feat(client-datasync): AWS DataSync now supports TLS encryption in tr…

…ansit, file system policies and access points for EFS locations.
aws · May 27, 2022 · 691df14 · 691df14
1 parent cf58e1e
commit 691df14
Show file tree

Hide file tree

Showing 6 changed files with 166 additions and 70 deletions.
diff --git a/clients/client-datasync/src/DataSync.ts b/clients/client-datasync/src/DataSync.ts
@@ -267,7 +267,8 @@ export class DataSync extends DataSyncClient {
   }
 
   /**
-   * <p>Creates an endpoint for an Amazon EFS file system.</p>
+   * <p>Creates an endpoint for an Amazon EFS file system that DataSync
+   *       can access for a transfer. For more information, see <a href="https://docs.aws.amazon.com/datasync/latest/userguide/create-efs-location.html">Creating a location for Amazon EFS</a>.</p>
    */
   public createLocationEfs(
     args: CreateLocationEfsCommandInput,
@@ -729,7 +730,7 @@ export class DataSync extends DataSyncClient {
   }
 
   /**
-   * <p>Returns metadata, such as the path information about an Amazon EFS location.</p>
+   * <p>Returns metadata about your DataSync location for an Amazon EFS file system.</p>
    */
   public describeLocationEfs(
     args: DescribeLocationEfsCommandInput,

diff --git a/clients/client-datasync/src/commands/CreateLocationEfsCommand.ts b/clients/client-datasync/src/commands/CreateLocationEfsCommand.ts
@@ -23,7 +23,8 @@ export interface CreateLocationEfsCommandInput extends CreateLocationEfsRequest
 export interface CreateLocationEfsCommandOutput extends CreateLocationEfsResponse, __MetadataBearer {}
 
 /**
- * <p>Creates an endpoint for an Amazon EFS file system.</p>
+ * <p>Creates an endpoint for an Amazon EFS file system that DataSync
+ *       can access for a transfer. For more information, see <a href="https://docs.aws.amazon.com/datasync/latest/userguide/create-efs-location.html">Creating a location for Amazon EFS</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-datasync/src/commands/DescribeLocationEfsCommand.ts b/clients/client-datasync/src/commands/DescribeLocationEfsCommand.ts
@@ -23,7 +23,7 @@ export interface DescribeLocationEfsCommandInput extends DescribeLocationEfsRequ
 export interface DescribeLocationEfsCommandOutput extends DescribeLocationEfsResponse, __MetadataBearer {}
 
 /**
- * <p>Returns metadata, such as the path information about an Amazon EFS location.</p>
+ * <p>Returns metadata about your DataSync location for an Amazon EFS file system.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-datasync/src/models/models_0.ts b/clients/client-datasync/src/models/models_0.ts
@@ -237,21 +237,30 @@ export namespace CreateAgentResponse {
 }
 
 /**
- * <p>The subnet that DataSync uses to access target EFS file system. The
- *       subnet must have at least one mount target for that file system. The security group that you
- *       provide needs to be able to communicate with the security group on the mount target in the
- *       subnet specified. </p>
+ * <p>The subnet and security groups that DataSync uses to access your Amazon EFS file system.</p>
  */
 export interface Ec2Config {
   /**
-   * <p>The ARN of the subnet that DataSync uses to access the target EFS file
-   *       system.</p>
+   * <p>Specifies the ARN of a subnet where DataSync creates the <a href="https://docs.aws.amazon.com/datasync/latest/userguide/datasync-network.html#required-network-interfaces">network interfaces</a> for managing traffic during your transfer.</p>
+   *          <p>The subnet must be located:</p>
+   *          <ul>
+   *             <li>
+   *                <p>In the same virtual private cloud (VPC) as the Amazon EFS file system.</p>
+   *             </li>
+   *             <li>
+   *                <p>In the same Availability Zone as at least one mount target for the Amazon EFS file
+   *           system.</p>
+   *             </li>
+   *          </ul>
+   *          <note>
+   *             <p>You don't need to specify a subnet that includes a file system mount target.</p>
+   *          </note>
    */
   SubnetArn: string | undefined;
 
   /**
-   * <p>The Amazon Resource Names (ARNs) of the security groups that are configured for the
-   *       Amazon EC2 resource.</p>
+   * <p>Specifies the Amazon Resource Names (ARNs) of the security groups associated with an
+   *         Amazon EFS file system's mount target.</p>
    */
   SecurityGroupArns: string[] | undefined;
 }
@@ -265,61 +274,59 @@ export namespace Ec2Config {
   });
 }
 
