aws-sdk-s3 1.123.1 → 1.132.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -31,6 +31,10 @@ module Aws
31
31
  key: options[:key],
32
32
  }
33
33
  @params[:version_id] = options[:version_id] if options[:version_id]
34
+ @params[:checksum_mode] = options[:checksum_mode] || 'ENABLED'
35
+ @on_checksum_validated = options[:on_checksum_validated]
36
+
37
+ validate!
34
38
 
35
39
  Aws::Plugins::UserAgent.feature('s3-transfer') do
36
40
  case @mode
@@ -54,6 +58,17 @@ module Aws
54
58
 
55
59
  private
56
60
 
61
+ def validate!
62
+ if @on_checksum_validated && @params[:checksum_mode] != 'ENABLED'
63
+ raise ArgumentError, "You must set checksum_mode: 'ENABLED' " +
64
+ "when providing a on_checksum_validated callback"
65
+ end
66
+
67
+ if @on_checksum_validated && !@on_checksum_validated.respond_to?(:call)
68
+ raise ArgumentError, 'on_checksum_validated must be callable'
69
+ end
70
+ end
71
+
57
72
  def multipart_download
58
73
  resp = @client.head_object(@params.merge(part_number: 1))
59
74
  count = resp.parts_count
@@ -129,6 +144,9 @@ module Aws
129
144
  @params.merge(param.to_sym => chunk)
130
145
  )
131
146
  write(resp)
147
+ if @on_checksum_validated && resp.checksum_validated
148
+ @on_checksum_validated.call(resp.checksum_validated, resp)
149
+ end
132
150
  end
133
151
  end
134
152
  threads.each(&:join)
@@ -142,9 +160,17 @@ module Aws
142
160
  end
143
161
 
144
162
  def single_request
145
- @client.get_object(
163
+ resp = @client.get_object(
146
164
  @params.merge(response_target: @path)
147
165
  )
166
+
167
+ return resp unless @on_checksum_validated
168
+
169
+ if resp.checksum_validated
170
+ @on_checksum_validated.call(resp.checksum_validated, resp)
171
+ end
172
+
173
+ resp
148
174
  end
149
175
  end
150
176
  end
@@ -240,7 +240,7 @@ module Aws::S3
240
240
  end
241
241
 
242
242
  # The server-side encryption algorithm used when storing this object in
243
- # Amazon S3 (for example, AES256, `aws:kms`).
243
+ # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
244
244
  # @return [String]
245
245
  def server_side_encryption
246
246
  data[:server_side_encryption]
@@ -269,16 +269,16 @@ module Aws::S3
269
269
  data[:sse_customer_key_md5]
270
270
  end
271
271
 
272
- # If present, specifies the ID of the Amazon Web Services Key Management
273
- # Service (Amazon Web Services KMS) symmetric encryption customer
274
- # managed key that was used for the object.
272
+ # If present, specifies the ID of the Key Management Service (KMS)
273
+ # symmetric encryption customer managed key that was used for the
274
+ # object.
275
275
  # @return [String]
276
276
  def ssekms_key_id
277
277
  data[:ssekms_key_id]
278
278
  end
279
279
 
