, or the originally uploaded file for the workflow.
// - To use the previous file as the input, enter ${previous.file} . In this
// case, this workflow step uses the output file from the previous workflow step as
// input. This is the default value.
// - To use the originally uploaded file location as input for this step, enter
// ${original.file} .
SourceFileLocation *string
noSmithyDocumentSerde
}
// Each step type has its own StepDetails structure.
type CustomStepDetails struct {
// The name of the step, used as an identifier.
Name *string
// Specifies which file to use as input to the workflow step: either the output
// from the previous step, or the originally uploaded file for the workflow.
// - To use the previous file as the input, enter ${previous.file} . In this
// case, this workflow step uses the output file from the previous workflow step as
// input. This is the default value.
// - To use the originally uploaded file location as input for this step, enter
// ${original.file} .
SourceFileLocation *string
// The ARN for the Lambda function that is being called.
Target *string
// Timeout, in seconds, for the step.
TimeoutSeconds *int32
noSmithyDocumentSerde
}
// Each step type has its own StepDetails structure.
type DecryptStepDetails struct {
// Specifies the location for the file being decrypted. Use ${Transfer:UserName}
// or ${Transfer:UploadDate} in this field to parametrize the destination prefix
// by username or uploaded date.
// - Set the value of DestinationFileLocation to ${Transfer:UserName} to decrypt
// uploaded files to an Amazon S3 bucket that is prefixed with the name of the
// Transfer Family user that uploaded the file.
// - Set the value of DestinationFileLocation to ${Transfer:UploadDate} to
// decrypt uploaded files to an Amazon S3 bucket that is prefixed with the date of
// the upload. The system resolves UploadDate to a date format of YYYY-MM-DD,
// based on the date the file is uploaded in UTC.
//
// This member is required.
DestinationFileLocation *InputFileLocation
// The type of encryption used. Currently, this value must be PGP .
//
// This member is required.
Type EncryptionType
// The name of the step, used as an identifier.
Name *string
// A flag that indicates whether to overwrite an existing file of the same name.
// The default is FALSE . If the workflow is processing a file that has the same
// name as an existing file, the behavior is as follows:
// - If OverwriteExisting is TRUE , the existing file is replaced with the file
// being processed.
// - If OverwriteExisting is FALSE , nothing happens, and the workflow processing
// stops.
OverwriteExisting OverwriteExisting
// Specifies which file to use as input to the workflow step: either the output
// from the previous step, or the originally uploaded file for the workflow.
// - To use the previous file as the input, enter ${previous.file} . In this
// case, this workflow step uses the output file from the previous workflow step as
// input. This is the default value.
// - To use the originally uploaded file location as input for this step, enter
// ${original.file} .
SourceFileLocation *string
noSmithyDocumentSerde
}
// The name of the step, used to identify the delete step.
type DeleteStepDetails struct {
// The name of the step, used as an identifier.
Name *string
// Specifies which file to use as input to the workflow step: either the output
// from the previous step, or the originally uploaded file for the workflow.
// - To use the previous file as the input, enter ${previous.file} . In this
// case, this workflow step uses the output file from the previous workflow step as
// input. This is the default value.
// - To use the originally uploaded file location as input for this step, enter
// ${original.file} .
SourceFileLocation *string
noSmithyDocumentSerde
}
// Describes the properties of the access that was specified.
type DescribedAccess struct {
// A unique identifier that is required to identify specific groups within your
// directory. The users of the group that you associate have access to your Amazon
// S3 or Amazon EFS resources over the enabled protocols using Transfer Family. If
// you know the group name, you can view the SID values by running the following
// command using Windows PowerShell. Get-ADGroup -Filter {samAccountName -like
// "YourGroupName*"} -Properties * | Select SamAccountName,ObjectSid In that
// command, replace YourGroupName with the name of your Active Directory group. The
// regular expression used to validate this parameter is a string of characters
// consisting of uppercase and lowercase alphanumeric characters with no spaces.
// You can also include underscores or any of the following characters: =,.@:/-
ExternalId *string
// The landing directory (folder) for a user when they log in to the server using
// the client. A HomeDirectory example is /bucket_name/home/mydirectory .
HomeDirectory *string
// Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and
// keys should be visible to your user and how you want to make them visible. You
// must specify the Entry and Target pair, where Entry shows how the path is made
// visible and Target is the actual Amazon S3 or Amazon EFS path. If you only
// specify a target, it is displayed as is. You also must ensure that your Identity
// and Access Management (IAM) role provides access to paths in Target . This value
// can be set only when HomeDirectoryType is set to LOGICAL. In most cases, you
// can use this value instead of the session policy to lock down the associated
// access to the designated home directory (" chroot "). To do this, you can set
// Entry to '/' and set Target to the HomeDirectory parameter value.
HomeDirectoryMappings []HomeDirectoryMapEntry
// The type of landing directory (folder) that you want your users' home directory
// to be when they log in to the server. If you set it to PATH , the user will see
// the absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol
// clients. If you set it LOGICAL , you need to provide mappings in the
// HomeDirectoryMappings for how you want to make Amazon S3 or Amazon EFS paths
// visible to your users.
HomeDirectoryType HomeDirectoryType
// A session policy for your user so that you can use the same Identity and Access
// Management (IAM) role across multiple users. This policy scopes down a user's
// access to portions of their Amazon S3 bucket. Variables that you can use inside
// this policy include ${Transfer:UserName} , ${Transfer:HomeDirectory} , and
// ${Transfer:HomeBucket} .
Policy *string
// The full POSIX identity, including user ID ( Uid ), group ID ( Gid ), and any
// secondary groups IDs ( SecondaryGids ), that controls your users' access to your
// Amazon EFS file systems. The POSIX permissions that are set on files and
// directories in your file system determine the level of access your users get
// when transferring files into and out of your Amazon EFS file systems.
PosixProfile *PosixProfile
// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
// that controls your users' access to your Amazon S3 bucket or Amazon EFS file
// system. The policies attached to this role determine the level of access that
// you want to provide your users when transferring files into and out of your
// Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a
// trust relationship that allows the server to access your resources when
// servicing your users' transfer requests.
Role *string
noSmithyDocumentSerde
}
// Describes the properties of an agreement.
type DescribedAgreement struct {
// The unique Amazon Resource Name (ARN) for the agreement.
//
// This member is required.
Arn *string
// With AS2, you can send files by calling StartFileTransfer and specifying the
// file paths in the request parameter, SendFilePaths . We use the file’s parent
// directory (for example, for --send-file-paths /bucket/dir/file.txt , parent
// directory is /bucket/dir/ ) to temporarily store a processed AS2 message file,
// store the MDN when we receive them from the partner, and write a final JSON file
// containing relevant metadata of the transmission. So, the AccessRole needs to
// provide read and write access to the parent directory of the file location used
// in the StartFileTransfer request. Additionally, you need to provide read and
// write access to the parent directory of the files that you intend to send with
// StartFileTransfer . If you are using Basic authentication for your AS2
// connector, the access role requires the secretsmanager:GetSecretValue
// permission for the secret. If the secret is encrypted using a customer-managed
// key instead of the Amazon Web Services managed key in Secrets Manager, then the
// role also needs the kms:Decrypt permission for that key.
