Struct aws_sdk_transfer::client::Client

source · []
pub struct Client { /* private fields */ }
Expand description

Client for AWS Transfer Family

Client for invoking operations on AWS Transfer Family. Each operation on AWS Transfer Family is a method on this this struct. .send() MUST be invoked on the generated operations to dispatch the request to the service.

Examples

Constructing a client and invoking an operation

    // create a shared configuration. This can be used & shared between multiple service clients.
    let shared_config = aws_config::load_from_env().await;
    let client = aws_sdk_transfer::Client::new(&shared_config);
    // invoke an operation
    /* let rsp = client
        .<operation_name>().
        .<param>("some value")
        .send().await; */

Constructing a client with custom configuration

use aws_config::RetryConfig;
let shared_config = aws_config::load_from_env().await;
let config = aws_sdk_transfer::config::Builder::from(&shared_config)
  .retry_config(RetryConfig::disabled())
  .build();
let client = aws_sdk_transfer::Client::from_conf(config);

Implementations

Creates a client with the given service configuration.

Returns the client’s configuration.

Constructs a fluent builder for the CreateAccess operation.

  • The fluent builder is configurable:
    • home_directory(impl Into<String>) / set_home_directory(Option<String>):

      The landing directory (folder) for a user when they log in to the server using the client.

      A HomeDirectory example is /bucket_name/home/mydirectory.

    • home_directory_type(HomeDirectoryType) / set_home_directory_type(Option<HomeDirectoryType>):

      The type of landing directory (folder) you want your users’ home directory to be when they log into the server. If you set it to PATH, the user will see the absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol clients. If you set it LOGICAL, you need to provide mappings in the HomeDirectoryMappings for how you want to make Amazon S3 or EFS paths visible to your users.

    • home_directory_mappings(Vec<HomeDirectoryMapEntry>) / set_home_directory_mappings(Option<Vec<HomeDirectoryMapEntry>>):

      Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL.

      The following is an Entry and Target pair example.

      [ { “Entry”: “/directory1”, “Target”: “/bucket_name/home/mydirectory” } ]

      In most cases, you can use this value instead of the session policy to lock down your user to the designated home directory (“chroot”). To do this, you can set Entry to / and set Target to the HomeDirectory parameter value.

      The following is an Entry and Target pair example for chroot.

      [ { “Entry”: “/”, “Target”: “/bucket_name/home/mydirectory” } ]

    • policy(impl Into<String>) / set_policy(Option<String>):

      A session policy for your user so that you can use the same IAM role across multiple users. This policy scopes down user access to portions of their Amazon S3 bucket. Variables that you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}.

      This only applies when the domain of ServerId is S3. EFS does not use session policies.

      For session policies, Amazon Web Services Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the Policy argument.

      For an example of a session policy, see Example session policy.

      For more information, see AssumeRole in the Amazon Web Services Security Token Service API Reference.

    • posix_profile(PosixProfile) / set_posix_profile(Option<PosixProfile>):

      The full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users’ access to your Amazon EFS file systems. The POSIX permissions that are set on files and directories in your file system determine the level of access your users get when transferring files into and out of your Amazon EFS file systems.

    • role(impl Into<String>) / set_role(Option<String>):

      Specifies the Amazon Resource Name (ARN) of the IAM role that controls your users’ access to your Amazon S3 bucket or EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users’ transfer requests.

    • server_id(impl Into<String>) / set_server_id(Option<String>):

      A system-assigned unique identifier for a server instance. This is the specific server that you added your user to.

    • external_id(impl Into<String>) / set_external_id(Option<String>):

      A unique identifier that is required to identify specific groups within your directory. The users of the group that you associate have access to your Amazon S3 or Amazon EFS resources over the enabled protocols using Amazon Web Services Transfer Family. If you know the group name, you can view the SID values by running the following command using Windows PowerShell.

      Get-ADGroup -Filter {samAccountName -like “YourGroupName*”} -Properties * | Select SamAccountName,ObjectSid

      In that command, replace YourGroupName with the name of your Active Directory group.

