aws-sdk-s3 1.132.0 → 1.151.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (75) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +127 -1
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/access_grants_credentials.rb +57 -0
  5. data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +241 -0
  6. data/lib/aws-sdk-s3/bucket.rb +424 -81
  7. data/lib/aws-sdk-s3/bucket_acl.rb +9 -9
  8. data/lib/aws-sdk-s3/bucket_cors.rb +12 -12
  9. data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -12
  10. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -12
  11. data/lib/aws-sdk-s3/bucket_logging.rb +16 -9
  12. data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
  13. data/lib/aws-sdk-s3/bucket_policy.rb +58 -14
  14. data/lib/aws-sdk-s3/bucket_region_cache.rb +9 -5
  15. data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -9
  16. data/lib/aws-sdk-s3/bucket_tagging.rb +12 -12
  17. data/lib/aws-sdk-s3/bucket_versioning.rb +27 -27
  18. data/lib/aws-sdk-s3/bucket_website.rb +12 -12
  19. data/lib/aws-sdk-s3/client.rb +5783 -2608
  20. data/lib/aws-sdk-s3/client_api.rb +114 -18
  21. data/lib/aws-sdk-s3/customizations/errors.rb +15 -2
  22. data/lib/aws-sdk-s3/customizations/object.rb +45 -2
  23. data/lib/aws-sdk-s3/customizations.rb +8 -0
  24. data/lib/aws-sdk-s3/endpoint_parameters.rb +32 -0
  25. data/lib/aws-sdk-s3/endpoint_provider.rb +88 -6
  26. data/lib/aws-sdk-s3/endpoints.rb +440 -0
  27. data/lib/aws-sdk-s3/express_credentials.rb +55 -0
  28. data/lib/aws-sdk-s3/express_credentials_provider.rb +59 -0
  29. data/lib/aws-sdk-s3/file_downloader.rb +119 -24
  30. data/lib/aws-sdk-s3/multipart_file_uploader.rb +4 -4
  31. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +5 -4
  32. data/lib/aws-sdk-s3/multipart_upload.rb +69 -16
  33. data/lib/aws-sdk-s3/multipart_upload_part.rb +160 -35
  34. data/lib/aws-sdk-s3/object.rb +1504 -235
  35. data/lib/aws-sdk-s3/object_acl.rb +29 -15
  36. data/lib/aws-sdk-s3/object_multipart_copier.rb +10 -8
  37. data/lib/aws-sdk-s3/object_summary.rb +1367 -254
  38. data/lib/aws-sdk-s3/object_version.rb +297 -42
  39. data/lib/aws-sdk-s3/plugins/access_grants.rb +108 -0
  40. data/lib/aws-sdk-s3/plugins/endpoints.rb +14 -2
  41. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +91 -0
  42. data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
  43. data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
  44. data/lib/aws-sdk-s3/plugins/s3_signer.rb +7 -2
  45. data/lib/aws-sdk-s3/presigner.rb +4 -2
  46. data/lib/aws-sdk-s3/resource.rb +83 -11
  47. data/lib/aws-sdk-s3/types.rb +4529 -1361
  48. data/lib/aws-sdk-s3.rb +1 -1
  49. data/sig/bucket.rbs +212 -0
  50. data/sig/bucket_acl.rbs +78 -0
  51. data/sig/bucket_cors.rbs +69 -0
  52. data/sig/bucket_lifecycle.rbs +88 -0
  53. data/sig/bucket_lifecycle_configuration.rbs +111 -0
  54. data/sig/bucket_logging.rbs +76 -0
  55. data/sig/bucket_notification.rbs +114 -0
  56. data/sig/bucket_policy.rbs +59 -0
  57. data/sig/bucket_request_payment.rbs +54 -0
  58. data/sig/bucket_tagging.rbs +65 -0
  59. data/sig/bucket_versioning.rbs +77 -0
  60. data/sig/bucket_website.rbs +93 -0
  61. data/sig/client.rbs +2362 -0
  62. data/sig/customizations/bucket.rbs +19 -0
  63. data/sig/customizations/object.rbs +38 -0
  64. data/sig/customizations/object_summary.rbs +35 -0
  65. data/sig/errors.rbs +34 -0
  66. data/sig/multipart_upload.rbs +110 -0
  67. data/sig/multipart_upload_part.rbs +105 -0
  68. data/sig/object.rbs +436 -0
  69. data/sig/object_acl.rbs +86 -0
  70. data/sig/object_summary.rbs +334 -0
  71. data/sig/object_version.rbs +131 -0
  72. data/sig/resource.rbs +126 -0
  73. data/sig/types.rbs +2562 -0
  74. data/sig/waiters.rbs +83 -0
  75. metadata +43 -11
@@ -69,6 +69,10 @@ module Aws::S3
69
69
  # of encryption. If an object is larger than 16 MB, the Amazon Web
70
70
  # Services Management Console will upload or copy that object as a
71
71
  # Multipart Upload, and therefore the ETag will not be an MD5 digest.
72
+ #
73
+ # <note markdown="1"> **Directory buckets** - MD5 is not supported by directory buckets.
74
+ #
75
+ # </note>
72
76
  # @return [String]
73
77
  def etag
74
78
  data[:etag]
@@ -87,12 +91,22 @@ module Aws::S3
87
91
  end
88
92
 
89
93
  # The class of storage used to store the object.
94
+ #
95
+ # <note markdown="1"> **Directory buckets** - Only the S3 Express One Zone storage class is
96
+ # supported by directory buckets to store objects.
97
+ #
98
+ # </note>
90
99
  # @return [String]
91
100
  def storage_class
92
101
  data[:storage_class]
93
102
  end
94
103
 
95
104
  # The owner of the object
105
+ #
106
+ # <note markdown="1"> **Directory buckets** - The bucket owner is returned as the object
107
+ # owner.
108
+ #
109
+ # </note>
96
110
  # @return [Types::Owner]
97
111
  def owner
98
112
  data[:owner]
@@ -104,6 +118,12 @@ module Aws::S3
104
118
  # archived objects, see [ Working with archived objects][1] in the
105
119
  # *Amazon S3 User Guide*.
106
120
  #
121
+ # <note markdown="1"> This functionality is not supported for directory buckets. Only the S3
122
+ # Express One Zone storage class is supported by directory buckets to
123
+ # store objects.
124
+ #
125
+ # </note>
126
+ #
107
127
  #
108
128
  #
109
129
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html
@@ -325,7 +345,7 @@ module Aws::S3
325
345
  # metadata_directive: "COPY", # accepts COPY, REPLACE
326
346
  # tagging_directive: "COPY", # accepts COPY, REPLACE
327
347
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
328
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
348
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
329
349
  # website_redirect_location: "WebsiteRedirectLocation",
330
350
  # sse_customer_algorithm: "SSECustomerAlgorithm",
331
351
  # sse_customer_key: "SSECustomerKey",
@@ -346,40 +366,98 @@ module Aws::S3
346
366
  # })
347
367
  # @param [Hash] options ({})
348
368
  # @option options [String] :acl
349
- # The canned ACL to apply to the object.
369
+ # The canned access control list (ACL) to apply to the object.
370
+ #
371
+ # When you copy an object, the ACL metadata is not preserved and is set
372
+ # to `private` by default. Only the owner has full access control. To
373
+ # override the default ACL setting, specify a new ACL when you generate
374
+ # a copy request. For more information, see [Using ACLs][1].
375
+ #
376
+ # If the destination bucket that you're copying objects to uses the
377
+ # bucket owner enforced setting for S3 Object Ownership, ACLs are
378
+ # disabled and no longer affect permissions. Buckets that use this
379
+ # setting only accept `PUT` requests that don't specify an ACL or `PUT`
380
+ # requests that specify bucket owner full control ACLs, such as the
381
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
382
+ # ACL expressed in the XML format. For more information, see
383
+ # [Controlling ownership of objects and disabling ACLs][2] in the
384
+ # *Amazon S3 User Guide*.
385
+ #
386
+ # <note markdown="1"> * If your destination bucket uses the bucket owner enforced setting
387
+ # for Object Ownership, all objects written to the bucket by any
388
+ # account will be owned by the bucket owner.
389
+ #
390
+ # * This functionality is not supported for directory buckets.
391
+ #
392
+ # * This functionality is not supported for Amazon S3 on Outposts.
393
+ #
394
+ # </note>
395
+ #
350
396
  #
351
- # This action is not supported by Amazon S3 on Outposts.
397
+ #
398
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
399
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
352
400
  # @option options [String] :cache_control
353
- # Specifies caching behavior along the request/reply chain.
401
+ # Specifies the caching behavior along the request/reply chain.
354
402
  # @option options [String] :checksum_algorithm
355
- # Indicates the algorithm you want Amazon S3 to use to create the
403
+ # Indicates the algorithm that you want Amazon S3 to use to create the
356
404
  # checksum for the object. For more information, see [Checking object
357
405
  # integrity][1] in the *Amazon S3 User Guide*.
358
406
  #
407
+ # When you copy an object, if the source object has a checksum, that
408
+ # checksum value will be copied to the new object by default. If the
409
+ # `CopyObject` request does not include this `x-amz-checksum-algorithm`
410
+ # header, the checksum algorithm will be copied from the source object
411
+ # to the destination object (if it's present on the source object). You
412
+ # can optionally specify a different checksum algorithm to use with the
413
+ # `x-amz-checksum-algorithm` header. Unrecognized or unsupported values
414
+ # will respond with the HTTP status code `400 Bad Request`.
415
+ #
416
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
417
+ # is the default checksum algorithm that's used for performance.
418
+ #
419
+ # </note>
420
+ #
359
421
  #
360
422
  #
361
423
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
362
424
  # @option options [String] :content_disposition
363
- # Specifies presentational information for the object.
425
+ # Specifies presentational information for the object. Indicates whether
426
+ # an object should be displayed in a web browser or downloaded as a
427
+ # file. It allows specifying the desired filename for the downloaded
428
+ # file.
364
429
  # @option options [String] :content_encoding
365
430
  # Specifies what content encodings have been applied to the object and
366
431
  # thus what decoding mechanisms must be applied to obtain the media-type
367
432
  # referenced by the Content-Type header field.
433
+ #
434
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
435
+ # this header field.
436
+ #
437
+ # </note>
368
438
  # @option options [String] :content_language
369
439
  # The language the content is in.
370
440
  # @option options [String] :content_type
371
- # A standard MIME type describing the format of the object data.
441
+ # A standard MIME type that describes the format of the object data.
372
442
  # @option options [required, String] :copy_source
373
- # Specifies the source object for the copy operation. You specify the
374
- # value in one of two formats, depending on whether you want to access
375
- # the source object through an [access point][1]:
443
+ # Specifies the source object for the copy operation. The source object
444
+ # can be up to 5 GB. If the source object is an object that was uploaded
445
+ # by using a multipart upload, the object copy will be a single part
446
+ # object after the source object is copied to the destination bucket.
447
+ #
448
+ # You specify the value of the copy source in one of two formats,
449
+ # depending on whether you want to access the source object through an
450
+ # [access point][1]:
376
451
  #
377
452
  # * For objects not accessed through an access point, specify the name
378
453
  # of the source bucket and the key of the source object, separated by
379
454
  # a slash (/). For example, to copy the object `reports/january.pdf`
380
- # from the bucket `awsexamplebucket`, use
455
+ # from the general purpose bucket `awsexamplebucket`, use
381
456
  # `awsexamplebucket/reports/january.pdf`. The value must be
382
- # URL-encoded.