AccessRole *string
// A unique identifier for the agreement. This identifier is returned when you
// create an agreement.
AgreementId *string
// The landing directory (folder) for files that are transferred by using the AS2
// protocol.
BaseDirectory *string
// The name or short description that's used to identify the agreement.
Description *string
// A unique identifier for the AS2 local profile.
LocalProfileId *string
// A unique identifier for the partner profile used in the agreement.
PartnerProfileId *string
// A system-assigned unique identifier for a server instance. This identifier
// indicates the specific server that the agreement uses.
ServerId *string
// The current status of the agreement, either ACTIVE or INACTIVE .
Status AgreementStatusType
// Key-value pairs that can be used to group and search for agreements.
Tags []Tag
noSmithyDocumentSerde
}
// Describes the properties of a certificate.
type DescribedCertificate struct {
// The unique Amazon Resource Name (ARN) for the certificate.
//
// This member is required.
Arn *string
// An optional date that specifies when the certificate becomes active.
ActiveDate *time.Time
// The file name for the certificate.
Certificate *string
// The list of certificates that make up the chain for the certificate.
CertificateChain *string
// An array of identifiers for the imported certificates. You use this identifier
// for working with profiles and partner profiles.
CertificateId *string
// The name or description that's used to identity the certificate.
Description *string
// An optional date that specifies when the certificate becomes inactive.
InactiveDate *time.Time
// The final date that the certificate is valid.
NotAfterDate *time.Time
// The earliest date that the certificate is valid.
NotBeforeDate *time.Time
// The serial number for the certificate.
Serial *string
// The certificate can be either ACTIVE , PENDING_ROTATION , or INACTIVE .
// PENDING_ROTATION means that this certificate will replace the current
// certificate when it expires.
Status CertificateStatusType
// Key-value pairs that can be used to group and search for certificates.
Tags []Tag
// If a private key has been specified for the certificate, its type is
// CERTIFICATE_WITH_PRIVATE_KEY . If there is no private key, the type is
// CERTIFICATE .
Type CertificateType
// Specifies whether this certificate is used for signing or encryption.
Usage CertificateUsageType
noSmithyDocumentSerde
}
// Describes the parameters for the connector, as identified by the ConnectorId .
type DescribedConnector struct {
// The unique Amazon Resource Name (ARN) for the connector.
//
// This member is required.
Arn *string
// With AS2, you can send files by calling StartFileTransfer and specifying the
// file paths in the request parameter, SendFilePaths . We use the file’s parent
// directory (for example, for --send-file-paths /bucket/dir/file.txt , parent
// directory is /bucket/dir/ ) to temporarily store a processed AS2 message file,
// store the MDN when we receive them from the partner, and write a final JSON file
// containing relevant metadata of the transmission. So, the AccessRole needs to
// provide read and write access to the parent directory of the file location used
// in the StartFileTransfer request. Additionally, you need to provide read and
// write access to the parent directory of the files that you intend to send with
// StartFileTransfer . If you are using Basic authentication for your AS2
// connector, the access role requires the secretsmanager:GetSecretValue
// permission for the secret. If the secret is encrypted using a customer-managed
// key instead of the Amazon Web Services managed key in Secrets Manager, then the
// role also needs the kms:Decrypt permission for that key.
AccessRole *string
// A structure that contains the parameters for an AS2 connector object.
As2Config *As2ConnectorConfig
// The unique identifier for the connector.
ConnectorId *string
// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
// that allows a connector to turn on CloudWatch logging for Amazon S3 events. When
// set, you can view connector activity in your CloudWatch logs.
LoggingRole *string
// A structure that contains the parameters for an SFTP connector object.
SftpConfig *SftpConnectorConfig
// Key-value pairs that can be used to group and search for connectors.
Tags []Tag
// The URL of the partner's AS2 or SFTP endpoint.
Url *string
noSmithyDocumentSerde
}
// The details for an execution object.
type DescribedExecution struct {
// A unique identifier for the execution of a workflow.
ExecutionId *string
// The IAM role associated with the execution.
ExecutionRole *string
// A structure that describes the Amazon S3 or EFS file location. This is the file
// location when the execution begins: if the file is being copied, this is the
// initial (as opposed to destination) file location.
InitialFileLocation *FileLocation
// The IAM logging role associated with the execution.
LoggingConfiguration *LoggingConfiguration
// The full POSIX identity, including user ID ( Uid ), group ID ( Gid ), and any
// secondary groups IDs ( SecondaryGids ), that controls your users' access to your
// Amazon EFS file systems. The POSIX permissions that are set on files and
// directories in your file system determine the level of access your users get
// when transferring files into and out of your Amazon EFS file systems.
PosixProfile *PosixProfile
// A structure that describes the execution results. This includes a list of the
// steps along with the details of each step, error type and message (if any), and
// the OnExceptionSteps structure.
Results *ExecutionResults
// A container object for the session details that are associated with a workflow.
ServiceMetadata *ServiceMetadata
// The status is one of the execution. Can be in progress, completed, exception
// encountered, or handling the exception.
Status ExecutionStatus
noSmithyDocumentSerde
}
// The details for a server host key.
type DescribedHostKey struct {
// The unique Amazon Resource Name (ARN) for the host key.
//
// This member is required.
Arn *string
// The date on which the host key was added to the server.
DateImported *time.Time
// The text description for this host key.
Description *string
// The public key fingerprint, which is a short sequence of bytes used to identify
// the longer public key.
HostKeyFingerprint *string
// A unique identifier for the host key.
HostKeyId *string
// Key-value pairs that can be used to group and search for host keys.
Tags []Tag
// The encryption algorithm that is used for the host key. The Type parameter is
// specified by using one of the following values:
// - ssh-rsa
// - ssh-ed25519
// - ecdsa-sha2-nistp256
// - ecdsa-sha2-nistp384
// - ecdsa-sha2-nistp521
Type *string
noSmithyDocumentSerde
}
// The details for a local or partner AS2 profile.
type DescribedProfile struct {
// The unique Amazon Resource Name (ARN) for the profile.
//
// This member is required.
Arn *string
// The As2Id is the AS2-name, as defined in the RFC 4130 (https://datatracker.ietf.org/doc/html/rfc4130)
// . For inbound transfers, this is the AS2-From header for the AS2 messages sent
// from the partner. For outbound connectors, this is the AS2-To header for the
// AS2 messages sent to the partner using the StartFileTransfer API operation.
// This ID cannot include spaces.
As2Id *string
// An array of identifiers for the imported certificates. You use this identifier
// for working with profiles and partner profiles.
