aws-sdk-s3 1.127.0 → 1.141.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +87 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/bucket.rb +421 -81
  5. data/lib/aws-sdk-s3/bucket_acl.rb +9 -9
  6. data/lib/aws-sdk-s3/bucket_cors.rb +12 -12
  7. data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -12
  8. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -12
  9. data/lib/aws-sdk-s3/bucket_logging.rb +16 -9
  10. data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
  11. data/lib/aws-sdk-s3/bucket_policy.rb +58 -14
  12. data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -9
  13. data/lib/aws-sdk-s3/bucket_tagging.rb +12 -12
  14. data/lib/aws-sdk-s3/bucket_versioning.rb +27 -27
  15. data/lib/aws-sdk-s3/bucket_website.rb +12 -12
  16. data/lib/aws-sdk-s3/client.rb +5707 -2536
  17. data/lib/aws-sdk-s3/client_api.rb +111 -16
  18. data/lib/aws-sdk-s3/customizations/errors.rb +1 -1
  19. data/lib/aws-sdk-s3/customizations/object.rb +63 -0
  20. data/lib/aws-sdk-s3/customizations.rb +5 -0
  21. data/lib/aws-sdk-s3/endpoint_parameters.rb +36 -0
  22. data/lib/aws-sdk-s3/endpoint_provider.rb +104 -246
  23. data/lib/aws-sdk-s3/endpoints.rb +440 -0
  24. data/lib/aws-sdk-s3/express_credentials.rb +55 -0
  25. data/lib/aws-sdk-s3/express_credentials_cache.rb +30 -0
  26. data/lib/aws-sdk-s3/express_credentials_provider.rb +36 -0
  27. data/lib/aws-sdk-s3/file_downloader.rb +142 -21
  28. data/lib/aws-sdk-s3/multipart_file_uploader.rb +0 -1
  29. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +0 -1
  30. data/lib/aws-sdk-s3/multipart_upload.rb +69 -16
  31. data/lib/aws-sdk-s3/multipart_upload_part.rb +160 -35
  32. data/lib/aws-sdk-s3/object.rb +1504 -235
  33. data/lib/aws-sdk-s3/object_acl.rb +29 -15
  34. data/lib/aws-sdk-s3/object_multipart_copier.rb +33 -17
  35. data/lib/aws-sdk-s3/object_summary.rb +1367 -254
  36. data/lib/aws-sdk-s3/object_version.rb +297 -42
  37. data/lib/aws-sdk-s3/plugins/endpoints.rb +13 -2
  38. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +90 -0
  39. data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
  40. data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
  41. data/lib/aws-sdk-s3/presigned_post.rb +52 -43
  42. data/lib/aws-sdk-s3/presigner.rb +2 -2
  43. data/lib/aws-sdk-s3/resource.rb +83 -11
  44. data/lib/aws-sdk-s3/types.rb +4500 -1351
  45. data/lib/aws-sdk-s3.rb +1 -1
  46. metadata +11 -7
@@ -45,6 +45,10 @@ module Aws::S3
45
45
  # Specifies whether the object retrieved was (true) or was not (false) a
46
46
  # Delete Marker. If false, this response header does not appear in the
47
47
  # response.
48
+ #
49
+ # <note markdown="1"> This functionality is not supported for directory buckets.
50
+ #
51
+ # </note>
48
52
  # @return [Boolean]
49
53
  def delete_marker
50
54
  data[:delete_marker]
@@ -56,10 +60,19 @@ module Aws::S3
56
60
  data[:accept_ranges]
57
61
  end
58
62
 
59
- # If the object expiration is configured (see PUT Bucket lifecycle), the
60
- # response includes this header. It includes the `expiry-date` and
61
- # `rule-id` key-value pairs providing object expiration information. The
62
- # value of the `rule-id` is URL-encoded.
63
+ # If the object expiration is configured (see [
64
+ # `PutBucketLifecycleConfiguration` ][1]), the response includes this
65
+ # header. It includes the `expiry-date` and `rule-id` key-value pairs
66
+ # providing object expiration information. The value of the `rule-id` is
67
+ # URL-encoded.
68
+ #
69
+ # <note markdown="1"> This functionality is not supported for directory buckets.
70
+ #
71
+ # </note>
72
+ #
73
+ #
74
+ #
75
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
63
76
  # @return [String]
64
77
  def expiration
65
78
  data[:expiration]
@@ -82,6 +95,12 @@ module Aws::S3
82
95
  # For more information about archiving objects, see [Transitioning
83
96
  # Objects: General Considerations][2].
84
97
  #
98
+ # <note markdown="1"> This functionality is not supported for directory buckets. Only the S3
99
+ # Express One Zone storage class is supported by directory buckets to
100
+ # store objects.
101
+ #
102
+ # </note>
103
+ #
85
104
  #
86
105
  #
87
106
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
@@ -92,12 +111,16 @@ module Aws::S3
92
111
  end
93
112
 
94
113
  # The archive state of the head object.
114
+ #
115
+ # <note markdown="1"> This functionality is not supported for directory buckets.
116
+ #
117
+ # </note>
95
118
  # @return [String]
96
119
  def archive_status
97
120
  data[:archive_status]
98
121
  end
99
122
 
100
- # Creation date of the object.
123
+ # Date and time when the object was last modified.
101
124
  # @return [Time]
102
125
  def last_modified
103
126
  data[:last_modified]
@@ -110,10 +133,13 @@ module Aws::S3
110
133
  end
111
134
 
112
135
  # The base64-encoded, 32-bit CRC32 checksum of the object. This will
113
- # only be present if it was uploaded with the object. With multipart
114
- # uploads, this may not be a checksum value of the object. For more
115
- # information about how checksums are calculated with multipart uploads,
116
- # see [ Checking object integrity][1] in the *Amazon S3 User Guide*.
136
+ # only be present if it was uploaded with the object. When you use an
137
+ # API operation on an object that was uploaded using multipart uploads,
138
+ # this value may not be a direct checksum value of the full object.
139
+ # Instead, it's a calculation based on the checksum values of each
140
+ # individual part. For more information about how checksums are
141
+ # calculated with multipart uploads, see [ Checking object integrity][1]
142
+ # in the *Amazon S3 User Guide*.
117
143
  #
118
144
  #
119
145
  #
@@ -124,10 +150,13 @@ module Aws::S3
124
150
  end
125
151
 
126
152
  # The base64-encoded, 32-bit CRC32C checksum of the object. This will
127
- # only be present if it was uploaded with the object. With multipart
128
- # uploads, this may not be a checksum value of the object. For more
129
- # information about how checksums are calculated with multipart uploads,
130
- # see [ Checking object integrity][1] in the *Amazon S3 User Guide*.
153
+ # only be present if it was uploaded with the object. When you use an
154
+ # API operation on an object that was uploaded using multipart uploads,
155
+ # this value may not be a direct checksum value of the full object.
156
+ # Instead, it's a calculation based on the checksum values of each
157
+ # individual part. For more information about how checksums are
158
+ # calculated with multipart uploads, see [ Checking object integrity][1]
159
+ # in the *Amazon S3 User Guide*.
131
160
  #
132
161
  #
133
162
  #
@@ -138,10 +167,13 @@ module Aws::S3
138
167
  end
139
168
 
140
169
  # The base64-encoded, 160-bit SHA-1 digest of the object. This will only
141
- # be present if it was uploaded with the object. With multipart uploads,
142
- # this may not be a checksum value of the object. For more information
143
- # about how checksums are calculated with multipart uploads, see [
144
- # Checking object integrity][1] in the *Amazon S3 User Guide*.
170
+ # be present if it was uploaded with the object. When you use the API
171
+ # operation on an object that was uploaded using multipart uploads, this
172
+ # value may not be a direct checksum value of the full object. Instead,
173
+ # it's a calculation based on the checksum values of each individual
174
+ # part. For more information about how checksums are calculated with
175
+ # multipart uploads, see [ Checking object integrity][1] in the *Amazon
176
+ # S3 User Guide*.
145
177
  #
146
178
  #
147
179
  #
@@ -152,10 +184,13 @@ module Aws::S3
152
184
  end
153
185
 
154
186
  # The base64-encoded, 256-bit SHA-256 digest of the object. This will
155
- # only be present if it was uploaded with the object. With multipart
156
- # uploads, this may not be a checksum value of the object. For more
157
- # information about how checksums are calculated with multipart uploads,
158
- # see [ Checking object integrity][1] in the *Amazon S3 User Guide*.
187
+ # only be present if it was uploaded with the object. When you use an
188
+ # API operation on an object that was uploaded using multipart uploads,
189
+ # this value may not be a direct checksum value of the full object.
190
+ # Instead, it's a calculation based on the checksum values of each
191
+ # individual part. For more information about how checksums are
192
+ # calculated with multipart uploads, see [ Checking object integrity][1]
193
+ # in the *Amazon S3 User Guide*.
159
194
  #
160
195
  #
161
196
  #
@@ -177,12 +212,20 @@ module Aws::S3
177
212
  # API like SOAP that supports more flexible metadata than the REST API.
178
213
  # For example, using SOAP, you can create metadata whose values are not
179
214
  # legal HTTP headers.
215
+ #
216
+ # <note markdown="1"> This functionality is not supported for directory buckets.
217
+ #
218
+ # </note>
180
219
  # @return [Integer]
181
220
  def missing_meta
182
221
  data[:missing_meta]
183
222
  end
184
223
 
185
- # Version of the object.
224
+ # Version ID of the object.
225
+ #
226
+ # <note markdown="1"> This functionality is not supported for directory buckets.
227
+ #
228
+ # </note>
186
229
  # @return [String]
187
230
  def version_id
188
231
  data[:version_id]
@@ -200,7 +243,7 @@ module Aws::S3
200
243
  data[:content_disposition]
201
244
  end
202
245
 
203
- # Specifies what content encodings have been applied to the object and
246
+ # Indicates what content encodings have been applied to the object and
204
247
  # thus what decoding mechanisms must be applied to obtain the media-type
205
248
  # referenced by the Content-Type header field.
206
249
  # @return [String]
@@ -234,13 +277,22 @@ module Aws::S3
234
277
  # If the bucket is configured as a website, redirects requests for this
235
278
  # object to another object in the same bucket or to an external URL.
236
279
  # Amazon S3 stores the value of this header in the object metadata.
280
+ #
281
+ # <note markdown="1"> This functionality is not supported for directory buckets.
282
+ #
283
+ # </note>
237
284
  # @return [String]
238
285
  def website_redirect_location
239
286
  data[:website_redirect_location]
240
287
  end
241
288
 
242
- # The server-side encryption algorithm used when storing this object in
243
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
289
+ # The server-side encryption algorithm used when you store this object
290
+ # in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
291
+ #
292
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
293
+ # managed keys (SSE-S3) (`AES256`) is supported.
294
+ #
295
+ # </note>
244
296
  # @return [String]
245
297
  def server_side_encryption
246
298
  data[:server_side_encryption]
@@ -253,25 +305,37 @@ module Aws::S3
253
305
  end
254
306
 
255
307
  # If server-side encryption with a customer-provided encryption key was
256
- # requested, the response will include this header confirming the
257
- # encryption algorithm used.
308
+ # requested, the response will include this header to confirm the
309
+ # encryption algorithm that's used.
310
+ #
311
+ # <note markdown="1"> This functionality is not supported for directory buckets.
312
+ #
313
+ # </note>
258
314
  # @return [String]
259
315
  def sse_customer_algorithm
260
316
  data[:sse_customer_algorithm]
261
317
  end
262
318
 
263
319
  # If server-side encryption with a customer-provided encryption key was
264
- # requested, the response will include this header to provide round-trip
265
- # message integrity verification of the customer-provided encryption
266
- # key.
320
+ # requested, the response will include this header to provide the
321
+ # round-trip message integrity verification of the customer-provided
322
+ # encryption key.
323
+ #
324
+ # <note markdown="1"> This functionality is not supported for directory buckets.
325
+ #
326
+ # </note>
267
327
  # @return [String]
268
328
  def sse_customer_key_md5
269
329
  data[:sse_customer_key_md5]
270
330
  end
271
331
 
272
- # If present, specifies the ID of the Key Management Service (KMS)
332
+ # If present, indicates the ID of the Key Management Service (KMS)
273
333
  # symmetric encryption customer managed key that was used for the
274
334
  # object.
335
+ #
336
+ # <note markdown="1"> This functionality is not supported for directory buckets.
337
+ #
338
+ # </note>
275
339
  # @return [String]
276
340
  def ssekms_key_id
277
341
  data[:ssekms_key_id]
@@ -279,6 +343,10 @@ module Aws::S3
279
343
 