457
+ # URL-encoded. To copy the object `reports/january.pdf` from the
458
+ # directory bucket `awsexamplebucket--use1-az5--x-s3`, use
459
+ # `awsexamplebucket--use1-az5--x-s3/reports/january.pdf`. The value
460
+ # must be URL-encoded.
383
461
  #
384
462
  # * For objects accessed through access points, specify the Amazon
385
463
  # Resource Name (ARN) of the object as accessed through the access
@@ -391,9 +469,11 @@ module Aws::S3
391
469
  # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
392
470
  # The value must be URL encoded.
393
471
  #
394
- # <note markdown="1"> Amazon S3 supports copy operations using access points only when the
395
- # source and destination buckets are in the same Amazon Web Services
396
- # Region.
472
+ # <note markdown="1"> * Amazon S3 supports copy operations using Access points only when
473
+ # the source and destination buckets are in the same Amazon Web
474
+ # Services Region.
475
+ #
476
+ # * Access points are not supported by directory buckets.
397
477
  #
398
478
  # </note>
399
479
  #
@@ -406,93 +486,327 @@ module Aws::S3
406
486
  # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
407
487
  # The value must be URL-encoded.
408
488
  #
409
- # To copy a specific version of an object, append
410
- # `?versionId=<version-id>` to the value (for example,
489
+ # If your source bucket versioning is enabled, the `x-amz-copy-source`
490
+ # header by default identifies the current version of an object to copy.
491
+ # If the current version is a delete marker, Amazon S3 behaves as if the
492
+ # object was deleted. To copy a different version, use the `versionId`
493
+ # query parameter. Specifically, append `?versionId=<version-id>` to the
494
+ # value (for example,
411
495
  # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
412
496
  # If you don't specify a version ID, Amazon S3 copies the latest
413
497
  # version of the source object.
414
498
  #
499
+ # If you enable versioning on the destination bucket, Amazon S3
500
+ # generates a unique version ID for the copied object. This version ID
501
+ # is different from the version ID of the source object. Amazon S3
502
+ # returns the version ID of the copied object in the `x-amz-version-id`
503
+ # response header in the response.
504
+ #
505
+ # If you do not enable versioning or suspend it on the destination
506
+ # bucket, the version ID that Amazon S3 generates in the
507
+ # `x-amz-version-id` response header is always null.
508
+ #
509
+ # <note markdown="1"> **Directory buckets** - S3 Versioning isn't enabled and supported for
510
+ # directory buckets.
511
+ #
512
+ # </note>
513
+ #
415
514
  #
416
515
  #
417
516
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
418
517
  # @option options [String] :copy_source_if_match
419
518
  # Copies the object if its entity tag (ETag) matches the specified tag.
519
+ #
520
+ # If both the `x-amz-copy-source-if-match` and
521
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
522
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
523
+ # the data:
524
+ #
525
+ # * `x-amz-copy-source-if-match` condition evaluates to true
526
+ #
527
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
420
528
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
421
529
  # Copies the object if it has been modified since the specified time.
530
+ #
531
+ # If both the `x-amz-copy-source-if-none-match` and
532
+ # `x-amz-copy-source-if-modified-since` headers are present in the
533
+ # request and evaluate as follows, Amazon S3 returns the `412
534
+ # Precondition Failed` response code:
535
+ #
536
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
537
+ #
538
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
422
539
  # @option options [String] :copy_source_if_none_match
423
540
  # Copies the object if its entity tag (ETag) is different than the
424
541
  # specified ETag.
542
+ #
543
+ # If both the `x-amz-copy-source-if-none-match` and
544
+ # `x-amz-copy-source-if-modified-since` headers are present in the
545
+ # request and evaluate as follows, Amazon S3 returns the `412
546
+ # Precondition Failed` response code:
547
+ #
548
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
549
+ #
550
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
425
551
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_unmodified_since
426
552
  # Copies the object if it hasn't been modified since the specified
427
553
  # time.
554
+ #
555
+ # If both the `x-amz-copy-source-if-match` and
556
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
557
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
558
+ # the data:
559
+ #
560
+ # * `x-amz-copy-source-if-match` condition evaluates to true
561
+ #
562
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
428
563
  # @option options [Time,DateTime,Date,Integer,String] :expires
429
564
  # The date and time at which the object is no longer cacheable.
430
565
  # @option options [String] :grant_full_control
431
566
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
432
567
  # object.
433
568
  #
434
- # This action is not supported by Amazon S3 on Outposts.
569
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
570
+ #
571
+ # * This functionality is not supported for Amazon S3 on Outposts.
572
+ #
573
+ # </note>
435
574
  # @option options [String] :grant_read
436
575
  # Allows grantee to read the object data and its metadata.
437
576
  #
438
- # This action is not supported by Amazon S3 on Outposts.
577
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
578
+ #
579
+ # * This functionality is not supported for Amazon S3 on Outposts.
580
+ #
581
+ # </note>
439
582
  # @option options [String] :grant_read_acp
440
583
  # Allows grantee to read the object ACL.
441
584
  #
442
- # This action is not supported by Amazon S3 on Outposts.
585
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
586
+ #
587
+ # * This functionality is not supported for Amazon S3 on Outposts.
588
+ #
589
+ # </note>
443
590
  # @option options [String] :grant_write_acp
444
591
  # Allows grantee to write the ACL for the applicable object.
445
592
  #
446
- # This action is not supported by Amazon S3 on Outposts.
593
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
594
+ #
595
+ # * This functionality is not supported for Amazon S3 on Outposts.
596
+ #
597
+ # </note>
447
598
  # @option options [Hash<String,String>] :metadata
448
599
  # A map of metadata to store with the object in S3.
449
600
  # @option options [String] :metadata_directive
450
601
  # Specifies whether the metadata is copied from the source object or
451
- # replaced with metadata provided in the request.
602
+ # replaced with metadata that's provided in the request. When copying
603
+ # an object, you can preserve all metadata (the default) or specify new
604
+ # metadata. If this header isn’t specified, `COPY` is the default
605
+ # behavior.
606
+ #
607
+ # **General purpose bucket** - For general purpose buckets, when you
608
+ # grant permissions, you can use the `s3:x-amz-metadata-directive`
609
+ # condition key to enforce certain metadata behavior when objects are
610
+ # uploaded. For more information, see [Amazon S3 condition key
611
+ # examples][1] in the *Amazon S3 User Guide*.
612
+ #
613
+ # <note markdown="1"> `x-amz-website-redirect-location` is unique to each object and is not
614
+ # copied when using the `x-amz-metadata-directive` header. To copy the
615
+ # value, you must specify `x-amz-website-redirect-location` in the
616
+ # request header.
617
+ #
618
+ # </note>
619
+ #
620
+ #
621
+ #
622
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
452
623
  # @option options [String] :tagging_directive
453
- # Specifies whether the object tag-set are copied from the source object
454
- # or replaced with tag-set provided in the request.
624
+ # Specifies whether the object tag-set is copied from the source object
625
+ # or replaced with the tag-set that's provided in the request.
626
+ #
627
+ # The default value is `COPY`.
628
+ #
629
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
630
+ # operation, only the empty tag-set is supported. Any requests that
631
+ # attempt to write non-empty tags into directory buckets will receive a
632
+ # `501 Not Implemented` status code. When the destination bucket is a
633
+ # directory bucket, you will receive a `501 Not Implemented` response in
634
+ # any of the following situations:
635
+ #
636
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
637
+ # has non-empty tags.
638
+ #
639
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
640
+ # a non-empty value to `x-amz-tagging`.
641
+ #
642
+ # * When you don't set the `x-amz-tagging-directive` header and the
643
+ # source object has non-empty tags. This is because the default value
644
+ # of `x-amz-tagging-directive` is `COPY`.
645
+ #
646
+ # Because only the empty tag-set is supported for directory buckets in a
647
+ # `CopyObject` operation, the following situations are allowed:
648
+ #
649
+ # * When you attempt to `COPY` the tag-set from a directory bucket
650
+ # source object that has no tags to a general purpose bucket. It
651
+ # copies an empty tag-set to the destination object.
652
+ #
653
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
654
+ # source object and set the `x-amz-tagging` value of the directory
655
+ # bucket destination object to empty.
656
+ #
657
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
658
+ # bucket source object that has non-empty tags and set the
659
+ # `x-amz-tagging` value of the directory bucket destination object to
660
+ # empty.
661
+ #
662
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
663
+ # source object and don't set the `x-amz-tagging` value of the
664
+ # directory bucket destination object. This is because the default
665
+ # value of `x-amz-tagging` is the empty value.
666
+ #
667
+ # </note>
455
668
  # @option options [String] :server_side_encryption
456
669
  # The server-side encryption algorithm used when storing this object in
457
670
  # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
671
+ # Unrecognized or unsupported values won’t write a destination object
672
+ # and will receive a `400 Bad Request` response.
673
+ #
674
+ # Amazon S3 automatically encrypts all new objects that are copied to an
675
+ # S3 bucket. When copying an object, if you don't specify encryption
676
+ # information in your copy request, the encryption setting of the target
677
+ # object is set to the default encryption configuration of the
678
+ # destination bucket. By default, all buckets have a base level of
679
+ # encryption configuration that uses server-side encryption with Amazon
680
+ # S3 managed keys (SSE-S3). If the destination bucket has a default
681
+ # encryption configuration that uses server-side encryption with Key
682
+ # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
683
+ # encryption with Amazon Web Services KMS keys (DSSE-KMS), or
684
+ # server-side encryption with customer-provided encryption keys (SSE-C),
685
+ # Amazon S3 uses the corresponding KMS key, or a customer-provided key
686
+ # to encrypt the target object copy.
687
+ #
688
+ # When you perform a `CopyObject` operation, if you want to use a
689
+ # different type of encryption setting for the target object, you can
690
+ # specify appropriate encryption-related headers to encrypt the target
691
+ # object with an Amazon S3 managed key, a KMS key, or a
692
+ # customer-provided key. If the encryption setting in your request is
693
+ # different from the default encryption configuration of the destination
694
+ # bucket, the encryption setting in your request takes precedence.
695
+ #
696
+ # With server-side encryption, Amazon S3 encrypts your data as it writes
697
+ # your data to disks in its data centers and decrypts the data when you
698
+ # access it. For more information about server-side encryption, see
699
+ # [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
700
+ #
701
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
702
+ # managed keys (SSE-S3) (`AES256`) is supported.
703
+ #
704
+ # </note>
705
+ #
706
+ #
707
+ #
708
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
458
709
  # @option options [String] :storage_class
459
- # By default, Amazon S3 uses the STANDARD Storage Class to store newly
460
- # created objects. The STANDARD storage class provides high durability
461
- # and high availability. Depending on performance needs, you can specify
462
- # a different Storage Class. Amazon S3 on Outposts only uses the
463
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
710
+ # If the `x-amz-storage-class` header is not used, the copied object
711
+ # will be stored in the `STANDARD` Storage Class by default. The
712
+ # `STANDARD` storage class provides high durability and high
713
+ # availability. Depending on performance needs, you can specify a
714
+ # different Storage Class.
