aws-sdk-s3 1.136.0 → 1.176.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +250 -1
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/access_grants_credentials.rb +57 -0
  5. data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +250 -0
  6. data/lib/aws-sdk-s3/bucket.rb +671 -139
  7. data/lib/aws-sdk-s3/bucket_acl.rb +12 -12
  8. data/lib/aws-sdk-s3/bucket_cors.rb +16 -16
  9. data/lib/aws-sdk-s3/bucket_lifecycle.rb +21 -16
  10. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +74 -17
  11. data/lib/aws-sdk-s3/bucket_logging.rb +19 -12
  12. data/lib/aws-sdk-s3/bucket_notification.rb +6 -6
  13. data/lib/aws-sdk-s3/bucket_policy.rb +62 -18
  14. data/lib/aws-sdk-s3/bucket_region_cache.rb +9 -5
  15. data/lib/aws-sdk-s3/bucket_request_payment.rb +12 -12
  16. data/lib/aws-sdk-s3/bucket_tagging.rb +16 -16
  17. data/lib/aws-sdk-s3/bucket_versioning.rb +32 -32
  18. data/lib/aws-sdk-s3/bucket_website.rb +16 -16
  19. data/lib/aws-sdk-s3/client.rb +7597 -2823
  20. data/lib/aws-sdk-s3/client_api.rb +288 -22
  21. data/lib/aws-sdk-s3/customizations/bucket.rb +1 -1
  22. data/lib/aws-sdk-s3/customizations/errors.rb +15 -2
  23. data/lib/aws-sdk-s3/customizations/object.rb +11 -5
  24. data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
  25. data/lib/aws-sdk-s3/customizations/object_version.rb +13 -0
  26. data/lib/aws-sdk-s3/customizations.rb +25 -31
  27. data/lib/aws-sdk-s3/encryption/client.rb +2 -2
  28. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +2 -2
  29. data/lib/aws-sdk-s3/encryptionV2/client.rb +2 -2
  30. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +2 -2
  31. data/lib/aws-sdk-s3/endpoint_parameters.rb +53 -18
  32. data/lib/aws-sdk-s3/endpoint_provider.rb +125 -6
  33. data/lib/aws-sdk-s3/endpoints.rb +545 -1261
  34. data/lib/aws-sdk-s3/errors.rb +47 -0
  35. data/lib/aws-sdk-s3/express_credentials.rb +55 -0
  36. data/lib/aws-sdk-s3/express_credentials_provider.rb +59 -0
  37. data/lib/aws-sdk-s3/file_downloader.rb +1 -2
  38. data/lib/aws-sdk-s3/file_uploader.rb +1 -1
  39. data/lib/aws-sdk-s3/multipart_file_uploader.rb +4 -4
  40. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +6 -5
  41. data/lib/aws-sdk-s3/multipart_upload.rb +139 -36
  42. data/lib/aws-sdk-s3/multipart_upload_part.rb +175 -54
  43. data/lib/aws-sdk-s3/object.rb +1923 -313
  44. data/lib/aws-sdk-s3/object_acl.rb +34 -22
  45. data/lib/aws-sdk-s3/object_copier.rb +1 -1
  46. data/lib/aws-sdk-s3/object_multipart_copier.rb +10 -8
  47. data/lib/aws-sdk-s3/object_summary.rb +1690 -250
  48. data/lib/aws-sdk-s3/object_version.rb +397 -67
  49. data/lib/aws-sdk-s3/plugins/access_grants.rb +178 -0
  50. data/lib/aws-sdk-s3/plugins/endpoints.rb +32 -208
  51. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +97 -0
  52. data/lib/aws-sdk-s3/plugins/http_200_errors.rb +55 -18
  53. data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
  54. data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
  55. data/lib/aws-sdk-s3/plugins/s3_signer.rb +7 -2
  56. data/lib/aws-sdk-s3/presigner.rb +5 -2
  57. data/lib/aws-sdk-s3/resource.rb +121 -22
  58. data/lib/aws-sdk-s3/types.rb +5960 -1526
  59. data/lib/aws-sdk-s3.rb +35 -31
  60. data/sig/bucket.rbs +221 -0
  61. data/sig/bucket_acl.rbs +78 -0
  62. data/sig/bucket_cors.rbs +69 -0
  63. data/sig/bucket_lifecycle.rbs +88 -0
  64. data/sig/bucket_lifecycle_configuration.rbs +115 -0
  65. data/sig/bucket_logging.rbs +76 -0
  66. data/sig/bucket_notification.rbs +114 -0
  67. data/sig/bucket_policy.rbs +59 -0
  68. data/sig/bucket_request_payment.rbs +54 -0
  69. data/sig/bucket_tagging.rbs +65 -0
  70. data/sig/bucket_versioning.rbs +77 -0
  71. data/sig/bucket_website.rbs +93 -0
  72. data/sig/client.rbs +2450 -0
  73. data/sig/customizations/bucket.rbs +19 -0
  74. data/sig/customizations/object.rbs +38 -0
  75. data/sig/customizations/object_summary.rbs +35 -0
  76. data/sig/errors.rbs +42 -0
  77. data/sig/multipart_upload.rbs +113 -0
  78. data/sig/multipart_upload_part.rbs +105 -0
  79. data/sig/object.rbs +448 -0
  80. data/sig/object_acl.rbs +86 -0
  81. data/sig/object_summary.rbs +340 -0
  82. data/sig/object_version.rbs +140 -0
  83. data/sig/resource.rbs +132 -0
  84. data/sig/types.rbs +2682 -0
  85. data/sig/waiters.rbs +95 -0
  86. metadata +44 -11
@@ -45,6 +45,10 @@ module Aws::S3
45
45
  # Specifies whether the object retrieved was (true) or was not (false) a
46
46
  # Delete Marker. If false, this response header does not appear in the
47
47
  # response.
48
+ #
49
+ # <note markdown="1"> This functionality is not supported for directory buckets.
50
+ #
51
+ # </note>
48
52
  # @return [Boolean]
49
53
  def delete_marker
50
54
  data[:delete_marker]
@@ -56,10 +60,21 @@ module Aws::S3
56
60
  data[:accept_ranges]
57
61
  end
58
62
 
59
- # If the object expiration is configured (see PUT Bucket lifecycle), the
60
- # response includes this header. It includes the `expiry-date` and
61
- # `rule-id` key-value pairs providing object expiration information. The
62
- # value of the `rule-id` is URL-encoded.
63
+ # If the object expiration is configured (see [
64
+ # `PutBucketLifecycleConfiguration` ][1]), the response includes this
65
+ # header. It includes the `expiry-date` and `rule-id` key-value pairs
66
+ # providing object expiration information. The value of the `rule-id` is
67
+ # URL-encoded.
68
+ #
69
+ # <note markdown="1"> Object expiration information is not returned in directory buckets and
70
+ # this header returns the value "`NotImplemented`" in all responses
71
+ # for directory buckets.
72
+ #
73
+ # </note>
74
+ #
75
+ #
76
+ #
77
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
63
78
  # @return [String]
64
79
  def expiration
65
80
  data[:expiration]
@@ -82,6 +97,12 @@ module Aws::S3
82
97
  # For more information about archiving objects, see [Transitioning
83
98
  # Objects: General Considerations][2].
84
99
  #
100
+ # <note markdown="1"> This functionality is not supported for directory buckets. Only the S3
101
+ # Express One Zone storage class is supported by directory buckets to
102
+ # store objects.
103
+ #
104
+ # </note>
105
+ #
85
106
  #
86
107
  #
87
108
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
@@ -92,12 +113,16 @@ module Aws::S3
92
113
  end
93
114
 
94
115
  # The archive state of the head object.
116
+ #
117
+ # <note markdown="1"> This functionality is not supported for directory buckets.