+export enum EfsInTransitEncryption {
+  NONE = "NONE",
+  TLS1_2 = "TLS1_2",
+}
+
 /**
  * <p>CreateLocationEfsRequest</p>
  */
 export interface CreateLocationEfsRequest {
   /**
-   * <p>A subdirectory in the location’s path. This subdirectory in the EFS file system is used
-   *       to read data from the EFS source location or write data to the EFS destination. By default,
-   *       DataSync uses the root directory.</p>
+   * <p>Specifies a mount path for your Amazon EFS file system. This is where DataSync reads or writes data (depending on if this is a source or destination location). By default, DataSync uses the root directory, but you can also include subdirectories.</p>
    *          <note>
-   *             <p>
-   *                <code>Subdirectory</code> must be specified with forward slashes. For example,
-   *           <code>/path/to/folder</code>.</p>
+   *             <p>You must specify a value with forward slashes (for example,
+   *           <code>/path/to/folder</code>).</p>
    *          </note>
    */
   Subdirectory?: string;
 
   /**
-   * <p>The Amazon Resource Name (ARN) for the Amazon EFS file system.</p>
+   * <p>Specifies the ARN for the Amazon EFS file system.</p>
    */
   EfsFilesystemArn: string | undefined;
 
   /**
-   * <p>The subnet and security group that the Amazon EFS file system uses. The security group
-   *       that you provide needs to be able to communicate with the security group on the mount target
-   *       in the subnet specified.</p>
-   *          <p>The exact relationship between security group M (of the mount target) and security
-   *       group S (which you provide for DataSync to use at this stage) is as follows: </p>
-   *          <ul>
-   *             <li>
-   *                <p> Security group M (which you associate with the mount target) must allow inbound
-   *           access for the Transmission Control Protocol (TCP) on the NFS port (2049) from security
-   *           group S. You can enable inbound connections either by IP address (CIDR range) or security
-   *           group. </p>
-   *             </li>
-   *             <li>
-   *                <p>Security group S (provided to DataSync to access EFS) should have a rule that
-   *           enables outbound connections to the NFS port on one of the file system’s mount targets.
-   *           You can enable outbound connections either by IP address (CIDR range) or security
-   *           group.</p>
-   *
-   *                <p>For information about security groups and mount targets, see Security
-   *           Groups for Amazon EC2 Instances and Mount Targets in the <i>Amazon EFS User
-   *             Guide.</i>
-   *                </p>
-   *             </li>
-   *          </ul>
+   * <p>Specifies the subnet and security groups DataSync uses to access your Amazon EFS file system.</p>
    */
   Ec2Config: Ec2Config | undefined;
 
   /**
-   * <p>The key-value pair that represents a tag that you want to add to the resource. The
-   *       value can be an empty string. This value helps you manage, filter, and search for your
-   *       resources. We recommend that you create a name tag for your location.</p>
+   * <p>Specifies the key-value pair that represents a tag that you want to add to the
+   *       resource. The value can be an empty string. This value helps you manage, filter, and search
+   *       for your resources. We recommend that you create a name tag for your location.</p>
    */
   Tags?: TagListEntry[];
+
+  /**
+   * <p>Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to access the Amazon EFS file system.</p>
+   */
+  AccessPointArn?: string;
+
+  /**
+   * <p>Specifies an Identity and Access Management (IAM) role that DataSync
+   *       assumes when mounting the Amazon EFS file system.</p>
+   */
+  FileSystemAccessRoleArn?: string;
+
+  /**
+   * <p>Specifies whether you want DataSync to use TLS encryption when transferring data to or from your Amazon EFS file system.</p>
+   *          <p>If you specify an access point using <code>AccessPointArn</code> or an IAM
+   *       role using <code>FileSystemAccessRoleArn</code>, you must set this parameter to
+   *         <code>TLS1_2</code>.</p>
+   */
+  InTransitEncryption?: EfsInTransitEncryption | string;
 }
 