715
+ #
716
+ # <note markdown="1"> * <b>Directory buckets </b> - For directory buckets, only the S3
717
+ # Express One Zone storage class is supported to store newly created
718
+ # objects. Unsupported storage class values won't write a destination
719
+ # object and will respond with the HTTP status code `400 Bad Request`.
720
+ #
721
+ # * <b>Amazon S3 on Outposts </b> - S3 on Outposts only uses the
722
+ # `OUTPOSTS` Storage Class.
723
+ #
724
+ # </note>
725
+ #
726
+ # You can use the `CopyObject` action to change the storage class of an
727
+ # object that is already stored in Amazon S3 by using the
728
+ # `x-amz-storage-class` header. For more information, see [Storage
729
+ # Classes][1] in the *Amazon S3 User Guide*.
730
+ #
731
+ # Before using an object as a source object for the copy operation, you
732
+ # must restore a copy of it if it meets any of the following conditions:
733
+ #
734
+ # * The storage class of the source object is `GLACIER` or
735
+ # `DEEP_ARCHIVE`.
736
+ #
737
+ # * The storage class of the source object is `INTELLIGENT_TIERING` and
738
+ # it's [S3 Intelligent-Tiering access tier][2] is `Archive Access` or
739
+ # `Deep Archive Access`.
740
+ #
741
+ # For more information, see [RestoreObject][3] and [Copying Objects][4]
464
742
  # in the *Amazon S3 User Guide*.
465
743
  #
466
744
  #
467
745
  #
468
746
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
747
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition
748
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
749
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
469
750
  # @option options [String] :website_redirect_location
470
- # If the bucket is configured as a website, redirects requests for this
471
- # object to another object in the same bucket or to an external URL.
472
- # Amazon S3 stores the value of this header in the object metadata. This
473
- # value is unique to each object and is not copied when using the
474
- # `x-amz-metadata-directive` header. Instead, you may opt to provide
475
- # this header in combination with the directive.
751
+ # If the destination bucket is configured as a website, redirects
752
+ # requests for this object copy to another object in the same bucket or
753
+ # to an external URL. Amazon S3 stores the value of this header in the
754
+ # object metadata. This value is unique to each object and is not copied
755
+ # when using the `x-amz-metadata-directive` header. Instead, you may opt
756
+ # to provide this header in combination with the
757
+ # `x-amz-metadata-directive` header.
758
+ #
759
+ # <note markdown="1"> This functionality is not supported for directory buckets.
760
+ #
761
+ # </note>
476
762
  # @option options [String] :sse_customer_algorithm
477
- # Specifies the algorithm to use to when encrypting the object (for
478
- # example, AES256).
763
+ # Specifies the algorithm to use when encrypting the object (for
764
+ # example, `AES256`).
765
+ #
766
+ # When you perform a `CopyObject` operation, if you want to use a
767
+ # different type of encryption setting for the target object, you can
768
+ # specify appropriate encryption-related headers to encrypt the target
769
+ # object with an Amazon S3 managed key, a KMS key, or a
770
+ # customer-provided key. If the encryption setting in your request is
771
+ # different from the default encryption configuration of the destination
772
+ # bucket, the encryption setting in your request takes precedence.
773
+ #
774
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
775
+ # directory bucket.
776
+ #
777
+ # </note>
479
778
  # @option options [String] :sse_customer_key
480
779
  # Specifies the customer-provided encryption key for Amazon S3 to use in
481
780
  # encrypting data. This value is used to store the object and then it is
482
- # discarded; Amazon S3 does not store the encryption key. The key must
781
+ # discarded. Amazon S3 does not store the encryption key. The key must
483
782
  # be appropriate for use with the algorithm specified in the
484
783
  # `x-amz-server-side-encryption-customer-algorithm` header.
784
+ #
785
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
786
+ # directory bucket.
787
+ #
788
+ # </note>
485
789
  # @option options [String] :sse_customer_key_md5
486
790
  # Specifies the 128-bit MD5 digest of the encryption key according to
487
791
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
488
792
  # ensure that the encryption key was transmitted without error.
793
+ #
794
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
795
+ # directory bucket.
796
+ #
797
+ # </note>
489
798
  # @option options [String] :ssekms_key_id
490
- # Specifies the KMS key ID to use for object encryption. All GET and PUT
491
- # requests for an object protected by KMS will fail if they're not made
492
- # via SSL or using SigV4. For information about configuring any of the
493
- # officially supported Amazon Web Services SDKs and Amazon Web Services
494
- # CLI, see [Specifying the Signature Version in Request
495
- # Authentication][1] in the *Amazon S3 User Guide*.
799
+ # Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object
800
+ # encryption. All GET and PUT requests for an object protected by KMS
801
+ # will fail if they're not made via SSL or using SigV4. For information
802
+ # about configuring any of the officially supported Amazon Web Services
803
+ # SDKs and Amazon Web Services CLI, see [Specifying the Signature
804
+ # Version in Request Authentication][1] in the *Amazon S3 User Guide*.
805
+ #
806
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
807
+ # directory bucket.
808
+ #
809
+ # </note>
496
810
  #
497
811
  #
498
812
  #
@@ -500,55 +814,168 @@ module Aws::S3
500
814
  # @option options [String] :ssekms_encryption_context
501
815
  # Specifies the Amazon Web Services KMS Encryption Context to use for
502
816
  # object encryption. The value of this header is a base64-encoded UTF-8
503
- # string holding JSON with the encryption context key-value pairs.
817
+ # string holding JSON with the encryption context key-value pairs. This
818
+ # value must be explicitly added to specify encryption context for
819
+ # `CopyObject` requests.
820
+ #
821
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
822
+ # directory bucket.
823
+ #
824
+ # </note>
504
825
  # @option options [Boolean] :bucket_key_enabled
505
826
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
506
827
  # encryption with server-side encryption using Key Management Service
507
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
508
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
828
+ # (KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable
829
+ # an S3 Bucket Key for the object.
509
830
  #
510
- # Specifying this header with a COPY action doesn’t affect bucket-level
511
- # settings for S3 Bucket Key.
831
+ # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
832
+ # for object encryption with SSE-KMS. Specifying this header with a COPY
833
+ # action doesn’t affect bucket-level settings for S3 Bucket Key.
834
+ #
835
+ # For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
836
+ # User Guide*.
837
+ #
838
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
839
+ # directory bucket.
840
+ #
841
+ # </note>
842
+ #
843
+ #
844
+ #
845
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
512
846
  # @option options [String] :copy_source_sse_customer_algorithm
513
847
  # Specifies the algorithm to use when decrypting the source object (for
514
- # example, AES256).
848
+ # example, `AES256`).
849
+ #
850
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
851
+ # you must provide the necessary encryption information in your request
852
+ # so that Amazon S3 can decrypt the object for copying.
853
+ #
854
+ # <note markdown="1"> This functionality is not supported when the source object is in a
855
+ # directory bucket.
856
+ #
857
+ # </note>
515
858
  # @option options [String] :copy_source_sse_customer_key
516
859
  # Specifies the customer-provided encryption key for Amazon S3 to use to
517
860
  # decrypt the source object. The encryption key provided in this header
518
- # must be one that was used when the source object was created.
861
+ # must be the same one that was used when the source object was created.
862
+ #
863
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
864
+ # you must provide the necessary encryption information in your request
865
+ # so that Amazon S3 can decrypt the object for copying.
866
+ #
867
+ # <note markdown="1"> This functionality is not supported when the source object is in a
868
+ # directory bucket.
869
+ #
870
+ # </note>
519
871
  # @option options [String] :copy_source_sse_customer_key_md5
520
872
  # Specifies the 128-bit MD5 digest of the encryption key according to
521
873
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
522
874
  # ensure that the encryption key was transmitted without error.
875
+ #
876
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
877
+ # you must provide the necessary encryption information in your request
878
+ # so that Amazon S3 can decrypt the object for copying.
879
+ #
880
+ # <note markdown="1"> This functionality is not supported when the source object is in a
881
+ # directory bucket.
882
+ #
883
+ # </note>
523
884
  # @option options [String] :request_payer
524
885
  # Confirms that the requester knows that they will be charged for the
525
886
  # request. Bucket owners need not specify this parameter in their
526
- # requests. For information about downloading objects from Requester
887
+ # requests. If either the source or destination S3 bucket has Requester
888
+ # Pays enabled, the requester will pay for corresponding charges to copy
889
+ # the object. For information about downloading objects from Requester
527
890
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
528
891
  # in the *Amazon S3 User Guide*.
529
892
  #
893
+ # <note markdown="1"> This functionality is not supported for directory buckets.
894
+ #
895
+ # </note>
896
+ #
530
897
  #
531
898
  #
532
899
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
533
900
  # @option options [String] :tagging
534
- # The tag-set for the object destination object this value must be used
535
- # in conjunction with the `TaggingDirective`. The tag-set must be
536
- # encoded as URL Query parameters.
901
+ # The tag-set for the object copy in the destination bucket. This value
902
+ # must be used in conjunction with the `x-amz-tagging-directive` if you
903
+ # choose `REPLACE` for the `x-amz-tagging-directive`. If you choose
904
+ # `COPY` for the `x-amz-tagging-directive`, you don't need to set the
905
+ # `x-amz-tagging` header, because the tag-set will be copied from the
906
+ # source object directly. The tag-set must be encoded as URL Query
907
+ # parameters.
908
+ #
909
+ # The default value is the empty value.
910
+ #
911
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
912
+ # operation, only the empty tag-set is supported. Any requests that
913
+ # attempt to write non-empty tags into directory buckets will receive a
914
+ # `501 Not Implemented` status code. When the destination bucket is a
915
+ # directory bucket, you will receive a `501 Not Implemented` response in
916
+ # any of the following situations:
917
+ #
918
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
919
+ # has non-empty tags.
920
+ #
921
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
922
+ # a non-empty value to `x-amz-tagging`.
923
+ #
924
+ # * When you don't set the `x-amz-tagging-directive` header and the
925
+ # source object has non-empty tags. This is because the default value
926
+ # of `x-amz-tagging-directive` is `COPY`.
927
+ #
928
+ # Because only the empty tag-set is supported for directory buckets in a
929
+ # `CopyObject` operation, the following situations are allowed:
930
+ #
931
+ # * When you attempt to `COPY` the tag-set from a directory bucket
932
+ # source object that has no tags to a general purpose bucket. It
933
+ # copies an empty tag-set to the destination object.
934
+ #
935
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
936
+ # source object and set the `x-amz-tagging` value of the directory
937
+ # bucket destination object to empty.
938
+ #
939
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
940
+ # bucket source object that has non-empty tags and set the
941
+ # `x-amz-tagging` value of the directory bucket destination object to
942
+ # empty.
943
+ #
944
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
945
+ # source object and don't set the `x-amz-tagging` value of the
946
+ # directory bucket destination object. This is because the default
947
+ # value of `x-amz-tagging` is the empty value.
948
+ #
949
+ # </note>
537
950
  # @option options [String] :object_lock_mode
538
- # The Object Lock mode that you want to apply to the copied object.
951
+ # The Object Lock mode that you want to apply to the object copy.
952
+ #
953
+ # <note markdown="1"> This functionality is not supported for directory buckets.