CertificateIds []string
// A unique identifier for the local or partner AS2 profile.
ProfileId *string
// Indicates whether to list only LOCAL type profiles or only PARTNER type
// profiles. If not supplied in the request, the command lists all types of
// profiles.
ProfileType ProfileType
// Key-value pairs that can be used to group and search for profiles.
Tags []Tag
noSmithyDocumentSerde
}
// Describes the properties of a security policy that was specified. For more
// information about security policies, see Working with security policies (https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html)
// .
type DescribedSecurityPolicy struct {
// Specifies the name of the security policy that is attached to the server.
//
// This member is required.
SecurityPolicyName *string
// Specifies whether this policy enables Federal Information Processing Standards
// (FIPS).
Fips *bool
// Specifies the enabled Secure Shell (SSH) cipher encryption algorithms in the
// security policy that is attached to the server.
SshCiphers []string
// Specifies the enabled SSH key exchange (KEX) encryption algorithms in the
// security policy that is attached to the server.
SshKexs []string
// Specifies the enabled SSH message authentication code (MAC) encryption
// algorithms in the security policy that is attached to the server.
SshMacs []string
// Specifies the enabled Transport Layer Security (TLS) cipher encryption
// algorithms in the security policy that is attached to the server.
TlsCiphers []string
noSmithyDocumentSerde
}
// Describes the properties of a file transfer protocol-enabled server that was
// specified.
type DescribedServer struct {
// Specifies the unique Amazon Resource Name (ARN) of the server.
//
// This member is required.
Arn *string
// Specifies the ARN of the Amazon Web ServicesCertificate Manager (ACM)
// certificate. Required when Protocols is set to FTPS .
Certificate *string
// Specifies the domain of the storage system that is used for file transfers.
Domain Domain
// The virtual private cloud (VPC) endpoint settings that are configured for your
// server. When you host your endpoint within your VPC, you can make your endpoint
// accessible only to resources within your VPC, or you can attach Elastic IP
// addresses and make your endpoint accessible to clients over the internet. Your
// VPC's default security groups are automatically assigned to your endpoint.
EndpointDetails *EndpointDetails
// Defines the type of endpoint that your server is connected to. If your server
// is connected to a VPC endpoint, your server isn't accessible over the public
// internet.
EndpointType EndpointType
// Specifies the Base64-encoded SHA256 fingerprint of the server's host key. This
// value is equivalent to the output of the ssh-keygen -l -f my-new-server-key
// command.
HostKeyFingerprint *string
// Specifies information to call a customer-supplied authentication API. This
// field is not populated when the IdentityProviderType of a server is
// AWS_DIRECTORY_SERVICE or SERVICE_MANAGED .
IdentityProviderDetails *IdentityProviderDetails
// The mode of authentication for a server. The default value is SERVICE_MANAGED ,
// which allows you to store and access user credentials within the Transfer Family
// service. Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups
// in Directory Service for Microsoft Active Directory or Microsoft Active
// Directory in your on-premises environment or in Amazon Web Services using AD
// Connector. This option also requires you to provide a Directory ID by using the
// IdentityProviderDetails parameter. Use the API_GATEWAY value to integrate with
// an identity provider of your choosing. The API_GATEWAY setting requires you to
// provide an Amazon API Gateway endpoint URL to call for authentication by using
// the IdentityProviderDetails parameter. Use the AWS_LAMBDA value to directly use
// an Lambda function as your identity provider. If you choose this value, you must
// specify the ARN for the Lambda function in the Function parameter for the
// IdentityProviderDetails data type.
IdentityProviderType IdentityProviderType
// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
// that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or
// Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
LoggingRole *string
// Specifies a string to display when users connect to a server. This string is
// displayed after the user authenticates. The SFTP protocol does not support
// post-authentication display banners.
PostAuthenticationLoginBanner *string
// Specifies a string to display when users connect to a server. This string is
// displayed before the user authenticates. For example, the following banner
// displays details about using the system: This system is for the use of
// authorized users only. Individuals using this computer system without authority,
// or in excess of their authority, are subject to having all of their activities
// on this system monitored and recorded by system personnel.
PreAuthenticationLoginBanner *string
// The protocol settings that are configured for your server.
// - To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp
// parameter. Enter a single dotted-quad IPv4 address, such as the external IP
// address of a firewall, router, or load balancer.
// - To ignore the error that is generated when the client attempts to use the
// SETSTAT command on a file that you are uploading to an Amazon S3 bucket, use
// the SetStatOption parameter. To have the Transfer Family server ignore the
// SETSTAT command and upload files without needing to make any changes to your
// SFTP client, set the value to ENABLE_NO_OP . If you set the SetStatOption
// parameter to ENABLE_NO_OP , Transfer Family generates a log entry to Amazon
// CloudWatch Logs, so that you can determine when the client is making a SETSTAT
// call.
// - To determine whether your Transfer Family server resumes recent, negotiated
// sessions through a unique session ID, use the TlsSessionResumptionMode
// parameter.
// - As2Transports indicates the transport method for the AS2 messages.
// Currently, only HTTP is supported.
ProtocolDetails *ProtocolDetails
// Specifies the file transfer protocol or protocols over which your file transfer
// protocol client can connect to your server's endpoint. The available protocols
// are:
// - SFTP (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH
// - FTPS (File Transfer Protocol Secure): File transfer with TLS encryption
// - FTP (File Transfer Protocol): Unencrypted file transfer
// - AS2 (Applicability Statement 2): used for transporting structured
// business-to-business data
//
// - If you select FTPS , you must choose a certificate stored in Certificate
// Manager (ACM) which is used to identify your server when clients connect to it
// over FTPS.
// - If Protocol includes either FTP or FTPS , then the EndpointType must be VPC
// and the IdentityProviderType must be either AWS_DIRECTORY_SERVICE , AWS_LAMBDA
// , or API_GATEWAY .
// - If Protocol includes FTP , then AddressAllocationIds cannot be associated.
// - If Protocol is set only to SFTP , the EndpointType can be set to PUBLIC and
// the IdentityProviderType can be set any of the supported identity types:
// SERVICE_MANAGED , AWS_DIRECTORY_SERVICE , AWS_LAMBDA , or API_GATEWAY .
// - If Protocol includes AS2 , then the EndpointType must be VPC , and domain
// must be Amazon S3.
Protocols []Protocol
// Specifies the name of the security policy that is attached to the server.
SecurityPolicyName *string
// Specifies the unique system-assigned identifier for a server that you
// instantiate.
ServerId *string
// The condition of the server that was described. A value of ONLINE indicates
// that the server can accept jobs and transfer files. A State value of OFFLINE
// means that the server cannot perform file transfer operations. The states of
// STARTING and STOPPING indicate that the server is in an intermediate state,
// either not fully able to respond, or not fully offline. The values of
// START_FAILED or STOP_FAILED can indicate an error condition.