280
280
  # Indicates whether the object uses an S3 Bucket Key for server-side
281
- # encryption with Amazon Web Services KMS (SSE-KMS).
281
+ # encryption with Key Management Service (KMS) keys (SSE-KMS).
282
282
  # @return [Boolean]
283
283
  def bucket_key_enabled
284
284
  data[:bucket_key_enabled]
@@ -615,7 +615,7 @@ module Aws::S3
615
615
  # },
616
616
  # metadata_directive: "COPY", # accepts COPY, REPLACE
617
617
  # tagging_directive: "COPY", # accepts COPY, REPLACE
618
- # server_side_encryption: "AES256", # accepts AES256, aws:kms
618
+ # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
619
619
  # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
620
620
  # website_redirect_location: "WebsiteRedirectLocation",
621
621
  # sse_customer_algorithm: "SSECustomerAlgorithm",
@@ -745,7 +745,7 @@ module Aws::S3
745
745
  # or replaced with tag-set provided in the request.
746
746
  # @option options [String] :server_side_encryption
747
747
  # The server-side encryption algorithm used when storing this object in
748
- # Amazon S3 (for example, AES256, `aws:kms`).
748
+ # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
749
749
  # @option options [String] :storage_class
750
750
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
751
751
  # created objects. The STANDARD storage class provides high durability
@@ -778,13 +778,12 @@ module Aws::S3
778
778
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
779
779
  # ensure that the encryption key was transmitted without error.
780
780
  # @option options [String] :ssekms_key_id
781
- # Specifies the Amazon Web Services KMS key ID to use for object
782
- # encryption. All GET and PUT requests for an object protected by Amazon
783
- # Web Services KMS will fail if not made via SSL or using SigV4. For
784
- # information about configuring using any of the officially supported
785
- # Amazon Web Services SDKs and Amazon Web Services CLI, see [Specifying
786
- # the Signature Version in Request Authentication][1] in the *Amazon S3
787
- # User Guide*.
781
+ # Specifies the KMS key ID to use for object encryption. All GET and PUT
782
+ # requests for an object protected by KMS will fail if they're not made
783
+ # via SSL or using SigV4. For information about configuring any of the
784
+ # officially supported Amazon Web Services SDKs and Amazon Web Services
785
+ # CLI, see [Specifying the Signature Version in Request
786
+ # Authentication][1] in the *Amazon S3 User Guide*.
788
787
  #
789
788
  #
790
789
  #
@@ -795,9 +794,9 @@ module Aws::S3
795
794
  # string holding JSON with the encryption context key-value pairs.
796
795
  # @option options [Boolean] :bucket_key_enabled
797
796
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
798
- # encryption with server-side encryption using AWS KMS (SSE-KMS).
799
- # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
800
- # for object encryption with SSE-KMS.
797
+ # encryption with server-side encryption using Key Management Service
798
+ # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
799
+ # to use an S3 Bucket Key for object encryption with SSE-KMS.
801
800
  #
802
801
  # Specifying this header with a COPY action doesn’t affect bucket-level
803
802
  # settings for S3 Bucket Key.
@@ -1026,7 +1025,7 @@ module Aws::S3
1026
1025
  # metadata: {
1027
1026
  # "MetadataKey" => "MetadataValue",
1028
1027
  # },
1029
- # server_side_encryption: "AES256", # accepts AES256, aws:kms
1028
+ # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1030
1029
  # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
1031
1030
  # website_redirect_location: "WebsiteRedirectLocation",
1032
1031
  # sse_customer_algorithm: "SSECustomerAlgorithm",
@@ -1083,7 +1082,7 @@ module Aws::S3
1083
1082
  # A map of metadata to store with the object in S3.
1084
1083
  # @option options [String] :server_side_encryption
1085
1084
  # The server-side encryption algorithm used when storing this object in
1086
- # Amazon S3 (for example, AES256, `aws:kms`).
1085
+ # Amazon S3 (for example, `AES256`, `aws:kms`).
1087
1086
  # @option options [String] :storage_class
1088
1087
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1089
1088
  # created objects. The STANDARD storage class provides high durability
@@ -1115,11 +1114,11 @@ module Aws::S3
1115
1114
  # @option options [String] :ssekms_key_id
1116
1115
  # Specifies the ID of the symmetric encryption customer managed key to
1117
1116
  # use for object encryption. All GET and PUT requests for an object
1118
- # protected by Amazon Web Services KMS will fail if not made via SSL or
1119
- # using SigV4. For information about configuring using any of the
1120
- # officially supported Amazon Web Services SDKs and Amazon Web Services
1121
- # CLI, see [Specifying the Signature Version in Request
1122
- # Authentication][1] in the *Amazon S3 User Guide*.
1117
+ # protected by KMS will fail if they're not made via SSL or using
1118
+ # SigV4. For information about configuring any of the officially
1119
+ # supported Amazon Web Services SDKs and Amazon Web Services CLI, see
1120
+ # [Specifying the Signature Version in Request Authentication][1] in the
1121
+ # *Amazon S3 User Guide*.
1123
1122
  #
1124
1123
  #
1125
1124
  #
@@ -1130,9 +1129,9 @@ module Aws::S3
1130
1129
  # string holding JSON with the encryption context key-value pairs.
1131
1130
  # @option options [Boolean] :bucket_key_enabled
1132
1131
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1133
- # encryption with server-side encryption using AWS KMS (SSE-KMS).
1134
- # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
1135
- # for object encryption with SSE-KMS.
1132
+ # encryption with server-side encryption using Key Management Service
1133
+ # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
1134
+ # to use an S3 Bucket Key for object encryption with SSE-KMS.
1136
1135
  #
1137
1136
  # Specifying this header with an object action doesn’t affect
1138
1137
  # bucket-level settings for S3 Bucket Key.
@@ -1211,7 +1210,7 @@ module Aws::S3
1211
1210
  # metadata: {
1212
1211
  # "MetadataKey" => "MetadataValue",
1213
1212
  # },
1214
- # server_side_encryption: "AES256", # accepts AES256, aws:kms
1213
+ # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1215
1214
  # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
1216
1215
  # website_redirect_location: "WebsiteRedirectLocation",
1217
1216
  # sse_customer_algorithm: "SSECustomerAlgorithm",
@@ -1378,7 +1377,7 @@ module Aws::S3
1378
1377
  # A map of metadata to store with the object in S3.
1379
1378
  # @option options [String] :server_side_encryption
1380
1379
  # The server-side encryption algorithm used when storing this object in
1381
- # Amazon S3 (for example, AES256, `aws:kms`).
1380
+ # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
1382
1381
  # @option options [String] :storage_class
1383
1382
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1384
1383
  # created objects. The STANDARD storage class provides high durability
@@ -1429,15 +1428,15 @@ module Aws::S3
1429
1428
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1430
1429
  # ensure that the encryption key was transmitted without error.
1431
1430
  # @option options [String] :ssekms_key_id
1432
- # If `x-amz-server-side-encryption` has a valid value of `aws:kms`, this
1433
- # header specifies the ID of the Amazon Web Services Key Management
1434
- # Service (Amazon Web Services KMS) symmetric encryption customer
1435
- # managed key that was used for the object. If you specify
1436
- # `x-amz-server-side-encryption:aws:kms`, but do not provide`
1431
+ # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
1432
+ # `aws:kms:dsse`, this header specifies the ID of the Key Management
1433
+ # Service (KMS) symmetric encryption customer managed key that was used
1434
+ # for the object. If you specify `x-amz-server-side-encryption:aws:kms`
1435
+ # or `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
1437
1436
  # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
1438
- # Amazon Web Services managed key to protect the data. If the KMS key
1439
- # does not exist in the same account issuing the command, you must use
1440
- # the full ARN and not just the ID.
1437
+ # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
1438
+ # KMS key does not exist in the same account that's issuing the
1439
+ # command, you must use the full ARN and not just the ID.
1441
1440
  # @option options [String] :ssekms_encryption_context
1442
1441
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1443
1442
  # object encryption. The value of this header is a base64-encoded UTF-8
@@ -1447,9 +1446,9 @@ module Aws::S3
1447
1446
  # operations on this object.
1448
1447
  # @option options [Boolean] :bucket_key_enabled
1449
1448
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1450
- # encryption with server-side encryption using AWS KMS (SSE-KMS).
1451
- # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
1452
- # for object encryption with SSE-KMS.
1449
+ # encryption with server-side encryption using Key Management Service
1450
+ # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
1451
+ # to use an S3 Bucket Key for object encryption with SSE-KMS.
1453
1452
  #
1454
1453
  # Specifying this header with a PUT action doesn’t affect bucket-level
1455
1454
  # settings for S3 Bucket Key.
@@ -1544,7 +1543,7 @@ module Aws::S3
1544
1543
  # bucket_name: "BucketName", # required
1545
1544
  # prefix: "LocationPrefix", # required
1546
1545
  # encryption: {
1547
- # encryption_type: "AES256", # required, accepts AES256, aws:kms
1546
+ # encryption_type: "AES256", # required, accepts AES256, aws:kms, aws:kms:dsse
1548
1547
  # kms_key_id: "SSEKMSKeyId",
1549
1548
  # kms_context: "KMSContext",
1550
1549
  # },
@@ -15,18 +15,21 @@ module Aws
15
15
  MAX_PARTS = 10_000
16
16
 