      The regex used to validate this parameter is a string of characters consisting of uppercase and lowercase alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-

  • On success, responds with CreateAccessOutput with field(s):
    • server_id(Option<String>):

      The ID of the server that the user is attached to.

    • external_id(Option<String>):

      The external ID of the group whose users have access to your Amazon S3 or Amazon EFS resources over the enabled protocols using Amazon Web Services Transfer Family.

  • On failure, responds with SdkError<CreateAccessError>

Constructs a fluent builder for the CreateServer operation.

  • The fluent builder is configurable:
    • certificate(impl Into<String>) / set_certificate(Option<String>):

      The Amazon Resource Name (ARN) of the Amazon Web Services Certificate Manager (ACM) certificate. Required when Protocols is set to FTPS.

      To request a new public certificate, see Request a public certificate in the Amazon Web Services Certificate Manager User Guide.

      To import an existing certificate into ACM, see Importing certificates into ACM in the Amazon Web Services Certificate Manager User Guide.

      To request a private certificate to use FTPS through private IP addresses, see Request a private certificate in the Amazon Web Services Certificate Manager User Guide.

      Certificates with the following cryptographic algorithms and key sizes are supported:

      • 2048-bit RSA (RSA_2048)

      • 4096-bit RSA (RSA_4096)

      • Elliptic Prime Curve 256 bit (EC_prime256v1)

      • Elliptic Prime Curve 384 bit (EC_secp384r1)

      • Elliptic Prime Curve 521 bit (EC_secp521r1)

      The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.

    • domain(Domain) / set_domain(Option<Domain>):

      The domain of the storage system that is used for file transfers. There are two domains available: Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default value is S3.

      After the server is created, the domain cannot be changed.

    • endpoint_details(EndpointDetails) / set_endpoint_details(Option<EndpointDetails>):

      The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make it accessible only to resources within your VPC, or you can attach Elastic IP addresses and make it accessible to clients over the internet. Your VPC’s default security groups are automatically assigned to your endpoint.

    • endpoint_type(EndpointType) / set_endpoint_type(Option<EndpointType>):

      The type of endpoint that you want your server to use. You can choose to make your server’s endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it.

      After May 19, 2021, you won’t be able to create a server using EndpointType=VPC_ENDPOINT in your Amazon Web Services account if your account hasn’t already done so before May 19, 2021. If you have already created servers with EndpointType=VPC_ENDPOINT in your Amazon Web Services account on or before May 19, 2021, you will not be affected. After this date, use EndpointType=VPC.

      For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.

      It is recommended that you use VPC as the EndpointType. With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server’s endpoint and use VPC security groups to restrict traffic by the client’s public IP address. This is not possible with EndpointType set to VPC_ENDPOINT.

    • host_key(impl Into<String>) / set_host_key(Option<String>):

      The RSA private key as generated by the ssh-keygen -N “” -m PEM -f my-new-server-key command.

      If you aren’t planning to migrate existing users from an existing SFTP-enabled server to a new server, don’t update the host key. Accidentally changing a server’s host key can be disruptive.

      For more information, see Change the host key for your SFTP-enabled server in the Amazon Web Services Transfer Family User Guide.

    • identity_provider_details(IdentityProviderDetails) / set_identity_provider_details(Option<IdentityProviderDetails>):

      Required when IdentityProviderType is set to AWS_DIRECTORY_SERVICE or API_GATEWAY. Accepts an array containing all of the information required to use a directory in AWS_DIRECTORY_SERVICE or invoke a customer-supplied authentication API, including the API Gateway URL. Not required when IdentityProviderType is set to SERVICE_MANAGED.

    • identity_provider_type(IdentityProviderType) / set_identity_provider_type(Option<IdentityProviderType>):

      Specifies the mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Amazon Web Services Transfer Family service.

      Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Amazon Web Services Managed Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connectors. This option also requires you to provide a Directory ID using the IdentityProviderDetails parameter.

      Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an API Gateway endpoint URL to call for authentication using the IdentityProviderDetails parameter.

      Use the AWS_LAMBDA value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the Function parameter for the IdentityProviderDetails data type.

    • logging_role(impl Into<String>) / set_logging_role(Option<String>):

      Specifies the Amazon Resource Name (ARN) of the Amazon Web Services Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, user activity can be viewed in your CloudWatch logs.

    • post_authentication_login_banner(impl Into<String>) / set_post_authentication_login_banner(Option<String>):

      Specify a string to display when users connect to a server. This string is displayed after the user authenticates.

      The SFTP protocol does not support post-authentication display banners.

    • pre_authentication_login_banner(impl Into<String>) / set_pre_authentication_login_banner(Option<String>):

      Specify a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system.

      This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.

    • protocols(Vec<Protocol>) / set_protocols(Option<Vec<Protocol>>):

      Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server’s endpoint. The available protocols are:

      • SFTP (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH

      • FTPS (File Transfer Protocol Secure): File transfer with TLS encryption

      • FTP (File Transfer Protocol): Unencrypted file transfer

      If you select FTPS, you must choose a certificate stored in Amazon Web Services Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.

      If Protocol includes either FTP or FTPS, then the EndpointType must be VPC and the IdentityProviderType must be AWS_DIRECTORY_SERVICE or API_GATEWAY.

      If Protocol includes FTP, then AddressAllocationIds cannot be associated.

      If Protocol is set only to SFTP, the EndpointType can be set to PUBLIC and the IdentityProviderType can be set to SERVICE_MANAGED.

    • protocol_details(ProtocolDetails) / set_protocol_details(Option<ProtocolDetails>):

      The protocol settings that are configured for your server.

      Use the PassiveIp parameter to indicate passive mode (for FTP and FTPS protocols). Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.

      Use the TlsSessionResumptionMode parameter to determine whether or not your Transfer server resumes recent, negotiated sessions through a unique session ID.

    • security_policy_name(impl Into<String>) / set_security_policy_name(Option<String>):

      Specifies the name of the security policy that is attached to the server.

    • tags(Vec<Tag>) / set_tags(Option<Vec<Tag>>):

      Key-value pairs that can be used to group and search for servers.

    • workflow_details(WorkflowDetails) / set_workflow_details(Option<WorkflowDetails>):

      Specifies the workflow ID for the workflow to assign and the execution role used for executing the workflow.

  • On success, responds with CreateServerOutput with field(s):
  • On failure, responds with SdkError<CreateServerError>

Constructs a fluent builder for the CreateUser operation.

  • The fluent builder is configurable:
    • home_directory(impl Into<String>) / set_home_directory(Option<String>):

      The landing directory (folder) for a user when they log in to the server using the client.

      A HomeDirectory example is /bucket_name/home/mydirectory.

    • home_directory_type(HomeDirectoryType) / set_home_directory_type(Option<HomeDirectoryType>):

      The type of landing directory (folder) you want your users’ home directory to be when they log into the server. If you set it to PATH, the user will see the absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol clients. If you set it LOGICAL, you need to provide mappings in the HomeDirectoryMappings for how you want to make Amazon S3 or EFS paths visible to your users.

    • home_directory_mappings(Vec<HomeDirectoryMapEntry>) / set_home_directory_mappings(Option<Vec<HomeDirectoryMapEntry>>):

      Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL.

      The following is an Entry and Target pair example.

      [ { “Entry”: “/directory1”, “Target”: “/bucket_name/home/mydirectory” } ]

      In most cases, you can use this value instead of the session policy to lock your user down to the designated home directory (“chroot”). To do this, you can set Entry to / and set Target to the HomeDirectory parameter value.

      The following is an Entry and Target pair example for chroot.

      [ { “Entry”: “/”, “Target”: “/bucket_name/home/mydirectory” } ]

    • policy(impl Into<String>) / set_policy(Option<String>):

      A session policy for your user so that you can use the same IAM role across multiple users. This policy scopes down user access to portions of their Amazon S3 bucket. Variables that you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}.