State State
// Specifies the log groups to which your server logs are sent. To specify a log
// group, you must provide the ARN for an existing log group. In this case, the
// format of the log group is as follows:
// arn:aws:logs:region-name:amazon-account-id:log-group:log-group-name:* For
// example, arn:aws:logs:us-east-1:111122223333:log-group:mytestgroup:* If you
// have previously specified a log group for a server, you can clear it, and in
// effect turn off structured logging, by providing an empty value for this
// parameter in an update-server call. For example: update-server --server-id
// s-1234567890abcdef0 --structured-log-destinations
StructuredLogDestinations []string
// Specifies the key-value pairs that you can use to search for and group servers
// that were assigned to the server that was described.
Tags []Tag
// Specifies the number of users that are assigned to a server you specified with
// the ServerId .
UserCount *int32
// Specifies the workflow ID for the workflow to assign and the execution role
// that's used for executing the workflow. In addition to a workflow to execute
// when a file is uploaded completely, WorkflowDetails can also contain a workflow
// ID (and execution role) for a workflow to execute on partial upload. A partial
// upload occurs when the server session disconnects while the file is still being
// uploaded.
WorkflowDetails *WorkflowDetails
noSmithyDocumentSerde
}
// Describes the properties of a user that was specified.
type DescribedUser struct {
// Specifies the unique Amazon Resource Name (ARN) for the user that was requested
// to be described.
//
// This member is required.
Arn *string
// The landing directory (folder) for a user when they log in to the server using
// the client. A HomeDirectory example is /bucket_name/home/mydirectory .
HomeDirectory *string
// Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and
// keys should be visible to your user and how you want to make them visible. You
// must specify the Entry and Target pair, where Entry shows how the path is made
// visible and Target is the actual Amazon S3 or Amazon EFS path. If you only
// specify a target, it is displayed as is. You also must ensure that your Identity
// and Access Management (IAM) role provides access to paths in Target . This value
// can be set only when HomeDirectoryType is set to LOGICAL. In most cases, you
// can use this value instead of the session policy to lock your user down to the
// designated home directory (" chroot "). To do this, you can set Entry to '/'
// and set Target to the HomeDirectory parameter value.
HomeDirectoryMappings []HomeDirectoryMapEntry
// The type of landing directory (folder) that you want your users' home directory
// to be when they log in to the server. If you set it to PATH , the user will see
// the absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol
// clients. If you set it LOGICAL , you need to provide mappings in the
// HomeDirectoryMappings for how you want to make Amazon S3 or Amazon EFS paths
// visible to your users.
HomeDirectoryType HomeDirectoryType
// A session policy for your user so that you can use the same Identity and Access
// Management (IAM) role across multiple users. This policy scopes down a user's
// access to portions of their Amazon S3 bucket. Variables that you can use inside
// this policy include ${Transfer:UserName} , ${Transfer:HomeDirectory} , and
// ${Transfer:HomeBucket} .
Policy *string
// Specifies the full POSIX identity, including user ID ( Uid ), group ID ( Gid ),
// and any secondary groups IDs ( SecondaryGids ), that controls your users' access
// to your Amazon Elastic File System (Amazon EFS) file systems. The POSIX
// permissions that are set on files and directories in your file system determine
// the level of access your users get when transferring files into and out of your
// Amazon EFS file systems.
PosixProfile *PosixProfile
// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
// that controls your users' access to your Amazon S3 bucket or Amazon EFS file
// system. The policies attached to this role determine the level of access that
// you want to provide your users when transferring files into and out of your
// Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a
// trust relationship that allows the server to access your resources when
// servicing your users' transfer requests.
Role *string
// Specifies the public key portion of the Secure Shell (SSH) keys stored for the
// described user.
SshPublicKeys []SshPublicKey
// Specifies the key-value pairs for the user requested. Tag can be used to search
// for and group users for a variety of purposes.
Tags []Tag
// Specifies the name of the user that was requested to be described. User names
// are used for authentication purposes. This is the string that will be used by
// your user when they log in to your server.
UserName *string
noSmithyDocumentSerde
}
// Describes the properties of the specified workflow
type DescribedWorkflow struct {
// Specifies the unique Amazon Resource Name (ARN) for the workflow.
//
// This member is required.
Arn *string
// Specifies the text description for the workflow.
Description *string
// Specifies the steps (actions) to take if errors are encountered during
// execution of the workflow.
OnExceptionSteps []WorkflowStep
// Specifies the details for the steps that are in the specified workflow.
Steps []WorkflowStep
// Key-value pairs that can be used to group and search for workflows. Tags are
// metadata attached to workflows for any purpose.
Tags []Tag
// A unique identifier for the workflow.
WorkflowId *string
noSmithyDocumentSerde
}
// Specifies the details for the file location for the file that's being used in
// the workflow. Only applicable if you are using Amazon Elastic File Systems
// (Amazon EFS) for storage.
type EfsFileLocation struct {
// The identifier of the file system, assigned by Amazon EFS.
FileSystemId *string
// The pathname for the folder being used by a workflow.
Path *string
noSmithyDocumentSerde
}
// The virtual private cloud (VPC) endpoint settings that are configured for your
// file transfer protocol-enabled server. With a VPC endpoint, you can restrict
// access to your server and resources only within your VPC. To control incoming
// internet traffic, invoke the UpdateServer API and attach an Elastic IP address
// to your server's endpoint. After May 19, 2021, you won't be able to create a
// server using EndpointType=VPC_ENDPOINT in your Amazon Web Servicesaccount if
// your account hasn't already done so before May 19, 2021. If you have already
// created servers with EndpointType=VPC_ENDPOINT in your Amazon Web
// Servicesaccount on or before May 19, 2021, you will not be affected. After this
// date, use EndpointType = VPC . For more information, see
// https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
type EndpointDetails struct {
// A list of address allocation IDs that are required to attach an Elastic IP
// address to your server's endpoint. This property can only be set when
// EndpointType is set to VPC and it is only valid in the UpdateServer API.
AddressAllocationIds []string
// A list of security groups IDs that are available to attach to your server's
// endpoint. This property can only be set when EndpointType is set to VPC . You
// can edit the SecurityGroupIds property in the UpdateServer (https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateServer.html)
// API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC
// . To change security groups associated with your server's VPC endpoint after
// creation, use the Amazon EC2 ModifyVpcEndpoint (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html)
// API.
SecurityGroupIds []string
// A list of subnet IDs that are required to host your server endpoint in your
// VPC. This property can only be set when EndpointType is set to VPC .
SubnetIds []string
// The identifier of the VPC endpoint. This property can only be set when
// EndpointType is set to VPC_ENDPOINT . For more information, see
// https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.
VpcEndpointId *string
// The VPC identifier of the VPC in which a server's endpoint will be hosted. This
// property can only be set when EndpointType is set to VPC .