17
17
  # @option options [Client] :client
18
- # @option [Integer] :min_part_size (52428800) Size of copied parts.
19
- # Defaults to 50MB.
20
- # will be constructed from the given `options' hash.
21
- # @option [Integer] :thread_count (10) Number of concurrent threads to
22
- # use for copying parts.
18
+ # @option options [Integer] :min_part_size (52428800)
19
+ # Size of copied parts. Defaults to 50MB.
20
+ # @option options [Integer] :thread_count (10) Number of concurrent
21
+ # threads to use for copying parts.
22
+ # @option options [Boolean] :use_source_parts (false) Use part sizes
23
+ # defined on the source object if any exist. If copying or moving an
24
+ # object that is already multipart, this does not re-part the object,
25
+ # instead re-using the part definitions on the original. That means
26
+ # the etag and any checksums will not change. This is especially
27
+ # useful if the source object has parts with varied sizes.
23
28
  def initialize(options = {})
29
+ @use_source_parts = options.delete(:use_source_parts) || false
24
30
  @thread_count = options.delete(:thread_count) || 10
25
31
  @min_part_size = options.delete(:min_part_size) || (FIVE_MB * 10)
26
32
  @client = options[:client] || Client.new
27
- if options[:checksum_algorithm]
28
- raise ArgumentError, 'Multipart Copy does not support setting :checksum_algorithm'
29
- end
30
33
  end
31
34
 