      This only applies when the domain of ServerId is S3. EFS does not use session policies.

      For session policies, Amazon Web Services Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the Policy argument.

      For an example of a session policy, see Example session policy.

      For more information, see AssumeRole in the Amazon Web Services Security Token Service API Reference.

    • posix_profile(PosixProfile) / set_posix_profile(Option<PosixProfile>):

      Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users’ access to your Amazon EFS file systems. The POSIX permissions that are set on files and directories in Amazon EFS determine the level of access your users get when transferring files into and out of your Amazon EFS file systems.

    • role(impl Into<String>) / set_role(Option<String>):

      Specifies the Amazon Resource Name (ARN) of the IAM role that controls your users’ access to your Amazon S3 bucket or EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users’ transfer requests.

    • server_id(impl Into<String>) / set_server_id(Option<String>):

      A system-assigned unique identifier for a server instance. This is the specific server that you added your user to.

    • ssh_public_key_body(impl Into<String>) / set_ssh_public_key_body(Option<String>):

      The public portion of the Secure Shell (SSH) key used to authenticate the user to the server.

      Currently, Transfer Family does not accept elliptical curve keys (keys beginning with ecdsa).

    • tags(Vec<Tag>) / set_tags(Option<Vec<Tag>>):

      Key-value pairs that can be used to group and search for users. Tags are metadata attached to users for any purpose.

    • user_name(impl Into<String>) / set_user_name(Option<String>):

      A unique string that identifies a user and is associated with a ServerId. This user name must be a minimum of 3 and a maximum of 100 characters long. The following are valid characters: a-z, A-Z, 0-9, underscore ‘_’, hyphen ‘-’, period ‘.’, and at sign ‘@’. The user name can’t start with a hyphen, period, or at sign.

  • On success, responds with CreateUserOutput with field(s):
  • On failure, responds with SdkError<CreateUserError>

Constructs a fluent builder for the CreateWorkflow operation.

Constructs a fluent builder for the DeleteAccess operation.

  • The fluent builder is configurable:
    • server_id(impl Into<String>) / set_server_id(Option<String>):

      A system-assigned unique identifier for a server that has this user assigned.

    • external_id(impl Into<String>) / set_external_id(Option<String>):

      A unique identifier that is required to identify specific groups within your directory. The users of the group that you associate have access to your Amazon S3 or Amazon EFS resources over the enabled protocols using Amazon Web Services Transfer Family. If you know the group name, you can view the SID values by running the following command using Windows PowerShell.

      Get-ADGroup -Filter {samAccountName -like “YourGroupName*”} -Properties * | Select SamAccountName,ObjectSid

      In that command, replace YourGroupName with the name of your Active Directory group.

      The regex used to validate this parameter is a string of characters consisting of uppercase and lowercase alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-

  • On success, responds with DeleteAccessOutput
  • On failure, responds with SdkError<DeleteAccessError>

Constructs a fluent builder for the DeleteServer operation.

Constructs a fluent builder for the DeleteSshPublicKey operation.

Constructs a fluent builder for the DeleteUser operation.

Constructs a fluent builder for the DeleteWorkflow operation.

Constructs a fluent builder for the DescribeAccess operation.

  • The fluent builder is configurable:
    • server_id(impl Into<String>) / set_server_id(Option<String>):

      A system-assigned unique identifier for a server that has this access assigned.

    • external_id(impl Into<String>) / set_external_id(Option<String>):

      A unique identifier that is required to identify specific groups within your directory. The users of the group that you associate have access to your Amazon S3 or Amazon EFS resources over the enabled protocols using Amazon Web Services Transfer Family. If you know the group name, you can view the SID values by running the following command using Windows PowerShell.

      Get-ADGroup -Filter {samAccountName -like “YourGroupName*”} -Properties * | Select SamAccountName,ObjectSid

      In that command, replace YourGroupName with the name of your Active Directory group.