118
+ #
119
+ # </note>
95
120
  # @return [String]
96
121
  def archive_status
97
122
  data[:archive_status]
98
123
  end
99
124
 
100
- # Creation date of the object.
125
+ # Date and time when the object was last modified.
101
126
  # @return [Time]
102
127
  def last_modified
103
128
  data[:last_modified]
@@ -109,11 +134,14 @@ module Aws::S3
109
134
  data[:content_length]
110
135
  end
111
136
 
112
- # The base64-encoded, 32-bit CRC32 checksum of the object. This will
113
- # only be present if it was uploaded with the object. With multipart
114
- # uploads, this may not be a checksum value of the object. For more
115
- # information about how checksums are calculated with multipart uploads,
116
- # see [ Checking object integrity][1] in the *Amazon S3 User Guide*.
137
+ # The base64-encoded, 32-bit CRC-32 checksum of the object. This will
138
+ # only be present if it was uploaded with the object. When you use an
139
+ # API operation on an object that was uploaded using multipart uploads,
140
+ # this value may not be a direct checksum value of the full object.
141
+ # Instead, it's a calculation based on the checksum values of each
142
+ # individual part. For more information about how checksums are
143
+ # calculated with multipart uploads, see [ Checking object integrity][1]
144
+ # in the *Amazon S3 User Guide*.
117
145
  #
118
146
  #
119
147
  #
@@ -123,11 +151,14 @@ module Aws::S3
123
151
  data[:checksum_crc32]
124
152
  end
125
153
 
126
- # The base64-encoded, 32-bit CRC32C checksum of the object. This will
127
- # only be present if it was uploaded with the object. With multipart
128
- # uploads, this may not be a checksum value of the object. For more
129
- # information about how checksums are calculated with multipart uploads,
130
- # see [ Checking object integrity][1] in the *Amazon S3 User Guide*.
154
+ # The base64-encoded, 32-bit CRC-32C checksum of the object. This will
155
+ # only be present if it was uploaded with the object. When you use an
156
+ # API operation on an object that was uploaded using multipart uploads,
157
+ # this value may not be a direct checksum value of the full object.
158
+ # Instead, it's a calculation based on the checksum values of each
159
+ # individual part. For more information about how checksums are
160
+ # calculated with multipart uploads, see [ Checking object integrity][1]
161
+ # in the *Amazon S3 User Guide*.
131
162
  #
132
163
  #
133
164
  #
@@ -138,10 +169,13 @@ module Aws::S3
138
169
  end
139
170
 
140
171
  # The base64-encoded, 160-bit SHA-1 digest of the object. This will only
141
- # be present if it was uploaded with the object. With multipart uploads,
142
- # this may not be a checksum value of the object. For more information
143
- # about how checksums are calculated with multipart uploads, see [
144
- # Checking object integrity][1] in the *Amazon S3 User Guide*.
172
+ # be present if it was uploaded with the object. When you use the API
173
+ # operation on an object that was uploaded using multipart uploads, this
174
+ # value may not be a direct checksum value of the full object. Instead,
175
+ # it's a calculation based on the checksum values of each individual
176
+ # part. For more information about how checksums are calculated with
177
+ # multipart uploads, see [ Checking object integrity][1] in the *Amazon
178
+ # S3 User Guide*.
145
179
  #
146
180
  #
147
181
  #
@@ -152,10 +186,13 @@ module Aws::S3
152
186
  end
153
187
 
154
188
  # The base64-encoded, 256-bit SHA-256 digest of the object. This will
155
- # only be present if it was uploaded with the object. With multipart
156
- # uploads, this may not be a checksum value of the object. For more
157
- # information about how checksums are calculated with multipart uploads,
158
- # see [ Checking object integrity][1] in the *Amazon S3 User Guide*.
189
+ # only be present if it was uploaded with the object. When you use an
190
+ # API operation on an object that was uploaded using multipart uploads,
191
+ # this value may not be a direct checksum value of the full object.
192
+ # Instead, it's a calculation based on the checksum values of each
193
+ # individual part. For more information about how checksums are
194
+ # calculated with multipart uploads, see [ Checking object integrity][1]
195
+ # in the *Amazon S3 User Guide*.
159
196
  #
160
197
  #
161
198
  #
@@ -177,12 +214,20 @@ module Aws::S3
177
214
  # API like SOAP that supports more flexible metadata than the REST API.
178
215
  # For example, using SOAP, you can create metadata whose values are not
179
216
  # legal HTTP headers.
217
+ #
218
+ # <note markdown="1"> This functionality is not supported for directory buckets.
219
+ #
220
+ # </note>
180
221
  # @return [Integer]
181
222
  def missing_meta
182
223
  data[:missing_meta]
183
224
  end
184
225
 
185
- # Version of the object.
226
+ # Version ID of the object.
227
+ #
228
+ # <note markdown="1"> This functionality is not supported for directory buckets.
229
+ #
230
+ # </note>
186
231
  # @return [String]
187
232
  def version_id
188
233
  data[:version_id]
@@ -200,7 +245,7 @@ module Aws::S3
200
245
  data[:content_disposition]
201
246
  end
202
247
 
203
- # Specifies what content encodings have been applied to the object and
248
+ # Indicates what content encodings have been applied to the object and
204
249
  # thus what decoding mechanisms must be applied to obtain the media-type
205
250
  # referenced by the Content-Type header field.
206
251
  # @return [String]
@@ -234,13 +279,17 @@ module Aws::S3
234
279
  # If the bucket is configured as a website, redirects requests for this
235
280
  # object to another object in the same bucket or to an external URL.
236
281
  # Amazon S3 stores the value of this header in the object metadata.
282
+ #
283
+ # <note markdown="1"> This functionality is not supported for directory buckets.
284
+ #
285
+ # </note>
237
286
  # @return [String]
238
287
  def website_redirect_location
239
288
  data[:website_redirect_location]
240
289
  end
241
290
 
242
- # The server-side encryption algorithm used when storing this object in
243
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
291
+ # The server-side encryption algorithm used when you store this object
292
+ # in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
244
293
  # @return [String]
245
294
  def server_side_encryption
246
295
  data[:server_side_encryption]
@@ -253,25 +302,32 @@ module Aws::S3
253
302
  end
254
303
 
255
304
  # If server-side encryption with a customer-provided encryption key was
256
- # requested, the response will include this header confirming the
257
- # encryption algorithm used.
305
+ # requested, the response will include this header to confirm the
306
+ # encryption algorithm that's used.
307
+ #
308
+ # <note markdown="1"> This functionality is not supported for directory buckets.
309
+ #
310
+ # </note>
258
311
  # @return [String]
259
312
  def sse_customer_algorithm
260
313
  data[:sse_customer_algorithm]
261
314
  end
262
315
 
263
316
  # If server-side encryption with a customer-provided encryption key was
264
- # requested, the response will include this header to provide round-trip
265
- # message integrity verification of the customer-provided encryption
266
- # key.
317
+ # requested, the response will include this header to provide the
318
+ # round-trip message integrity verification of the customer-provided
319
+ # encryption key.
320
+ #
321
+ # <note markdown="1"> This functionality is not supported for directory buckets.
322
+ #
323
+ # </note>
267
324
  # @return [String]
268
325
  def sse_customer_key_md5
269
326
  data[:sse_customer_key_md5]
270
327
  end
271
328
 
272
- # If present, specifies the ID of the Key Management Service (KMS)
273
- # symmetric encryption customer managed key that was used for the
274
- # object.
329
+ # If present, indicates the ID of the KMS key that was used for object
330
+ # encryption.
275
331
  # @return [String]
276
332
  def ssekms_key_id
277
333
  data[:ssekms_key_id]
@@ -290,6 +346,11 @@ module Aws::S3
290
346
  #
291
347
  # For more information, see [Storage Classes][1].
292
348
  #
349
+ # <note markdown="1"> <b>Directory buckets </b> - Only the S3 Express One Zone storage class
350
+ # is supported by directory buckets to store objects.