954
+ #
955
+ # </note>
539
956
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
540
- # The date and time when you want the copied object's Object Lock to
957
+ # The date and time when you want the Object Lock of the object copy to
541
958
  # expire.
959
+ #
960
+ # <note markdown="1"> This functionality is not supported for directory buckets.
961
+ #
962
+ # </note>
542
963
  # @option options [String] :object_lock_legal_hold_status
543
- # Specifies whether you want to apply a legal hold to the copied object.
964
+ # Specifies whether you want to apply a legal hold to the object copy.
965
+ #
966
+ # <note markdown="1"> This functionality is not supported for directory buckets.
967
+ #
968
+ # </note>
544
969
  # @option options [String] :expected_bucket_owner
545
970
  # The account ID of the expected destination bucket owner. If the
546
- # destination bucket is owned by a different account, the request fails
547
- # with the HTTP status code `403 Forbidden` (access denied).
971
+ # account ID that you provide does not match the actual owner of the
972
+ # destination bucket, the request fails with the HTTP status code `403
973
+ # Forbidden` (access denied).
548
974
  # @option options [String] :expected_source_bucket_owner
549
- # The account ID of the expected source bucket owner. If the source
550
- # bucket is owned by a different account, the request fails with the
551
- # HTTP status code `403 Forbidden` (access denied).
975
+ # The account ID of the expected source bucket owner. If the account ID
976
+ # that you provide does not match the actual owner of the source bucket,
977
+ # the request fails with the HTTP status code `403 Forbidden` (access
978
+ # denied).
552
979
  # @return [Types::CopyObjectOutput]
553
980
  def copy_from(options = {})
554
981
  options = options.merge(
@@ -576,15 +1003,30 @@ module Aws::S3
576
1003
  # space, and the value that is displayed on your authentication device.
577
1004
  # Required to permanently delete a versioned object if versioning is
578
1005
  # configured with MFA delete enabled.
1006
+ #
1007
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1008
+ #
1009
+ # </note>
579
1010
  # @option options [String] :version_id
580
- # VersionId used to reference a specific version of the object.
1011
+ # Version ID used to reference a specific version of the object.
1012
+ #
1013
+ # <note markdown="1"> For directory buckets in this API operation, only the `null` value of
1014
+ # the version ID is supported.
1015
+ #
1016
+ # </note>
581
1017
  # @option options [String] :request_payer
582
1018
  # Confirms that the requester knows that they will be charged for the
583
1019
  # request. Bucket owners need not specify this parameter in their
584
- # requests. For information about downloading objects from Requester
1020
+ # requests. If either the source or destination S3 bucket has Requester
1021
+ # Pays enabled, the requester will pay for corresponding charges to copy
1022
+ # the object. For information about downloading objects from Requester
585
1023
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
586
1024
  # in the *Amazon S3 User Guide*.
587
1025
  #
1026
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1027
+ #
1028
+ # </note>
1029
+ #
588
1030
  #
589
1031
  #
590
1032
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
@@ -592,10 +1034,14 @@ module Aws::S3
592
1034
  # Indicates whether S3 Object Lock should bypass Governance-mode
593
1035
  # restrictions to process this operation. To use this header, you must
594
1036
  # have the `s3:BypassGovernanceRetention` permission.
1037
+ #
1038
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1039
+ #
1040
+ # </note>
595
1041
  # @option options [String] :expected_bucket_owner
596
- # The account ID of the expected bucket owner. If the bucket is owned by
597
- # a different account, the request fails with the HTTP status code `403
598
- # Forbidden` (access denied).
1042
+ # The account ID of the expected bucket owner. If the account ID that
1043
+ # you provide does not match the actual owner of the bucket, the request
1044
+ # fails with the HTTP status code `403 Forbidden` (access denied).
599
1045
  # @return [Types::DeleteObjectOutput]
600
1046
  def delete(options = {})
601
1047
  options = options.merge(
@@ -634,18 +1080,64 @@ module Aws::S3
634
1080
  # @param [Hash] options ({})
635
1081
  # @option options [String] :if_match
636
1082
  # Return the object only if its entity tag (ETag) is the same as the one
637
- # specified; otherwise, return a 412 (precondition failed) error.
1083
+ # specified in this header; otherwise, return a `412 Precondition
1084
+ # Failed` error.
1085
+ #
1086
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1087
+ # present in the request as follows: `If-Match` condition evaluates to
1088
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1089
+ # then, S3 returns `200 OK` and the data requested.
1090
+ #
1091
+ # For more information about conditional requests, see [RFC 7232][1].
1092
+ #
1093
+ #
1094
+ #
1095
+ # [1]: https://tools.ietf.org/html/rfc7232
638
1096
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
639
1097
  # Return the object only if it has been modified since the specified
640
- # time; otherwise, return a 304 (not modified) error.
1098
+ # time; otherwise, return a `304 Not Modified` error.
1099
+ #
1100
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1101
+ # present in the request as follows:` If-None-Match` condition evaluates
1102
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1103
+ # then, S3 returns `304 Not Modified` status code.
1104
+ #
1105
+ # For more information about conditional requests, see [RFC 7232][1].
1106
+ #
1107
+ #
1108
+ #
1109
+ # [1]: https://tools.ietf.org/html/rfc7232
641
1110
  # @option options [String] :if_none_match
642
1111
  # Return the object only if its entity tag (ETag) is different from the
643
- # one specified; otherwise, return a 304 (not modified) error.
1112
+ # one specified in this header; otherwise, return a `304 Not Modified`
1113
+ # error.
1114
+ #
1115
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1116
+ # present in the request as follows:` If-None-Match` condition evaluates
1117
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1118
+ # then, S3 returns `304 Not Modified` HTTP status code.
1119
+ #
1120
+ # For more information about conditional requests, see [RFC 7232][1].
1121
+ #
1122
+ #
1123
+ #
1124
+ # [1]: https://tools.ietf.org/html/rfc7232
644
1125
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
645
1126
  # Return the object only if it has not been modified since the specified
646
- # time; otherwise, return a 412 (precondition failed) error.
1127
+ # time; otherwise, return a `412 Precondition Failed` error.
1128
+ #
1129
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1130
+ # present in the request as follows: `If-Match` condition evaluates to
1131
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1132
+ # then, S3 returns `200 OK` and the data requested.
1133
+ #
1134
+ # For more information about conditional requests, see [RFC 7232][1].
1135
+ #
1136
+ #
1137
+ #
1138
+ # [1]: https://tools.ietf.org/html/rfc7232
647
1139
  # @option options [String] :range
648
- # Downloads the specified range bytes of an object. For more information
1140
+ # Downloads the specified byte range of an object. For more information
649
1141
  # about the HTTP Range header, see
650
1142
  # [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
651
1143
  #
@@ -660,7 +1152,7 @@ module Aws::S3
660
1152
  # @option options [String] :response_cache_control
661
1153
  # Sets the `Cache-Control` header of the response.
662
1154
  # @option options [String] :response_content_disposition
663
- # Sets the `Content-Disposition` header of the response
1155
+ # Sets the `Content-Disposition` header of the response.
664
1156
  # @option options [String] :response_content_encoding
665
1157
  # Sets the `Content-Encoding` header of the response.
666
1158
  # @option options [String] :response_content_language
@@ -670,135 +1162,507 @@ module Aws::S3
670
1162
  # @option options [Time,DateTime,Date,Integer,String] :response_expires
671
1163
  # Sets the `Expires` header of the response.
672
1164
  # @option options [String] :version_id
673
- # VersionId used to reference a specific version of the object.
1165
+ # Version ID used to reference a specific version of the object.
1166
+ #
1167
+ # By default, the `GetObject` operation returns the current version of
1168
+ # an object. To return a different version, use the `versionId`
1169
+ # subresource.
1170
+ #
1171
+ # <note markdown="1"> * If you include a `versionId` in your request header, you must have
1172
+ # the `s3:GetObjectVersion` permission to access a specific version of
1173
+ # an object. The `s3:GetObject` permission is not required in this
1174
+ # scenario.
1175
+ #
1176
+ # * If you request the current version of an object without a specific
1177
+ # `versionId` in the request header, only the `s3:GetObject`
1178
+ # permission is required. The `s3:GetObjectVersion` permission is not
1179
+ # required in this scenario.
1180
+ #
1181
+ # * **Directory buckets** - S3 Versioning isn't enabled and supported
1182
+ # for directory buckets. For this API operation, only the `null` value
1183
+ # of the version ID is supported by directory buckets. You can only
1184
+ # specify `null` to the `versionId` query parameter in the request.
1185
+ #
1186
+ # </note>
1187
+ #
1188
+ # For more information about versioning, see [PutBucketVersioning][1].
1189
+ #
1190
+ #
1191
+ #
1192
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html
674
1193
  # @option options [String] :sse_customer_algorithm
675
- # Specifies the algorithm to use to when decrypting the object (for
676
- # example, AES256).
1194
+ # Specifies the algorithm to use when decrypting the object (for
1195
+ # example, `AES256`).
1196
+ #
1197
+ # If you encrypt an object by using server-side encryption with
1198
+ # customer-provided encryption keys (SSE-C) when you store the object in
1199
+ # Amazon S3, then when you GET the object, you must use the following
1200
+ # headers:
1201
+ #
1202
+ # * `x-amz-server-side-encryption-customer-algorithm`
1203
+ #
1204
+ # * `x-amz-server-side-encryption-customer-key`
1205
+ #
1206
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1207
+ #
1208
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1209
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1210
+ #
1211
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1212
+ #
1213
+ # </note>
1214
+ #
1215
+ #
1216
+ #
1217
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
677
1218
  # @option options [String] :sse_customer_key
678
- # Specifies the customer-provided encryption key for Amazon S3 used to
679
- # encrypt the data. This value is used to decrypt the object when
680
- # recovering it and must match the one used when storing the data. The
681
- # key must be appropriate for use with the algorithm specified in the
1219
+ # Specifies the customer-provided encryption key that you originally
1220
+ # provided for Amazon S3 to encrypt the data before storing it. This
1221
+ # value is used to decrypt the object when recovering it and must match
1222
+ # the one used when storing the data. The key must be appropriate for
1223
+ # use with the algorithm specified in the
682
1224
  # `x-amz-server-side-encryption-customer-algorithm` header.
1225
+ #
1226
+ # If you encrypt an object by using server-side encryption with
1227
+ # customer-provided encryption keys (SSE-C) when you store the object in
1228
+ # Amazon S3, then when you GET the object, you must use the following
1229
+ # headers:
1230
+ #
1231
+ # * `x-amz-server-side-encryption-customer-algorithm`
1232
+ #
1233
+ # * `x-amz-server-side-encryption-customer-key`
1234
+ #
1235
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1236
+ #
1237
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1238
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1239
+ #
1240
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1241
+ #
1242
+ # </note>
1243
+ #
1244
+ #
1245
+ #
1246
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
683
1247
  # @option options [String] :sse_customer_key_md5
684
- # Specifies the 128-bit MD5 digest of the encryption key according to
685
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
686
- # ensure that the encryption key was transmitted without error.
1248
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
1249
+ # key according to RFC 1321. Amazon S3 uses this header for a message
1250
+ # integrity check to ensure that the encryption key was transmitted
1251
+ # without error.