VpcId *string
noSmithyDocumentSerde
}
// Specifies the error message and type, for an error that occurs during the
// execution of the workflow.
type ExecutionError struct {
// Specifies the descriptive message that corresponds to the ErrorType .
//
// This member is required.
Message *string
// Specifies the error type.
// - ALREADY_EXISTS : occurs for a copy step, if the overwrite option is not
// selected and a file with the same name already exists in the target location.
// - BAD_REQUEST : a general bad request: for example, a step that attempts to
// tag an EFS file returns BAD_REQUEST , as only S3 files can be tagged.
// - CUSTOM_STEP_FAILED : occurs when the custom step provided a callback that
// indicates failure.
// - INTERNAL_SERVER_ERROR : a catch-all error that can occur for a variety of
// reasons.
// - NOT_FOUND : occurs when a requested entity, for example a source file for a
// copy step, does not exist.
// - PERMISSION_DENIED : occurs if your policy does not contain the correct
// permissions to complete one or more of the steps in the workflow.
// - TIMEOUT : occurs when the execution times out. You can set the
// TimeoutSeconds for a custom step, anywhere from 1 second to 1800 seconds (30
// minutes).
// - THROTTLED : occurs if you exceed the new execution refill rate of one
// workflow per second.
//
// This member is required.
Type ExecutionErrorType
noSmithyDocumentSerde
}
// Specifies the steps in the workflow, as well as the steps to execute in case of
// any errors during workflow execution.
type ExecutionResults struct {
// Specifies the steps (actions) to take if errors are encountered during
// execution of the workflow.
OnExceptionSteps []ExecutionStepResult
// Specifies the details for the steps that are in the specified workflow.
Steps []ExecutionStepResult
noSmithyDocumentSerde
}
// Specifies the following details for the step: error (if any), outputs (if any),
// and the step type.
type ExecutionStepResult struct {
// Specifies the details for an error, if it occurred during execution of the
// specified workflow step.
Error *ExecutionError
// The values for the key/value pair applied as a tag to the file. Only applicable
// if the step type is TAG .
Outputs *string
// One of the available step types.
// - COPY - Copy the file to another location.
// - CUSTOM - Perform a custom step with an Lambda function target.
// - DECRYPT - Decrypt a file that was encrypted before it was uploaded.
// - DELETE - Delete the file.
// - TAG - Add a tag to the file.
StepType WorkflowStepType
noSmithyDocumentSerde
}
// Specifies the Amazon S3 or EFS file details to be used in the step.
type FileLocation struct {
// Specifies the Amazon EFS identifier and the path for the file being used.
EfsFileLocation *EfsFileLocation
// Specifies the S3 details for the file being used, such as bucket, ETag, and so
// forth.
S3FileLocation *S3FileLocation
noSmithyDocumentSerde
}
// Represents an object that contains entries and targets for HomeDirectoryMappings
// . The following is an Entry and Target pair example for chroot . [ { "Entry":
// "/", "Target": "/bucket_name/home/mydirectory" } ]
type HomeDirectoryMapEntry struct {
// Represents an entry for HomeDirectoryMappings .
//
// This member is required.
Entry *string
// Represents the map target that is used in a HomeDirectorymapEntry .
//
// This member is required.
Target *string
noSmithyDocumentSerde
}
// Returns information related to the type of user authentication that is in use
// for a file transfer protocol-enabled server's users. A server can have only one
// method of authentication.
type IdentityProviderDetails struct {
// The identifier of the Directory Service directory that you want to stop sharing.
DirectoryId *string
// The ARN for a Lambda function to use for the Identity provider.
Function *string
// This parameter is only applicable if your IdentityProviderType is API_GATEWAY .
// Provides the type of InvocationRole used to authenticate the user account.
InvocationRole *string
// For SFTP-enabled servers, and for custom identity providers only, you can
// specify whether to authenticate using a password, SSH key pair, or both.
// - PASSWORD - users must provide their password to connect.
// - PUBLIC_KEY - users must provide their private key to connect.
// - PUBLIC_KEY_OR_PASSWORD - users can authenticate with either their password
// or their key. This is the default value.
// - PUBLIC_KEY_AND_PASSWORD - users must provide both their private key and
// their password to connect. The server checks the key first, and then if the key
// is valid, the system prompts for a password. If the private key provided does
// not match the public key that is stored, authentication fails.
SftpAuthenticationMethods SftpAuthenticationMethods
// Provides the location of the service endpoint used to authenticate users.
Url *string
noSmithyDocumentSerde
}
// Specifies the location for the file that's being processed.
type InputFileLocation struct {
// Specifies the details for the Amazon Elastic File System (Amazon EFS) file
// that's being decrypted.
EfsFileLocation *EfsFileLocation
// Specifies the details for the Amazon S3 file that's being copied or decrypted.
S3FileLocation *S3InputFileLocation
noSmithyDocumentSerde
}
// Lists the properties for one or more specified associated accesses.
type ListedAccess struct {
// A unique identifier that is required to identify specific groups within your
// directory. The users of the group that you associate have access to your Amazon
// S3 or Amazon EFS resources over the enabled protocols using Transfer Family. If
// you know the group name, you can view the SID values by running the following
// command using Windows PowerShell. Get-ADGroup -Filter {samAccountName -like
// "YourGroupName*"} -Properties * | Select SamAccountName,ObjectSid In that
// command, replace YourGroupName with the name of your Active Directory group. The
// regular expression used to validate this parameter is a string of characters
// consisting of uppercase and lowercase alphanumeric characters with no spaces.
// You can also include underscores or any of the following characters: =,.@:/-
ExternalId *string
// The landing directory (folder) for a user when they log in to the server using
// the client. A HomeDirectory example is /bucket_name/home/mydirectory .
HomeDirectory *string
// The type of landing directory (folder) that you want your users' home directory
// to be when they log in to the server. If you set it to PATH , the user will see
// the absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol
// clients. If you set it LOGICAL , you need to provide mappings in the
// HomeDirectoryMappings for how you want to make Amazon S3 or Amazon EFS paths
// visible to your users.
HomeDirectoryType HomeDirectoryType
// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
// that controls your users' access to your Amazon S3 bucket or Amazon EFS file
// system. The policies attached to this role determine the level of access that
// you want to provide your users when transferring files into and out of your
// Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a
// trust relationship that allows the server to access your resources when
// servicing your users' transfer requests.
Role *string
noSmithyDocumentSerde
}
// Describes the properties of an agreement.
type ListedAgreement struct {
// A unique identifier for the agreement. This identifier is returned when you
// create an agreement.
AgreementId *string
// The Amazon Resource Name (ARN) of the specified agreement.
Arn *string
// The current description for the agreement. You can change it by calling the
// UpdateAgreement operation and providing a new description.
Description *string
// A unique identifier for the AS2 local profile.
LocalProfileId *string
// A unique identifier for the partner profile.
PartnerProfileId *string
// The unique identifier for the agreement.
ServerId *string
// The agreement can be either ACTIVE or INACTIVE .