351
+ #
352
+ # </note>
353
+ #
293
354
  #
294
355
  #
295
356
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
@@ -300,6 +361,10 @@ module Aws::S3
300
361
 
301
362
  # If present, indicates that the requester was successfully charged for
302
363
  # the request.
364
+ #
365
+ # <note markdown="1"> This functionality is not supported for directory buckets.
366
+ #
367
+ # </note>
303
368
  # @return [String]
304
369
  def request_charged
305
370
  data[:request_charged]
@@ -342,6 +407,10 @@ module Aws::S3
342
407
  #
343
408
  # For more information, see [Replication][1].
344
409
  #
410
+ # <note markdown="1"> This functionality is not supported for directory buckets.
411
+ #
412
+ # </note>
413
+ #
345
414
  #
346
415
  #
347
416
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
@@ -363,6 +432,10 @@ module Aws::S3
363
432
  # `s3:GetObjectRetention` permission. For more information about S3
364
433
  # Object Lock, see [Object Lock][1].
365
434
  #
435
+ # <note markdown="1"> This functionality is not supported for directory buckets.
436
+ #
437
+ # </note>
438
+ #
366
439
  #
367
440
  #
368
441
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
@@ -374,6 +447,10 @@ module Aws::S3
374
447
  # The date and time when the Object Lock retention period expires. This
375
448
  # header is only returned if the requester has the
376
449
  # `s3:GetObjectRetention` permission.
450
+ #
451
+ # <note markdown="1"> This functionality is not supported for directory buckets.
452
+ #
453
+ # </note>
377
454
  # @return [Time]
378
455
  def object_lock_retain_until_date
379
456
  data[:object_lock_retain_until_date]
@@ -385,6 +462,10 @@ module Aws::S3
385
462
  # specified version of this object has never had a legal hold applied.
386
463
  # For more information about S3 Object Lock, see [Object Lock][1].
387
464
  #
465
+ # <note markdown="1"> This functionality is not supported for directory buckets.
466
+ #
467
+ # </note>
468
+ #
388
469
  #
389
470
  #
390
471
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
@@ -407,7 +488,7 @@ module Aws::S3
407
488
  #
408
489
  # @return [self]
409
490
  def load
410
- resp = Aws::Plugins::UserAgent.feature('resource') do
491
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
411
492
  @client.head_object(
412
493
  bucket: @bucket_name,
413
494
  key: @key
@@ -457,7 +538,7 @@ module Aws::S3
457
538
  options, params = separate_params_and_options(options)
458
539
  waiter = Waiters::ObjectExists.new(options)
459
540
  yield_waiter_and_warn(waiter, &block) if block_given?
460
- Aws::Plugins::UserAgent.feature('resource') do
541
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
461
542
  waiter.wait(params.merge(bucket: @bucket_name,
462
543
  key: @key))
463
544
  end
@@ -478,7 +559,7 @@ module Aws::S3
478
559
  options, params = separate_params_and_options(options)
479
560
  waiter = Waiters::ObjectNotExists.new(options)
480
561
  yield_waiter_and_warn(waiter, &block) if block_given?
481
- Aws::Plugins::UserAgent.feature('resource') do
562
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
482
563
  waiter.wait(params.merge(bucket: @bucket_name,
483
564
  key: @key))
484
565
  end
@@ -583,7 +664,7 @@ module Aws::S3
583
664
  :retry
584
665
  end
585
666
  end
586
- Aws::Plugins::UserAgent.feature('resource') do
667
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
587
668
  Aws::Waiters::Waiter.new(options).wait({})
588
669
  end
589
670
  end
@@ -616,7 +697,7 @@ module Aws::S3
616
697
  # metadata_directive: "COPY", # accepts COPY, REPLACE
617
698
  # tagging_directive: "COPY", # accepts COPY, REPLACE
618
699
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
619
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
700
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
620
701
  # website_redirect_location: "WebsiteRedirectLocation",
621
702
  # sse_customer_algorithm: "SSECustomerAlgorithm",
622
703
  # sse_customer_key: "SSECustomerKey",
@@ -637,40 +718,98 @@ module Aws::S3
637
718
  # })
638
719
  # @param [Hash] options ({})
639
720
  # @option options [String] :acl
640
- # The canned ACL to apply to the object.
721
+ # The canned access control list (ACL) to apply to the object.
722
+ #
723
+ # When you copy an object, the ACL metadata is not preserved and is set
724
+ # to `private` by default. Only the owner has full access control. To
725
+ # override the default ACL setting, specify a new ACL when you generate
726
+ # a copy request. For more information, see [Using ACLs][1].
727
+ #
728
+ # If the destination bucket that you're copying objects to uses the
729
+ # bucket owner enforced setting for S3 Object Ownership, ACLs are
730
+ # disabled and no longer affect permissions. Buckets that use this
731
+ # setting only accept `PUT` requests that don't specify an ACL or `PUT`
732
+ # requests that specify bucket owner full control ACLs, such as the
733
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
734
+ # ACL expressed in the XML format. For more information, see
735
+ # [Controlling ownership of objects and disabling ACLs][2] in the
736
+ # *Amazon S3 User Guide*.
737
+ #
738
+ # <note markdown="1"> * If your destination bucket uses the bucket owner enforced setting
739
+ # for Object Ownership, all objects written to the bucket by any
740
+ # account will be owned by the bucket owner.
741
+ #
742
+ # * This functionality is not supported for directory buckets.
743
+ #
744
+ # * This functionality is not supported for Amazon S3 on Outposts.
745
+ #
746
+ # </note>
747
+ #
641
748
  #
642
- # This action is not supported by Amazon S3 on Outposts.
749
+ #
750
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
751
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
643
752
  # @option options [String] :cache_control
644
- # Specifies caching behavior along the request/reply chain.
753
+ # Specifies the caching behavior along the request/reply chain.
645
754
  # @option options [String] :checksum_algorithm
646
- # Indicates the algorithm you want Amazon S3 to use to create the
755
+ # Indicates the algorithm that you want Amazon S3 to use to create the
647
756
  # checksum for the object. For more information, see [Checking object
648
757
  # integrity][1] in the *Amazon S3 User Guide*.
649
758
  #
759
+ # When you copy an object, if the source object has a checksum, that
760
+ # checksum value will be copied to the new object by default. If the
761
+ # `CopyObject` request does not include this `x-amz-checksum-algorithm`
762
+ # header, the checksum algorithm will be copied from the source object
763
+ # to the destination object (if it's present on the source object). You
764
+ # can optionally specify a different checksum algorithm to use with the
765
+ # `x-amz-checksum-algorithm` header. Unrecognized or unsupported values
766
+ # will respond with the HTTP status code `400 Bad Request`.
767
+ #
768
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
769
+ # is the default checksum algorithm that's used for performance.
770
+ #
771
+ # </note>
772
+ #
650
773
  #
651
774
  #
652
775
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
653
776
  # @option options [String] :content_disposition
654
- # Specifies presentational information for the object.
777
+ # Specifies presentational information for the object. Indicates whether
778
+ # an object should be displayed in a web browser or downloaded as a
779
+ # file. It allows specifying the desired filename for the downloaded
780
+ # file.
655
781
  # @option options [String] :content_encoding
656
782
  # Specifies what content encodings have been applied to the object and
657
783
  # thus what decoding mechanisms must be applied to obtain the media-type
658
784
  # referenced by the Content-Type header field.
785
+ #
786
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
787
+ # this header field.
788
+ #
789
+ # </note>
659
790
  # @option options [String] :content_language
660
791
  # The language the content is in.
661
792
  # @option options [String] :content_type
662
- # A standard MIME type describing the format of the object data.