32
35
  # @return [Client]
@@ -78,10 +81,9 @@ module Aws
78
81
  end
79
82
 
80
83
  def copy_part(part)
81
- {
82
- etag: @client.upload_part_copy(part).copy_part_result.etag,
83
- part_number: part[:part_number],
84
- }
84
+ @client.upload_part_copy(part).copy_part_result.to_h.merge({
85
+ part_number: part[:part_number]
86
+ }).tap { |result| result.delete(:last_modified) }
85
87
  end
86
88
 
87
89
  def complete_upload(parts, options)
@@ -104,24 +106,37 @@ module Aws
104
106
  parts = []
105
107
  options = options_for(:upload_part_copy, options)
106
108
  while offset < size
109
+ part_size = calculate_part_size(part_number, default_part_size, options)
107
110
  parts << options.merge({
108
111
  part_number: part_number,
109
- copy_source_range: byte_range(offset, default_part_size, size),
112
+ copy_source_range: byte_range(offset, part_size, size),
110
113
  })
111
114
  part_number += 1
112
- offset += default_part_size
115
+ offset += part_size
113
116
  end
114
117
  parts
115
118
  end
116
119
 
117
- def byte_range(offset, default_part_size, size)
118
- if offset + default_part_size < size
119
- "bytes=#{offset}-#{offset + default_part_size - 1}"
120
+ def byte_range(offset, part_size, size)
121
+ if offset + part_size < size
122
+ "bytes=#{offset}-#{offset + part_size - 1}"
120
123
  else
121
124
  "bytes=#{offset}-#{size - 1}"
122
125
  end
123
126
  end
124
127
 
128
+ def calculate_part_size(part_number, default_part_size, options)
129
+ if @use_source_parts && source_has_parts(options)
130
+ source_metadata(options.merge({ part_number: part_number }))[:content_length]
131
+ else
132
+ default_part_size
133
+ end
134
+ end
135
+
136
+ def source_has_parts(options)
137
+ @source_has_parts ||= source_metadata(options.merge({ part_number: 1 }))[:parts_count]
138
+ end
139
+
125
140
  def source_metadata(options)
126
141
  if options[:content_length]
127
142
  return { content_length: options.delete(:content_length) }
@@ -138,6 +153,7 @@ module Aws
138
153
  key = CGI.unescape(key)
139
154
  opts = { bucket: bucket, key: key }
140
155
  opts[:version_id] = version_id if version_id
156
+ opts[:part_number] = options[:part_number] if options[:part_number]
141
157
  client.head_object(opts).to_h
142
158
  end
143
159
 
@@ -98,6 +98,20 @@ module Aws::S3
98
98
  data[:owner]
99
99
  end
100
100
 
101
+ # Specifies the restoration status of an object. Objects in certain
102
+ # storage classes must be restored before they can be retrieved. For
103
+ # more information about these storage classes and how to work with
104
+ # archived objects, see [ Working with archived objects][1] in the
105
+ # *Amazon S3 User Guide*.
106
+ #
107
+ #
108
+ #
109
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html
110
+ # @return [Types::RestoreStatus]
111
+ def restore_status
112
+ data[:restore_status]
113
+ end
114
+
101
115
  # @!endgroup
102
116
 