280
344
  # Indicates whether the object uses an S3 Bucket Key for server-side
281
345
  # encryption with Key Management Service (KMS) keys (SSE-KMS).
346
+ #
347
+ # <note markdown="1"> This functionality is not supported for directory buckets.
348
+ #
349
+ # </note>
282
350
  # @return [Boolean]
283
351
  def bucket_key_enabled
284
352
  data[:bucket_key_enabled]
@@ -290,6 +358,11 @@ module Aws::S3
290
358
  #
291
359
  # For more information, see [Storage Classes][1].
292
360
  #
361
+ # <note markdown="1"> <b>Directory buckets </b> - Only the S3 Express One Zone storage class
362
+ # is supported by directory buckets to store objects.
363
+ #
364
+ # </note>
365
+ #
293
366
  #
294
367
  #
295
368
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
@@ -300,6 +373,10 @@ module Aws::S3
300
373
 
301
374
  # If present, indicates that the requester was successfully charged for
302
375
  # the request.
376
+ #
377
+ # <note markdown="1"> This functionality is not supported for directory buckets.
378
+ #
379
+ # </note>
303
380
  # @return [String]
304
381
  def request_charged
305
382
  data[:request_charged]
@@ -342,6 +419,10 @@ module Aws::S3
342
419
  #
343
420
  # For more information, see [Replication][1].
344
421
  #
422
+ # <note markdown="1"> This functionality is not supported for directory buckets.
423
+ #
424
+ # </note>
425
+ #
345
426
  #
346
427
  #
347
428
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
@@ -363,6 +444,10 @@ module Aws::S3
363
444
  # `s3:GetObjectRetention` permission. For more information about S3
364
445
  # Object Lock, see [Object Lock][1].
365
446
  #
447
+ # <note markdown="1"> This functionality is not supported for directory buckets.
448
+ #
449
+ # </note>
450
+ #
366
451
  #
367
452
  #
368
453
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
@@ -374,6 +459,10 @@ module Aws::S3
374
459
  # The date and time when the Object Lock retention period expires. This
375
460
  # header is only returned if the requester has the
376
461
  # `s3:GetObjectRetention` permission.
462
+ #
463
+ # <note markdown="1"> This functionality is not supported for directory buckets.
464
+ #
465
+ # </note>
377
466
  # @return [Time]
378
467
  def object_lock_retain_until_date
379
468
  data[:object_lock_retain_until_date]
@@ -385,6 +474,10 @@ module Aws::S3
385
474
  # specified version of this object has never had a legal hold applied.
386
475
  # For more information about S3 Object Lock, see [Object Lock][1].
387
476
  #
477
+ # <note markdown="1"> This functionality is not supported for directory buckets.
478
+ #
479
+ # </note>
480
+ #
388
481
  #
389
482
  #
390
483
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
@@ -616,7 +709,7 @@ module Aws::S3
616
709
  # metadata_directive: "COPY", # accepts COPY, REPLACE
617
710
  # tagging_directive: "COPY", # accepts COPY, REPLACE
618
711
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
619
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
712
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
620
713
  # website_redirect_location: "WebsiteRedirectLocation",
621
714
  # sse_customer_algorithm: "SSECustomerAlgorithm",
622
715
  # sse_customer_key: "SSECustomerKey",
@@ -637,40 +730,98 @@ module Aws::S3
637
730
  # })
638
731
  # @param [Hash] options ({})
639
732
  # @option options [String] :acl
640
- # The canned ACL to apply to the object.
733
+ # The canned access control list (ACL) to apply to the object.
734
+ #
735
+ # When you copy an object, the ACL metadata is not preserved and is set
736
+ # to `private` by default. Only the owner has full access control. To
737
+ # override the default ACL setting, specify a new ACL when you generate
738
+ # a copy request. For more information, see [Using ACLs][1].
739
+ #
740
+ # If the destination bucket that you're copying objects to uses the
741
+ # bucket owner enforced setting for S3 Object Ownership, ACLs are
742
+ # disabled and no longer affect permissions. Buckets that use this
743
+ # setting only accept `PUT` requests that don't specify an ACL or `PUT`
744
+ # requests that specify bucket owner full control ACLs, such as the
745
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
746
+ # ACL expressed in the XML format. For more information, see
747
+ # [Controlling ownership of objects and disabling ACLs][2] in the
748
+ # *Amazon S3 User Guide*.
641
749
  #
642
- # This action is not supported by Amazon S3 on Outposts.
750
+ # <note markdown="1"> * If your destination bucket uses the bucket owner enforced setting
751
+ # for Object Ownership, all objects written to the bucket by any
752
+ # account will be owned by the bucket owner.
753
+ #
754
+ # * This functionality is not supported for directory buckets.
755
+ #
756
+ # * This functionality is not supported for Amazon S3 on Outposts.
757
+ #
758
+ # </note>
759
+ #
760
+ #
761
+ #
762
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
763
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
643
764
  # @option options [String] :cache_control
644
- # Specifies caching behavior along the request/reply chain.
765
+ # Specifies the caching behavior along the request/reply chain.
645
766
  # @option options [String] :checksum_algorithm
646
- # Indicates the algorithm you want Amazon S3 to use to create the
767
+ # Indicates the algorithm that you want Amazon S3 to use to create the
647
768
  # checksum for the object. For more information, see [Checking object
648
769
  # integrity][1] in the *Amazon S3 User Guide*.
649
770
  #
771
+ # When you copy an object, if the source object has a checksum, that
772
+ # checksum value will be copied to the new object by default. If the
773
+ # `CopyObject` request does not include this `x-amz-checksum-algorithm`
774
+ # header, the checksum algorithm will be copied from the source object
775
+ # to the destination object (if it's present on the source object). You
776
+ # can optionally specify a different checksum algorithm to use with the
777
+ # `x-amz-checksum-algorithm` header. Unrecognized or unsupported values
778
+ # will respond with the HTTP status code `400 Bad Request`.
779
+ #
780
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
781
+ # is the default checksum algorithm that's used for performance.
782
+ #
783
+ # </note>
784
+ #
650
785
  #
651
786
  #
652
787
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
653
788
  # @option options [String] :content_disposition
654
- # Specifies presentational information for the object.
789
+ # Specifies presentational information for the object. Indicates whether
790
+ # an object should be displayed in a web browser or downloaded as a
791
+ # file. It allows specifying the desired filename for the downloaded
792
+ # file.
655
793
  # @option options [String] :content_encoding
656
794
  # Specifies what content encodings have been applied to the object and
657
795
  # thus what decoding mechanisms must be applied to obtain the media-type
658
796
  # referenced by the Content-Type header field.
797
+ #
798
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
799
+ # this header field.
800
+ #
801
+ # </note>
659
802
  # @option options [String] :content_language
660
803
  # The language the content is in.
661
804
  # @option options [String] :content_type
662
- # A standard MIME type describing the format of the object data.
805
+ # A standard MIME type that describes the format of the object data.
663
806
  # @option options [required, String] :copy_source
664
- # Specifies the source object for the copy operation. You specify the
665
- # value in one of two formats, depending on whether you want to access
666
- # the source object through an [access point][1]:
807
+ # Specifies the source object for the copy operation. The source object
808
+ # can be up to 5 GB. If the source object is an object that was uploaded
809
+ # by using a multipart upload, the object copy will be a single part
810
+ # object after the source object is copied to the destination bucket.
811
+ #
812
+ # You specify the value of the copy source in one of two formats,
813
+ # depending on whether you want to access the source object through an
814
+ # [access point][1]:
667
815
  #
668
816
  # * For objects not accessed through an access point, specify the name
669
817
  # of the source bucket and the key of the source object, separated by
670
818
  # a slash (/). For example, to copy the object `reports/january.pdf`
671
- # from the bucket `awsexamplebucket`, use
819
+ # from the general purpose bucket `awsexamplebucket`, use
672
820
  # `awsexamplebucket/reports/january.pdf`. The value must be
673
- # URL-encoded.
821
+ # URL-encoded. To copy the object `reports/january.pdf` from the
822
+ # directory bucket `awsexamplebucket--use1-az5--x-s3`, use
823
+ # `awsexamplebucket--use1-az5--x-s3/reports/january.pdf`. The value
824
+ # must be URL-encoded.
674
825
  #
675
826
  # * For objects accessed through access points, specify the Amazon
676
827
  # Resource Name (ARN) of the object as accessed through the access
@@ -682,9 +833,11 @@ module Aws::S3
682
833
  # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
683
834
  # The value must be URL encoded.
684
835
  #
685
- # <note markdown="1"> Amazon S3 supports copy operations using access points only when the
686
- # source and destination buckets are in the same Amazon Web Services
687
- # Region.
836
+ # <note markdown="1"> * Amazon S3 supports copy operations using Access points only when
837
+ # the source and destination buckets are in the same Amazon Web
838
+ # Services Region.
839
+ #
840
+ # * Access points are not supported by directory buckets.
688
841
  #
689
842
  # </note>
690
843
  #
@@ -697,93 +850,327 @@ module Aws::S3
697
850
  # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
698
851
  # The value must be URL-encoded.
699
852
  #
700
- # To copy a specific version of an object, append
701
- # `?versionId=<version-id>` to the value (for example,
853
+ # If your source bucket versioning is enabled, the `x-amz-copy-source`
854
+ # header by default identifies the current version of an object to copy.
855
+ # If the current version is a delete marker, Amazon S3 behaves as if the
856
+ # object was deleted. To copy a different version, use the `versionId`
857
+ # query parameter. Specifically, append `?versionId=<version-id>` to the
858
+ # value (for example,
702
859
  # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
703
860
  # If you don't specify a version ID, Amazon S3 copies the latest
704
861
  # version of the source object.
705
862
  #
863
+ # If you enable versioning on the destination bucket, Amazon S3
864
+ # generates a unique version ID for the copied object. This version ID
865
+ # is different from the version ID of the source object. Amazon S3
866
+ # returns the version ID of the copied object in the `x-amz-version-id`
867
+ # response header in the response.
868
+ #
869
+ # If you do not enable versioning or suspend it on the destination
870
+ # bucket, the version ID that Amazon S3 generates in the
871
+ # `x-amz-version-id` response header is always null.
872
+ #
873
+ # <note markdown="1"> **Directory buckets** - S3 Versioning isn't enabled and supported for
874
+ # directory buckets.
875
+ #
876
+ # </note>
877
+ #
706
878
  #
707
879
  #
708
880
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
709
881
  # @option options [String] :copy_source_if_match
710
882
  # Copies the object if its entity tag (ETag) matches the specified tag.
883
+ #
884
+ # If both the `x-amz-copy-source-if-match` and
885
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
886
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
887
+ # the data:
888
+ #
889
+ # * `x-amz-copy-source-if-match` condition evaluates to true
890
+ #
891
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
711
892
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
712
893
  # Copies the object if it has been modified since the specified time.
894
+ #
895
+ # If both the `x-amz-copy-source-if-none-match` and
896
+ # `x-amz-copy-source-if-modified-since` headers are present in the
897
+ # request and evaluate as follows, Amazon S3 returns the `412
898
+ # Precondition Failed` response code:
899
+ #
900
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
901
+ #
902
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
713
903
  # @option options [String] :copy_source_if_none_match
714
904
  # Copies the object if its entity tag (ETag) is different than the
715
905
  # specified ETag.
906
+ #
907
+ # If both the `x-amz-copy-source-if-none-match` and
908
+ # `x-amz-copy-source-if-modified-since` headers are present in the
909
+ # request and evaluate as follows, Amazon S3 returns the `412
910
+ # Precondition Failed` response code:
911
+ #
912
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
913
+ #
914
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
716
915
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_unmodified_since
717
916
  # Copies the object if it hasn't been modified since the specified
718
917
  # time.
918
+ #
919
+ # If both the `x-amz-copy-source-if-match` and
920
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
921
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
922
+ # the data:
923
+ #
924
+ # * `x-amz-copy-source-if-match` condition evaluates to true
925
+ #
926
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
719
927
  # @option options [Time,DateTime,Date,Integer,String] :expires
720
928
  # The date and time at which the object is no longer cacheable.
721
929
  # @option options [String] :grant_full_control
722
930
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
723
931
  # object.
724
932
  #
725
- # This action is not supported by Amazon S3 on Outposts.
933
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
934
+ #
935
+ # * This functionality is not supported for Amazon S3 on Outposts.
936
+ #
937
+ # </note>
726
938
  # @option options [String] :grant_read
727
939
  # Allows grantee to read the object data and its metadata.
728
940
  #
729
- # This action is not supported by Amazon S3 on Outposts.
941
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
942
+ #
943
+ # * This functionality is not supported for Amazon S3 on Outposts.
944
+ #
945
+ # </note>
730
946
  # @option options [String] :grant_read_acp
731
947
  # Allows grantee to read the object ACL.
732
948
  #
733
- # This action is not supported by Amazon S3 on Outposts.
949
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
950
+ #
951