793
+ # A standard MIME type that describes the format of the object data.
663
794
  # @option options [required, String] :copy_source
664
- # Specifies the source object for the copy operation. You specify the
665
- # value in one of two formats, depending on whether you want to access
666
- # the source object through an [access point][1]:
795
+ # Specifies the source object for the copy operation. The source object
796
+ # can be up to 5 GB. If the source object is an object that was uploaded
797
+ # by using a multipart upload, the object copy will be a single part
798
+ # object after the source object is copied to the destination bucket.
799
+ #
800
+ # You specify the value of the copy source in one of two formats,
801
+ # depending on whether you want to access the source object through an
802
+ # [access point][1]:
667
803
  #
668
804
  # * For objects not accessed through an access point, specify the name
669
805
  # of the source bucket and the key of the source object, separated by
670
806
  # a slash (/). For example, to copy the object `reports/january.pdf`
671
- # from the bucket `awsexamplebucket`, use
807
+ # from the general purpose bucket `awsexamplebucket`, use
672
808
  # `awsexamplebucket/reports/january.pdf`. The value must be
673
- # URL-encoded.
809
+ # URL-encoded. To copy the object `reports/january.pdf` from the
810
+ # directory bucket `awsexamplebucket--use1-az5--x-s3`, use
811
+ # `awsexamplebucket--use1-az5--x-s3/reports/january.pdf`. The value
812
+ # must be URL-encoded.
674
813
  #
675
814
  # * For objects accessed through access points, specify the Amazon
676
815
  # Resource Name (ARN) of the object as accessed through the access
@@ -682,9 +821,11 @@ module Aws::S3
682
821
  # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
683
822
  # The value must be URL encoded.
684
823
  #
685
- # <note markdown="1"> Amazon S3 supports copy operations using access points only when the
686
- # source and destination buckets are in the same Amazon Web Services
687
- # Region.
824
+ # <note markdown="1"> * Amazon S3 supports copy operations using Access points only when
825
+ # the source and destination buckets are in the same Amazon Web
826
+ # Services Region.
827
+ #
828
+ # * Access points are not supported by directory buckets.
688
829
  #
689
830
  # </note>
690
831
  #
@@ -697,159 +838,567 @@ module Aws::S3
697
838
  # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
698
839
  # The value must be URL-encoded.
699
840
  #
700
- # To copy a specific version of an object, append
701
- # `?versionId=<version-id>` to the value (for example,
841
+ # If your source bucket versioning is enabled, the `x-amz-copy-source`
842
+ # header by default identifies the current version of an object to copy.
843
+ # If the current version is a delete marker, Amazon S3 behaves as if the
844
+ # object was deleted. To copy a different version, use the `versionId`
845
+ # query parameter. Specifically, append `?versionId=<version-id>` to the
846
+ # value (for example,
702
847
  # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
703
848
  # If you don't specify a version ID, Amazon S3 copies the latest
704
849
  # version of the source object.
705
850
  #
851
+ # If you enable versioning on the destination bucket, Amazon S3
852
+ # generates a unique version ID for the copied object. This version ID
853
+ # is different from the version ID of the source object. Amazon S3
854
+ # returns the version ID of the copied object in the `x-amz-version-id`
855
+ # response header in the response.
856
+ #
857
+ # If you do not enable versioning or suspend it on the destination
858
+ # bucket, the version ID that Amazon S3 generates in the
859
+ # `x-amz-version-id` response header is always null.
860
+ #
861
+ # <note markdown="1"> **Directory buckets** - S3 Versioning isn't enabled and supported for
862
+ # directory buckets.
863
+ #
864
+ # </note>
865
+ #
706
866
  #
707
867
  #
708
868
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
709
869
  # @option options [String] :copy_source_if_match
710
870
  # Copies the object if its entity tag (ETag) matches the specified tag.
871
+ #
872
+ # If both the `x-amz-copy-source-if-match` and
873
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
874
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
875
+ # the data:
876
+ #
877
+ # * `x-amz-copy-source-if-match` condition evaluates to true
878
+ #
879
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
711
880
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
712
881
  # Copies the object if it has been modified since the specified time.
882
+ #
883
+ # If both the `x-amz-copy-source-if-none-match` and
884
+ # `x-amz-copy-source-if-modified-since` headers are present in the
885
+ # request and evaluate as follows, Amazon S3 returns the `412
886
+ # Precondition Failed` response code:
887
+ #
888
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
889
+ #
890
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
713
891
  # @option options [String] :copy_source_if_none_match
714
892
  # Copies the object if its entity tag (ETag) is different than the
715
893
  # specified ETag.
894
+ #
895
+ # If both the `x-amz-copy-source-if-none-match` and
896
+ # `x-amz-copy-source-if-modified-since` headers are present in the
897
+ # request and evaluate as follows, Amazon S3 returns the `412
898
+ # Precondition Failed` response code:
899
+ #
900
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
901
+ #
902
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
716
903
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_unmodified_since
717
904
  # Copies the object if it hasn't been modified since the specified
718
905
  # time.
906
+ #
907
+ # If both the `x-amz-copy-source-if-match` and
908
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
909
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
910
+ # the data:
911
+ #
912
+ # * `x-amz-copy-source-if-match` condition evaluates to true
913
+ #
914
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
719
915
  # @option options [Time,DateTime,Date,Integer,String] :expires
720
916
  # The date and time at which the object is no longer cacheable.
721
917
  # @option options [String] :grant_full_control
722
918
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
723
919
  # object.
724
920
  #
725
- # This action is not supported by Amazon S3 on Outposts.
921
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
922
+ #
923
+ # * This functionality is not supported for Amazon S3 on Outposts.
924
+ #
925
+ # </note>
726
926
  # @option options [String] :grant_read
727
927
  # Allows grantee to read the object data and its metadata.
728
928
  #
729
- # This action is not supported by Amazon S3 on Outposts.
929
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
930
+ #
931
+ # * This functionality is not supported for Amazon S3 on Outposts.
932
+ #
933
+ # </note>
730
934
  # @option options [String] :grant_read_acp
731
935
  # Allows grantee to read the object ACL.
732
936
  #
733
- # This action is not supported by Amazon S3 on Outposts.
937
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
938
+ #
939
+ # * This functionality is not supported for Amazon S3 on Outposts.
940
+ #
941
+ # </note>
734
942
  # @option options [String] :grant_write_acp
735
943
  # Allows grantee to write the ACL for the applicable object.
736
944
  #
737
- # This action is not supported by Amazon S3 on Outposts.
945
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
946
+ #
947
+ # * This functionality is not supported for Amazon S3 on Outposts.
948
+ #
949
+ # </note>
738
950
  # @option options [Hash<String,String>] :metadata
739
951
  # A map of metadata to store with the object in S3.
740
952
  # @option options [String] :metadata_directive
741
953
  # Specifies whether the metadata is copied from the source object or
742
- # replaced with metadata provided in the request.
954
+ # replaced with metadata that's provided in the request. When copying
955
+ # an object, you can preserve all metadata (the default) or specify new
956
+ # metadata. If this header isn’t specified, `COPY` is the default
957
+ # behavior.
958
+ #
959
+ # **General purpose bucket** - For general purpose buckets, when you
960
+ # grant permissions, you can use the `s3:x-amz-metadata-directive`
961
+ # condition key to enforce certain metadata behavior when objects are
962
+ # uploaded. For more information, see [Amazon S3 condition key
963
+ # examples][1] in the *Amazon S3 User Guide*.
964
+ #
965
+ # <note markdown="1"> `x-amz-website-redirect-location` is unique to each object and is not
966
+ # copied when using the `x-amz-metadata-directive` header. To copy the
967
+ # value, you must specify `x-amz-website-redirect-location` in the
968
+ # request header.
