hashicorp · ewbankkit · Feb 21, 2024 · Feb 19, 2024 · Feb 19, 2024 · Feb 21, 2024
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_transfer_server: Add `TransferSecurityPolicy-2024-01` and `TransferSecurityPolicy-FIPS-2024-01` as valid values for `security_policy_name`
+```
@@ -8,8 +8,10 @@ const (
 	SecurityPolicyName2020_06             = "TransferSecurityPolicy-2020-06"
 	SecurityPolicyNameFIPS_2020_06        = "TransferSecurityPolicy-FIPS-2020-06"
 	SecurityPolicyNameFIPS_2023_05        = "TransferSecurityPolicy-FIPS-2023-05"
+	SecurityPolicyNameFIPS_2024_01        = "TransferSecurityPolicy-FIPS-2024-01"
 	SecurityPolicyName2022_03             = "TransferSecurityPolicy-2022-03"
 	SecurityPolicyName2023_05             = "TransferSecurityPolicy-2023-05"
+	SecurityPolicyName2024_01             = "TransferSecurityPolicy-2024-01"
 	SecurityPolicyNamePQ_SSH_2023_04      = "TransferSecurityPolicy-PQ-SSH-Experimental-2023-04"
 	SecurityPolicyNamePQ_SSH_FIPS_2023_04 = "TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04"
 )
@@ -20,8 +22,10 @@ func SecurityPolicyName_Values() []string {
 		SecurityPolicyName2020_06,
 		SecurityPolicyNameFIPS_2020_06,
 		SecurityPolicyNameFIPS_2023_05,
+		SecurityPolicyNameFIPS_2024_01,
 		SecurityPolicyName2022_03,
 		SecurityPolicyName2023_05,
+		SecurityPolicyName2024_01,
 		SecurityPolicyNamePQ_SSH_2023_04,
 		SecurityPolicyNamePQ_SSH_FIPS_2023_04,
 	}

@@ -5,5 +5,6 @@ package transfer
 
 // Exports for use in tests only.
 var (
-	ResourceTag = resourceTag
+	ResourceServer = resourceServer
+	ResourceTag    = resourceTag
 )
@@ -30,7 +30,7 @@ import ( // nosemgrep:ci.semgrep.aws.multiple-service-imports
 
 // @SDKResource("aws_transfer_server", name="Server")
 // @Tags(identifierAttribute="arn")
-func ResourceServer() *schema.Resource {
+func resourceServer() *schema.Resource {
 	return &schema.Resource{
 		CreateWithoutTimeout: resourceServerCreate,
 		ReadWithoutTimeout:   resourceServerRead,

@@ -263,6 +263,13 @@ func testAccServer_securityPolicy(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-PQ-SSH-Experimental-2023-04"),
 				),
 			},
+			{
+				Config: testAccServerConfig_securityPolicy(rName, "TransferSecurityPolicy-2024-01"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServerExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-2024-01"),
+				),
+			},
 		},
 	})
 }
@@ -292,6 +299,13 @@ func testAccServer_securityPolicyFIPS(t *testing.T) {
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"force_destroy"},
 			},
+			{
+				Config: testAccServerConfig_securityPolicy(rName, "TransferSecurityPolicy-FIPS-2024-01"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServerExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-FIPS-2024-01"),
+				),
+			},
 		},
 	})
 }

@@ -45,7 +45,7 @@ func sweepServers(region string) error {
 		}
 
 		for _, server := range page.Servers {
-			r := ResourceServer()
+			r := resourceServer()
 			d := r.Data(nil)
 			d.SetId(aws.StringValue(server.ServerId))
 			d.Set("force_destroy", true) // In lieu of an aws_transfer_user sweeper.

@@ -221,7 +221,17 @@ This resource supports the following arguments:
 * `post_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
 * `pre_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
 * `protocol_details`- (Optional) The protocol settings that are configured for your server.
-* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-FIPS-2023-05`, `TransferSecurityPolicy-2022-03`, `TransferSecurityPolicy-2023-05`, `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04` and `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`. Default value is: `TransferSecurityPolicy-2018-11`.
+* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
+    * `TransferSecurityPolicy-2024-01`
+    * `TransferSecurityPolicy-2023-05`
+    * `TransferSecurityPolicy-2022-03`
+    * `TransferSecurityPolicy-2020-06`
+    * `TransferSecurityPolicy-2018-11`
+    * `TransferSecurityPolicy-FIPS-2024-01`
+    * `TransferSecurityPolicy-FIPS-2023-05`
+    * `TransferSecurityPolicy-FIPS-2020-06`
+    * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
+    * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
 * `structured_log_destinations` - (Optional) A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `workflow_details` - (Optional) Specifies the workflow details. See Workflow Details below.

@@ -254,7 +254,17 @@ This resource supports the following arguments:
 * `postAuthenticationLoginBanner`- (Optional) Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
 * `preAuthenticationLoginBanner`- (Optional) Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
 * `protocolDetails`- (Optional) The protocol settings that are configured for your server.
-* `securityPolicyName` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-FIPS-2023-05`, `TransferSecurityPolicy-2022-03`, `TransferSecurityPolicy-2023-05`, `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04` and `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`. Default value is: `TransferSecurityPolicy-2018-11`.
+* `securityPolicyName` - (Optional) Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
+    * `TransferSecurityPolicy-2024-01`
+    * `TransferSecurityPolicy-2023-05`
+    * `TransferSecurityPolicy-2022-03`
+    * `TransferSecurityPolicy-2020-06`
+    * `TransferSecurityPolicy-2018-11`
+    * `TransferSecurityPolicy-FIPS-2024-01`
+    * `TransferSecurityPolicy-FIPS-2023-05`
+    * `TransferSecurityPolicy-FIPS-2020-06`
+    * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
+    * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
 * `structuredLogDestinations` - (Optional) A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`defaultTags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `workflowDetails` - (Optional) Specifies the workflow details. See Workflow Details below.

@@ -145,7 +145,17 @@ This resource supports the following arguments:
 * `post_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
 * `pre_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
 * `protocol_details`- (Optional) The protocol settings that are configured for your server.
-* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-FIPS-2023-05`, `TransferSecurityPolicy-2022-03`, `TransferSecurityPolicy-2023-05`, `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04` and `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`. Default value is: `TransferSecurityPolicy-2018-11`.
+* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
+    * `TransferSecurityPolicy-2024-01`
+    * `TransferSecurityPolicy-2023-05`
+    * `TransferSecurityPolicy-2022-03`
+    * `TransferSecurityPolicy-2020-06`
+    * `TransferSecurityPolicy-2018-11`
+    * `TransferSecurityPolicy-FIPS-2024-01`
+    * `TransferSecurityPolicy-FIPS-2023-05`
+    * `TransferSecurityPolicy-FIPS-2020-06`
+    * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
+    * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
 * `structured_log_destinations` - (Optional) A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `workflow_details` - (Optional) Specifies the workflow details. See Workflow Details below.