+ # * This functionality is not supported for Amazon S3 on Outposts.
952
+ #
953
+ # </note>
734
954
  # @option options [String] :grant_write_acp
735
955
  # Allows grantee to write the ACL for the applicable object.
736
956
  #
737
- # This action is not supported by Amazon S3 on Outposts.
957
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
958
+ #
959
+ # * This functionality is not supported for Amazon S3 on Outposts.
960
+ #
961
+ # </note>
738
962
  # @option options [Hash<String,String>] :metadata
739
963
  # A map of metadata to store with the object in S3.
740
964
  # @option options [String] :metadata_directive
741
965
  # Specifies whether the metadata is copied from the source object or
742
- # replaced with metadata provided in the request.
966
+ # replaced with metadata that's provided in the request. When copying
967
+ # an object, you can preserve all metadata (the default) or specify new
968
+ # metadata. If this header isn’t specified, `COPY` is the default
969
+ # behavior.
970
+ #
971
+ # **General purpose bucket** - For general purpose buckets, when you
972
+ # grant permissions, you can use the `s3:x-amz-metadata-directive`
973
+ # condition key to enforce certain metadata behavior when objects are
974
+ # uploaded. For more information, see [Amazon S3 condition key
975
+ # examples][1] in the *Amazon S3 User Guide*.
976
+ #
977
+ # <note markdown="1"> `x-amz-website-redirect-location` is unique to each object and is not
978
+ # copied when using the `x-amz-metadata-directive` header. To copy the
979
+ # value, you must specify `x-amz-website-redirect-location` in the
980
+ # request header.
981
+ #
982
+ # </note>
983
+ #
984
+ #
985
+ #
986
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
743
987
  # @option options [String] :tagging_directive
744
- # Specifies whether the object tag-set are copied from the source object
745
- # or replaced with tag-set provided in the request.
988
+ # Specifies whether the object tag-set is copied from the source object
989
+ # or replaced with the tag-set that's provided in the request.
990
+ #
991
+ # The default value is `COPY`.
992
+ #
993
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
994
+ # operation, only the empty tag-set is supported. Any requests that
995
+ # attempt to write non-empty tags into directory buckets will receive a
996
+ # `501 Not Implemented` status code. When the destination bucket is a
997
+ # directory bucket, you will receive a `501 Not Implemented` response in
998
+ # any of the following situations:
999
+ #
1000
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
1001
+ # has non-empty tags.
1002
+ #
1003
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
1004
+ # a non-empty value to `x-amz-tagging`.
1005
+ #
1006
+ # * When you don't set the `x-amz-tagging-directive` header and the
1007
+ # source object has non-empty tags. This is because the default value
1008
+ # of `x-amz-tagging-directive` is `COPY`.
1009
+ #
1010
+ # Because only the empty tag-set is supported for directory buckets in a
1011
+ # `CopyObject` operation, the following situations are allowed:
1012
+ #
1013
+ # * When you attempt to `COPY` the tag-set from a directory bucket
1014
+ # source object that has no tags to a general purpose bucket. It
1015
+ # copies an empty tag-set to the destination object.
1016
+ #
1017
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1018
+ # source object and set the `x-amz-tagging` value of the directory
1019
+ # bucket destination object to empty.
1020
+ #
1021
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
1022
+ # bucket source object that has non-empty tags and set the
1023
+ # `x-amz-tagging` value of the directory bucket destination object to
1024
+ # empty.
1025
+ #
1026
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1027
+ # source object and don't set the `x-amz-tagging` value of the
1028
+ # directory bucket destination object. This is because the default
1029
+ # value of `x-amz-tagging` is the empty value.
1030
+ #
1031
+ # </note>
746
1032
  # @option options [String] :server_side_encryption
747
1033
  # The server-side encryption algorithm used when storing this object in
748
1034
  # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
1035
+ # Unrecognized or unsupported values won’t write a destination object
1036
+ # and will receive a `400 Bad Request` response.
1037
+ #
1038
+ # Amazon S3 automatically encrypts all new objects that are copied to an
1039
+ # S3 bucket. When copying an object, if you don't specify encryption
1040
+ # information in your copy request, the encryption setting of the target
1041
+ # object is set to the default encryption configuration of the
1042
+ # destination bucket. By default, all buckets have a base level of
1043
+ # encryption configuration that uses server-side encryption with Amazon
1044
+ # S3 managed keys (SSE-S3). If the destination bucket has a default
1045
+ # encryption configuration that uses server-side encryption with Key
1046
+ # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
1047
+ # encryption with Amazon Web Services KMS keys (DSSE-KMS), or
1048
+ # server-side encryption with customer-provided encryption keys (SSE-C),
1049
+ # Amazon S3 uses the corresponding KMS key, or a customer-provided key
1050
+ # to encrypt the target object copy.
1051
+ #
1052
+ # When you perform a `CopyObject` operation, if you want to use a
1053
+ # different type of encryption setting for the target object, you can
1054
+ # specify appropriate encryption-related headers to encrypt the target
1055
+ # object with an Amazon S3 managed key, a KMS key, or a
1056
+ # customer-provided key. If the encryption setting in your request is
1057
+ # different from the default encryption configuration of the destination
1058
+ # bucket, the encryption setting in your request takes precedence.
1059
+ #
1060
+ # With server-side encryption, Amazon S3 encrypts your data as it writes
1061
+ # your data to disks in its data centers and decrypts the data when you
1062
+ # access it. For more information about server-side encryption, see
1063
+ # [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
1064
+ #
1065
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
1066
+ # managed keys (SSE-S3) (`AES256`) is supported.
1067
+ #
1068
+ # </note>
1069
+ #
1070
+ #
1071
+ #
1072
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
749
1073
  # @option options [String] :storage_class
750
- # By default, Amazon S3 uses the STANDARD Storage Class to store newly
751
- # created objects. The STANDARD storage class provides high durability
752
- # and high availability. Depending on performance needs, you can specify
753
- # a different Storage Class. Amazon S3 on Outposts only uses the
754
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1074
+ # If the `x-amz-storage-class` header is not used, the copied object
1075
+ # will be stored in the `STANDARD` Storage Class by default. The
1076
+ # `STANDARD` storage class provides high durability and high
1077
+ # availability. Depending on performance needs, you can specify a
1078
+ # different Storage Class.
1079
+ #
1080
+ # <note markdown="1"> * <b>Directory buckets </b> - For directory buckets, only the S3
1081
+ # Express One Zone storage class is supported to store newly created
1082
+ # objects. Unsupported storage class values won't write a destination
1083
+ # object and will respond with the HTTP status code `400 Bad Request`.
1084
+ #
1085
+ # * <b>Amazon S3 on Outposts </b> - S3 on Outposts only uses the
1086
+ # `OUTPOSTS` Storage Class.
1087
+ #
1088
+ # </note>
1089
+ #
1090
+ # You can use the `CopyObject` action to change the storage class of an
1091
+ # object that is already stored in Amazon S3 by using the
1092
+ # `x-amz-storage-class` header. For more information, see [Storage
1093
+ # Classes][1] in the *Amazon S3 User Guide*.
1094
+ #
1095
+ # Before using an object as a source object for the copy operation, you
1096
+ # must restore a copy of it if it meets any of the following conditions:
1097
+ #
1098
+ # * The storage class of the source object is `GLACIER` or
1099
+ # `DEEP_ARCHIVE`.
1100
+ #
1101
+ # * The storage class of the source object is `INTELLIGENT_TIERING` and
1102
+ # it's [S3 Intelligent-Tiering access tier][2] is `Archive Access` or
1103
+ # `Deep Archive Access`.
1104
+ #
1105
+ # For more information, see [RestoreObject][3] and [Copying Objects][4]
755
1106
  # in the *Amazon S3 User Guide*.
756
1107
  #
757
1108
  #
758
1109
  #
759
1110
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
1111
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition
1112
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
1113
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
760
1114
  # @option options [String] :website_redirect_location
761
- # If the bucket is configured as a website, redirects requests for this
762
- # object to another object in the same bucket or to an external URL.
763
- # Amazon S3 stores the value of this header in the object metadata. This
764
- # value is unique to each object and is not copied when using the
765
- # `x-amz-metadata-directive` header. Instead, you may opt to provide
766
- # this header in combination with the directive.
1115
+ # If the destination bucket is configured as a website, redirects
1116
+ # requests for this object copy to another object in the same bucket or
1117
+ # to an external URL. Amazon S3 stores the value of this header in the
1118
+ # object metadata. This value is unique to each object and is not copied
1119
+ # when using the `x-amz-metadata-directive` header. Instead, you may opt
1120
+ # to provide this header in combination with the
1121
+ # `x-amz-metadata-directive` header.
1122
+ #
1123
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1124
+ #
1125
+ # </note>
767
1126
  # @option options [String] :sse_customer_algorithm
768
- # Specifies the algorithm to use to when encrypting the object (for
769
- # example, AES256).
1127
+ # Specifies the algorithm to use when encrypting the object (for
1128
+ # example, `AES256`).
1129
+ #
1130
+ # When you perform a `CopyObject` operation, if you want to use a
1131
+ # different type of encryption setting for the target object, you can
1132
+ # specify appropriate encryption-related headers to encrypt the target
1133
+ # object with an Amazon S3 managed key, a KMS key, or a
1134
+ # customer-provided key. If the encryption setting in your request is
1135
+ # different from the default encryption configuration of the destination
1136
+ # bucket, the encryption setting in your request takes precedence.
1137
+ #
1138
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1139
+ # directory bucket.
1140
+ #
1141
+ # </note>
770
1142
  # @option options [String] :sse_customer_key
771
1143
  # Specifies the customer-provided encryption key for Amazon S3 to use in
772
1144
  # encrypting data. This value is used to store the object and then it is
773
- # discarded; Amazon S3 does not store the encryption key. The key must
1145
+ # discarded. Amazon S3 does not store the encryption key. The key must
774
1146
  # be appropriate for use with the algorithm specified in the
775
1147
  # `x-amz-server-side-encryption-customer-algorithm` header.
1148
+ #
1149
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1150
+ # directory bucket.
1151
+ #
1152
+ # </note>
776
1153
  # @option options [String] :sse_customer_key_md5
777
1154
  # Specifies the 128-bit MD5 digest of the encryption key according to
778
1155
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
779
1156
  # ensure that the encryption key was transmitted without error.
1157
+ #
1158
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1159
+ # directory bucket.
1160
+ #
1161
+ # </note>
780
1162
  # @option options [String] :ssekms_key_id
781
- # Specifies the KMS key ID to use for object encryption. All GET and PUT
782
- # requests for an object protected by KMS will fail if they're not made
783
- # via SSL or using SigV4. For information about configuring any of the
784
- # officially supported Amazon Web Services SDKs and Amazon Web Services
785
- # CLI, see [Specifying the Signature Version in Request
786
- # Authentication][1] in the *Amazon S3 User Guide*.
1163
+ # Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object
1164
+ # encryption. All GET and PUT requests for an object protected by KMS
1165
+ # will fail if they're not made via SSL or using SigV4. For information
1166
+ # about configuring any of the officially supported Amazon Web Services
1167
+ # SDKs and Amazon Web Services CLI, see [Specifying the Signature
1168
+ # Version in Request Authentication][1] in the *Amazon S3 User Guide*.
1169
+ #
1170
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1171
+ # directory bucket.
1172
+ #
1173
+ # </note>
787
1174
  #
788
1175
  #
789
1176
  #
@@ -791,55 +1178,168 @@ module Aws::S3
791
1178
  # @option options [String] :ssekms_encryption_context
792
1179
  # Specifies the Amazon Web Services KMS Encryption Context to use for
793
1180
  # object encryption. The value of this header is a base64-encoded UTF-8
794
- # string holding JSON with the encryption context key-value pairs.
1181
+ # string holding JSON with the encryption context key-value pairs. This
1182
+ # value must be explicitly added to specify encryption context for
1183
+ # `CopyObject` requests.
1184
+ #
1185
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1186
+ # directory bucket.
1187
+ #
1188
+ # </note>
795
1189
  # @option options [Boolean] :bucket_key_enabled
796
1190
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
797
1191
  # encryption with server-side encryption using Key Management Service
798
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
799
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
1192
+ # (KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable
1193
+ # an S3 Bucket Key for the object.
800
1194
  #
801
- # Specifying this header with a COPY action doesn’t affect bucket-level
802
- # settings for S3 Bucket Key.
1195
+ # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
1196
+ # for object encryption with SSE-KMS. Specifying this header with a COPY
1197
+ # action doesn’t affect bucket-level settings for S3 Bucket Key.
1198
+ #
1199
+ # For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
1200
+ # User Guide*.
1201
+ #
1202
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1203
+ # directory bucket.
1204
+ #
1205
+ # </note>
1206
+ #
1207
+ #
1208
+ #
1209