      The regex used to validate this parameter is a string of characters consisting of uppercase and lowercase alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-

  • On success, responds with DescribeAccessOutput with field(s):
  • On failure, responds with SdkError<DescribeAccessError>

Constructs a fluent builder for the DescribeExecution operation.

Constructs a fluent builder for the DescribeSecurityPolicy operation.

Constructs a fluent builder for the DescribeServer operation.

Constructs a fluent builder for the DescribeUser operation.

Constructs a fluent builder for the DescribeWorkflow operation.

Constructs a fluent builder for the ImportSshPublicKey operation.

Constructs a fluent builder for the ListAccesses operation. This operation supports pagination; See into_paginator().

Constructs a fluent builder for the ListExecutions operation. This operation supports pagination; See into_paginator().

  • The fluent builder is configurable:
    • max_results(i32) / set_max_results(Option<i32>):

      Specifies the aximum number of executions to return.

    • next_token(impl Into<String>) / set_next_token(Option<String>):

      ListExecutions returns the NextToken parameter in the output. You can then pass the NextToken parameter in a subsequent command to continue listing additional executions.

      This is useful for pagination, for instance. If you have 100 executions for a workflow, you might only want to list first 10. If so, callthe API by specifing the max-results:

      aws transfer list-executions –max-results 10

      This returns details for the first 10 executions, as well as the pointer (NextToken) to the eleventh execution. You can now call the API again, suppling the NextToken value you received:

      aws transfer list-executions –max-results 10 –next-token $somePointerReturnedFromPreviousListResult

      This call returns the next 10 executions, the 11th through the 20th. You can then repeat the call until the details for all 100 executions have been returned.

    • workflow_id(impl Into<String>) / set_workflow_id(Option<String>):

      A unique identifier for the workflow.

  • On success, responds with ListExecutionsOutput with field(s):
    • next_token(Option<String>):

      ListExecutions returns the NextToken parameter in the output. You can then pass the NextToken parameter in a subsequent command to continue listing additional executions.

    • workflow_id(Option<String>):

      A unique identifier for the workflow.

    • executions(Option<Vec<ListedExecution>>):

      Returns the details for each execution.

      • NextToken: returned from a call to several APIs, you can use pass it to a subsequent command to continue listing additional executions.

      • StartTime: timestamp indicating when the execution began.

      • Executions: details of the execution, including the execution ID, initial file location, and Service metadata.

      • Status: one of the following values: IN_PROGRESS, COMPLETED, EXCEPTION, HANDLING_EXEPTION.

  • On failure, responds with SdkError<ListExecutionsError>

Constructs a fluent builder for the ListSecurityPolicies operation. This operation supports pagination; See into_paginator().

Constructs a fluent builder for the ListServers operation. This operation supports pagination; See into_paginator().

Constructs a fluent builder for the ListTagsForResource operation. This operation supports pagination; See into_paginator().

Constructs a fluent builder for the ListUsers operation. This operation supports pagination; See into_paginator().

Constructs a fluent builder for the ListWorkflows operation. This operation supports pagination; See into_paginator().

Constructs a fluent builder for the SendWorkflowStepState operation.

Constructs a fluent builder for the StartServer operation.

Constructs a fluent builder for the StopServer operation.

Constructs a fluent builder for the TagResource operation.

Constructs a fluent builder for the TestIdentityProvider operation.

Constructs a fluent builder for the UntagResource operation.

Constructs a fluent builder for the UpdateAccess operation.

  • The fluent builder is configurable:
    • home_directory(impl Into<String>) / set_home_directory(Option<String>):

      The landing directory (folder) for a user when they log in to the server using the client.

      A HomeDirectory example is /bucket_name/home/mydirectory.

    • home_directory_type(HomeDirectoryType) / set_home_directory_type(Option<HomeDirectoryType>):

      The type of landing directory (folder) you want your users’ home directory to be when they log into the server. If you set it to PATH, the user will see the absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol clients. If you set it LOGICAL, you need to provide mappings in the HomeDirectoryMappings for how you want to make Amazon S3 or EFS paths visible to your users.