969
+ #
970
+ # </note>
971
+ #
972
+ #
973
+ #
974
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
743
975
  # @option options [String] :tagging_directive
744
- # Specifies whether the object tag-set are copied from the source object
745
- # or replaced with tag-set provided in the request.
976
+ # Specifies whether the object tag-set is copied from the source object
977
+ # or replaced with the tag-set that's provided in the request.
978
+ #
979
+ # The default value is `COPY`.
980
+ #
981
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
982
+ # operation, only the empty tag-set is supported. Any requests that
983
+ # attempt to write non-empty tags into directory buckets will receive a
984
+ # `501 Not Implemented` status code. When the destination bucket is a
985
+ # directory bucket, you will receive a `501 Not Implemented` response in
986
+ # any of the following situations:
987
+ #
988
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
989
+ # has non-empty tags.
990
+ #
991
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
992
+ # a non-empty value to `x-amz-tagging`.
993
+ #
994
+ # * When you don't set the `x-amz-tagging-directive` header and the
995
+ # source object has non-empty tags. This is because the default value
996
+ # of `x-amz-tagging-directive` is `COPY`.
997
+ #
998
+ # Because only the empty tag-set is supported for directory buckets in a
999
+ # `CopyObject` operation, the following situations are allowed:
1000
+ #
1001
+ # * When you attempt to `COPY` the tag-set from a directory bucket
1002
+ # source object that has no tags to a general purpose bucket. It
1003
+ # copies an empty tag-set to the destination object.
1004
+ #
1005
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1006
+ # source object and set the `x-amz-tagging` value of the directory
1007
+ # bucket destination object to empty.
1008
+ #
1009
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
1010
+ # bucket source object that has non-empty tags and set the
1011
+ # `x-amz-tagging` value of the directory bucket destination object to
1012
+ # empty.
1013
+ #
1014
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1015
+ # source object and don't set the `x-amz-tagging` value of the
1016
+ # directory bucket destination object. This is because the default
1017
+ # value of `x-amz-tagging` is the empty value.
1018
+ #
1019
+ # </note>
746
1020
  # @option options [String] :server_side_encryption
747
1021
  # The server-side encryption algorithm used when storing this object in
748
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
1022
+ # Amazon S3. Unrecognized or unsupported values won’t write a
1023
+ # destination object and will receive a `400 Bad Request` response.
1024
+ #
1025
+ # Amazon S3 automatically encrypts all new objects that are copied to an
1026
+ # S3 bucket. When copying an object, if you don't specify encryption
1027
+ # information in your copy request, the encryption setting of the target
1028
+ # object is set to the default encryption configuration of the
1029
+ # destination bucket. By default, all buckets have a base level of
1030
+ # encryption configuration that uses server-side encryption with Amazon
1031
+ # S3 managed keys (SSE-S3). If the destination bucket has a different
1032
+ # default encryption configuration, Amazon S3 uses the corresponding
1033
+ # encryption key to encrypt the target object copy.
1034
+ #
1035
+ # With server-side encryption, Amazon S3 encrypts your data as it writes
1036
+ # your data to disks in its data centers and decrypts the data when you
1037
+ # access it. For more information about server-side encryption, see
1038
+ # [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
1039
+ #
1040
+ # <b>General purpose buckets </b>
1041
+ #
1042
+ # * For general purpose buckets, there are the following supported
1043
+ # options for server-side encryption: server-side encryption with Key
1044
+ # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
1045
+ # encryption with Amazon Web Services KMS keys (DSSE-KMS), and
1046
+ # server-side encryption with customer-provided encryption keys
1047
+ # (SSE-C). Amazon S3 uses the corresponding KMS key, or a
1048
+ # customer-provided key to encrypt the target object copy.
1049
+ #
1050
+ # * When you perform a `CopyObject` operation, if you want to use a
1051
+ # different type of encryption setting for the target object, you can
1052
+ # specify appropriate encryption-related headers to encrypt the target
1053
+ # object with an Amazon S3 managed key, a KMS key, or a
1054
+ # customer-provided key. If the encryption setting in your request is
1055
+ # different from the default encryption configuration of the
1056
+ # destination bucket, the encryption setting in your request takes
1057
+ # precedence.
1058
+ #
1059
+ # <b>Directory buckets </b>
1060
+ #
1061
+ # * For directory buckets, there are only two supported options for
1062
+ # server-side encryption: server-side encryption with Amazon S3
1063
+ # managed keys (SSE-S3) (`AES256`) and server-side encryption with KMS
1064
+ # keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default
1065
+ # encryption uses the desired encryption configuration and you don't
1066
+ # override the bucket default encryption in your `CreateSession`
1067
+ # requests or `PUT` object requests. Then, new objects are
1068
+ # automatically encrypted with the desired encryption settings. For
1069
+ # more information, see [Protecting data with server-side
1070
+ # encryption][2] in the *Amazon S3 User Guide*. For more information
1071
+ # about the encryption overriding behaviors in directory buckets, see
1072
+ # [Specifying server-side encryption with KMS for new object
1073
+ # uploads][3].
1074
+ #
1075
+ # * To encrypt new object copies to a directory bucket with SSE-KMS, we
1076
+ # recommend you specify SSE-KMS as the directory bucket's default
1077
+ # encryption configuration with a KMS key (specifically, a [customer
1078
+ # managed key][4]). The [Amazon Web Services managed key][5]
1079
+ # (`aws/s3`) isn't supported. Your SSE-KMS configuration can only
1080
+ # support 1 [customer managed key][4] per directory bucket for the
1081
+ # lifetime of the bucket. After you specify a customer managed key for
1082
+ # SSE-KMS, you can't override the customer managed key for the
1083
+ # bucket's SSE-KMS configuration. Then, when you perform a
1084
+ # `CopyObject` operation and want to specify server-side encryption
1085
+ # settings for new object copies with SSE-KMS in the
1086
+ # encryption-related request headers, you must ensure the encryption
1087
+ # key is the same customer managed key that you specified for the
1088
+ # directory bucket's default encryption configuration.
1089
+ #
1090
+ #
1091
+ #
1092
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
1093
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
1094
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
1095
+ # [4]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
1096
+ # [5]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
749
1097
  # @option options [String] :storage_class
750
1098
  # If the `x-amz-storage-class` header is not used, the copied object
751
- # will be stored in the STANDARD Storage Class by default. The STANDARD
752
- # storage class provides high durability and high availability.
753
- # Depending on performance needs, you can specify a different Storage
754
- # Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
755
- # more information, see [Storage Classes][1] in the *Amazon S3 User
756
- # Guide*.
1099
+ # will be stored in the `STANDARD` Storage Class by default. The
1100
+ # `STANDARD` storage class provides high durability and high
1101
+ # availability. Depending on performance needs, you can specify a
1102
+ # different Storage Class.
1103
+ #
1104
+ # <note markdown="1"> * <b>Directory buckets </b> - For directory buckets, only the S3
1105
+ # Express One Zone storage class is supported to store newly created
1106
+ # objects. Unsupported storage class values won't write a destination
1107
+ # object and will respond with the HTTP status code `400 Bad Request`.
1108
+ #
1109
+ # * <b>Amazon S3 on Outposts </b> - S3 on Outposts only uses the
1110
+ # `OUTPOSTS` Storage Class.
1111
+ #
1112
+ # </note>
1113
+ #
1114
+ # You can use the `CopyObject` action to change the storage class of an
1115
+ # object that is already stored in Amazon S3 by using the
1116
+ # `x-amz-storage-class` header. For more information, see [Storage
1117
+ # Classes][1] in the *Amazon S3 User Guide*.
1118
+ #
1119
+ # Before using an object as a source object for the copy operation, you
1120
+ # must restore a copy of it if it meets any of the following conditions:
1121
+ #
1122
+ # * The storage class of the source object is `GLACIER` or
1123
+ # `DEEP_ARCHIVE`.