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
803
1210
  # @option options [String] :copy_source_sse_customer_algorithm
804
1211
  # Specifies the algorithm to use when decrypting the source object (for
805
- # example, AES256).
1212
+ # example, `AES256`).
1213
+ #
1214
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
1215
+ # you must provide the necessary encryption information in your request
1216
+ # so that Amazon S3 can decrypt the object for copying.
1217
+ #
1218
+ # <note markdown="1"> This functionality is not supported when the source object is in a
1219
+ # directory bucket.
1220
+ #
1221
+ # </note>
806
1222
  # @option options [String] :copy_source_sse_customer_key
807
1223
  # Specifies the customer-provided encryption key for Amazon S3 to use to
808
1224
  # decrypt the source object. The encryption key provided in this header
809
- # must be one that was used when the source object was created.
1225
+ # must be the same one that was used when the source object was created.
1226
+ #
1227
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
1228
+ # you must provide the necessary encryption information in your request
1229
+ # so that Amazon S3 can decrypt the object for copying.
1230
+ #
1231
+ # <note markdown="1"> This functionality is not supported when the source object is in a
1232
+ # directory bucket.
1233
+ #
1234
+ # </note>
810
1235
  # @option options [String] :copy_source_sse_customer_key_md5
811
1236
  # Specifies the 128-bit MD5 digest of the encryption key according to
812
1237
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
813
1238
  # ensure that the encryption key was transmitted without error.
1239
+ #
1240
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
1241
+ # you must provide the necessary encryption information in your request
1242
+ # so that Amazon S3 can decrypt the object for copying.
1243
+ #
1244
+ # <note markdown="1"> This functionality is not supported when the source object is in a
1245
+ # directory bucket.
1246
+ #
1247
+ # </note>
814
1248
  # @option options [String] :request_payer
815
1249
  # Confirms that the requester knows that they will be charged for the
816
1250
  # request. Bucket owners need not specify this parameter in their
817
- # requests. For information about downloading objects from Requester
1251
+ # requests. If either the source or destination S3 bucket has Requester
1252
+ # Pays enabled, the requester will pay for corresponding charges to copy
1253
+ # the object. For information about downloading objects from Requester
818
1254
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
819
1255
  # in the *Amazon S3 User Guide*.
820
1256
  #
1257
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1258
+ #
1259
+ # </note>
1260
+ #
821
1261
  #
822
1262
  #
823
1263
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
824
1264
  # @option options [String] :tagging
825
- # The tag-set for the object destination object this value must be used
826
- # in conjunction with the `TaggingDirective`. The tag-set must be
827
- # encoded as URL Query parameters.
1265
+ # The tag-set for the object copy in the destination bucket. This value
1266
+ # must be used in conjunction with the `x-amz-tagging-directive` if you
1267
+ # choose `REPLACE` for the `x-amz-tagging-directive`. If you choose
1268
+ # `COPY` for the `x-amz-tagging-directive`, you don't need to set the
1269
+ # `x-amz-tagging` header, because the tag-set will be copied from the
1270
+ # source object directly. The tag-set must be encoded as URL Query
1271
+ # parameters.
1272
+ #
1273
+ # The default value is the empty value.
1274
+ #
1275
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
1276
+ # operation, only the empty tag-set is supported. Any requests that
1277
+ # attempt to write non-empty tags into directory buckets will receive a
1278
+ # `501 Not Implemented` status code. When the destination bucket is a
1279
+ # directory bucket, you will receive a `501 Not Implemented` response in
1280
+ # any of the following situations:
1281
+ #
1282
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
1283
+ # has non-empty tags.
1284
+ #
1285
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
1286
+ # a non-empty value to `x-amz-tagging`.
1287
+ #
1288
+ # * When you don't set the `x-amz-tagging-directive` header and the
1289
+ # source object has non-empty tags. This is because the default value
1290
+ # of `x-amz-tagging-directive` is `COPY`.
1291
+ #
1292
+ # Because only the empty tag-set is supported for directory buckets in a
1293
+ # `CopyObject` operation, the following situations are allowed:
1294
+ #
1295
+ # * When you attempt to `COPY` the tag-set from a directory bucket
1296
+ # source object that has no tags to a general purpose bucket. It
1297
+ # copies an empty tag-set to the destination object.
1298
+ #
1299
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1300
+ # source object and set the `x-amz-tagging` value of the directory
1301
+ # bucket destination object to empty.
1302
+ #
1303
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
1304
+ # bucket source object that has non-empty tags and set the
1305
+ # `x-amz-tagging` value of the directory bucket destination object to
1306
+ # empty.
1307
+ #
1308
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1309
+ # source object and don't set the `x-amz-tagging` value of the
1310
+ # directory bucket destination object. This is because the default
1311
+ # value of `x-amz-tagging` is the empty value.
1312
+ #
1313
+ # </note>
828
1314
  # @option options [String] :object_lock_mode
829
- # The Object Lock mode that you want to apply to the copied object.
1315
+ # The Object Lock mode that you want to apply to the object copy.
1316
+ #
1317
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1318
+ #
1319
+ # </note>
830
1320
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
831
- # The date and time when you want the copied object's Object Lock to
1321
+ # The date and time when you want the Object Lock of the object copy to
832
1322
  # expire.
1323
+ #
1324
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1325
+ #
1326
+ # </note>
833
1327
  # @option options [String] :object_lock_legal_hold_status
834
- # Specifies whether you want to apply a legal hold to the copied object.
1328
+ # Specifies whether you want to apply a legal hold to the object copy.
1329
+ #
1330
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1331
+ #
1332
+ # </note>
835
1333
  # @option options [String] :expected_bucket_owner
836
1334
  # The account ID of the expected destination bucket owner. If the
837
- # destination bucket is owned by a different account, the request fails
838
- # with the HTTP status code `403 Forbidden` (access denied).
1335
+ # account ID that you provide does not match the actual owner of the
1336
+ # destination bucket, the request fails with the HTTP status code `403
1337
+ # Forbidden` (access denied).
839
1338
  # @option options [String] :expected_source_bucket_owner
840
- # The account ID of the expected source bucket owner. If the source
841
- # bucket is owned by a different account, the request fails with the
842
- # HTTP status code `403 Forbidden` (access denied).
1339
+ # The account ID of the expected source bucket owner. If the account ID
1340
+ # that you provide does not match the actual owner of the source bucket,
1341
+ # the request fails with the HTTP status code `403 Forbidden` (access
1342
+ # denied).
843
1343
  # @return [Types::CopyObjectOutput]
844
1344
  def copy_from(options = {})
845
1345
  options = options.merge(
@@ -867,15 +1367,30 @@ module Aws::S3
867
1367
  # space, and the value that is displayed on your authentication device.
868
1368
  # Required to permanently delete a versioned object if versioning is
869
1369
  # configured with MFA delete enabled.
1370
+ #
1371
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1372
+ #
1373
+ # </note>
870
1374
  # @option options [String] :version_id
871
- # VersionId used to reference a specific version of the object.
1375
+ # Version ID used to reference a specific version of the object.
1376
+ #
1377
+ # <note markdown="1"> For directory buckets in this API operation, only the `null` value of
1378
+ # the version ID is supported.
1379
+ #
1380
+ # </note>
872
1381
  # @option options [String] :request_payer
873
1382
  # Confirms that the requester knows that they will be charged for the
874
1383
  # request. Bucket owners need not specify this parameter in their
875
- # requests. For information about downloading objects from Requester
1384
+ # requests. If either the source or destination S3 bucket has Requester
1385
+ # Pays enabled, the requester will pay for corresponding charges to copy
1386
+ # the object. For information about downloading objects from Requester
876
1387
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
877
1388
  # in the *Amazon S3 User Guide*.
878
1389
  #
1390
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1391
+ #
1392
+ # </note>
1393
+ #
879
1394
  #
880
1395
  #
881
1396
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
@@ -883,10 +1398,14 @@ module Aws::S3
883
1398
  # Indicates whether S3 Object Lock should bypass Governance-mode
884
1399
  # restrictions to process this operation. To use this header, you must
885
1400
  # have the `s3:BypassGovernanceRetention` permission.
1401
+ #
1402
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1403
+ #
1404
+ # </note>
886
1405
  # @option options [String] :expected_bucket_owner
887
- # The account ID of the expected bucket owner. If the bucket is owned by
888
- # a different account, the request fails with the HTTP status code `403
889
- # Forbidden` (access denied).
1406
+ # The account ID of the expected bucket owner. If the account ID that
1407
+ # you provide does not match the actual owner of the bucket, the request
1408
+ # fails with the HTTP status code `403 Forbidden` (access denied).
890
1409
  # @return [Types::DeleteObjectOutput]
891
1410
  def delete(options = {})
892
1411
  options = options.merge(
@@ -925,18 +1444,64 @@ module Aws::S3
925
1444
  # @param [Hash] options ({})
926
1445
  # @option options [String] :if_match
927
1446
  # Return the object only if its entity tag (ETag) is the same as the one
928
- # specified; otherwise, return a 412 (precondition failed) error.
1447
+ # specified in this header; otherwise, return a `412 Precondition
1448
+ # Failed` error.
1449
+ #
1450
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1451
+ # present in the request as follows: `If-Match` condition evaluates to
1452
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1453
+ # then, S3 returns `200 OK` and the data requested.
1454
+ #
1455
+ # For more information about conditional requests, see [RFC 7232][1].
1456
+ #
1457
+ #
1458
+ #
1459
+ # [1]: https://tools.ietf.org/html/rfc7232
929
1460
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
930
1461
  # Return the object only if it has been modified since the specified
931
- # time; otherwise, return a 304 (not modified) error.
1462
+ # time; otherwise, return a `304 Not Modified` error.
1463
+ #
1464
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1465
+ # present in the request as follows:` If-None-Match` condition evaluates
1466
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1467
+ # then, S3 returns `304 Not Modified` status code.
1468
+ #
1469
+ # For more information about conditional requests, see [RFC 7232][1].
1470
+ #
1471
+ #
1472
+ #
1473
+ # [1]: https://tools.ietf.org/html/rfc7232
932
1474
  # @option options [String] :if_none_match
933
1475
  # Return the object only if its entity tag (ETag) is different from the
934
- # one specified; otherwise, return a 304 (not modified) error.
1476
+ # one specified in this header; otherwise, return a `304 Not Modified`
1477
+ # error.
1478
+ #
1479
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1480
+ # present in the request as follows:` If-None-Match` condition evaluates
1481
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1482
+ # then, S3 returns `304 Not Modified` HTTP status code.
1483
+ #
1484
+ # For more information about conditional requests, see [RFC 7232][1].
1485
+ #
1486
+ #
1487
+ #
1488
+ # [1]: https://tools.ietf.org/html/rfc7232
935
1489
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
936
1490
  # Return the object only if it has not been modified since the specified
937
- # time; otherwise, return a 412 (precondition failed) error.
1491
+ # time; otherwise, return a `412 Precondition Failed` error.
1492
+ #
1493
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1494
+ # present in the request as follows: `If-Match` condition evaluates to
1495
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1496
+ # then, S3 returns `200 OK` and the data requested.
1497
+ #
1498
+ # For more information about conditional requests, see [RFC 7232][1].
1499
+ #
1500
+ #
1501
+ #
1502
+ # [1]: https://tools.ietf.org/html/rfc7232
938
1503
  # @option options [String] :range
939
- # Downloads the specified range bytes of an object. For more information
1504
+ # Downloads the specified byte range of an object. For more information
940
1505
  # about the HTTP Range header, see
941
1506
  # [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
942
1507
  #
@@ -951,7 +1516,7 @@ module Aws::S3
951
1516
  # @option options [String] :response_cache_control
952
1517
  # Sets the `Cache-Control` header of the response.
953
1518
  # @option options [String] :response_content_disposition
954
- # Sets the `Content-Disposition` header of the response
1519
+ # Sets the `Content-Disposition` header of the response.
955
1520
  # @option options [String] :response_content_encoding
956
1521
  # Sets the `Content-Encoding` header of the response.
957
1522
  # @option options [String] :response_content_language
@@ -961,39 +1526,140 @@ module Aws::S3
961
1526
  # @option options [Time,DateTime,Date,Integer,String] :response_expires
962
1527
  # Sets the `Expires` header of the response.
963
1528
  # @option options [String] :version_id
964
- # VersionId used to reference a specific version of the object.
965
- # @option options [String] :sse_customer_algorithm
966
- # Specifies the algorithm to use to when decrypting the object (for
967
- # example, AES256).
968
- # @option options [String] :sse_customer_key
969
- # Specifies the customer-provided encryption key for Amazon S3 used to
970
- # encrypt the data. This value is used to decrypt the object when
971