    • home_directory_mappings(Vec<HomeDirectoryMapEntry>) / set_home_directory_mappings(Option<Vec<HomeDirectoryMapEntry>>):

      Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL.

      The following is an Entry and Target pair example.

      [ { “Entry”: “/directory1”, “Target”: “/bucket_name/home/mydirectory” } ]

      In most cases, you can use this value instead of the session policy to lock down your user to the designated home directory (“chroot”). To do this, you can set Entry to / and set Target to the HomeDirectory parameter value.

      The following is an Entry and Target pair example for chroot.

      [ { “Entry”: “/”, “Target”: “/bucket_name/home/mydirectory” } ]

    • policy(impl Into<String>) / set_policy(Option<String>):

      A session policy for your user so that you can use the same IAM role across multiple users. This policy scopes down user access to portions of their Amazon S3 bucket. Variables that you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}.

      This only applies when the domain of ServerId is S3. EFS does not use session policies.

      For session policies, Amazon Web Services Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the Policy argument.

      For an example of a session policy, see Example session policy.

      For more information, see AssumeRole in the Amazon Web ServicesSecurity Token Service API Reference.

    • posix_profile(PosixProfile) / set_posix_profile(Option<PosixProfile>):

      The full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users’ access to your Amazon EFS file systems. The POSIX permissions that are set on files and directories in your file system determine the level of access your users get when transferring files into and out of your Amazon EFS file systems.

    • role(impl Into<String>) / set_role(Option<String>):

      Specifies the Amazon Resource Name (ARN) of the IAM role that controls your users’ access to your Amazon S3 bucket or EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users’ transfer requests.

    • server_id(impl Into<String>) / set_server_id(Option<String>):

      A system-assigned unique identifier for a server instance. This is the specific server that you added your user to.

    • external_id(impl Into<String>) / set_external_id(Option<String>):

      A unique identifier that is required to identify specific groups within your directory. The users of the group that you associate have access to your Amazon S3 or Amazon EFS resources over the enabled protocols using Amazon Web Services Transfer Family. If you know the group name, you can view the SID values by running the following command using Windows PowerShell.

      Get-ADGroup -Filter {samAccountName -like “YourGroupName*”} -Properties * | Select SamAccountName,ObjectSid

      In that command, replace YourGroupName with the name of your Active Directory group.

      The regex used to validate this parameter is a string of characters consisting of uppercase and lowercase alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-

  • On success, responds with UpdateAccessOutput with field(s):
    • server_id(Option<String>):

      The ID of the server that the user is attached to.

    • external_id(Option<String>):

      The external ID of the group whose users have access to your Amazon S3 or Amazon EFS resources over the enabled protocols using Amazon Web ServicesTransfer Family.

  • On failure, responds with SdkError<UpdateAccessError>

Constructs a fluent builder for the UpdateServer operation.

  • The fluent builder is configurable:
    • certificate(impl Into<String>) / set_certificate(Option<String>):

      The Amazon Resource Name (ARN) of the Amazon Web ServicesCertificate Manager (ACM) certificate. Required when Protocols is set to FTPS.

      To request a new public certificate, see Request a public certificate in the Amazon Web ServicesCertificate Manager User Guide.

      To import an existing certificate into ACM, see Importing certificates into ACM in the Amazon Web ServicesCertificate Manager User Guide.

      To request a private certificate to use FTPS through private IP addresses, see Request a private certificate in the Amazon Web ServicesCertificate Manager User Guide.

      Certificates with the following cryptographic algorithms and key sizes are supported:

      • 2048-bit RSA (RSA_2048)

      • 4096-bit RSA (RSA_4096)

      • Elliptic Prime Curve 256 bit (EC_prime256v1)

      • Elliptic Prime Curve 384 bit (EC_secp384r1)

      • Elliptic Prime Curve 521 bit (EC_secp521r1)

      The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.