1124
+ #
1125
+ # * The storage class of the source object is `INTELLIGENT_TIERING` and
1126
+ # it's [S3 Intelligent-Tiering access tier][2] is `Archive Access` or
1127
+ # `Deep Archive Access`.
1128
+ #
1129
+ # For more information, see [RestoreObject][3] and [Copying Objects][4]
1130
+ # in the *Amazon S3 User Guide*.
757
1131
  #
758
1132
  #
759
1133
  #
760
1134
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
1135
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition
1136
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
1137
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
761
1138
  # @option options [String] :website_redirect_location
762
- # If the bucket is configured as a website, redirects requests for this
763
- # object to another object in the same bucket or to an external URL.
764
- # Amazon S3 stores the value of this header in the object metadata. This
765
- # value is unique to each object and is not copied when using the
766
- # `x-amz-metadata-directive` header. Instead, you may opt to provide
767
- # this header in combination with the directive.
1139
+ # If the destination bucket is configured as a website, redirects
1140
+ # requests for this object copy to another object in the same bucket or
1141
+ # to an external URL. Amazon S3 stores the value of this header in the
1142
+ # object metadata. This value is unique to each object and is not copied
1143
+ # when using the `x-amz-metadata-directive` header. Instead, you may opt
1144
+ # to provide this header in combination with the
1145
+ # `x-amz-metadata-directive` header.
1146
+ #
1147
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1148
+ #
1149
+ # </note>
768
1150
  # @option options [String] :sse_customer_algorithm
769
- # Specifies the algorithm to use to when encrypting the object (for
770
- # example, AES256).
1151
+ # Specifies the algorithm to use when encrypting the object (for
1152
+ # example, `AES256`).
1153
+ #
1154
+ # When you perform a `CopyObject` operation, if you want to use a
1155
+ # different type of encryption setting for the target object, you can
1156
+ # specify appropriate encryption-related headers to encrypt the target
1157
+ # object with an Amazon S3 managed key, a KMS key, or a
1158
+ # customer-provided key. If the encryption setting in your request is
1159
+ # different from the default encryption configuration of the destination
1160
+ # bucket, the encryption setting in your request takes precedence.
1161
+ #
1162
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1163
+ # directory bucket.
1164
+ #
1165
+ # </note>
771
1166
  # @option options [String] :sse_customer_key
772
1167
  # Specifies the customer-provided encryption key for Amazon S3 to use in
773
1168
  # encrypting data. This value is used to store the object and then it is
774
- # discarded; Amazon S3 does not store the encryption key. The key must
1169
+ # discarded. Amazon S3 does not store the encryption key. The key must
775
1170
  # be appropriate for use with the algorithm specified in the
776
1171
  # `x-amz-server-side-encryption-customer-algorithm` header.
1172
+ #
1173
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1174
+ # directory bucket.
1175
+ #
1176
+ # </note>
777
1177
  # @option options [String] :sse_customer_key_md5
778
1178
  # Specifies the 128-bit MD5 digest of the encryption key according to
779
1179
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
780
1180
  # ensure that the encryption key was transmitted without error.
1181
+ #
1182
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1183
+ # directory bucket.
1184
+ #
1185
+ # </note>
781
1186
  # @option options [String] :ssekms_key_id
782
- # Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object
783
- # encryption. All GET and PUT requests for an object protected by KMS
784
- # will fail if they're not made via SSL or using SigV4. For information
785
- # about configuring any of the officially supported Amazon Web Services
786
- # SDKs and Amazon Web Services CLI, see [Specifying the Signature
787
- # Version in Request Authentication][1] in the *Amazon S3 User Guide*.
1187
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
1188
+ # object encryption. All GET and PUT requests for an object protected by
1189
+ # KMS will fail if they're not made via SSL or using SigV4. For
1190
+ # information about configuring any of the officially supported Amazon
1191
+ # Web Services SDKs and Amazon Web Services CLI, see [Specifying the
1192
+ # Signature Version in Request Authentication][1] in the *Amazon S3 User
1193
+ # Guide*.
1194
+ #
1195
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
1196
+ # with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id`
1197
+ # header is implicitly assigned the ID of the KMS symmetric encryption
1198
+ # customer managed key that's configured for your directory bucket's
1199
+ # default encryption setting. If you want to specify the `
1200
+ # x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
1201
+ # can only specify it with the ID (Key ID or Key ARN) of the KMS
1202
+ # customer managed key that's configured for your directory bucket's
1203
+ # default encryption setting. Otherwise, you get an HTTP `400 Bad
1204
+ # Request` error. Only use the key ID or key ARN. The key alias format
1205
+ # of the KMS key isn't supported. Your SSE-KMS configuration can only
1206
+ # support 1 [customer managed key][2] per directory bucket for the
1207
+ # lifetime of the bucket. The [Amazon Web Services managed key][3]
1208
+ # (`aws/s3`) isn't supported.
788
1209
  #
789
1210
  #
790
1211
  #
791
1212
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
1213
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
1214
+ # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
792
1215
  # @option options [String] :ssekms_encryption_context
793
- # Specifies the Amazon Web Services KMS Encryption Context to use for
794
- # object encryption. The value of this header is a base64-encoded UTF-8
795
- # string holding JSON with the encryption context key-value pairs.
1216
+ # Specifies the Amazon Web Services KMS Encryption Context as an
1217
+ # additional encryption context to use for the destination object
1218
+ # encryption. The value of this header is a base64-encoded UTF-8 string
1219
+ # holding JSON with the encryption context key-value pairs.
1220
+ #
1221
+ # **General purpose buckets** - This value must be explicitly added to
1222
+ # specify encryption context for `CopyObject` requests if you want an
1223
+ # additional encryption context for your destination object. The
1224
+ # additional encryption context of the source object won't be copied to
1225
+ # the destination object. For more information, see [Encryption
1226
+ # context][1] in the *Amazon S3 User Guide*.
1227
+ #
1228
+ # **Directory buckets** - You can optionally provide an explicit
1229
+ # encryption context value. The value must match the default encryption
1230
+ # context - the bucket Amazon Resource Name (ARN). An additional
1231
+ # encryption context value is not supported.
1232
+ #
1233
+ #
1234
+ #
1235
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
796
1236
  # @option options [Boolean] :bucket_key_enabled
797
1237
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
798
1238
  # encryption with server-side encryption using Key Management Service
799
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
800
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
1239
+ # (KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable
1240
+ # an S3 Bucket Key for the object.
1241
+ #
1242
+ # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
1243
+ # for object encryption with SSE-KMS. Specifying this header with a COPY
1244
+ # action doesn’t affect bucket-level settings for S3 Bucket Key.
801
1245
  #
802
- # Specifying this header with a COPY action doesn’t affect bucket-level
803
- # settings for S3 Bucket Key.
1246
+ # For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
1247
+ # User Guide*.
1248
+ #
1249
+ # <note markdown="1"> **Directory buckets** - S3 Bucket Keys aren't supported, when you
1250
+ # copy SSE-KMS encrypted objects from general purpose buckets to
1251
+ # directory buckets, from directory buckets to general purpose buckets,
1252
+ # or between directory buckets, through [CopyObject][2]. In this case,
1253
+ # Amazon S3 makes a call to KMS every time a copy request is made for a
1254
+ # KMS-encrypted object.
1255
+ #
1256
+ # </note>
1257
+ #
1258
+ #
1259
+ #
1260
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
1261
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
804
1262
  # @option options [String] :copy_source_sse_customer_algorithm
805
1263
  # Specifies the algorithm to use when decrypting the source object (for
806
- # example, AES256).
1264
+ # example, `AES256`).
1265
+ #
1266
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
1267
+ # you must provide the necessary encryption information in your request
1268
+ # so that Amazon S3 can decrypt the object for copying.