- # recovering it and must match the one used when storing the data. The
972
- # key must be appropriate for use with the algorithm specified in the
973
- # `x-amz-server-side-encryption-customer-algorithm` header.
974
- # @option options [String] :sse_customer_key_md5
975
- # Specifies the 128-bit MD5 digest of the encryption key according to
976
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
977
- # ensure that the encryption key was transmitted without error.
978
- # @option options [String] :request_payer
979
- # Confirms that the requester knows that they will be charged for the
980
- # request. Bucket owners need not specify this parameter in their
981
- # requests. For information about downloading objects from Requester
982
- # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
983
- # in the *Amazon S3 User Guide*.
1529
+ # Version ID used to reference a specific version of the object.
984
1530
  #
1531
+ # By default, the `GetObject` operation returns the current version of
1532
+ # an object. To return a different version, use the `versionId`
1533
+ # subresource.
985
1534
  #
1535
+ # <note markdown="1"> * If you include a `versionId` in your request header, you must have
1536
+ # the `s3:GetObjectVersion` permission to access a specific version of
1537
+ # an object. The `s3:GetObject` permission is not required in this
1538
+ # scenario.
986
1539
  #
987
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
988
- # @option options [Integer] :part_number
989
- # Part number of the object being read. This is a positive integer
990
- # between 1 and 10,000. Effectively performs a 'ranged' GET request
991
- # for the part specified. Useful for downloading just a part of an
992
- # object.
993
- # @option options [String] :expected_bucket_owner
994
- # The account ID of the expected bucket owner. If the bucket is owned by
995
- # a different account, the request fails with the HTTP status code `403
996
- # Forbidden` (access denied).
1540
+ # * If you request the current version of an object without a specific
1541
+ # `versionId` in the request header, only the `s3:GetObject`
1542
+ # permission is required. The `s3:GetObjectVersion` permission is not
1543
+ # required in this scenario.
1544
+ #
1545
+ # * **Directory buckets** - S3 Versioning isn't enabled and supported
1546
+ # for directory buckets. For this API operation, only the `null` value
1547
+ # of the version ID is supported by directory buckets. You can only
1548
+ # specify `null` to the `versionId` query parameter in the request.
1549
+ #
1550
+ # </note>
1551
+ #
1552
+ # For more information about versioning, see [PutBucketVersioning][1].
1553
+ #
1554
+ #
1555
+ #
1556
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html
1557
+ # @option options [String] :sse_customer_algorithm
1558
+ # Specifies the algorithm to use when decrypting the object (for
1559
+ # example, `AES256`).
1560
+ #
1561
+ # If you encrypt an object by using server-side encryption with
1562
+ # customer-provided encryption keys (SSE-C) when you store the object in
1563
+ # Amazon S3, then when you GET the object, you must use the following
1564
+ # headers:
1565
+ #
1566
+ # * `x-amz-server-side-encryption-customer-algorithm`
1567
+ #
1568
+ # * `x-amz-server-side-encryption-customer-key`
1569
+ #
1570
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1571
+ #
1572
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1573
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1574
+ #
1575
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1576
+ #
1577
+ # </note>
1578
+ #
1579
+ #
1580
+ #
1581
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
1582
+ # @option options [String] :sse_customer_key
1583
+ # Specifies the customer-provided encryption key that you originally
1584
+ # provided for Amazon S3 to encrypt the data before storing it. This
1585
+ # value is used to decrypt the object when recovering it and must match
1586
+ # the one used when storing the data. The key must be appropriate for
1587
+ # use with the algorithm specified in the
1588
+ # `x-amz-server-side-encryption-customer-algorithm` header.
1589
+ #
1590
+ # If you encrypt an object by using server-side encryption with
1591
+ # customer-provided encryption keys (SSE-C) when you store the object in
1592
+ # Amazon S3, then when you GET the object, you must use the following
1593
+ # headers:
1594
+ #
1595
+ # * `x-amz-server-side-encryption-customer-algorithm`
1596
+ #
1597
+ # * `x-amz-server-side-encryption-customer-key`
1598
+ #
1599
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1600
+ #
1601
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1602
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1603
+ #
1604
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1605
+ #
1606
+ # </note>
1607
+ #
1608
+ #
1609
+ #
1610
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
1611
+ # @option options [String] :sse_customer_key_md5
1612
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
1613
+ # key according to RFC 1321. Amazon S3 uses this header for a message
1614
+ # integrity check to ensure that the encryption key was transmitted
1615
+ # without error.
1616
+ #
1617
+ # If you encrypt an object by using server-side encryption with
1618
+ # customer-provided encryption keys (SSE-C) when you store the object in
1619
+ # Amazon S3, then when you GET the object, you must use the following
1620
+ # headers:
1621
+ #
1622
+ # * `x-amz-server-side-encryption-customer-algorithm`
1623
+ #
1624
+ # * `x-amz-server-side-encryption-customer-key`
1625
+ #
1626
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1627
+ #
1628
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1629
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1630
+ #
1631
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1632
+ #
1633
+ # </note>
1634
+ #
1635
+ #
1636
+ #
1637
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
1638
+ # @option options [String] :request_payer
1639
+ # Confirms that the requester knows that they will be charged for the
1640
+ # request. Bucket owners need not specify this parameter in their
1641
+ # requests. If either the source or destination S3 bucket has Requester
1642
+ # Pays enabled, the requester will pay for corresponding charges to copy
1643
+ # the object. For information about downloading objects from Requester
1644
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1645
+ # in the *Amazon S3 User Guide*.
1646
+ #
1647
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1648
+ #
1649
+ # </note>
1650
+ #
1651
+ #
1652
+ #
1653
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1654
+ # @option options [Integer] :part_number
1655
+ # Part number of the object being read. This is a positive integer
1656
+ # between 1 and 10,000. Effectively performs a 'ranged' GET request
1657
+ # for the part specified. Useful for downloading just a part of an
1658
+ # object.
1659
+ # @option options [String] :expected_bucket_owner
1660
+ # The account ID of the expected bucket owner. If the account ID that
1661
+ # you provide does not match the actual owner of the bucket, the request
1662
+ # fails with the HTTP status code `403 Forbidden` (access denied).
997
1663
  # @option options [String] :checksum_mode
998
1664
  # To retrieve the checksum, this mode must be enabled.
999
1665
  # @return [Types::GetObjectOutput]
@@ -1026,7 +1692,7 @@ module Aws::S3
1026
1692
  # "MetadataKey" => "MetadataValue",
1027
1693
  # },
1028
1694
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1029
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
1695
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1030
1696
  # website_redirect_location: "WebsiteRedirectLocation",
1031
1697
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1032
1698
  # sse_customer_key: "SSECustomerKey",
@@ -1044,9 +1710,29 @@ module Aws::S3
1044
1710
  # })
1045
1711
  # @param [Hash] options ({})
1046
1712
  # @option options [String] :acl
1047
- # The canned ACL to apply to the object.
1713
+ # The canned ACL to apply to the object. Amazon S3 supports a set of
1714
+ # predefined ACLs, known as *canned ACLs*. Each canned ACL has a
1715
+ # predefined set of grantees and permissions. For more information, see
1716
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
1717
+ #
1718
+ # By default, all objects are private. Only the owner has full access
1719
+ # control. When uploading an object, you can grant access permissions to
1720
+ # individual Amazon Web Services accounts or to predefined groups
1721
+ # defined by Amazon S3. These permissions are then added to the access
1722
+ # control list (ACL) on the new object. For more information, see [Using
1723
+ # ACLs][2]. One way to grant the permissions using the request headers
1724
+ # is to specify a canned ACL with the `x-amz-acl` request header.
1725
+ #
1726
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1727
+ #
1728
+ # * This functionality is not supported for Amazon S3 on Outposts.
1729
+ #
1730
+ # </note>
1731
+ #
1732
+ #
1048
1733
  #
1049
- # This action is not supported by Amazon S3 on Outposts.
1734
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
1735
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
1050
1736
  # @option options [String] :cache_control
1051
1737
  # Specifies caching behavior along the request/reply chain.
1052
1738
  # @option options [String] :content_disposition
@@ -1055,41 +1741,292 @@ module Aws::S3
1055
1741
  # Specifies what content encodings have been applied to the object and
1056
1742
  # thus what decoding mechanisms must be applied to obtain the media-type
1057
1743
  # referenced by the Content-Type header field.
1744
+ #
1745
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
1746
+ # this header field.
1747
+ #
1748
+ # </note>
1058
1749
  # @option options [String] :content_language
1059
- # The language the content is in.
1750
+ # The language that the content is in.
1060
1751
  # @option options [String] :content_type
1061
1752
  # A standard MIME type describing the format of the object data.
1062
1753
  # @option options [Time,DateTime,Date,Integer,String] :expires
1063
1754
  # The date and time at which the object is no longer cacheable.
1064
1755
  # @option options [String] :grant_full_control
1065
- # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1066
- # object.
1756
+ # Specify access permissions explicitly to give the grantee READ,
1757
+ # READ\_ACP, and WRITE\_ACP permissions on the object.
1758
+ #
1759
+ # By default, all objects are private. Only the owner has full access
1760
+ # control. When uploading an object, you can use this header to
1761
+ # explicitly grant access permissions to specific Amazon Web Services
1762
+ # accounts or groups. This header maps to specific permissions that
1763
+ # Amazon S3 supports in an ACL. For more information, see [Access
1764
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1765
+ #
1766
+ # You specify each grantee as a type=value pair, where the type is one
1767
+ # of the following:
1768
+ #
1769
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1770
+ # Web Services account
1771
+ #
1772
+ # * `uri` – if you are granting permissions to a predefined group
1773
+ #
1774
+ # * `emailAddress` – if the value specified is the email address of an
1775
+ # Amazon Web Services account
1776
+ #
1777
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1778
+ # following Amazon Web Services Regions:
1779
+ #
1780
+ # * US East (N. Virginia)
1781
+ #
1782
+ # * US West (N. California)
1783
+ #
1784
+ # * US West (Oregon)
1785
+ #
1786
+ # * Asia Pacific (Singapore)
1787
+ #
1788
+ # * Asia Pacific (Sydney)
1789
+ #
1790
+ # * Asia Pacific (Tokyo)
1791
+ #
1792
+ # * Europe (Ireland)
1793
+ #
1794
+ # * South America (São Paulo)
1795
+ #
1796
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1797
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1798
+ # Reference.
1799
+ #
1800
+ # </note>
1801
+ #
1802
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1803
+ # Web Services accounts identified by account IDs permissions to read
1804
+ # object data and its metadata:
1805
+ #
1806
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1807
+ #
1808
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1067
1809
  #
1068
- # This action is not supported by Amazon S3 on Outposts.
1810
+ # * This functionality is not supported for Amazon S3 on Outposts.
1811
+ #
1812
+ # </note>
1813
+ #
1814
+ #
1815
+ #
1816
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1817
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1069
1818
  # @option options [String] :grant_read
1070
- # Allows grantee to read the object data and its metadata.
1819
+ # Specify access permissions explicitly to allow grantee to read the
1820
+ # object data and its metadata.
1821
+ #
1822
+ # By default, all objects are private. Only the owner has full access
1823
+ # control. When uploading an object, you can use this header to
1824
+ # explicitly grant access permissions to specific Amazon Web Services
1825
+ # accounts or groups. This header maps to specific permissions that
1826
+ # Amazon S3 supports in an ACL. For more information, see [Access
1827
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1828
+ #
1829
+ # You specify each grantee as a type=value pair, where the type is one
1830
+ # of the following:
1831
+ #
1832
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1833
+ # Web Services account
1834
+ #
1835
+ # * `uri` – if you are granting permissions to a predefined group
1836
+ #
1837
+ # * `emailAddress` – if the value specified is the email address of an
1838
+ # Amazon Web Services account
1839
+ #
1840
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1841
+ # following Amazon Web Services Regions:
1842
+ #
1843
+ # * US East (N. Virginia)
1844
+ #
1845
+ # * US West (N. California)
1846
+ #
1847
+ # * US West (Oregon)
1848
+ #
1849
+ # * Asia Pacific (Singapore)
1850
+ #
1851
+ # * Asia Pacific (Sydney)
1852
+ #
1853
+ # * Asia Pacific (Tokyo)
1854
+ #
1855
+ # * Europe (Ireland)
1856
+ #
1857
+ # * South America (São Paulo)
1858
+ #
1859
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1860
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1861
+ # Reference.
1862
+ #
1863
+ # </note>
1864
+ #
1865
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1866
+ # Web Services accounts identified by account IDs permissions to read
1867
+ # object data and its metadata:
1071
1868
  #
1072
- # This action is not supported by Amazon S3 on Outposts.