1252
+ #
1253
+ # If you encrypt an object by using server-side encryption with
1254
+ # customer-provided encryption keys (SSE-C) when you store the object in
1255
+ # Amazon S3, then when you GET the object, you must use the following
1256
+ # headers:
1257
+ #
1258
+ # * `x-amz-server-side-encryption-customer-algorithm`
1259
+ #
1260
+ # * `x-amz-server-side-encryption-customer-key`
1261
+ #
1262
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1263
+ #
1264
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1265
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1266
+ #
1267
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1268
+ #
1269
+ # </note>
1270
+ #
1271
+ #
1272
+ #
1273
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
687
1274
  # @option options [String] :request_payer
688
1275
  # Confirms that the requester knows that they will be charged for the
689
1276
  # request. Bucket owners need not specify this parameter in their
690
- # requests. For information about downloading objects from Requester
1277
+ # requests. If either the source or destination S3 bucket has Requester
1278
+ # Pays enabled, the requester will pay for corresponding charges to copy
1279
+ # the object. For information about downloading objects from Requester
691
1280
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
692
1281
  # in the *Amazon S3 User Guide*.
693
1282
  #
1283
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1284
+ #
1285
+ # </note>
1286
+ #
1287
+ #
1288
+ #
1289
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1290
+ # @option options [Integer] :part_number
1291
+ # Part number of the object being read. This is a positive integer
1292
+ # between 1 and 10,000. Effectively performs a 'ranged' GET request
1293
+ # for the part specified. Useful for downloading just a part of an
1294
+ # object.
1295
+ # @option options [String] :expected_bucket_owner
1296
+ # The account ID of the expected bucket owner. If the account ID that
1297
+ # you provide does not match the actual owner of the bucket, the request
1298
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1299
+ # @option options [String] :checksum_mode
1300
+ # To retrieve the checksum, this mode must be enabled.
1301
+ # @return [Types::GetObjectOutput]
1302
+ def get(options = {}, &block)
1303
+ options = options.merge(
1304
+ bucket: @bucket_name,
1305
+ key: @key
1306
+ )
1307
+ resp = Aws::Plugins::UserAgent.feature('resource') do
1308
+ @client.get_object(options, &block)
1309
+ end
1310
+ resp.data
1311
+ end
1312
+
1313
+ # @example Request syntax with placeholder values
1314
+ #
1315
+ # multipartupload = object_summary.initiate_multipart_upload({
1316
+ # acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
1317
+ # cache_control: "CacheControl",
1318
+ # content_disposition: "ContentDisposition",
1319
+ # content_encoding: "ContentEncoding",
1320
+ # content_language: "ContentLanguage",
1321
+ # content_type: "ContentType",
1322
+ # expires: Time.now,
1323
+ # grant_full_control: "GrantFullControl",
1324
+ # grant_read: "GrantRead",
1325
+ # grant_read_acp: "GrantReadACP",
1326
+ # grant_write_acp: "GrantWriteACP",
1327
+ # metadata: {
1328
+ # "MetadataKey" => "MetadataValue",
1329
+ # },
1330
+ # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1331
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1332
+ # website_redirect_location: "WebsiteRedirectLocation",
1333
+ # sse_customer_algorithm: "SSECustomerAlgorithm",
1334
+ # sse_customer_key: "SSECustomerKey",
1335
+ # sse_customer_key_md5: "SSECustomerKeyMD5",
1336
+ # ssekms_key_id: "SSEKMSKeyId",
1337
+ # ssekms_encryption_context: "SSEKMSEncryptionContext",
1338
+ # bucket_key_enabled: false,
1339
+ # request_payer: "requester", # accepts requester
1340
+ # tagging: "TaggingHeader",
1341
+ # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
1342
+ # object_lock_retain_until_date: Time.now,
1343
+ # object_lock_legal_hold_status: "ON", # accepts ON, OFF
1344
+ # expected_bucket_owner: "AccountId",
1345
+ # checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
1346
+ # })
1347
+ # @param [Hash] options ({})
1348
+ # @option options [String] :acl
1349
+ # The canned ACL to apply to the object. Amazon S3 supports a set of
1350
+ # predefined ACLs, known as *canned ACLs*. Each canned ACL has a
1351
+ # predefined set of grantees and permissions. For more information, see
1352
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
1353
+ #
1354
+ # By default, all objects are private. Only the owner has full access
1355
+ # control. When uploading an object, you can grant access permissions to
1356
+ # individual Amazon Web Services accounts or to predefined groups
1357
+ # defined by Amazon S3. These permissions are then added to the access
1358
+ # control list (ACL) on the new object. For more information, see [Using
1359
+ # ACLs][2]. One way to grant the permissions using the request headers
1360
+ # is to specify a canned ACL with the `x-amz-acl` request header.
1361
+ #
1362
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1363
+ #
1364
+ # * This functionality is not supported for Amazon S3 on Outposts.
1365
+ #
1366
+ # </note>
1367
+ #
1368
+ #
1369
+ #
1370
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
1371
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
1372
+ # @option options [String] :cache_control
1373
+ # Specifies caching behavior along the request/reply chain.
1374
+ # @option options [String] :content_disposition
1375
+ # Specifies presentational information for the object.
1376
+ # @option options [String] :content_encoding
1377
+ # Specifies what content encodings have been applied to the object and
1378
+ # thus what decoding mechanisms must be applied to obtain the media-type
1379
+ # referenced by the Content-Type header field.
1380
+ #
1381
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
1382
+ # this header field.
1383
+ #
1384
+ # </note>
1385
+ # @option options [String] :content_language
1386
+ # The language that the content is in.
1387
+ # @option options [String] :content_type
1388
+ # A standard MIME type describing the format of the object data.
1389
+ # @option options [Time,DateTime,Date,Integer,String] :expires
1390
+ # The date and time at which the object is no longer cacheable.
1391
+ # @option options [String] :grant_full_control
1392
+ # Specify access permissions explicitly to give the grantee READ,
1393
+ # READ\_ACP, and WRITE\_ACP permissions on the object.
1394
+ #
1395
+ # By default, all objects are private. Only the owner has full access
1396
+ # control. When uploading an object, you can use this header to
1397
+ # explicitly grant access permissions to specific Amazon Web Services
1398
+ # accounts or groups. This header maps to specific permissions that
1399
+ # Amazon S3 supports in an ACL. For more information, see [Access
1400
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1401
+ #
1402
+ # You specify each grantee as a type=value pair, where the type is one
1403
+ # of the following:
1404
+ #
1405
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1406
+ # Web Services account
1407
+ #
1408
+ # * `uri` – if you are granting permissions to a predefined group
1409
+ #
1410
+ # * `emailAddress` – if the value specified is the email address of an
1411
+ # Amazon Web Services account
1412
+ #
1413
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1414
+ # following Amazon Web Services Regions:
1415
+ #
1416
+ # * US East (N. Virginia)
1417
+ #
1418
+ # * US West (N. California)
1419
+ #
1420
+ # * US West (Oregon)
1421
+ #
1422
+ # * Asia Pacific (Singapore)
1423
+ #
1424
+ # * Asia Pacific (Sydney)
1425
+ #
1426
+ # * Asia Pacific (Tokyo)
1427
+ #
1428
+ # * Europe (Ireland)
1429
+ #
1430
+ # * South America (São Paulo)
1431
+ #
1432
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1433
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1434
+ # Reference.
1435
+ #
1436
+ # </note>
1437
+ #
1438
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1439
+ # Web Services accounts identified by account IDs permissions to read
1440
+ # object data and its metadata:
1441
+ #
1442
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1443
+ #
1444
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1445
+ #
1446
+ # * This functionality is not supported for Amazon S3 on Outposts.
1447
+ #
1448
+ # </note>
1449
+ #
1450
+ #
1451
+ #
1452
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1453
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1454
+ # @option options [String] :grant_read
1455
+ # Specify access permissions explicitly to allow grantee to read the
1456
+ # object data and its metadata.
1457
+ #
1458
+ # By default, all objects are private. Only the owner has full access
1459
+ # control. When uploading an object, you can use this header to
1460
+ # explicitly grant access permissions to specific Amazon Web Services
1461
+ # accounts or groups. This header maps to specific permissions that
1462
+ # Amazon S3 supports in an ACL. For more information, see [Access
1463
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1464
+ #
1465
+ # You specify each grantee as a type=value pair, where the type is one
1466
+ # of the following:
1467
+ #
1468
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1469
+ # Web Services account
1470
+ #
1471
+ # * `uri` – if you are granting permissions to a predefined group
1472
+ #
1473
+ # * `emailAddress` – if the value specified is the email address of an
1474
+ # Amazon Web Services account
1475
+ #
1476
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1477
+ # following Amazon Web Services Regions:
1478
+ #
1479
+ # * US East (N. Virginia)
1480
+ #
1481
+ # * US West (N. California)
1482
+ #
1483
+ # * US West (Oregon)
1484
+ #
1485
+ # * Asia Pacific (Singapore)
1486
+ #
1487
+ # * Asia Pacific (Sydney)
1488
+ #
1489
+ # * Asia Pacific (Tokyo)
1490
+ #
1491
+ # * Europe (Ireland)
1492
+ #
1493
+ # * South America (São Paulo)
1494
+ #
1495
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1496
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1497
+ # Reference.
1498
+ #
1499
+ # </note>
1500
+ #
1501
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1502
+ # Web Services accounts identified by account IDs permissions to read
1503
+ # object data and its metadata:
1504
+ #
1505
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1506
+ #
1507
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1508
+ #
1509
+ # * This functionality is not supported for Amazon S3 on Outposts.
1510
+ #
1511
+ # </note>
1512
+ #
1513
+ #
1514
+ #
1515
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1516
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1517
+ # @option options [String] :grant_read_acp
1518
+ # Specify access permissions explicitly to allows grantee to read the
1519
+ # object ACL.
1520
+ #
1521
+ # By default, all objects are private. Only the owner has full access
1522
+ # control. When uploading an object, you can use this header to
1523
+ # explicitly grant access permissions to specific Amazon Web Services
1524
+ # accounts or groups. This header maps to specific permissions that
1525
+ # Amazon S3 supports in an ACL. For more information, see [Access
1526
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1527
+ #
1528
+ # You specify each grantee as a type=value pair, where the type is one
1529
+ # of the following:
1530
+ #
1531
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1532
+ # Web Services account
1533
+ #
1534
+ # * `uri` – if you are granting permissions to a predefined group
1535
+ #
1536
+ # * `emailAddress` – if the value specified is the email address of an
1537
+ # Amazon Web Services account
1538
+ #
1539
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1540
+ # following Amazon Web Services Regions:
1541
+ #
1542
+ # * US East (N. Virginia)
1543
+ #
1544
+ # * US West (N. California)
1545
+ #
1546
+ # * US West (Oregon)
1547
+ #
1548
+ # * Asia Pacific (Singapore)
1549
+ #
1550
+ # * Asia Pacific (Sydney)
1551
+ #
1552
+ # * Asia Pacific (Tokyo)
1553
+ #
1554
+ # * Europe (Ireland)
1555
+ #
1556
+ # * South America (São Paulo)
1557
+ #
1558
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1559
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1560
+ # Reference.