1269
+ #
1270
+ # <note markdown="1"> This functionality is not supported when the source object is in a
1271
+ # directory bucket.
1272
+ #
1273
+ # </note>
807
1274
  # @option options [String] :copy_source_sse_customer_key
808
1275
  # Specifies the customer-provided encryption key for Amazon S3 to use to
809
1276
  # decrypt the source object. The encryption key provided in this header
810
- # must be one that was used when the source object was created.
1277
+ # must be the same one that was used when the source object was created.
1278
+ #
1279
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
1280
+ # you must provide the necessary encryption information in your request
1281
+ # so that Amazon S3 can decrypt the object for copying.
1282
+ #
1283
+ # <note markdown="1"> This functionality is not supported when the source object is in a
1284
+ # directory bucket.
1285
+ #
1286
+ # </note>
811
1287
  # @option options [String] :copy_source_sse_customer_key_md5
812
1288
  # Specifies the 128-bit MD5 digest of the encryption key according to
813
1289
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
814
1290
  # ensure that the encryption key was transmitted without error.
1291
+ #
1292
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
1293
+ # you must provide the necessary encryption information in your request
1294
+ # so that Amazon S3 can decrypt the object for copying.
1295
+ #
1296
+ # <note markdown="1"> This functionality is not supported when the source object is in a
1297
+ # directory bucket.
1298
+ #
1299
+ # </note>
815
1300
  # @option options [String] :request_payer
816
1301
  # Confirms that the requester knows that they will be charged for the
817
1302
  # request. Bucket owners need not specify this parameter in their
818
- # requests. If either the source or destination Amazon S3 bucket has
819
- # Requester Pays enabled, the requester will pay for corresponding
820
- # charges to copy the object. For information about downloading objects
821
- # from Requester Pays buckets, see [Downloading Objects in Requester
822
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1303
+ # requests. If either the source or destination S3 bucket has Requester
1304
+ # Pays enabled, the requester will pay for corresponding charges to copy
1305
+ # the object. For information about downloading objects from Requester
1306
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1307
+ # in the *Amazon S3 User Guide*.
1308
+ #
1309
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1310
+ #
1311
+ # </note>
823
1312
  #
824
1313
  #
825
1314
  #
826
1315
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
827
1316
  # @option options [String] :tagging
828
- # The tag-set for the object destination object this value must be used
829
- # in conjunction with the `TaggingDirective`. The tag-set must be
830
- # encoded as URL Query parameters.
1317
+ # The tag-set for the object copy in the destination bucket. This value
1318
+ # must be used in conjunction with the `x-amz-tagging-directive` if you
1319
+ # choose `REPLACE` for the `x-amz-tagging-directive`. If you choose
1320
+ # `COPY` for the `x-amz-tagging-directive`, you don't need to set the
1321
+ # `x-amz-tagging` header, because the tag-set will be copied from the
1322
+ # source object directly. The tag-set must be encoded as URL Query
1323
+ # parameters.
1324
+ #
1325
+ # The default value is the empty value.
1326
+ #
1327
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
1328
+ # operation, only the empty tag-set is supported. Any requests that
1329
+ # attempt to write non-empty tags into directory buckets will receive a
1330
+ # `501 Not Implemented` status code. When the destination bucket is a
1331
+ # directory bucket, you will receive a `501 Not Implemented` response in
1332
+ # any of the following situations:
1333
+ #
1334
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
1335
+ # has non-empty tags.
1336
+ #
1337
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
1338
+ # a non-empty value to `x-amz-tagging`.
1339
+ #
1340
+ # * When you don't set the `x-amz-tagging-directive` header and the
1341
+ # source object has non-empty tags. This is because the default value
1342
+ # of `x-amz-tagging-directive` is `COPY`.
1343
+ #
1344
+ # Because only the empty tag-set is supported for directory buckets in a
1345
+ # `CopyObject` operation, the following situations are allowed:
1346
+ #
1347
+ # * When you attempt to `COPY` the tag-set from a directory bucket
1348
+ # source object that has no tags to a general purpose bucket. It
1349
+ # copies an empty tag-set to the destination object.
1350
+ #
1351
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1352
+ # source object and set the `x-amz-tagging` value of the directory
1353
+ # bucket destination object to empty.
1354
+ #
1355
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
1356
+ # bucket source object that has non-empty tags and set the
1357
+ # `x-amz-tagging` value of the directory bucket destination object to
1358
+ # empty.
1359
+ #
1360
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1361
+ # source object and don't set the `x-amz-tagging` value of the
1362
+ # directory bucket destination object. This is because the default
1363
+ # value of `x-amz-tagging` is the empty value.
1364
+ #
1365
+ # </note>
831
1366
  # @option options [String] :object_lock_mode
832
- # The Object Lock mode that you want to apply to the copied object.
1367
+ # The Object Lock mode that you want to apply to the object copy.
1368
+ #
1369
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1370
+ #
1371
+ # </note>
833
1372
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
834
- # The date and time when you want the copied object's Object Lock to
1373
+ # The date and time when you want the Object Lock of the object copy to
835
1374
  # expire.
1375
+ #
1376
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1377
+ #
1378
+ # </note>
836
1379
  # @option options [String] :object_lock_legal_hold_status
837
- # Specifies whether you want to apply a legal hold to the copied object.
1380
+ # Specifies whether you want to apply a legal hold to the object copy.
1381
+ #
1382
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1383
+ #
1384
+ # </note>
838
1385
  # @option options [String] :expected_bucket_owner
839
1386
  # The account ID of the expected destination bucket owner. If the
840
- # destination bucket is owned by a different account, the request fails
841
- # with the HTTP status code `403 Forbidden` (access denied).
1387
+ # account ID that you provide does not match the actual owner of the
1388
+ # destination bucket, the request fails with the HTTP status code `403
1389
+ # Forbidden` (access denied).
842
1390
  # @option options [String] :expected_source_bucket_owner
843
- # The account ID of the expected source bucket owner. If the source
844
- # bucket is owned by a different account, the request fails with the
845
- # HTTP status code `403 Forbidden` (access denied).
1391
+ # The account ID of the expected source bucket owner. If the account ID
1392
+ # that you provide does not match the actual owner of the source bucket,
1393
+ # the request fails with the HTTP status code `403 Forbidden` (access
1394
+ # denied).
846
1395
  # @return [Types::CopyObjectOutput]
847
1396
  def copy_from(options = {})
848
1397
  options = options.merge(
849
1398
  bucket: @bucket_name,
850
1399
  key: @key
851
1400
  )
852
- resp = Aws::Plugins::UserAgent.feature('resource') do
1401
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
853
1402
  @client.copy_object(options)
854
1403
  end
855
1404
  resp.data
@@ -863,6 +1412,9 @@ module Aws::S3
863
1412
  # request_payer: "requester", # accepts requester
864
1413
  # bypass_governance_retention: false,
865
1414
  # expected_bucket_owner: "AccountId",
1415
+ # if_match: "IfMatch",
1416
+ # if_match_last_modified_time: Time.now,
1417
+ # if_match_size: 1,
866
1418
  # })
867
1419
  # @param [Hash] options ({})
868
1420
  # @option options [String] :mfa
@@ -870,16 +1422,29 @@ module Aws::S3
870
1422
  # space, and the value that is displayed on your authentication device.
871
1423
  # Required to permanently delete a versioned object if versioning is
872
1424
  # configured with MFA delete enabled.
1425
+ #
1426
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1427
+ #
1428
+ # </note>
873
1429
  # @option options [String] :version_id
874
- # VersionId used to reference a specific version of the object.
1430
+ # Version ID used to reference a specific version of the object.
1431
+ #
1432
+ # <note markdown="1"> For directory buckets in this API operation, only the `null` value of
1433
+ # the version ID is supported.