103
117
  # @return [Client]
@@ -310,7 +324,7 @@ module Aws::S3
310
324
  # },
311
325
  # metadata_directive: "COPY", # accepts COPY, REPLACE
312
326
  # tagging_directive: "COPY", # accepts COPY, REPLACE
313
- # server_side_encryption: "AES256", # accepts AES256, aws:kms
327
+ # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
314
328
  # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
315
329
  # website_redirect_location: "WebsiteRedirectLocation",
316
330
  # sse_customer_algorithm: "SSECustomerAlgorithm",
@@ -440,7 +454,7 @@ module Aws::S3
440
454
  # or replaced with tag-set provided in the request.
441
455
  # @option options [String] :server_side_encryption
442
456
  # The server-side encryption algorithm used when storing this object in
443
- # Amazon S3 (for example, AES256, `aws:kms`).
457
+ # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
444
458
  # @option options [String] :storage_class
445
459
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
446
460
  # created objects. The STANDARD storage class provides high durability
@@ -473,13 +487,12 @@ module Aws::S3
473
487
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
474
488
  # ensure that the encryption key was transmitted without error.
475
489
  # @option options [String] :ssekms_key_id
476
- # Specifies the Amazon Web Services KMS key ID to use for object
477
- # encryption. All GET and PUT requests for an object protected by Amazon
478
- # Web Services KMS will fail if not made via SSL or using SigV4. For
479
- # information about configuring using any of the officially supported
480
- # Amazon Web Services SDKs and Amazon Web Services CLI, see [Specifying
481
- # the Signature Version in Request Authentication][1] in the *Amazon S3
482
- # User Guide*.
490
+ # Specifies the KMS key ID to use for object encryption. All GET and PUT
491
+ # requests for an object protected by KMS will fail if they're not made
492
+ # via SSL or using SigV4. For information about configuring any of the
493
+ # officially supported Amazon Web Services SDKs and Amazon Web Services
494
+ # CLI, see [Specifying the Signature Version in Request
495
+ # Authentication][1] in the *Amazon S3 User Guide*.
483
496
  #
484
497
  #
485
498
  #
@@ -490,9 +503,9 @@ module Aws::S3
490
503
  # string holding JSON with the encryption context key-value pairs.
491
504
  # @option options [Boolean] :bucket_key_enabled
492
505
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
493
- # encryption with server-side encryption using AWS KMS (SSE-KMS).
494
- # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
495
- # for object encryption with SSE-KMS.
506
+ # encryption with server-side encryption using Key Management Service
507
+ # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
508
+ # to use an S3 Bucket Key for object encryption with SSE-KMS.
496
509
  #
497
510
  # Specifying this header with a COPY action doesn’t affect bucket-level
498
511
  # settings for S3 Bucket Key.
@@ -721,7 +734,7 @@ module Aws::S3
721
734
  # metadata: {
722
735
  # "MetadataKey" => "MetadataValue",
723
736
  # },
724
- # server_side_encryption: "AES256", # accepts AES256, aws:kms
737
+ # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
725
738
  # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
726
739
  # website_redirect_location: "WebsiteRedirectLocation",
727
740
  # sse_customer_algorithm: "SSECustomerAlgorithm",
@@ -778,7 +791,7 @@ module Aws::S3
778
791
  # A map of metadata to store with the object in S3.
779
792
  # @option options [String] :server_side_encryption
780
793
  # The server-side encryption algorithm used when storing this object in
781
- # Amazon S3 (for example, AES256, `aws:kms`).
794
+ # Amazon S3 (for example, `AES256`, `aws:kms`).
782
795
  # @option options [String] :storage_class
783
796
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
784
797
  # created objects. The STANDARD storage class provides high durability
@@ -810,11 +823,11 @@ module Aws::S3
810
823
  # @option options [String] :ssekms_key_id
811
824
  # Specifies the ID of the symmetric encryption customer managed key to
812
825
  # use for object encryption. All GET and PUT requests for an object
813
- # protected by Amazon Web Services KMS will fail if not made via SSL or
814
- # using SigV4. For information about configuring using any of the
815
- # officially supported Amazon Web Services SDKs and Amazon Web Services
816
- # CLI, see [Specifying the Signature Version in Request
817
- # Authentication][1] in the *Amazon S3 User Guide*.
826
+ # protected by KMS will fail if they're not made via SSL or using
827
+ # SigV4. For information about configuring any of the officially
828
+ # supported Amazon Web Services SDKs and Amazon Web Services CLI, see
829
+ # [Specifying the Signature Version in Request Authentication][1] in the
830
+ # *Amazon S3 User Guide*.
818
831
  #
819
832
  #
820
833
  #
@@ -825,9 +838,9 @@ module Aws::S3
825
838
  # string holding JSON with the encryption context key-value pairs.
826
839