    • protocol_details(ProtocolDetails) / set_protocol_details(Option<ProtocolDetails>):

      The protocol settings that are configured for your server.

      Use the PassiveIp parameter to indicate passive mode (for FTP and FTPS protocols). Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.

      Use the TlsSessionResumptionMode parameter to determine whether or not your Transfer server resumes recent, negotiated sessions through a unique session ID.

    • endpoint_details(EndpointDetails) / set_endpoint_details(Option<EndpointDetails>):

      The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make it accessible only to resources within your VPC, or you can attach Elastic IP addresses and make it accessible to clients over the internet. Your VPC’s default security groups are automatically assigned to your endpoint.

    • endpoint_type(EndpointType) / set_endpoint_type(Option<EndpointType>):

      The type of endpoint that you want your server to use. You can choose to make your server’s endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it.

      After May 19, 2021, you won’t be able to create a server using EndpointType=VPC_ENDPOINT in your Amazon Web Servicesaccount if your account hasn’t already done so before May 19, 2021. If you have already created servers with EndpointType=VPC_ENDPOINT in your Amazon Web Servicesaccount on or before May 19, 2021, you will not be affected. After this date, use EndpointType=VPC.

      For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.

      It is recommended that you use VPC as the EndpointType. With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server’s endpoint and use VPC security groups to restrict traffic by the client’s public IP address. This is not possible with EndpointType set to VPC_ENDPOINT.

    • host_key(impl Into<String>) / set_host_key(Option<String>):

      The RSA private key as generated by ssh-keygen -N “” -m PEM -f my-new-server-key.

      If you aren’t planning to migrate existing users from an existing server to a new server, don’t update the host key. Accidentally changing a server’s host key can be disruptive.

      For more information, see Change the host key for your SFTP-enabled server in the Amazon Web ServicesTransfer Family User Guide.

    • identity_provider_details(IdentityProviderDetails) / set_identity_provider_details(Option<IdentityProviderDetails>):

      An array containing all of the information required to call a customer’s authentication API method.

    • logging_role(impl Into<String>) / set_logging_role(Option<String>):

      Specifies the Amazon Resource Name (ARN) of the Amazon Web Services Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, user activity can be viewed in your CloudWatch logs.

    • post_authentication_login_banner(impl Into<String>) / set_post_authentication_login_banner(Option<String>):

      Specify a string to display when users connect to a server. This string is displayed after the user authenticates.

      The SFTP protocol does not support post-authentication display banners.

    • pre_authentication_login_banner(impl Into<String>) / set_pre_authentication_login_banner(Option<String>):

      Specify a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system.

      This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.

    • protocols(Vec<Protocol>) / set_protocols(Option<Vec<Protocol>>):

      Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server’s endpoint. The available protocols are:

      • Secure Shell (SSH) File Transfer Protocol (SFTP): File transfer over SSH

      • File Transfer Protocol Secure (FTPS): File transfer with TLS encryption

      • File Transfer Protocol (FTP): Unencrypted file transfer

      If you select FTPS, you must choose a certificate stored in Amazon Web ServicesCertificate Manager (ACM) which will be used to identify your server when clients connect to it over FTPS.

      If Protocol includes either FTP or FTPS, then the EndpointType must be VPC and the IdentityProviderType must be AWS_DIRECTORY_SERVICE or API_GATEWAY.

      If Protocol includes FTP, then AddressAllocationIds cannot be associated.

      If Protocol is set only to SFTP, the EndpointType can be set to PUBLIC and the IdentityProviderType can be set to SERVICE_MANAGED.

    • security_policy_name(impl Into<String>) / set_security_policy_name(Option<String>):

      Specifies the name of the security policy that is attached to the server.

    • server_id(impl Into<String>) / set_server_id(Option<String>):

      A system-assigned unique identifier for a server instance that the user account is assigned to.

    • workflow_details(WorkflowDetails) / set_workflow_details(Option<WorkflowDetails>):

      Specifies the workflow ID for the workflow to assign and the execution role used for executing the workflow.