Status AgreementStatusType
noSmithyDocumentSerde
}
// Describes the properties of a certificate.
type ListedCertificate struct {
// An optional date that specifies when the certificate becomes active.
ActiveDate *time.Time
// The Amazon Resource Name (ARN) of the specified certificate.
Arn *string
// An array of identifiers for the imported certificates. You use this identifier
// for working with profiles and partner profiles.
CertificateId *string
// The name or short description that's used to identify the certificate.
Description *string
// An optional date that specifies when the certificate becomes inactive.
InactiveDate *time.Time
// The certificate can be either ACTIVE , PENDING_ROTATION , or INACTIVE .
// PENDING_ROTATION means that this certificate will replace the current
// certificate when it expires.
Status CertificateStatusType
// The type for the certificate. If a private key has been specified for the
// certificate, its type is CERTIFICATE_WITH_PRIVATE_KEY . If there is no private
// key, the type is CERTIFICATE .
Type CertificateType
// Specifies whether this certificate is used for signing or encryption.
Usage CertificateUsageType
noSmithyDocumentSerde
}
// Returns details of the connector that is specified.
type ListedConnector struct {
// The Amazon Resource Name (ARN) of the specified connector.
Arn *string
// The unique identifier for the connector.
ConnectorId *string
// The URL of the partner's AS2 or SFTP endpoint.
Url *string
noSmithyDocumentSerde
}
// Returns properties of the execution that is specified.
type ListedExecution struct {
// A unique identifier for the execution of a workflow.
ExecutionId *string
// A structure that describes the Amazon S3 or EFS file location. This is the file
// location when the execution begins: if the file is being copied, this is the
// initial (as opposed to destination) file location.
InitialFileLocation *FileLocation
// A container object for the session details that are associated with a workflow.
ServiceMetadata *ServiceMetadata
// The status is one of the execution. Can be in progress, completed, exception
// encountered, or handling the exception.
Status ExecutionStatus
noSmithyDocumentSerde
}
// Returns properties of the host key that's specified.
type ListedHostKey struct {
// The unique Amazon Resource Name (ARN) of the host key.
//
// This member is required.
Arn *string
// The date on which the host key was added to the server.
DateImported *time.Time
// The current description for the host key. You can change it by calling the
// UpdateHostKey operation and providing a new description.
Description *string
// The public key fingerprint, which is a short sequence of bytes used to identify
// the longer public key.
Fingerprint *string
// A unique identifier for the host key.
HostKeyId *string
// The encryption algorithm that is used for the host key. The Type parameter is
// specified by using one of the following values:
// - ssh-rsa
// - ssh-ed25519
// - ecdsa-sha2-nistp256
// - ecdsa-sha2-nistp384
// - ecdsa-sha2-nistp521
Type *string
noSmithyDocumentSerde
}
// Returns the properties of the profile that was specified.
type ListedProfile struct {
// The Amazon Resource Name (ARN) of the specified profile.
Arn *string
// The As2Id is the AS2-name, as defined in the RFC 4130 (https://datatracker.ietf.org/doc/html/rfc4130)
// . For inbound transfers, this is the AS2-From header for the AS2 messages sent
// from the partner. For outbound connectors, this is the AS2-To header for the
// AS2 messages sent to the partner using the StartFileTransfer API operation.
// This ID cannot include spaces.
As2Id *string
// A unique identifier for the local or partner AS2 profile.
ProfileId *string
// Indicates whether to list only LOCAL type profiles or only PARTNER type
// profiles. If not supplied in the request, the command lists all types of
// profiles.
ProfileType ProfileType
noSmithyDocumentSerde
}
// Returns properties of a file transfer protocol-enabled server that was
// specified.
type ListedServer struct {
// Specifies the unique Amazon Resource Name (ARN) for a server to be listed.
//
// This member is required.
Arn *string
// Specifies the domain of the storage system that is used for file transfers.
Domain Domain
// Specifies the type of VPC endpoint that your server is connected to. If your
// server is connected to a VPC endpoint, your server isn't accessible over the
// public internet.
EndpointType EndpointType
// The mode of authentication for a server. The default value is SERVICE_MANAGED ,
// which allows you to store and access user credentials within the Transfer Family
// service. Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups
// in Directory Service for Microsoft Active Directory or Microsoft Active
// Directory in your on-premises environment or in Amazon Web Services using AD
// Connector. This option also requires you to provide a Directory ID by using the
// IdentityProviderDetails parameter. Use the API_GATEWAY value to integrate with
// an identity provider of your choosing. The API_GATEWAY setting requires you to
// provide an Amazon API Gateway endpoint URL to call for authentication by using
// the IdentityProviderDetails parameter. Use the AWS_LAMBDA value to directly use
// an Lambda function as your identity provider. If you choose this value, you must
// specify the ARN for the Lambda function in the Function parameter for the
// IdentityProviderDetails data type.
IdentityProviderType IdentityProviderType
// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
// that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or
// Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
LoggingRole *string
// Specifies the unique system assigned identifier for the servers that were
// listed.
ServerId *string
// The condition of the server that was described. A value of ONLINE indicates
// that the server can accept jobs and transfer files. A State value of OFFLINE
// means that the server cannot perform file transfer operations. The states of
// STARTING and STOPPING indicate that the server is in an intermediate state,
// either not fully able to respond, or not fully offline. The values of
// START_FAILED or STOP_FAILED can indicate an error condition.
State State
// Specifies the number of users that are assigned to a server you specified with
// the ServerId .
UserCount *int32
noSmithyDocumentSerde
}
// Returns properties of the user that you specify.
type ListedUser struct {
// Provides the unique Amazon Resource Name (ARN) for the user that you want to
// learn about.
//
// This member is required.
Arn *string
// The landing directory (folder) for a user when they log in to the server using
// the client. A HomeDirectory example is /bucket_name/home/mydirectory .
HomeDirectory *string
// The type of landing directory (folder) that you want your users' home directory
// to be when they log in to the server. If you set it to PATH , the user will see
// the absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol
// clients. If you set it LOGICAL , you need to provide mappings in the
// HomeDirectoryMappings for how you want to make Amazon S3 or Amazon EFS paths
// visible to your users.
HomeDirectoryType HomeDirectoryType
// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
// that controls your users' access to your Amazon S3 bucket or Amazon EFS file
// system. The policies attached to this role determine the level of access that
// you want to provide your users when transferring files into and out of your
// Amazon S3 bucket or Amazon EFS file system. The IAM role should also contain a
// trust relationship that allows the server to access your resources when
// servicing your users' transfer requests. The IAM role that controls your users'
// access to your Amazon S3 bucket for servers with Domain=S3 , or your EFS file
// system for servers with Domain=EFS . The policies attached to this role
// determine the level of access you want to provide your users when transferring
// files into and out of your S3 buckets or EFS file systems.
Role *string
// Specifies the number of SSH public keys stored for the user you specified.