1561
+ #
1562
+ # </note>
1563
+ #
1564
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1565
+ # Web Services accounts identified by account IDs permissions to read
1566
+ # object data and its metadata:
1567
+ #
1568
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1569
+ #
1570
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1571
+ #
1572
+ # * This functionality is not supported for Amazon S3 on Outposts.
1573
+ #
1574
+ # </note>
1575
+ #
1576
+ #
694
1577
  #
1578
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1579
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1580
+ # @option options [String] :grant_write_acp
1581
+ # Specify access permissions explicitly to allows grantee to allow
1582
+ # grantee to write the ACL for the applicable object.
695
1583
  #
696
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
697
- # @option options [Integer] :part_number
698
- # Part number of the object being read. This is a positive integer
699
- # between 1 and 10,000. Effectively performs a 'ranged' GET request
700
- # for the part specified. Useful for downloading just a part of an
701
- # object.
702
- # @option options [String] :expected_bucket_owner
703
- # The account ID of the expected bucket owner. If the bucket is owned by
704
- # a different account, the request fails with the HTTP status code `403
705
- # Forbidden` (access denied).
706
- # @option options [String] :checksum_mode
707
- # To retrieve the checksum, this mode must be enabled.
708
- # @return [Types::GetObjectOutput]
709
- def get(options = {}, &block)
710
- options = options.merge(
711
- bucket: @bucket_name,
712
- key: @key
713
- )
714
- resp = Aws::Plugins::UserAgent.feature('resource') do
715
- @client.get_object(options, &block)
716
- end
717
- resp.data
718
- end
719
-
720
- # @example Request syntax with placeholder values
1584
+ # By default, all objects are private. Only the owner has full access
1585
+ # control. When uploading an object, you can use this header to
1586
+ # explicitly grant access permissions to specific Amazon Web Services
1587
+ # accounts or groups. This header maps to specific permissions that
1588
+ # Amazon S3 supports in an ACL. For more information, see [Access
1589
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
721
1590
  #
722
- # multipartupload = object_summary.initiate_multipart_upload({
723
- # acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
724
- # cache_control: "CacheControl",
725
- # content_disposition: "ContentDisposition",
726
- # content_encoding: "ContentEncoding",
727
- # content_language: "ContentLanguage",
728
- # content_type: "ContentType",
729
- # expires: Time.now,
730
- # grant_full_control: "GrantFullControl",
731
- # grant_read: "GrantRead",
732
- # grant_read_acp: "GrantReadACP",
733
- # grant_write_acp: "GrantWriteACP",
734
- # metadata: {
735
- # "MetadataKey" => "MetadataValue",
736
- # },
737
- # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
738
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
739
- # website_redirect_location: "WebsiteRedirectLocation",
740
- # sse_customer_algorithm: "SSECustomerAlgorithm",
741
- # sse_customer_key: "SSECustomerKey",
742
- # sse_customer_key_md5: "SSECustomerKeyMD5",
743
- # ssekms_key_id: "SSEKMSKeyId",
744
- # ssekms_encryption_context: "SSEKMSEncryptionContext",
745
- # bucket_key_enabled: false,
746
- # request_payer: "requester", # accepts requester
747
- # tagging: "TaggingHeader",
748
- # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
749
- # object_lock_retain_until_date: Time.now,
750
- # object_lock_legal_hold_status: "ON", # accepts ON, OFF
751
- # expected_bucket_owner: "AccountId",
752
- # checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
753
- # })
754
- # @param [Hash] options ({})
755
- # @option options [String] :acl
756
- # The canned ACL to apply to the object.
1591
+ # You specify each grantee as a type=value pair, where the type is one
1592
+ # of the following:
757
1593
  #
758
- # This action is not supported by Amazon S3 on Outposts.
759
- # @option options [String] :cache_control
760
- # Specifies caching behavior along the request/reply chain.
761
- # @option options [String] :content_disposition
762
- # Specifies presentational information for the object.
763
- # @option options [String] :content_encoding
764
- # Specifies what content encodings have been applied to the object and
765
- # thus what decoding mechanisms must be applied to obtain the media-type
766
- # referenced by the Content-Type header field.
767
- # @option options [String] :content_language
768
- # The language the content is in.
769
- # @option options [String] :content_type
770
- # A standard MIME type describing the format of the object data.
771
- # @option options [Time,DateTime,Date,Integer,String] :expires
772
- # The date and time at which the object is no longer cacheable.
773
- # @option options [String] :grant_full_control
774
- # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
775
- # object.
1594
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1595
+ # Web Services account
776
1596
  #
777
- # This action is not supported by Amazon S3 on Outposts.
778
- # @option options [String] :grant_read
779
- # Allows grantee to read the object data and its metadata.
1597
+ # * `uri` if you are granting permissions to a predefined group
780
1598
  #
781
- # This action is not supported by Amazon S3 on Outposts.
782
- # @option options [String] :grant_read_acp
783
- # Allows grantee to read the object ACL.
1599
+ # * `emailAddress` if the value specified is the email address of an
1600
+ # Amazon Web Services account
1601
+ #
1602
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1603
+ # following Amazon Web Services Regions:
1604
+ #
1605
+ # * US East (N. Virginia)
1606
+ #
1607
+ # * US West (N. California)
1608
+ #
1609
+ # * US West (Oregon)
1610
+ #
1611
+ # * Asia Pacific (Singapore)
1612
+ #
1613
+ # * Asia Pacific (Sydney)
1614
+ #
1615
+ # * Asia Pacific (Tokyo)
1616
+ #
1617
+ # * Europe (Ireland)
1618
+ #
1619
+ # * South America (São Paulo)
1620
+ #
1621
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1622
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1623
+ # Reference.
1624
+ #
1625
+ # </note>
1626
+ #
1627
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1628
+ # Web Services accounts identified by account IDs permissions to read
1629
+ # object data and its metadata:
1630
+ #
1631
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1632
+ #
1633
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1634
+ #
1635
+ # * This functionality is not supported for Amazon S3 on Outposts.
1636
+ #
1637
+ # </note>
784
1638
  #
785
- # This action is not supported by Amazon S3 on Outposts.
786
- # @option options [String] :grant_write_acp
787
- # Allows grantee to write the ACL for the applicable object.
788
1639
  #
789
- # This action is not supported by Amazon S3 on Outposts.
1640
+ #
1641
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1642
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
790
1643
  # @option options [Hash<String,String>] :metadata
791
1644
  # A map of metadata to store with the object in S3.
792
1645
  # @option options [String] :server_side_encryption
793
- # The server-side encryption algorithm used when storing this object in
794
- # Amazon S3 (for example, `AES256`, `aws:kms`).
1646
+ # The server-side encryption algorithm used when you store this object
1647
+ # in Amazon S3 (for example, `AES256`, `aws:kms`).
1648
+ #
1649
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
1650
+ # managed keys (SSE-S3) (`AES256`) is supported.
1651
+ #
1652
+ # </note>
795
1653
  # @option options [String] :storage_class
796
1654
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
797
1655
  # created objects. The STANDARD storage class provides high durability
798
1656
  # and high availability. Depending on performance needs, you can specify
799
- # a different Storage Class. Amazon S3 on Outposts only uses the
800
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
801
- # in the *Amazon S3 User Guide*.
1657
+ # a different Storage Class. For more information, see [Storage
1658
+ # Classes][1] in the *Amazon S3 User Guide*.
1659
+ #
1660
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
1661
+ # supported to store newly created objects.
1662
+ #
1663
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
1664
+ #
1665
+ # </note>
802
1666
  #
803
1667
  #
804
1668
  #
@@ -807,35 +1671,51 @@ module Aws::S3
807
1671
  # If the bucket is configured as a website, redirects requests for this
808
1672
  # object to another object in the same bucket or to an external URL.
809
1673
  # Amazon S3 stores the value of this header in the object metadata.
1674
+ #
1675
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1676
+ #
1677
+ # </note>
810
1678
  # @option options [String] :sse_customer_algorithm
811
- # Specifies the algorithm to use to when encrypting the object (for
1679
+ # Specifies the algorithm to use when encrypting the object (for
812
1680
  # example, AES256).
1681
+ #
1682
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1683
+ #
1684
+ # </note>
813
1685
  # @option options [String] :sse_customer_key
814
1686
  # Specifies the customer-provided encryption key for Amazon S3 to use in
815
1687
  # encrypting data. This value is used to store the object and then it is
816
1688
  # discarded; Amazon S3 does not store the encryption key. The key must
817
1689
  # be appropriate for use with the algorithm specified in the
818
1690
  # `x-amz-server-side-encryption-customer-algorithm` header.
1691
+ #
1692
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1693
+ #
1694
+ # </note>
819
1695
  # @option options [String] :sse_customer_key_md5
820
- # Specifies the 128-bit MD5 digest of the encryption key according to
821
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
822
- # ensure that the encryption key was transmitted without error.
823
- # @option options [String] :ssekms_key_id
824
- # Specifies the ID of the symmetric encryption customer managed key to
825
- # use for object encryption. All GET and PUT requests for an object
826
- # protected by KMS will fail if they're not made via SSL or using
827
- # SigV4. For information about configuring any of the officially
828
- # supported Amazon Web Services SDKs and Amazon Web Services CLI, see
829
- # [Specifying the Signature Version in Request Authentication][1] in the
830
- # *Amazon S3 User Guide*.
1696
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
1697
+ # key according to RFC 1321. Amazon S3 uses this header for a message
1698
+ # integrity check to ensure that the encryption key was transmitted
1699
+ # without error.
831
1700
  #
1701
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1702
+ #
1703
+ # </note>
1704
+ # @option options [String] :ssekms_key_id
1705
+ # Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric
1706
+ # encryption customer managed key to use for object encryption.
832
1707
  #
1708
+ # <note markdown="1"> This functionality is not supported for directory buckets.
833
1709
  #
834
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
1710
+ # </note>
835
1711
  # @option options [String] :ssekms_encryption_context
836
1712
  # Specifies the Amazon Web Services KMS Encryption Context to use for
837
1713
  # object encryption. The value of this header is a base64-encoded UTF-8
838
1714
  # string holding JSON with the encryption context key-value pairs.
1715
+ #
1716
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1717
+ #
1718
+ # </note>
839
1719
  # @option options [Boolean] :bucket_key_enabled
840
1720
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
841
1721
  # encryption with server-side encryption using Key Management Service
@@ -844,33 +1724,59 @@ module Aws::S3
844
1724
  #
845
1725
  # Specifying this header with an object action doesn’t affect
846
1726
  # bucket-level settings for S3 Bucket Key.
1727
+ #
1728
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1729
+ #
1730
+ # </note>
847
1731
  # @option options [String] :request_payer
848
1732
  # Confirms that the requester knows that they will be charged for the
849
1733
  # request. Bucket owners need not specify this parameter in their
850
- # requests. For information about downloading objects from Requester
1734
+ # requests. If either the source or destination S3 bucket has Requester
1735
+ # Pays enabled, the requester will pay for corresponding charges to copy
1736
+ # the object. For information about downloading objects from Requester
851
1737
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
852
1738
  # in the *Amazon S3 User Guide*.
853
1739
  #
1740
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1741
+ #
1742
+ # </note>
1743
+ #
854
1744
  #
855
1745
  #
856
1746
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
857
1747
  # @option options [String] :tagging
858
1748
  # The tag-set for the object. The tag-set must be encoded as URL Query
859
1749
  # parameters.
1750
+ #
1751
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1752
+ #
1753
+ # </note>
860
1754
  # @option options [String] :object_lock_mode
861
1755
  # Specifies the Object Lock mode that you want to apply to the uploaded
862
1756
  # object.
1757
+ #
1758
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1759
+ #
1760
+ # </note>
863
1761
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
864
1762
  # Specifies the date and time when you want the Object Lock to expire.
1763
+ #
1764
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1765
+ #
1766
+ # </note>
865
1767
  # @option options [String] :object_lock_legal_hold_status
866
1768
  # Specifies whether you want to apply a legal hold to the uploaded
867
1769
  # object.
1770
+ #
1771
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1772
+ #
1773
+ # </note>
868
1774
  # @option options [String] :expected_bucket_owner
869
- # The account ID of the expected bucket owner. If the bucket is owned by
870
- # a different account, the request fails with the HTTP status code `403
871
- # Forbidden` (access denied).