1869
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1870
+ #
1871
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1872
+ #
1873
+ # * This functionality is not supported for Amazon S3 on Outposts.
1874
+ #
1875
+ # </note>
1876
+ #
1877
+ #
1878
+ #
1879
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1880
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1073
1881
  # @option options [String] :grant_read_acp
1074
- # Allows grantee to read the object ACL.
1882
+ # Specify access permissions explicitly to allows grantee to read the
1883
+ # object ACL.
1884
+ #
1885
+ # By default, all objects are private. Only the owner has full access
1886
+ # control. When uploading an object, you can use this header to
1887
+ # explicitly grant access permissions to specific Amazon Web Services
1888
+ # accounts or groups. This header maps to specific permissions that
1889
+ # Amazon S3 supports in an ACL. For more information, see [Access
1890
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1891
+ #
1892
+ # You specify each grantee as a type=value pair, where the type is one
1893
+ # of the following:
1894
+ #
1895
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1896
+ # Web Services account
1897
+ #
1898
+ # * `uri` – if you are granting permissions to a predefined group
1899
+ #
1900
+ # * `emailAddress` – if the value specified is the email address of an
1901
+ # Amazon Web Services account
1902
+ #
1903
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1904
+ # following Amazon Web Services Regions:
1905
+ #
1906
+ # * US East (N. Virginia)
1907
+ #
1908
+ # * US West (N. California)
1909
+ #
1910
+ # * US West (Oregon)
1911
+ #
1912
+ # * Asia Pacific (Singapore)
1913
+ #
1914
+ # * Asia Pacific (Sydney)
1915
+ #
1916
+ # * Asia Pacific (Tokyo)
1917
+ #
1918
+ # * Europe (Ireland)
1919
+ #
1920
+ # * South America (São Paulo)
1921
+ #
1922
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1923
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1924
+ # Reference.
1925
+ #
1926
+ # </note>
1927
+ #
1928
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1929
+ # Web Services accounts identified by account IDs permissions to read
1930
+ # object data and its metadata:
1931
+ #
1932
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1933
+ #
1934
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1935
+ #
1936
+ # * This functionality is not supported for Amazon S3 on Outposts.
1937
+ #
1938
+ # </note>
1939
+ #
1940
+ #
1075
1941
  #
1076
- # This action is not supported by Amazon S3 on Outposts.
1942
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1943
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1077
1944
  # @option options [String] :grant_write_acp
1078
- # Allows grantee to write the ACL for the applicable object.
1945
+ # Specify access permissions explicitly to allows grantee to allow
1946
+ # grantee to write the ACL for the applicable object.
1947
+ #
1948
+ # By default, all objects are private. Only the owner has full access
1949
+ # control. When uploading an object, you can use this header to
1950
+ # explicitly grant access permissions to specific Amazon Web Services
1951
+ # accounts or groups. This header maps to specific permissions that
1952
+ # Amazon S3 supports in an ACL. For more information, see [Access
1953
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1954
+ #
1955
+ # You specify each grantee as a type=value pair, where the type is one
1956
+ # of the following:
1957
+ #
1958
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1959
+ # Web Services account
1960
+ #
1961
+ # * `uri` – if you are granting permissions to a predefined group
1962
+ #
1963
+ # * `emailAddress` – if the value specified is the email address of an
1964
+ # Amazon Web Services account
1965
+ #
1966
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1967
+ # following Amazon Web Services Regions:
1968
+ #
1969
+ # * US East (N. Virginia)
1970
+ #
1971
+ # * US West (N. California)
1972
+ #
1973
+ # * US West (Oregon)
1974
+ #
1975
+ # * Asia Pacific (Singapore)
1976
+ #
1977
+ # * Asia Pacific (Sydney)
1978
+ #
1979
+ # * Asia Pacific (Tokyo)
1980
+ #
1981
+ # * Europe (Ireland)
1982
+ #
1983
+ # * South America (São Paulo)
1079
1984
  #
1080
- # This action is not supported by Amazon S3 on Outposts.
1985
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1986
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1987
+ # Reference.
1988
+ #
1989
+ # </note>
1990
+ #
1991
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1992
+ # Web Services accounts identified by account IDs permissions to read
1993
+ # object data and its metadata:
1994
+ #
1995
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1996
+ #
1997
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1998
+ #
1999
+ # * This functionality is not supported for Amazon S3 on Outposts.
2000
+ #
2001
+ # </note>
2002
+ #
2003
+ #
2004
+ #
2005
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
2006
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1081
2007
  # @option options [Hash<String,String>] :metadata
1082
2008
  # A map of metadata to store with the object in S3.
1083
2009
  # @option options [String] :server_side_encryption
1084
- # The server-side encryption algorithm used when storing this object in
1085
- # Amazon S3 (for example, `AES256`, `aws:kms`).
2010
+ # The server-side encryption algorithm used when you store this object
2011
+ # in Amazon S3 (for example, `AES256`, `aws:kms`).
2012
+ #
2013
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
2014
+ # managed keys (SSE-S3) (`AES256`) is supported.
2015
+ #
2016
+ # </note>
1086
2017
  # @option options [String] :storage_class
1087
2018
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1088
2019
  # created objects. The STANDARD storage class provides high durability
1089
2020
  # and high availability. Depending on performance needs, you can specify
1090
- # a different Storage Class. Amazon S3 on Outposts only uses the
1091
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1092
- # in the *Amazon S3 User Guide*.
2021
+ # a different Storage Class. For more information, see [Storage
2022
+ # Classes][1] in the *Amazon S3 User Guide*.
2023
+ #
2024
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
2025
+ # supported to store newly created objects.
2026
+ #
2027
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
2028
+ #
2029
+ # </note>
1093
2030
  #
1094
2031
  #
1095
2032
  #
@@ -1098,35 +2035,51 @@ module Aws::S3
1098
2035
  # If the bucket is configured as a website, redirects requests for this
1099
2036
  # object to another object in the same bucket or to an external URL.
1100
2037
  # Amazon S3 stores the value of this header in the object metadata.
2038
+ #
2039
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2040
+ #
2041
+ # </note>
1101
2042
  # @option options [String] :sse_customer_algorithm
1102
- # Specifies the algorithm to use to when encrypting the object (for
2043
+ # Specifies the algorithm to use when encrypting the object (for
1103
2044
  # example, AES256).
2045
+ #
2046
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2047
+ #
2048
+ # </note>
1104
2049
  # @option options [String] :sse_customer_key
1105
2050
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1106
2051
  # encrypting data. This value is used to store the object and then it is
1107
2052
  # discarded; Amazon S3 does not store the encryption key. The key must
1108
2053
  # be appropriate for use with the algorithm specified in the
1109
2054
  # `x-amz-server-side-encryption-customer-algorithm` header.
2055
+ #
2056
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2057
+ #
2058
+ # </note>
1110
2059
  # @option options [String] :sse_customer_key_md5
1111
- # Specifies the 128-bit MD5 digest of the encryption key according to
1112
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
1113
- # ensure that the encryption key was transmitted without error.
1114
- # @option options [String] :ssekms_key_id
1115
- # Specifies the ID of the symmetric encryption customer managed key to
1116
- # use for object encryption. All GET and PUT requests for an object
1117
- # protected by KMS will fail if they're not made via SSL or using
1118
- # SigV4. For information about configuring any of the officially
1119
- # supported Amazon Web Services SDKs and Amazon Web Services CLI, see
1120
- # [Specifying the Signature Version in Request Authentication][1] in the
1121
- # *Amazon S3 User Guide*.
2060
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
2061
+ # key according to RFC 1321. Amazon S3 uses this header for a message
2062
+ # integrity check to ensure that the encryption key was transmitted
2063
+ # without error.
1122
2064
  #
2065
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1123
2066
  #
2067
+ # </note>
2068
+ # @option options [String] :ssekms_key_id
2069
+ # Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric
2070
+ # encryption customer managed key to use for object encryption.
1124
2071
  #
1125
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
2072
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2073
+ #
2074
+ # </note>
1126
2075
  # @option options [String] :ssekms_encryption_context
1127
2076
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1128
2077
  # object encryption. The value of this header is a base64-encoded UTF-8
1129
2078
  # string holding JSON with the encryption context key-value pairs.
2079
+ #
2080
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2081
+ #
2082
+ # </note>
1130
2083
  # @option options [Boolean] :bucket_key_enabled
1131
2084
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1132
2085
  # encryption with server-side encryption using Key Management Service
@@ -1135,33 +2088,59 @@ module Aws::S3
1135
2088
  #
1136
2089
  # Specifying this header with an object action doesn’t affect
1137
2090
  # bucket-level settings for S3 Bucket Key.
2091
+ #
2092
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2093
+ #
2094
+ # </note>
1138
2095
  # @option options [String] :request_payer
1139
2096
  # Confirms that the requester knows that they will be charged for the
1140
2097
  # request. Bucket owners need not specify this parameter in their
1141
- # requests. For information about downloading objects from Requester
2098
+ # requests. If either the source or destination S3 bucket has Requester
2099
+ # Pays enabled, the requester will pay for corresponding charges to copy
2100
+ # the object. For information about downloading objects from Requester
1142
2101
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1143
2102
  # in the *Amazon S3 User Guide*.
1144
2103
  #
2104
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2105
+ #
2106
+ # </note>
2107
+ #
1145
2108
  #
1146
2109
  #
1147
2110
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1148
2111
  # @option options [String] :tagging
1149
2112
  # The tag-set for the object. The tag-set must be encoded as URL Query
1150
2113
  # parameters.
2114
+ #
2115
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2116
+ #
2117
+ # </note>
1151
2118
  # @option options [String] :object_lock_mode
1152
2119
  # Specifies the Object Lock mode that you want to apply to the uploaded
1153
2120
  # object.
2121
+ #
2122
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2123
+ #
2124
+ # </note>
1154
2125
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1155
2126
  # Specifies the date and time when you want the Object Lock to expire.
2127
+ #
2128
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2129
+ #
2130
+ # </note>
1156
2131
  # @option options [String] :object_lock_legal_hold_status
1157
2132
  # Specifies whether you want to apply a legal hold to the uploaded
1158
2133
  # object.
2134
+ #
2135
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2136
+ #
2137
+ # </note>
1159
2138
  # @option options [String] :expected_bucket_owner
1160
- # The account ID of the expected bucket owner. If the bucket is owned by
1161
- # a different account, the request fails with the HTTP status code `403
1162
- # Forbidden` (access denied).
2139
+ # The account ID of the expected bucket owner. If the account ID that
2140
+ # you provide does not match the actual owner of the bucket, the request
2141
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1163
2142
  # @option options [String] :checksum_algorithm
1164
- # Indicates the algorithm you want Amazon S3 to use to create the
2143
+ # Indicates the algorithm that you want Amazon S3 to use to create the
1165
2144
  # checksum for the object. For more information, see [Checking object
1166
2145
  # integrity][1] in the *Amazon S3 User Guide*.
1167
2146
  #
@@ -1211,7 +2190,7 @@ module Aws::S3
1211
2190
  # "MetadataKey" => "MetadataValue",
1212
2191
  # },
1213
2192
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1214
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
2193
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1215
2194
  # website_redirect_location: "WebsiteRedirectLocation",
1216
2195
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1217
2196
  # sse_customer_key: "SSECustomerKey",
@@ -1229,13 +2208,41 @@ module Aws::S3
1229
2208
  # @param [Hash] options ({})
1230
2209
  # @option options [String] :acl
1231
2210
  # The canned ACL to apply to the object. For more information, see
1232
- # [Canned ACL][1].
2211
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
2212
+ #
2213
+ # When adding a new object, you can use headers to grant ACL-based
2214
+ # permissions to individual Amazon Web Services accounts or to
2215
+ # predefined groups defined by Amazon S3. These permissions are then
2216
+ # added to the ACL on the object. By default, all objects are private.
2217
+ # Only the owner has full access control. For more information, see
2218
+ # [Access Control List (ACL) Overview][2] and [Managing ACLs Using the
2219
+ # REST API][3] in the *Amazon S3 User Guide*.
2220
+ #
2221
+ # If the bucket that you're uploading objects to uses the bucket owner
2222
+ # enforced setting for S3 Object Ownership, ACLs are disabled and no
2223
+ # longer affect permissions. Buckets that use this setting only accept
2224
+ # PUT requests that don't specify an ACL or PUT requests that specify
2225
+ # bucket owner full control ACLs, such as the
2226
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
2227
+ # ACL expressed in the XML format. PUT requests that contain other ACLs
2228