SshPublicKeyCount *int32
// Specifies the name of the user whose ARN was specified. User names are used for
// authentication purposes.
UserName *string
noSmithyDocumentSerde
}
// Contains the identifier, text description, and Amazon Resource Name (ARN) for
// the workflow.
type ListedWorkflow struct {
// Specifies the unique Amazon Resource Name (ARN) for the workflow.
Arn *string
// Specifies the text description for the workflow.
Description *string
// A unique identifier for the workflow.
WorkflowId *string
noSmithyDocumentSerde
}
// Consists of the logging role and the log group name.
type LoggingConfiguration struct {
// The name of the CloudWatch logging group for the Transfer Family server to
// which this workflow belongs.
LogGroupName *string
// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
// that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or
// Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.
LoggingRole *string
noSmithyDocumentSerde
}
// The full POSIX identity, including user ID ( Uid ), group ID ( Gid ), and any
// secondary groups IDs ( SecondaryGids ), that controls your users' access to your
// Amazon EFS file systems. The POSIX permissions that are set on files and
// directories in your file system determine the level of access your users get
// when transferring files into and out of your Amazon EFS file systems.
type PosixProfile struct {
// The POSIX group ID used for all EFS operations by this user.
//
// This member is required.
Gid *int64
// The POSIX user ID used for all EFS operations by this user.
//
// This member is required.
Uid *int64
// The secondary POSIX group IDs used for all EFS operations by this user.
SecondaryGids []int64
noSmithyDocumentSerde
}
// The protocol settings that are configured for your server.
type ProtocolDetails struct {
// Indicates the transport method for the AS2 messages. Currently, only HTTP is
// supported.
As2Transports []As2Transport
// Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4
// address, such as the public IP address of a firewall, router, or load balancer.
// For example: aws transfer update-server --protocol-details PassiveIp=0.0.0.0
// Replace 0.0.0.0 in the example above with the actual IP address you want to
// use. If you change the PassiveIp value, you must stop and then restart your
// Transfer Family server for the change to take effect. For details on using
// passive mode (PASV) in a NAT environment, see Configuring your FTPS server
// behind a firewall or NAT with Transfer Family (http://aws.amazon.com/blogs/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/)
// . Special values The AUTO and 0.0.0.0 are special values for the PassiveIp
// parameter. The value PassiveIp=AUTO is assigned by default to FTP and FTPS type
// servers. In this case, the server automatically responds with one of the
// endpoint IPs within the PASV response. PassiveIp=0.0.0.0 has a more unique
// application for its usage. For example, if you have a High Availability (HA)
// Network Load Balancer (NLB) environment, where you have 3 subnets, you can only
// specify a single IP address using the PassiveIp parameter. This reduces the
// effectiveness of having High Availability. In this case, you can specify
// PassiveIp=0.0.0.0 . This tells the client to use the same IP address as the
// Control connection and utilize all AZs for their connections. Note, however,
// that not all FTP clients support the PassiveIp=0.0.0.0 response. FileZilla and
// WinSCP do support it. If you are using other clients, check to see if your
// client supports the PassiveIp=0.0.0.0 response.
PassiveIp *string
// Use the SetStatOption to ignore the error that is generated when the client
// attempts to use SETSTAT on a file you are uploading to an S3 bucket. Some SFTP
// file transfer clients can attempt to change the attributes of remote files,
// including timestamp and permissions, using commands, such as SETSTAT when
// uploading the file. However, these commands are not compatible with object
// storage systems, such as Amazon S3. Due to this incompatibility, file uploads
// from these clients can result in errors even when the file is otherwise
// successfully uploaded. Set the value to ENABLE_NO_OP to have the Transfer
// Family server ignore the SETSTAT command, and upload files without needing to
// make any changes to your SFTP client. While the SetStatOption ENABLE_NO_OP
// setting ignores the error, it does generate a log entry in Amazon CloudWatch
// Logs, so you can determine when the client is making a SETSTAT call. If you
// want to preserve the original timestamp for your file, and modify other file
// attributes using SETSTAT , you can use Amazon EFS as backend storage with
// Transfer Family.
SetStatOption SetStatOption
// A property used with Transfer Family servers that use the FTPS protocol. TLS
// Session Resumption provides a mechanism to resume or share a negotiated secret
// key between the control and data connection for an FTPS session.
// TlsSessionResumptionMode determines whether or not the server resumes recent,
// negotiated sessions through a unique session ID. This property is available
// during CreateServer and UpdateServer calls. If a TlsSessionResumptionMode value
// is not specified during CreateServer , it is set to ENFORCED by default.
// - DISABLED : the server does not process TLS session resumption client
// requests and creates a new TLS session for each request.
// - ENABLED : the server processes and accepts clients that are performing TLS
// session resumption. The server doesn't reject client data connections that do
// not perform the TLS session resumption client processing.
// - ENFORCED : the server processes and accepts clients that are performing TLS
// session resumption. The server rejects client data connections that do not
// perform the TLS session resumption client processing. Before you set the value
// to ENFORCED , test your clients. Not all FTPS clients perform TLS session
// resumption. So, if you choose to enforce TLS session resumption, you prevent any
// connections from FTPS clients that don't perform the protocol negotiation. To
// determine whether or not you can use the ENFORCED value, you need to test your
// clients.
TlsSessionResumptionMode TlsSessionResumptionMode
noSmithyDocumentSerde
}
// Specifies the details for the file location for the file that's being used in
// the workflow. Only applicable if you are using S3 storage.
type S3FileLocation struct {
// Specifies the S3 bucket that contains the file being used.
Bucket *string
// The entity tag is a hash of the object. The ETag reflects changes only to the
// contents of an object, not its metadata.
Etag *string
// The name assigned to the file when it was created in Amazon S3. You use the
// object key to retrieve the object.
Key *string
// Specifies the file version.
VersionId *string
noSmithyDocumentSerde
}
// Specifies the customer input Amazon S3 file location. If it is used inside
// copyStepDetails.DestinationFileLocation , it should be the S3 copy destination.
// You need to provide the bucket and key. The key can represent either a path or a
// file. This is determined by whether or not you end the key value with the
// forward slash (/) character. If the final character is "/", then your file is
// copied to the folder, and its name does not change. If, rather, the final
// character is alphanumeric, your uploaded file is renamed to the path value. In
// this case, if a file with that name already exists, it is overwritten. For
// example, if your path is shared-files/bob/ , your uploaded files are copied to
// the shared-files/bob/ , folder. If your path is shared-files/today , each
// uploaded file is copied to the shared-files folder and named today : each upload
// overwrites the previous version of the bob file.
type S3InputFileLocation struct {
// Specifies the S3 bucket for the customer input file.
Bucket *string
// The name assigned to the file when it was created in Amazon S3. You use the
// object key to retrieve the object.