  # @option options [Boolean] :bucket_key_enabled
827
840
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
828
- # encryption with server-side encryption using AWS KMS (SSE-KMS).
829
- # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
830
- # for object encryption with SSE-KMS.
841
+ # encryption with server-side encryption using Key Management Service
842
+ # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
843
+ # to use an S3 Bucket Key for object encryption with SSE-KMS.
831
844
  #
832
845
  # Specifying this header with an object action doesn’t affect
833
846
  # bucket-level settings for S3 Bucket Key.
@@ -906,7 +919,7 @@ module Aws::S3
906
919
  # metadata: {
907
920
  # "MetadataKey" => "MetadataValue",
908
921
  # },
909
- # server_side_encryption: "AES256", # accepts AES256, aws:kms
922
+ # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
910
923
  # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
911
924
  # website_redirect_location: "WebsiteRedirectLocation",
912
925
  # sse_customer_algorithm: "SSECustomerAlgorithm",
@@ -1073,7 +1086,7 @@ module Aws::S3
1073
1086
  # A map of metadata to store with the object in S3.
1074
1087
  # @option options [String] :server_side_encryption
1075
1088
  # The server-side encryption algorithm used when storing this object in
1076
- # Amazon S3 (for example, AES256, `aws:kms`).
1089
+ # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
1077
1090
  # @option options [String] :storage_class
1078
1091
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1079
1092
  # created objects. The STANDARD storage class provides high durability
@@ -1124,15 +1137,15 @@ module Aws::S3
1124
1137
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1125
1138
  # ensure that the encryption key was transmitted without error.
1126
1139
  # @option options [String] :ssekms_key_id
1127
- # If `x-amz-server-side-encryption` has a valid value of `aws:kms`, this
1128
- # header specifies the ID of the Amazon Web Services Key Management
1129
- # Service (Amazon Web Services KMS) symmetric encryption customer
1130
- # managed key that was used for the object. If you specify
1131
- # `x-amz-server-side-encryption:aws:kms`, but do not provide`
1140
+ # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
1141
+ # `aws:kms:dsse`, this header specifies the ID of the Key Management
1142
+ # Service (KMS) symmetric encryption customer managed key that was used
1143
+ # for the object. If you specify `x-amz-server-side-encryption:aws:kms`
1144
+ # or `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
1132
1145
  # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
1133
- # Amazon Web Services managed key to protect the data. If the KMS key
1134
- # does not exist in the same account issuing the command, you must use
1135
- # the full ARN and not just the ID.
1146
+ # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
1147
+ # KMS key does not exist in the same account that's issuing the
1148
+ # command, you must use the full ARN and not just the ID.
1136
1149
  # @option options [String] :ssekms_encryption_context
1137
1150
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1138
1151
  # object encryption. The value of this header is a base64-encoded UTF-8
@@ -1142,9 +1155,9 @@ module Aws::S3
1142
1155
  # operations on this object.
1143
1156
  # @option options [Boolean] :bucket_key_enabled
1144
1157
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1145
- # encryption with server-side encryption using AWS KMS (SSE-KMS).
1146
- # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
1147
- # for object encryption with SSE-KMS.
1158
+ # encryption with server-side encryption using Key Management Service
1159
+ # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
1160
+ # to use an S3 Bucket Key for object encryption with SSE-KMS.
1148
1161
  #
1149
1162
  # Specifying this header with a PUT action doesn’t affect bucket-level
1150
1163
  # settings for S3 Bucket Key.
@@ -1239,7 +1252,7 @@ module Aws::S3
1239
1252
  # bucket_name: "BucketName", # required
1240
1253
  # prefix: "LocationPrefix", # required
1241
1254
  # encryption: {
1242
- # encryption_type: "AES256", # required, accepts AES256, aws:kms
1255
+ # encryption_type: "AES256", # required, accepts AES256, aws:kms, aws:kms:dsse
1243
1256
  # kms_key_id: "SSEKMSKeyId",
1244
1257
  # kms_context: "KMSContext",
1245
1258
  # },
@@ -105,6 +105,20 @@ module Aws::S3
105
105
  data[:owner]
106
106
  end
107
107
 
108
+ # Specifies the restoration status of an object. Objects in certain
109
+ # storage classes must be restored before they can be retrieved. For
110
+ # more information about these storage classes and how to work with
111
+ # archived objects, see [ Working with archived objects][1] in the
112
+ # *Amazon S3 User Guide*.
113
+ #
114
+ #
115
+ #
116
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html
117
+ # @return [Types::RestoreStatus]
118
+ def restore_status
119
+ data[:restore_status]
120
+ end
121
+
108
122
  # @!endgroup
109
123
 
110
124
  # @return [Client]