+ # (for example, custom grants to certain Amazon Web Services accounts)
2229
+ # fail and return a `400` error with the error code
2230
+ # `AccessControlListNotSupported`. For more information, see [
2231
+ # Controlling ownership of objects and disabling ACLs][4] in the *Amazon
2232
+ # S3 User Guide*.
2233
+ #
2234
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2235
+ #
2236
+ # * This functionality is not supported for Amazon S3 on Outposts.
1233
2237
  #
1234
- # This action is not supported by Amazon S3 on Outposts.
2238
+ # </note>
1235
2239
  #
1236
2240
  #
1237
2241
  #
1238
2242
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
2243
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
2244
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
2245
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
1239
2246
  # @option options [String, StringIO, File] :body
1240
2247
  # Object data.
1241
2248
  # @option options [String] :cache_control
@@ -1282,9 +2289,21 @@ module Aws::S3
1282
2289
  # information about REST request authentication, see [REST
1283
2290
  # Authentication][1].
1284
2291
  #
2292
+ # <note markdown="1"> The `Content-MD5` header is required for any request to upload an
2293
+ # object with a retention period configured using Amazon S3 Object Lock.
2294
+ # For more information about Amazon S3 Object Lock, see [Amazon S3
2295
+ # Object Lock Overview][2] in the *Amazon S3 User Guide*.
2296
+ #
2297
+ # </note>
2298
+ #
2299
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2300
+ #
2301
+ # </note>
2302
+ #
1285
2303
  #
1286
2304
  #
1287
2305
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
2306
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
1288
2307
  # @option options [String] :content_type
1289
2308
  # A standard MIME type describing the format of the contents. For more
1290
2309
  # information, see
@@ -1295,15 +2314,36 @@ module Aws::S3
1295
2314
  # [1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type
1296
2315
  # @option options [String] :checksum_algorithm
1297
2316
  # Indicates the algorithm used to create the checksum for the object
1298
- # when using the SDK. This header will not provide any additional
1299
- # functionality if not using the SDK. When sending this header, there
1300
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1301
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1302
- # `400 Bad Request`. For more information, see [Checking object
1303
- # integrity][1] in the *Amazon S3 User Guide*.
2317
+ # when you use the SDK. This header will not provide any additional
2318
+ # functionality if you don't use the SDK. When you send this header,
2319
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
2320
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
2321
+ # with the HTTP status code `400 Bad Request`.
1304
2322
  #
1305
- # If you provide an individual checksum, Amazon S3 ignores any provided
1306
- # `ChecksumAlgorithm` parameter.
2323
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
2324
+ # the supported algorithm from the following list:
2325
+ #
2326
+ # * CRC32
2327
+ #
2328
+ # * CRC32C
2329
+ #
2330
+ # * SHA1
2331
+ #
2332
+ # * SHA256
2333
+ #
2334
+ # For more information, see [Checking object integrity][1] in the
2335
+ # *Amazon S3 User Guide*.
2336
+ #
2337
+ # If the individual checksum value you provide through
2338
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
2339
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
2340
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
2341
+ # that matches the provided value in `x-amz-checksum-algorithm `.
2342
+ #
2343
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
2344
+ # is the default checksum algorithm that's used for performance.
2345
+ #
2346
+ # </note>
1307
2347
  #
1308
2348
  #
1309
2349
  #
@@ -1360,31 +2400,74 @@ module Aws::S3
1360
2400
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1361
2401
  # object.
1362
2402
  #
1363
- # This action is not supported by Amazon S3 on Outposts.
2403
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2404
+ #
2405
+ # * This functionality is not supported for Amazon S3 on Outposts.
2406
+ #
2407
+ # </note>
1364
2408
  # @option options [String] :grant_read
1365
2409
  # Allows grantee to read the object data and its metadata.
1366
2410
  #
1367
- # This action is not supported by Amazon S3 on Outposts.
2411
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2412
+ #
2413
+ # * This functionality is not supported for Amazon S3 on Outposts.
2414
+ #
2415
+ # </note>
1368
2416
  # @option options [String] :grant_read_acp
1369
2417
  # Allows grantee to read the object ACL.
1370
2418
  #
1371
- # This action is not supported by Amazon S3 on Outposts.
2419
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2420
+ #
2421
+ # * This functionality is not supported for Amazon S3 on Outposts.
2422
+ #
2423
+ # </note>
1372
2424
  # @option options [String] :grant_write_acp
1373
2425
  # Allows grantee to write the ACL for the applicable object.
1374
2426
  #
1375
- # This action is not supported by Amazon S3 on Outposts.
2427
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2428
+ #
2429
+ # * This functionality is not supported for Amazon S3 on Outposts.
2430
+ #
2431
+ # </note>
1376
2432
  # @option options [Hash<String,String>] :metadata
1377
2433
  # A map of metadata to store with the object in S3.
1378
2434
  # @option options [String] :server_side_encryption
1379
- # The server-side encryption algorithm used when storing this object in
1380
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
2435
+ # The server-side encryption algorithm that was used when you store this
2436
+ # object in Amazon S3 (for example, `AES256`, `aws:kms`,
2437
+ # `aws:kms:dsse`).
2438
+ #
2439
+ # <b>General purpose buckets </b> - You have four mutually exclusive
2440
+ # options to protect data using server-side encryption in Amazon S3,
2441
+ # depending on how you choose to manage the encryption keys.
2442
+ # Specifically, the encryption key options are Amazon S3 managed keys
2443
+ # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2444
+ # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2445
+ # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2446
+ # default. You can optionally tell Amazon S3 to encrypt data at rest by
2447
+ # using server-side encryption with other key options. For more
2448
+ # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2449
+ # User Guide*.
2450
+ #
2451
+ # <b>Directory buckets </b> - For directory buckets, only the
2452
+ # server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`)
2453
+ # value is supported.
2454
+ #
2455
+ #
2456
+ #
2457
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
1381
2458
  # @option options [String] :storage_class
1382
2459
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1383
2460
  # created objects. The STANDARD storage class provides high durability
1384
2461
  # and high availability. Depending on performance needs, you can specify
1385
- # a different Storage Class. Amazon S3 on Outposts only uses the
1386
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1387
- # in the *Amazon S3 User Guide*.
2462
+ # a different Storage Class. For more information, see [Storage
2463
+ # Classes][1] in the *Amazon S3 User Guide*.
2464
+ #
2465
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
2466
+ # supported to store newly created objects.
2467
+ #
2468
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
2469
+ #
2470
+ # </note>
1388
2471
  #
1389
2472
  #
1390
2473
  #
@@ -1393,7 +2476,8 @@ module Aws::S3
1393
2476
  # If the bucket is configured as a website, redirects requests for this
1394
2477
  # object to another object in the same bucket or to an external URL.
1395
2478
  # Amazon S3 stores the value of this header in the object metadata. For
1396
- # information about object metadata, see [Object Key and Metadata][1].
2479
+ # information about object metadata, see [Object Key and Metadata][1] in
2480
+ # the *Amazon S3 User Guide*.
1397
2481
  #
1398
2482
  # In the following example, the request header sets the redirect to an
1399
2483
  # object (anotherPage.html) in the same bucket:
@@ -1407,7 +2491,11 @@ module Aws::S3
1407
2491
  #
1408
2492
  # For more information about website hosting in Amazon S3, see [Hosting
1409
2493
  # Websites on Amazon S3][2] and [How to Configure Website Page
1410
- # Redirects][3].
2494
+ # Redirects][3] in the *Amazon S3 User Guide*.
2495
+ #
2496
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2497
+ #
2498
+ # </note>
1411
2499
  #
1412
2500
  #
1413
2501
  #
@@ -1415,35 +2503,57 @@ module Aws::S3
1415
2503
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
1416
2504
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
1417
2505
  # @option options [String] :sse_customer_algorithm
1418
- # Specifies the algorithm to use to when encrypting the object (for
1419
- # example, AES256).
2506
+ # Specifies the algorithm to use when encrypting the object (for
2507
+ # example, `AES256`).
2508
+ #
2509
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2510
+ #
2511
+ # </note>
1420
2512
  # @option options [String] :sse_customer_key
1421
2513
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1422
2514
  # encrypting data. This value is used to store the object and then it is
1423
2515
  # discarded; Amazon S3 does not store the encryption key. The key must
1424
2516
  # be appropriate for use with the algorithm specified in the
1425
2517
  # `x-amz-server-side-encryption-customer-algorithm` header.
2518
+ #
2519
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2520
+ #
2521
+ # </note>
1426
2522
  # @option options [String] :sse_customer_key_md5
1427
2523
  # Specifies the 128-bit MD5 digest of the encryption key according to
1428
2524
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1429
2525
  # ensure that the encryption key was transmitted without error.
2526
+ #
2527
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2528
+ #
2529
+ # </note>
1430
2530
  # @option options [String] :ssekms_key_id
1431
2531
  # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
1432
- # `aws:kms:dsse`, this header specifies the ID of the Key Management
1433
- # Service (KMS) symmetric encryption customer managed key that was used
1434
- # for the object. If you specify `x-amz-server-side-encryption:aws:kms`
1435
- # or `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
2532
+ # `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key
2533
+ # Alias) of the Key Management Service (KMS) symmetric encryption
2534
+ # customer managed key that was used for the object. If you specify
2535
+ # `x-amz-server-side-encryption:aws:kms` or
2536
+ # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
1436
2537
  # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
1437
2538
  # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
1438
2539
  # KMS key does not exist in the same account that's issuing the
1439
2540
  # command, you must use the full ARN and not just the ID.
2541
+ #
2542
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2543
+ #
2544
+ # </note>
1440
2545
  # @option options [String] :ssekms_encryption_context
1441
2546
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1442
2547
  # object encryption. The value of this header is a base64-encoded UTF-8
1443
2548
  # string holding JSON with the encryption context key-value pairs. This
1444
2549
  # value is stored as object metadata and automatically gets passed on to
1445
2550
  # Amazon Web Services KMS for future `GetObject` or `CopyObject`
1446
- # operations on this object.
2551
+ # operations on this object. This value must be explicitly added during
2552
+ # `CopyObject` operations.
2553
+ #
2554
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2555
+ #
2556
+ # </note>
1447
2557
  # @option options [Boolean] :bucket_key_enabled
1448
2558
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1449
2559
  # encryption with server-side encryption using Key Management Service
@@ -1452,35 +2562,62 @@ module Aws::S3
1452
2562
  #
1453
2563
  # Specifying this header with a PUT action doesn’t affect bucket-level
1454
2564
  # settings for S3 Bucket Key.
2565
+ #
2566
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2567
+ #
2568
+ # </note>
1455
2569
  # @option options [String] :request_payer
1456
2570
  # Confirms that the requester knows that they will be charged for the
1457
2571
  # request. Bucket owners need not specify this parameter in their
1458
- # requests. For information about downloading objects from Requester
2572
+ # requests. If either the source or destination S3 bucket has Requester
2573
+ # Pays enabled, the requester will pay for corresponding charges to copy
2574
+ # the object. For information about downloading objects from Requester
1459
2575
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1460
2576
  # in the *Amazon S3 User Guide*.
1461
2577
  #
2578
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2579
+ #
2580
+ # </note>
2581
+ #
1462
2582
  #
1463
2583
  #
1464
2584
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1465
2585
  # @option options [String] :tagging
1466
2586
  # The tag-set for the object. The tag-set must be encoded as URL Query
1467
2587
  # parameters. (For example, "Key1=Value1")
2588
+ #
2589
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2590
+ #
2591
+ # </note>
1468
2592
  # @option options [String] :object_lock_mode
1469
2593
  # The Object Lock mode that you want to apply to this object.
2594
+ #
2595
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2596
+ #
2597
+ # </note>
1470
2598
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1471
2599
  # The date and time when you want this object's Object Lock to expire.
1472
2600
  # Must be formatted as a timestamp parameter.
2601
+ #
2602
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2603
+ #
2604
+ # </note>
1473
2605
  # @option options [String] :object_lock_legal_hold_status
1474
2606
  # Specifies whether a legal hold will be applied to this object. For
1475
- # more information about S3 Object Lock, see [Object Lock][1].
2607
+ # more information about S3 Object Lock, see [Object Lock][1] in the
2608
+ # *Amazon S3 User Guide*.
2609
+ #
2610
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2611
+ #
2612
+ # </note>
1476
2613
  #
1477
2614
  #
1478
2615
  #
1479
2616
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
1480
2617
  # @option options [String] :expected_bucket_owner
1481