      To remove an associated workflow from a server, you can provide an empty OnUpload object, as in the following example.

      aws transfer update-server –server-id s-01234567890abcdef –workflow-details ‘{“OnUpload”:[]}’

  • On success, responds with UpdateServerOutput with field(s):
  • On failure, responds with SdkError<UpdateServerError>

Constructs a fluent builder for the UpdateUser operation.

  • The fluent builder is configurable:
    • home_directory(impl Into<String>) / set_home_directory(Option<String>):

      The landing directory (folder) for a user when they log in to the server using the client.

      A HomeDirectory example is /bucket_name/home/mydirectory.

    • home_directory_type(HomeDirectoryType) / set_home_directory_type(Option<HomeDirectoryType>):

      The type of landing directory (folder) you want your users’ home directory to be when they log into the server. If you set it to PATH, the user will see the absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol clients. If you set it LOGICAL, you need to provide mappings in the HomeDirectoryMappings for how you want to make Amazon S3 or EFS paths visible to your users.

    • home_directory_mappings(Vec<HomeDirectoryMapEntry>) / set_home_directory_mappings(Option<Vec<HomeDirectoryMapEntry>>):

      Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL.

      The following is an Entry and Target pair example.

      [ { “Entry”: “/directory1”, “Target”: “/bucket_name/home/mydirectory” } ]

      In most cases, you can use this value instead of the session policy to lock down your user to the designated home directory (“chroot”). To do this, you can set Entry to ‘/’ and set Target to the HomeDirectory parameter value.

      The following is an Entry and Target pair example for chroot.

      [ { “Entry”: “/”, “Target”: “/bucket_name/home/mydirectory” } ]

    • policy(impl Into<String>) / set_policy(Option<String>):

      A session policy for your user so that you can use the same IAM role across multiple users. This policy scopes down user access to portions of their Amazon S3 bucket. Variables that you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}.

      This only applies when the domain of ServerId is S3. EFS does not use session policies.

      For session policies, Amazon Web Services Transfer Family stores the policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. You save the policy as a JSON blob and pass it in the Policy argument.

      For an example of a session policy, see Creating a session policy.

      For more information, see AssumeRole in the Amazon Web Services Security Token Service API Reference.

    • posix_profile(PosixProfile) / set_posix_profile(Option<PosixProfile>):

      Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users’ access to your Amazon Elastic File Systems (Amazon EFS). The POSIX permissions that are set on files and directories in your file system determines the level of access your users get when transferring files into and out of your Amazon EFS file systems.

    • role(impl Into<String>) / set_role(Option<String>):

      Specifies the Amazon Resource Name (ARN) of the IAM role that controls your users’ access to your Amazon S3 bucket or EFS file system. The policies attached to this role determine the level of access that you want to provide your users when transferring files into and out of your Amazon S3 bucket or EFS file system. The IAM role should also contain a trust relationship that allows the server to access your resources when servicing your users’ transfer requests.

    • server_id(impl Into<String>) / set_server_id(Option<String>):

      A system-assigned unique identifier for a server instance that the user account is assigned to.

    • user_name(impl Into<String>) / set_user_name(Option<String>):

      A unique string that identifies a user and is associated with a server as specified by the ServerId. This user name must be a minimum of 3 and a maximum of 100 characters long. The following are valid characters: a-z, A-Z, 0-9, underscore ‘_’, hyphen ‘-’, period ‘.’, and at sign ‘@’. The user name can’t start with a hyphen, period, or at sign.

  • On success, responds with UpdateUserOutput with field(s):
    • server_id(Option<String>):

      A system-assigned unique identifier for a server instance that the user account is assigned to.

    • user_name(Option<String>):

      The unique identifier for a user that is assigned to a server instance that was specified in the request.

  • On failure, responds with SdkError<UpdateUserError>

Creates a client with the given service config and connector override.

Creates a new client from a shared config.

Creates a new client from the service Config.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Converts to this type from the input type.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more