 export namespace CreateLocationEfsRequest {
@@ -336,8 +343,8 @@ export namespace CreateLocationEfsRequest {
  */
 export interface CreateLocationEfsResponse {
   /**
-   * <p>The Amazon Resource Name (ARN) of the Amazon EFS file system location that is
-   *       created.</p>
+   * <p>The Amazon Resource Name (ARN) of the Amazon EFS file system location that you
+   *       create.</p>
    */
   LocationArn?: string;
 }
@@ -1962,7 +1969,7 @@ export namespace DescribeAgentResponse {
  */
 export interface DescribeLocationEfsRequest {
   /**
-   * <p>The Amazon Resource Name (ARN) of the EFS location to describe.</p>
+   * <p>The Amazon Resource Name (ARN) of the Amazon EFS file system location that you want information about.</p>
    */
   LocationArn: string | undefined;
 }
@@ -1981,27 +1988,39 @@ export namespace DescribeLocationEfsRequest {
  */
 export interface DescribeLocationEfsResponse {
   /**
-   * <p>The Amazon Resource Name (ARN) of the EFS location that was described.</p>
+   * <p>The ARN of the Amazon EFS file system location.</p>
    */
   LocationArn?: string;
 
   /**
-   * <p>The URL of the EFS location that was described.</p>
+   * <p>The URL of the Amazon EFS file system location.</p>
    */
   LocationUri?: string;
 
   /**
-   * <p>The subnet that DataSync uses to access target EFS file system. The
-   *       subnet must have at least one mount target for that file system. The security group that you
-   *       provide needs to be able to communicate with the security group on the mount target in the
-   *       subnet specified. </p>
+   * <p>The subnet and security groups that DataSync uses to access your Amazon EFS file system.</p>
    */
   Ec2Config?: Ec2Config;
 
   /**
-   * <p>The time that the EFS location was created.</p>
+   * <p>The time that the location was created.</p>
    */
   CreationTime?: Date;
+
+  /**
+   * <p>The ARN of the access point that DataSync uses to access the Amazon EFS file system.</p>
+   */
+  AccessPointArn?: string;
+
+  /**
+   * <p>The Identity and Access Management (IAM) role that DataSync assumes when mounting the Amazon EFS file system.</p>
+   */
+  FileSystemAccessRoleArn?: string;
+
+  /**
+   * <p>Whether DataSync uses TLS encryption when transferring data to or from your Amazon EFS file system.</p>
+   */
+  InTransitEncryption?: EfsInTransitEncryption | string;
 }
 
 export namespace DescribeLocationEfsResponse {

diff --git a/clients/client-datasync/src/protocols/Aws_json1_1.ts b/clients/client-datasync/src/protocols/Aws_json1_1.ts
@@ -2766,10 +2766,16 @@ const serializeAws_json1_1CreateLocationEfsRequest = (
   context: __SerdeContext
 ): any => {
   return {
+    ...(input.AccessPointArn !== undefined &&
+      input.AccessPointArn !== null && { AccessPointArn: input.AccessPointArn }),
     ...(input.Ec2Config !== undefined &&
       input.Ec2Config !== null && { Ec2Config: serializeAws_json1_1Ec2Config(input.Ec2Config, context) }),
     ...(input.EfsFilesystemArn !== undefined &&
       input.EfsFilesystemArn !== null && { EfsFilesystemArn: input.EfsFilesystemArn }),
+    ...(input.FileSystemAccessRoleArn !== undefined &&
+      input.FileSystemAccessRoleArn !== null && { FileSystemAccessRoleArn: input.FileSystemAccessRoleArn }),
+    ...(input.InTransitEncryption !== undefined &&
+      input.InTransitEncryption !== null && { InTransitEncryption: input.InTransitEncryption }),
     ...(input.Subdirectory !== undefined && input.Subdirectory !== null && { Subdirectory: input.Subdirectory }),
     ...(input.Tags !== undefined &&
       input.Tags !== null && { Tags: serializeAws_json1_1InputTagList(input.Tags, context) }),
@@ -3696,6 +3702,7 @@ const deserializeAws_json1_1DescribeLocationEfsResponse = (
   context: __SerdeContext
 ): DescribeLocationEfsResponse => {
   return {
+    AccessPointArn: __expectString(output.AccessPointArn),
     CreationTime:
       output.CreationTime !== undefined && output.CreationTime !== null
         ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.CreationTime)))
@@ -3704,6 +3711,8 @@ const deserializeAws_json1_1DescribeLocationEfsResponse = (
       output.Ec2Config !== undefined && output.Ec2Config !== null
         ? deserializeAws_json1_1Ec2Config(output.Ec2Config, context)
         : undefined,
+    FileSystemAccessRoleArn: __expectString(output.FileSystemAccessRoleArn),
+    InTransitEncryption: __expectString(output.InTransitEncryption),
     LocationArn: __expectString(output.LocationArn),
     LocationUri: __expectString(output.LocationUri),
   } as any;