1775
+ # The account ID of the expected bucket owner. If the account ID that
1776
+ # you provide does not match the actual owner of the bucket, the request
1777
+ # fails with the HTTP status code `403 Forbidden` (access denied).
872
1778
  # @option options [String] :checksum_algorithm
873
- # Indicates the algorithm you want Amazon S3 to use to create the
1779
+ # Indicates the algorithm that you want Amazon S3 to use to create the
874
1780
  # checksum for the object. For more information, see [Checking object
875
1781
  # integrity][1] in the *Amazon S3 User Guide*.
876
1782
  #
@@ -920,7 +1826,7 @@ module Aws::S3
920
1826
  # "MetadataKey" => "MetadataValue",
921
1827
  # },
922
1828
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
923
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
1829
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
924
1830
  # website_redirect_location: "WebsiteRedirectLocation",
925
1831
  # sse_customer_algorithm: "SSECustomerAlgorithm",
926
1832
  # sse_customer_key: "SSECustomerKey",
@@ -938,13 +1844,41 @@ module Aws::S3
938
1844
  # @param [Hash] options ({})
939
1845
  # @option options [String] :acl
940
1846
  # The canned ACL to apply to the object. For more information, see
941
- # [Canned ACL][1].
1847
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
1848
+ #
1849
+ # When adding a new object, you can use headers to grant ACL-based
1850
+ # permissions to individual Amazon Web Services accounts or to
1851
+ # predefined groups defined by Amazon S3. These permissions are then
1852
+ # added to the ACL on the object. By default, all objects are private.
1853
+ # Only the owner has full access control. For more information, see
1854
+ # [Access Control List (ACL) Overview][2] and [Managing ACLs Using the
1855
+ # REST API][3] in the *Amazon S3 User Guide*.
1856
+ #
1857
+ # If the bucket that you're uploading objects to uses the bucket owner
1858
+ # enforced setting for S3 Object Ownership, ACLs are disabled and no
1859
+ # longer affect permissions. Buckets that use this setting only accept
1860
+ # PUT requests that don't specify an ACL or PUT requests that specify
1861
+ # bucket owner full control ACLs, such as the
1862
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
1863
+ # ACL expressed in the XML format. PUT requests that contain other ACLs
1864
+ # (for example, custom grants to certain Amazon Web Services accounts)
1865
+ # fail and return a `400` error with the error code
1866
+ # `AccessControlListNotSupported`. For more information, see [
1867
+ # Controlling ownership of objects and disabling ACLs][4] in the *Amazon
1868
+ # S3 User Guide*.
1869
+ #
1870
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1871
+ #
1872
+ # * This functionality is not supported for Amazon S3 on Outposts.
942
1873
  #
943
- # This action is not supported by Amazon S3 on Outposts.
1874
+ # </note>
944
1875
  #
945
1876
  #
946
1877
  #
947
1878
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
1879
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1880
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
1881
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
948
1882
  # @option options [String, StringIO, File] :body
949
1883
  # Object data.
950
1884
  # @option options [String] :cache_control
@@ -991,9 +1925,21 @@ module Aws::S3
991
1925
  # information about REST request authentication, see [REST
992
1926
  # Authentication][1].
993
1927
  #
1928
+ # <note markdown="1"> The `Content-MD5` header is required for any request to upload an
1929
+ # object with a retention period configured using Amazon S3 Object Lock.
1930
+ # For more information about Amazon S3 Object Lock, see [Amazon S3
1931
+ # Object Lock Overview][2] in the *Amazon S3 User Guide*.
1932
+ #
1933
+ # </note>
1934
+ #
1935
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1936
+ #
1937
+ # </note>
1938
+ #
994
1939
  #
995
1940
  #
996
1941
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
1942
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
997
1943
  # @option options [String] :content_type
998
1944
  # A standard MIME type describing the format of the contents. For more
999
1945
  # information, see
@@ -1004,15 +1950,36 @@ module Aws::S3
1004
1950
  # [1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type
1005
1951
  # @option options [String] :checksum_algorithm
1006
1952
  # Indicates the algorithm used to create the checksum for the object
1007
- # when using the SDK. This header will not provide any additional
1008
- # functionality if not using the SDK. When sending this header, there
1009
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1010
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1011
- # `400 Bad Request`. For more information, see [Checking object
1012
- # integrity][1] in the *Amazon S3 User Guide*.
1953
+ # when you use the SDK. This header will not provide any additional
1954
+ # functionality if you don't use the SDK. When you send this header,
1955
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
1956
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
1957
+ # with the HTTP status code `400 Bad Request`.
1013
1958
  #
1014
- # If you provide an individual checksum, Amazon S3 ignores any provided
1015
- # `ChecksumAlgorithm` parameter.
1959
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
1960
+ # the supported algorithm from the following list:
1961
+ #
1962
+ # * CRC32
1963
+ #
1964
+ # * CRC32C
1965
+ #
1966
+ # * SHA1
1967
+ #
1968
+ # * SHA256
1969
+ #
1970
+ # For more information, see [Checking object integrity][1] in the
1971
+ # *Amazon S3 User Guide*.
1972
+ #
1973
+ # If the individual checksum value you provide through
1974
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
1975
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
1976
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
1977
+ # that matches the provided value in `x-amz-checksum-algorithm `.
1978
+ #
1979
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
1980
+ # is the default checksum algorithm that's used for performance.
1981
+ #
1982
+ # </note>
1016
1983
  #
1017
1984
  #
1018
1985
  #
@@ -1069,31 +2036,74 @@ module Aws::S3
1069
2036
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1070
2037
  # object.
1071
2038
  #
1072
- # This action is not supported by Amazon S3 on Outposts.
2039
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2040
+ #
2041
+ # * This functionality is not supported for Amazon S3 on Outposts.
2042
+ #
2043
+ # </note>
1073
2044
  # @option options [String] :grant_read
1074
2045
  # Allows grantee to read the object data and its metadata.
1075
2046
  #
1076
- # This action is not supported by Amazon S3 on Outposts.
2047
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2048
+ #
2049
+ # * This functionality is not supported for Amazon S3 on Outposts.
2050
+ #
2051
+ # </note>
1077
2052
  # @option options [String] :grant_read_acp
1078
2053
  # Allows grantee to read the object ACL.
1079
2054
  #
1080
- # This action is not supported by Amazon S3 on Outposts.
2055
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2056
+ #
2057
+ # * This functionality is not supported for Amazon S3 on Outposts.
2058
+ #
2059
+ # </note>
1081
2060
  # @option options [String] :grant_write_acp
1082
2061
  # Allows grantee to write the ACL for the applicable object.
1083
2062
  #
1084
- # This action is not supported by Amazon S3 on Outposts.
2063
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2064
+ #
2065
+ # * This functionality is not supported for Amazon S3 on Outposts.
2066
+ #
2067
+ # </note>
1085
2068
  # @option options [Hash<String,String>] :metadata
1086
2069
  # A map of metadata to store with the object in S3.
1087
2070
  # @option options [String] :server_side_encryption
1088
- # The server-side encryption algorithm used when storing this object in
1089
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
2071
+ # The server-side encryption algorithm that was used when you store this
2072
+ # object in Amazon S3 (for example, `AES256`, `aws:kms`,
2073
+ # `aws:kms:dsse`).
2074
+ #
2075
+ # <b>General purpose buckets </b> - You have four mutually exclusive
2076
+ # options to protect data using server-side encryption in Amazon S3,
2077
+ # depending on how you choose to manage the encryption keys.
2078
+ # Specifically, the encryption key options are Amazon S3 managed keys
2079
+ # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2080
+ # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2081
+ # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2082
+ # default. You can optionally tell Amazon S3 to encrypt data at rest by
2083
+ # using server-side encryption with other key options. For more
2084
+ # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2085
+ # User Guide*.
2086
+ #
2087
+ # <b>Directory buckets </b> - For directory buckets, only the
2088
+ # server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`)
2089
+ # value is supported.
2090
+ #
2091
+ #
2092
+ #
2093
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
1090
2094
  # @option options [String] :storage_class
1091
2095
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1092
2096
  # created objects. The STANDARD storage class provides high durability
1093
2097
  # and high availability. Depending on performance needs, you can specify
1094
- # a different Storage Class. Amazon S3 on Outposts only uses the
1095
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1096
- # in the *Amazon S3 User Guide*.
2098
+ # a different Storage Class. For more information, see [Storage
2099
+ # Classes][1] in the *Amazon S3 User Guide*.
2100
+ #
2101
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
2102
+ # supported to store newly created objects.
2103
+ #
2104
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
2105
+ #
2106
+ # </note>
1097
2107
  #
1098
2108
  #
1099
2109
  #
@@ -1102,7 +2112,8 @@ module Aws::S3
1102
2112
  # If the bucket is configured as a website, redirects requests for this
1103
2113
  # object to another object in the same bucket or to an external URL.
1104
2114
  # Amazon S3 stores the value of this header in the object metadata. For
1105
- # information about object metadata, see [Object Key and Metadata][1].
2115
+ # information about object metadata, see [Object Key and Metadata][1] in
2116
+ # the *Amazon S3 User Guide*.
1106
2117
  #
1107
2118
  # In the following example, the request header sets the redirect to an
1108
2119
  # object (anotherPage.html) in the same bucket:
@@ -1116,7 +2127,11 @@ module Aws::S3
1116
2127
  #
1117
2128
  # For more information about website hosting in Amazon S3, see [Hosting
1118
2129
  # Websites on Amazon S3][2] and [How to Configure Website Page
1119
- # Redirects][3].
2130
+ # Redirects][3] in the *Amazon S3 User Guide*.
2131
+ #
2132
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2133
+ #
2134
+ # </note>
1120
2135
  #
1121
2136
  #
1122
2137
  #
@@ -1124,35 +2139,57 @@ module Aws::S3
1124
2139
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
1125
2140
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
1126
2141
  # @option options [String] :sse_customer_algorithm
1127
- # Specifies the algorithm to use to when encrypting the object (for
1128
- # example, AES256).
2142
+ # Specifies the algorithm to use when encrypting the object (for
2143
+ # example, `AES256`).