Key *string
noSmithyDocumentSerde
}
// Specifies the key-value pair that are assigned to a file during the execution
// of a Tagging step.
type S3Tag struct {
// The name assigned to the tag that you create.
//
// This member is required.
Key *string
// The value that corresponds to the key.
//
// This member is required.
Value *string
noSmithyDocumentSerde
}
// A container object for the session details that are associated with a workflow.
type ServiceMetadata struct {
// The Server ID ( ServerId ), Session ID ( SessionId ) and user ( UserName ) make
// up the UserDetails .
//
// This member is required.
UserDetails *UserDetails
noSmithyDocumentSerde
}
// Contains the details for an SFTP connector object. The connector object is used
// for transferring files to and from a partner's SFTP server.
type SftpConnectorConfig struct {
// The public portion of the host key, or keys, that are used to authenticate the
// user to the external server to which you are connecting. You can use the
// ssh-keyscan command against the SFTP server to retrieve the necessary key. The
// three standard SSH public key format elements are , , and an optional , with
// spaces between each element. For the trusted host key, Transfer Family accepts
// RSA and ECDSA keys.
// - For RSA keys, the key type is ssh-rsa .
// - For ECDSA keys, the key type is either ecdsa-sha2-nistp256 ,
// ecdsa-sha2-nistp384 , or ecdsa-sha2-nistp521 , depending on the size of the
// key you generated.
TrustedHostKeys []string
// The identifiers for the secrets (in Amazon Web Services Secrets Manager) that
// contain the SFTP user's private keys or passwords.
UserSecretId *string
noSmithyDocumentSerde
}
// Provides information about the public Secure Shell (SSH) key that is associated
// with a Transfer Family user for the specific file transfer protocol-enabled
// server (as identified by ServerId ). The information returned includes the date
// the key was imported, the public key contents, and the public key ID. A user can
// store more than one SSH public key associated with their user name on a specific
// server.
type SshPublicKey struct {
// Specifies the date that the public key was added to the Transfer Family user.
//
// This member is required.
DateImported *time.Time
// Specifies the content of the SSH public key as specified by the PublicKeyId .
// Transfer Family accepts RSA, ECDSA, and ED25519 keys.
//
// This member is required.
SshPublicKeyBody *string
// Specifies the SshPublicKeyId parameter contains the identifier of the public
// key.
//
// This member is required.
SshPublicKeyId *string
noSmithyDocumentSerde
}
// Creates a key-value pair for a specific resource. Tags are metadata that you
// can use to search for and group a resource for various purposes. You can apply
// tags to servers, users, and roles. A tag key can take more than one value. For
// example, to group servers for accounting purposes, you might create a tag called
// Group and assign the values Research and Accounting to that group.
type Tag struct {
// The name assigned to the tag that you create.
//
// This member is required.
Key *string
// Contains one or more values that you assigned to the key name you create.
//
// This member is required.
Value *string
noSmithyDocumentSerde
}
// Each step type has its own StepDetails structure. The key/value pairs used to
// tag a file during the execution of a workflow step.
type TagStepDetails struct {
// The name of the step, used as an identifier.
Name *string
// Specifies which file to use as input to the workflow step: either the output
// from the previous step, or the originally uploaded file for the workflow.
// - To use the previous file as the input, enter ${previous.file} . In this
// case, this workflow step uses the output file from the previous workflow step as
// input. This is the default value.
// - To use the originally uploaded file location as input for this step, enter
// ${original.file} .
SourceFileLocation *string
// Array that contains from 1 to 10 key/value pairs.
Tags []S3Tag
noSmithyDocumentSerde
}
// Specifies the user name, server ID, and session ID for a workflow.
type UserDetails struct {
// The system-assigned unique identifier for a Transfer server instance.
//
// This member is required.
ServerId *string
// A unique string that identifies a Transfer Family user associated with a server.
//
// This member is required.
UserName *string
// The system-assigned unique identifier for a session that corresponds to the
// workflow.
SessionId *string
noSmithyDocumentSerde
}
// Specifies the workflow ID for the workflow to assign and the execution role
// that's used for executing the workflow. In addition to a workflow to execute
// when a file is uploaded completely, WorkflowDetails can also contain a workflow
// ID (and execution role) for a workflow to execute on partial upload. A partial
// upload occurs when the server session disconnects while the file is still being
// uploaded.
type WorkflowDetail struct {
// Includes the necessary permissions for S3, EFS, and Lambda operations that
// Transfer can assume, so that all workflow steps can operate on the required
// resources
//
// This member is required.
ExecutionRole *string
// A unique identifier for the workflow.
//
// This member is required.
WorkflowId *string
noSmithyDocumentSerde
}
// Container for the WorkflowDetail data type. It is used by actions that trigger
// a workflow to begin execution.
type WorkflowDetails struct {
// A trigger that starts a workflow if a file is only partially uploaded. You can
// attach a workflow to a server that executes whenever there is a partial upload.
// A partial upload occurs when a file is open when the session disconnects.
OnPartialUpload []WorkflowDetail
// A trigger that starts a workflow: the workflow begins to execute after a file
// is uploaded. To remove an associated workflow from a server, you can provide an
// empty OnUpload object, as in the following example. aws transfer update-server
// --server-id s-01234567890abcdef --workflow-details '{"OnUpload":[]}'
OnUpload []WorkflowDetail
noSmithyDocumentSerde
}
// The basic building block of a workflow.
type WorkflowStep struct {
// Details for a step that performs a file copy. Consists of the following values:
// - A description
// - An Amazon S3 location for the destination of the file copy.
// - A flag that indicates whether to overwrite an existing file of the same
// name. The default is FALSE .
CopyStepDetails *CopyStepDetails
// Details for a step that invokes an Lambda function. Consists of the Lambda
// function's name, target, and timeout (in seconds).
CustomStepDetails *CustomStepDetails
// Details for a step that decrypts an encrypted file. Consists of the following
// values:
// - A descriptive name
// - An Amazon S3 or Amazon Elastic File System (Amazon EFS) location for the
// source file to decrypt.
// - An S3 or Amazon EFS location for the destination of the file decryption.
// - A flag that indicates whether to overwrite an existing file of the same
// name. The default is FALSE .
// - The type of encryption that's used. Currently, only PGP encryption is
// supported.
DecryptStepDetails *DecryptStepDetails
// Details for a step that deletes the file.
DeleteStepDetails *DeleteStepDetails
// Details for a step that creates one or more tags. You specify one or more tags.
// Each tag contains a key-value pair.
TagStepDetails *TagStepDetails
// Currently, the following step types are supported.
// - COPY - Copy the file to another location.
// - CUSTOM - Perform a custom step with an Lambda function target.
// - DECRYPT - Decrypt a file that was encrypted before it was uploaded.
// - DELETE - Delete the file.
// - TAG - Add a tag to the file.
Type WorkflowStepType
noSmithyDocumentSerde
}
type noSmithyDocumentSerde = smithydocument.NoSerde