- # The account ID of the expected bucket owner. If the bucket is owned by
1482
- # a different account, the request fails with the HTTP status code `403
1483
- # Forbidden` (access denied).
2618
+ # The account ID of the expected bucket owner. If the account ID that
2619
+ # you provide does not match the actual owner of the bucket, the request
2620
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1484
2621
  # @return [Types::PutObjectOutput]
1485
2622
  def put(options = {})
1486
2623
  options = options.merge(
@@ -1574,7 +2711,7 @@ module Aws::S3
1574
2711
  # value: "MetadataValue",
1575
2712
  # },
1576
2713
  # ],
1577
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
2714
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1578
2715
  # },
1579
2716
  # },
1580
2717
  # },
@@ -1590,21 +2727,27 @@ module Aws::S3
1590
2727
  # @option options [String] :request_payer
1591
2728
  # Confirms that the requester knows that they will be charged for the
1592
2729
  # request. Bucket owners need not specify this parameter in their
1593
- # requests. For information about downloading objects from Requester
2730
+ # requests. If either the source or destination S3 bucket has Requester
2731
+ # Pays enabled, the requester will pay for corresponding charges to copy
2732
+ # the object. For information about downloading objects from Requester
1594
2733
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1595
2734
  # in the *Amazon S3 User Guide*.
1596
2735
  #
2736
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2737
+ #
2738
+ # </note>
2739
+ #
1597
2740
  #
1598
2741
  #
1599
2742
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1600
2743
  # @option options [String] :checksum_algorithm
1601
2744
  # Indicates the algorithm used to create the checksum for the object
1602
- # when using the SDK. This header will not provide any additional
1603
- # functionality if not using the SDK. When sending this header, there
1604
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1605
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1606
- # `400 Bad Request`. For more information, see [Checking object
1607
- # integrity][1] in the *Amazon S3 User Guide*.
2745
+ # when you use the SDK. This header will not provide any additional
2746
+ # functionality if you don't use the SDK. When you send this header,
2747
+ # there must be a corresponding `x-amz-checksum` or `x-amz-trailer`
2748
+ # header sent. Otherwise, Amazon S3 fails the request with the HTTP
2749
+ # status code `400 Bad Request`. For more information, see [Checking
2750
+ # object integrity][1] in the *Amazon S3 User Guide*.
1608
2751
  #
1609
2752
  # If you provide an individual checksum, Amazon S3 ignores any provided
1610
2753
  # `ChecksumAlgorithm` parameter.
@@ -1613,9 +2756,9 @@ module Aws::S3
1613
2756
  #
1614
2757
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
1615
2758
  # @option options [String] :expected_bucket_owner
1616
- # The account ID of the expected bucket owner. If the bucket is owned by
1617
- # a different account, the request fails with the HTTP status code `403
1618
- # Forbidden` (access denied).
2759
+ # The account ID of the expected bucket owner. If the account ID that
2760
+ # you provide does not match the actual owner of the bucket, the request
2761
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1619
2762
  # @return [Types::RestoreObjectOutput]
1620
2763
  def restore_object(options = {})
1621
2764
  options = options.merge(
@@ -1649,42 +2792,125 @@ module Aws::S3
1649
2792
  # @option options [String] :if_match
1650
2793
  # Return the object only if its entity tag (ETag) is the same as the one
1651
2794
  # specified; otherwise, return a 412 (precondition failed) error.
2795
+ #
2796
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
2797
+ # present in the request as follows:
2798
+ #
2799
+ # * `If-Match` condition evaluates to `true`, and;
2800
+ #
2801
+ # * `If-Unmodified-Since` condition evaluates to `false`;
2802
+ #
2803
+ # Then Amazon S3 returns `200 OK` and the data requested.
2804
+ #
2805
+ # For more information about conditional requests, see [RFC 7232][1].
2806
+ #
2807
+ #
2808
+ #
2809
+ # [1]: https://tools.ietf.org/html/rfc7232
1652
2810
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
1653
2811
  # Return the object only if it has been modified since the specified
1654
2812
  # time; otherwise, return a 304 (not modified) error.
2813
+ #
2814
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
2815
+ # present in the request as follows:
2816
+ #
2817
+ # * `If-None-Match` condition evaluates to `false`, and;
2818
+ #
2819
+ # * `If-Modified-Since` condition evaluates to `true`;
2820
+ #
2821
+ # Then Amazon S3 returns the `304 Not Modified` response code.
2822
+ #
2823
+ # For more information about conditional requests, see [RFC 7232][1].
2824
+ #
2825
+ #
2826
+ #
2827
+ # [1]: https://tools.ietf.org/html/rfc7232
1655
2828
  # @option options [String] :if_none_match
1656
2829
  # Return the object only if its entity tag (ETag) is different from the
1657
2830
  # one specified; otherwise, return a 304 (not modified) error.
2831
+ #
2832
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
2833
+ # present in the request as follows:
2834
+ #
2835
+ # * `If-None-Match` condition evaluates to `false`, and;
2836
+ #
2837
+ # * `If-Modified-Since` condition evaluates to `true`;
2838
+ #
2839
+ # Then Amazon S3 returns the `304 Not Modified` response code.
2840
+ #
2841
+ # For more information about conditional requests, see [RFC 7232][1].
2842
+ #
2843
+ #
2844
+ #
2845
+ # [1]: https://tools.ietf.org/html/rfc7232
1658
2846
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
1659
2847
  # Return the object only if it has not been modified since the specified
1660
2848
  # time; otherwise, return a 412 (precondition failed) error.
2849
+ #
2850
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
2851
+ # present in the request as follows:
2852
+ #
2853
+ # * `If-Match` condition evaluates to `true`, and;
2854
+ #
2855
+ # * `If-Unmodified-Since` condition evaluates to `false`;
2856
+ #
2857
+ # Then Amazon S3 returns `200 OK` and the data requested.
2858
+ #
2859
+ # For more information about conditional requests, see [RFC 7232][1].
2860
+ #
2861
+ #
2862
+ #
2863
+ # [1]: https://tools.ietf.org/html/rfc7232
1661
2864
  # @option options [String] :range
1662
2865
  # HeadObject returns only the metadata for an object. If the Range is
1663
2866
  # satisfiable, only the `ContentLength` is affected in the response. If
1664
2867
  # the Range is not satisfiable, S3 returns a `416 - Requested Range Not
1665
2868
  # Satisfiable` error.
1666
2869
  # @option options [String] :version_id
1667
- # VersionId used to reference a specific version of the object.
2870
+ # Version ID used to reference a specific version of the object.
2871
+ #
2872
+ # <note markdown="1"> For directory buckets in this API operation, only the `null` value of
2873
+ # the version ID is supported.
2874
+ #
2875
+ # </note>
1668
2876
  # @option options [String] :sse_customer_algorithm
1669
- # Specifies the algorithm to use to when encrypting the object (for
2877
+ # Specifies the algorithm to use when encrypting the object (for
1670
2878
  # example, AES256).
2879
+ #
2880
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2881
+ #
2882
+ # </note>
1671
2883
  # @option options [String] :sse_customer_key
1672
2884
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1673
2885
  # encrypting data. This value is used to store the object and then it is
1674
2886
  # discarded; Amazon S3 does not store the encryption key. The key must
1675
2887
  # be appropriate for use with the algorithm specified in the
1676
2888
  # `x-amz-server-side-encryption-customer-algorithm` header.
2889
+ #
2890
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2891
+ #
2892
+ # </note>
1677
2893
  # @option options [String] :sse_customer_key_md5
1678
2894
  # Specifies the 128-bit MD5 digest of the encryption key according to
1679
2895
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1680
2896
  # ensure that the encryption key was transmitted without error.
2897
+ #
2898
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2899
+ #
2900
+ # </note>
1681
2901
  # @option options [String] :request_payer
1682
2902
  # Confirms that the requester knows that they will be charged for the
1683
2903
  # request. Bucket owners need not specify this parameter in their
1684
- # requests. For information about downloading objects from Requester
2904
+ # requests. If either the source or destination S3 bucket has Requester
2905
+ # Pays enabled, the requester will pay for corresponding charges to copy
2906
+ # the object. For information about downloading objects from Requester
1685
2907
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1686
2908
  # in the *Amazon S3 User Guide*.
1687
2909
  #
2910
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2911
+ #
2912
+ # </note>
2913
+ #
1688
2914
  #
1689
2915
  #
1690
2916
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
@@ -1694,9 +2920,9 @@ module Aws::S3
1694
2920
  # for the part specified. Useful querying about the size of the part and
1695
2921
  # the number of parts in this object.
1696
2922
  # @option options [String] :expected_bucket_owner
1697
- # The account ID of the expected bucket owner. If the bucket is owned by
1698
- # a different account, the request fails with the HTTP status code `403
1699
- # Forbidden` (access denied).
2923
+ # The account ID of the expected bucket owner. If the account ID that
2924
+ # you provide does not match the actual owner of the bucket, the request
2925
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1700
2926
  # @option options [String] :checksum_mode
1701
2927
  # To retrieve the checksum, this parameter must be enabled.
1702
2928
  #
@@ -1837,13 +3063,36 @@ module Aws::S3
1837
3063
  # space, and the value that is displayed on your authentication device.
1838
3064
  # Required to permanently delete a versioned object if versioning is
1839
3065
  # configured with MFA delete enabled.
3066
+ #
3067
+ # When performing the `DeleteObjects` operation on an MFA delete enabled
3068
+ # bucket, which attempts to delete the specified versioned objects, you
3069
+ # must include an MFA token. If you don't provide an MFA token, the
3070
+ # entire request will fail, even if there are non-versioned objects that
3071
+ # you are trying to delete. If you provide an invalid token, whether
3072
+ # there are versioned object keys in the request or not, the entire
3073
+ # Multi-Object Delete request will fail. For information about MFA
3074
+ # Delete, see [ MFA Delete][1] in the *Amazon S3 User Guide*.
3075
+ #
3076
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3077
+ #
3078
+ # </note>
3079
+ #
3080
+ #
3081
+ #
3082
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete
1840
3083
  # @option options [String] :request_payer
1841
3084
  # Confirms that the requester knows that they will be charged for the
1842
3085
  # request. Bucket owners need not specify this parameter in their
1843
- # requests. For information about downloading objects from Requester
3086
+ # requests. If either the source or destination S3 bucket has Requester
3087
+ # Pays enabled, the requester will pay for corresponding charges to copy
3088
+ # the object. For information about downloading objects from Requester
1844
3089
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1845
3090
  # in the *Amazon S3 User Guide*.
1846
3091
  #
3092
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3093
+ #
3094
+ # </note>
3095
+ #
1847
3096
  #
1848
3097
  #
1849
3098
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
@@ -1851,25 +3100,45 @@ module Aws::S3
1851
3100
  # Specifies whether you want to delete this object even if it has a
1852
3101
  # Governance-type Object Lock in place. To use this header, you must
1853
3102
  # have the `s3:BypassGovernanceRetention` permission.
3103
+ #
3104
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3105
+ #
3106
+ # </note>
1854
3107
  # @option options [String] :expected_bucket_owner
1855
- # The account ID of the expected bucket owner. If the bucket is owned by
1856
- # a different account, the request fails with the HTTP status code `403
1857
- # Forbidden` (access denied).
3108
+ # The account ID of the expected bucket owner. If the account ID that
3109
+ # you provide does not match the actual owner of the bucket, the request
3110
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1858
3111
  # @option options [String] :checksum_algorithm
1859
3112
  # Indicates the algorithm used to create the checksum for the object
1860
- # when using the SDK. This header will not provide any additional
1861
- # functionality if not using the SDK. When sending this header, there
1862
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1863
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1864
- # `400 Bad Request`. For more information, see [Checking object
1865
- # integrity][1] in the *Amazon S3 User Guide*.
3113
+ # when you use the SDK. This header will not provide any additional
3114
+ # functionality if you don't use the SDK. When you send this header,
3115
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
3116
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
3117
+ # with the HTTP status code `400 Bad Request`.
3118
+ #
3119
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
3120
+ # the supported algorithm from the following list:
3121
+ #
3122
+ # * CRC32
3123
+ #
3124
+ # * CRC32C
3125
+ #
3126
+ # * SHA1
3127
+ #
3128
+ # * SHA256
3129
+ #
3130
+ # For more information, see [Checking object integrity][1] in the
3131
+ # *Amazon S3 User Guide*.
3132
+ #
3133
+ # If the individual checksum value you provide through
3134
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
3135
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
3136
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
3137
+ # that matches the provided value in `x-amz-checksum-algorithm `.
1866
3138
  #
1867
3139
  # If you provide an individual checksum, Amazon S3 ignores any provided
1868
3140
  # `ChecksumAlgorithm` parameter.
1869
3141
  #
1870
- # This checksum algorithm must be the same for all parts and it match
1871
- # the checksum value supplied in the `CreateMultipartUpload` request.
1872
- #
1873
3142
  #
1874
3143
  #
1875
3144
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html