2144
+ #
2145
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2146
+ #
2147
+ # </note>
1129
2148
  # @option options [String] :sse_customer_key
1130
2149
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1131
2150
  # encrypting data. This value is used to store the object and then it is
1132
2151
  # discarded; Amazon S3 does not store the encryption key. The key must
1133
2152
  # be appropriate for use with the algorithm specified in the
1134
2153
  # `x-amz-server-side-encryption-customer-algorithm` header.
2154
+ #
2155
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2156
+ #
2157
+ # </note>
1135
2158
  # @option options [String] :sse_customer_key_md5
1136
2159
  # Specifies the 128-bit MD5 digest of the encryption key according to
1137
2160
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1138
2161
  # ensure that the encryption key was transmitted without error.
2162
+ #
2163
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2164
+ #
2165
+ # </note>
1139
2166
  # @option options [String] :ssekms_key_id
1140
2167
  # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
1141
- # `aws:kms:dsse`, this header specifies the ID of the Key Management
1142
- # Service (KMS) symmetric encryption customer managed key that was used
1143
- # for the object. If you specify `x-amz-server-side-encryption:aws:kms`
1144
- # or `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
2168
+ # `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key
2169
+ # Alias) of the Key Management Service (KMS) symmetric encryption
2170
+ # customer managed key that was used for the object. If you specify
2171
+ # `x-amz-server-side-encryption:aws:kms` or
2172
+ # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
1145
2173
  # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
1146
2174
  # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
1147
2175
  # KMS key does not exist in the same account that's issuing the
1148
2176
  # command, you must use the full ARN and not just the ID.
2177
+ #
2178
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2179
+ #
2180
+ # </note>
1149
2181
  # @option options [String] :ssekms_encryption_context
1150
2182
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1151
2183
  # object encryption. The value of this header is a base64-encoded UTF-8
1152
2184
  # string holding JSON with the encryption context key-value pairs. This
1153
2185
  # value is stored as object metadata and automatically gets passed on to
1154
2186
  # Amazon Web Services KMS for future `GetObject` or `CopyObject`
1155
- # operations on this object.
2187
+ # operations on this object. This value must be explicitly added during
2188
+ # `CopyObject` operations.
2189
+ #
2190
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2191
+ #
2192
+ # </note>
1156
2193
  # @option options [Boolean] :bucket_key_enabled
1157
2194
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1158
2195
  # encryption with server-side encryption using Key Management Service
@@ -1161,35 +2198,62 @@ module Aws::S3
1161
2198
  #
1162
2199
  # Specifying this header with a PUT action doesn’t affect bucket-level
1163
2200
  # settings for S3 Bucket Key.
2201
+ #
2202
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2203
+ #
2204
+ # </note>
1164
2205
  # @option options [String] :request_payer
1165
2206
  # Confirms that the requester knows that they will be charged for the
1166
2207
  # request. Bucket owners need not specify this parameter in their
1167
- # requests. For information about downloading objects from Requester
2208
+ # requests. If either the source or destination S3 bucket has Requester
2209
+ # Pays enabled, the requester will pay for corresponding charges to copy
2210
+ # the object. For information about downloading objects from Requester
1168
2211
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1169
2212
  # in the *Amazon S3 User Guide*.
1170
2213
  #
2214
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2215
+ #
2216
+ # </note>
2217
+ #
1171
2218
  #
1172
2219
  #
1173
2220
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1174
2221
  # @option options [String] :tagging
1175
2222
  # The tag-set for the object. The tag-set must be encoded as URL Query
1176
2223
  # parameters. (For example, "Key1=Value1")
2224
+ #
2225
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2226
+ #
2227
+ # </note>
1177
2228
  # @option options [String] :object_lock_mode
1178
2229
  # The Object Lock mode that you want to apply to this object.
2230
+ #
2231
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2232
+ #
2233
+ # </note>
1179
2234
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1180
2235
  # The date and time when you want this object's Object Lock to expire.
1181
2236
  # Must be formatted as a timestamp parameter.
2237
+ #
2238
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2239
+ #
2240
+ # </note>
1182
2241
  # @option options [String] :object_lock_legal_hold_status
1183
2242
  # Specifies whether a legal hold will be applied to this object. For
1184
- # more information about S3 Object Lock, see [Object Lock][1].
2243
+ # more information about S3 Object Lock, see [Object Lock][1] in the
2244
+ # *Amazon S3 User Guide*.
2245
+ #
2246
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2247
+ #
2248
+ # </note>
1185
2249
  #
1186
2250
  #
1187
2251
  #
1188
2252
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
1189
2253
  # @option options [String] :expected_bucket_owner
1190
- # The account ID of the expected bucket owner. If the bucket is owned by
1191
- # a different account, the request fails with the HTTP status code `403
1192
- # Forbidden` (access denied).
2254
+ # The account ID of the expected bucket owner. If the account ID that
2255
+ # you provide does not match the actual owner of the bucket, the request
2256
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1193
2257
  # @return [Types::PutObjectOutput]
1194
2258
  def put(options = {})
1195
2259
  options = options.merge(
@@ -1283,7 +2347,7 @@ module Aws::S3
1283
2347
  # value: "MetadataValue",
1284
2348
  # },
1285
2349
  # ],
1286
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
2350
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1287
2351
  # },
1288
2352
  # },
1289
2353
  # },
@@ -1299,21 +2363,27 @@ module Aws::S3
1299
2363
  # @option options [String] :request_payer
1300
2364
  # Confirms that the requester knows that they will be charged for the
1301
2365
  # request. Bucket owners need not specify this parameter in their
1302
- # requests. For information about downloading objects from Requester
2366
+ # requests. If either the source or destination S3 bucket has Requester
2367
+ # Pays enabled, the requester will pay for corresponding charges to copy
2368
+ # the object. For information about downloading objects from Requester
1303
2369
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1304
2370
  # in the *Amazon S3 User Guide*.
1305
2371
  #
2372
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2373
+ #
2374
+ # </note>
2375
+ #
1306
2376
  #
1307
2377
  #
1308
2378
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1309
2379
  # @option options [String] :checksum_algorithm
1310
2380
  # Indicates the algorithm used to create the checksum for the object
1311
- # when using the SDK. This header will not provide any additional
1312
- # functionality if not using the SDK. When sending this header, there
1313
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1314
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1315
- # `400 Bad Request`. For more information, see [Checking object
1316
- # integrity][1] in the *Amazon S3 User Guide*.
2381
+ # when you use the SDK. This header will not provide any additional
2382
+ # functionality if you don't use the SDK. When you send this header,
2383
+ # there must be a corresponding `x-amz-checksum` or `x-amz-trailer`
2384
+ # header sent. Otherwise, Amazon S3 fails the request with the HTTP
2385
+ # status code `400 Bad Request`. For more information, see [Checking
2386
+ # object integrity][1] in the *Amazon S3 User Guide*.
1317
2387
  #
1318
2388
  # If you provide an individual checksum, Amazon S3 ignores any provided
1319
2389
  # `ChecksumAlgorithm` parameter.
@@ -1322,9 +2392,9 @@ module Aws::S3
1322
2392
  #
1323
2393
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
1324
2394
  # @option options [String] :expected_bucket_owner
1325
- # The account ID of the expected bucket owner. If the bucket is owned by
1326
- # a different account, the request fails with the HTTP status code `403
1327
- # Forbidden` (access denied).
2395
+ # The account ID of the expected bucket owner. If the account ID that
2396
+ # you provide does not match the actual owner of the bucket, the request
2397
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1328
2398
  # @return [Types::RestoreObjectOutput]
1329
2399
  def restore_object(options = {})
1330
2400
  options = options.merge(
@@ -1467,13 +2537,36 @@ module Aws::S3
1467
2537
  # space, and the value that is displayed on your authentication device.
1468
2538
  # Required to permanently delete a versioned object if versioning is
1469
2539
  # configured with MFA delete enabled.
2540
+ #
2541
+ # When performing the `DeleteObjects` operation on an MFA delete enabled
2542
+ # bucket, which attempts to delete the specified versioned objects, you
2543
+ # must include an MFA token. If you don't provide an MFA token, the
2544
+ # entire request will fail, even if there are non-versioned objects that
2545
+ # you are trying to delete. If you provide an invalid token, whether
2546
+ # there are versioned object keys in the request or not, the entire
2547
+ # Multi-Object Delete request will fail. For information about MFA
2548
+ # Delete, see [ MFA Delete][1] in the *Amazon S3 User Guide*.
2549
+ #
2550
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2551
+ #
2552
+ # </note>
2553
+ #
2554
+ #
2555
+ #
2556
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete
1470
2557
  # @option options [String] :request_payer
1471
2558
  # Confirms that the requester knows that they will be charged for the
1472
2559
  # request. Bucket owners need not specify this parameter in their
1473
- # requests. For information about downloading objects from Requester
2560
+ # requests. If either the source or destination S3 bucket has Requester
2561
+ # Pays enabled, the requester will pay for corresponding charges to copy
2562
+ # the object. For information about downloading objects from Requester
1474
2563
  # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1475
2564
  # in the *Amazon S3 User Guide*.
1476
2565
  #
2566
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2567
+ #
2568
+ # </note>
2569
+ #
1477
2570
  #
1478
2571
  #
1479
2572
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
@@ -1481,25 +2574,45 @@ module Aws::S3
1481
2574
  # Specifies whether you want to delete this object even if it has a
1482
2575
  # Governance-type Object Lock in place. To use this header, you must
1483
2576
  # have the `s3:BypassGovernanceRetention` permission.
2577
+ #
2578
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2579
+ #
2580
+ # </note>
1484
2581
  # @option options [String] :expected_bucket_owner
1485
- # The account ID of the expected bucket owner. If the bucket is owned by
1486
- # a different account, the request fails with the HTTP status code `403
1487
- # Forbidden` (access denied).
2582
+ # The account ID of the expected bucket owner. If the account ID that
2583
+ # you provide does not match the actual owner of the bucket, the request
2584
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1488
2585
  # @option options [String] :checksum_algorithm
1489
2586
  # Indicates the algorithm used to create the checksum for the object
1490
- # when using the SDK. This header will not provide any additional
1491
- # functionality if not using the SDK. When sending this header, there
1492
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1493
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1494
- # `400 Bad Request`. For more information, see [Checking object
1495
- # integrity][1] in the *Amazon S3 User Guide*.
2587
+ # when you use the SDK. This header will not provide any additional
2588
+ # functionality if you don't use the SDK. When you send this header,
2589
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
2590
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
2591
+ # with the HTTP status code `400 Bad Request`.
2592
+ #
2593
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
2594
+ # the supported algorithm from the following list:
2595
+ #
2596
+ # * CRC32
2597
+ #
2598
+ # * CRC32C
2599
+ #
2600
+ # * SHA1
2601
+ #
2602
+ # * SHA256
2603
+ #
2604
+ # For more information, see [Checking object integrity][1] in the
2605
+ # *Amazon S3 User Guide*.
2606
+ #
2607
+ # If the individual checksum value you provide through
2608
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
2609
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
2610
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
2611
+ # that matches the provided value in `x-amz-checksum-algorithm `.
1496
2612
  #
1497
2613
  # If you provide an individual checksum, Amazon S3 ignores any provided
1498
2614
  # `ChecksumAlgorithm` parameter.
1499
2615
  #
1500
- # This checksum algorithm must be the same for all parts and it match
1501
- # the checksum value supplied in the `CreateMultipartUpload` request.
1502
- #
1503
2616
  #
1504
2617
  #
1505
2618
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html