1434
+ #
1435
+ # </note>
875
1436
  # @option options [String] :request_payer
876
1437
  # Confirms that the requester knows that they will be charged for the
877
1438
  # request. Bucket owners need not specify this parameter in their
878
- # requests. If either the source or destination Amazon S3 bucket has
879
- # Requester Pays enabled, the requester will pay for corresponding
880
- # charges to copy the object. For information about downloading objects
881
- # from Requester Pays buckets, see [Downloading Objects in Requester
882
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1439
+ # requests. If either the source or destination S3 bucket has Requester
1440
+ # Pays enabled, the requester will pay for corresponding charges to copy
1441
+ # the object. For information about downloading objects from Requester
1442
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1443
+ # in the *Amazon S3 User Guide*.
1444
+ #
1445
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1446
+ #
1447
+ # </note>
883
1448
  #
884
1449
  #
885
1450
  #
@@ -888,17 +1453,61 @@ module Aws::S3
888
1453
  # Indicates whether S3 Object Lock should bypass Governance-mode
889
1454
  # restrictions to process this operation. To use this header, you must
890
1455
  # have the `s3:BypassGovernanceRetention` permission.
1456
+ #
1457
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1458
+ #
1459
+ # </note>
891
1460
  # @option options [String] :expected_bucket_owner
892
- # The account ID of the expected bucket owner. If the bucket is owned by
893
- # a different account, the request fails with the HTTP status code `403
894
- # Forbidden` (access denied).
1461
+ # The account ID of the expected bucket owner. If the account ID that
1462
+ # you provide does not match the actual owner of the bucket, the request
1463
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1464
+ # @option options [String] :if_match
1465
+ # The `If-Match` header field makes the request method conditional on
1466
+ # ETags. If the ETag value does not match, the operation returns a `412
1467
+ # Precondition Failed` error. If the ETag matches or if the object
1468
+ # doesn't exist, the operation will return a `204 Success (No Content)
1469
+ # response`.
1470
+ #
1471
+ # For more information about conditional requests, see [RFC 7232][1].
1472
+ #
1473
+ # <note markdown="1"> This functionality is only supported for directory buckets.
1474
+ #
1475
+ # </note>
1476
+ #
1477
+ #
1478
+ #
1479
+ # [1]: https://docs.aws.amazon.com/https:/tools.ietf.org/html/rfc7232
1480
+ # @option options [Time,DateTime,Date,Integer,String] :if_match_last_modified_time
1481
+ # If present, the object is deleted only if its modification times
1482
+ # matches the provided `Timestamp`. If the `Timestamp` values do not
1483
+ # match, the operation returns a `412 Precondition Failed` error. If the
1484
+ # `Timestamp` matches or if the object doesn’t exist, the operation
1485
+ # returns a `204 Success (No Content)` response.
1486
+ #
1487
+ # <note markdown="1"> This functionality is only supported for directory buckets.
1488
+ #
1489
+ # </note>
1490
+ # @option options [Integer] :if_match_size
1491
+ # If present, the object is deleted only if its size matches the
1492
+ # provided size in bytes. If the `Size` value does not match, the
1493
+ # operation returns a `412 Precondition Failed` error. If the `Size`
1494
+ # matches or if the object doesn’t exist, the operation returns a `204
1495
+ # Success (No Content)` response.
1496
+ #
1497
+ # <note markdown="1"> This functionality is only supported for directory buckets.
1498
+ #
1499
+ # </note>
1500
+ #
1501
+ # You can use the `If-Match`, `x-amz-if-match-last-modified-time` and
1502
+ # `x-amz-if-match-size` conditional headers in conjunction with
1503
+ # each-other or individually.
895
1504
  # @return [Types::DeleteObjectOutput]
896
1505
  def delete(options = {})
897
1506
  options = options.merge(
898
1507
  bucket: @bucket_name,
899
1508
  key: @key
900
1509
  )
901
- resp = Aws::Plugins::UserAgent.feature('resource') do
1510
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
902
1511
  @client.delete_object(options)
903
1512
  end
904
1513
  resp.data
@@ -930,18 +1539,64 @@ module Aws::S3
930
1539
  # @param [Hash] options ({})
931
1540
  # @option options [String] :if_match
932
1541
  # Return the object only if its entity tag (ETag) is the same as the one
933
- # specified; otherwise, return a 412 (precondition failed) error.
1542
+ # specified in this header; otherwise, return a `412 Precondition
1543
+ # Failed` error.
1544
+ #
1545
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1546
+ # present in the request as follows: `If-Match` condition evaluates to
1547
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1548
+ # then, S3 returns `200 OK` and the data requested.
1549
+ #
1550
+ # For more information about conditional requests, see [RFC 7232][1].
1551
+ #
1552
+ #
1553
+ #
1554
+ # [1]: https://tools.ietf.org/html/rfc7232
934
1555
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
935
1556
  # Return the object only if it has been modified since the specified
936
- # time; otherwise, return a 304 (not modified) error.
1557
+ # time; otherwise, return a `304 Not Modified` error.
1558
+ #
1559
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1560
+ # present in the request as follows:` If-None-Match` condition evaluates
1561
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1562
+ # then, S3 returns `304 Not Modified` status code.
1563
+ #
1564
+ # For more information about conditional requests, see [RFC 7232][1].
1565
+ #
1566
+ #
1567
+ #
1568
+ # [1]: https://tools.ietf.org/html/rfc7232
937
1569
  # @option options [String] :if_none_match
938
1570
  # Return the object only if its entity tag (ETag) is different from the
939
- # one specified; otherwise, return a 304 (not modified) error.
1571
+ # one specified in this header; otherwise, return a `304 Not Modified`
1572
+ # error.
1573
+ #
1574
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1575
+ # present in the request as follows:` If-None-Match` condition evaluates
1576
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1577
+ # then, S3 returns `304 Not Modified` HTTP status code.
1578
+ #
1579
+ # For more information about conditional requests, see [RFC 7232][1].
1580
+ #
1581
+ #
1582
+ #
1583
+ # [1]: https://tools.ietf.org/html/rfc7232
940
1584
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
941
1585
  # Return the object only if it has not been modified since the specified
942
- # time; otherwise, return a 412 (precondition failed) error.
1586
+ # time; otherwise, return a `412 Precondition Failed` error.
1587
+ #
1588
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1589
+ # present in the request as follows: `If-Match` condition evaluates to
1590
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1591
+ # then, S3 returns `200 OK` and the data requested.
1592
+ #
1593
+ # For more information about conditional requests, see [RFC 7232][1].
1594
+ #
1595
+ #
1596
+ #
1597
+ # [1]: https://tools.ietf.org/html/rfc7232
943
1598
  # @option options [String] :range
944
- # Downloads the specified range bytes of an object. For more information
1599
+ # Downloads the specified byte range of an object. For more information
945
1600
  # about the HTTP Range header, see
946
1601
  # [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
947
1602
  #
@@ -956,7 +1611,7 @@ module Aws::S3
956
1611
  # @option options [String] :response_cache_control
957
1612
  # Sets the `Cache-Control` header of the response.
958
1613
  # @option options [String] :response_content_disposition
959
- # Sets the `Content-Disposition` header of the response
1614
+ # Sets the `Content-Disposition` header of the response.
960
1615
  # @option options [String] :response_content_encoding
961
1616
  # Sets the `Content-Encoding` header of the response.
962
1617
  # @option options [String] :response_content_language
@@ -966,50 +1621,158 @@ module Aws::S3
966
1621
  # @option options [Time,DateTime,Date,Integer,String] :response_expires
967
1622
  # Sets the `Expires` header of the response.
968
1623
  # @option options [String] :version_id
969
- # VersionId used to reference a specific version of the object.
970
- # @option options [String] :sse_customer_algorithm
971
- # Specifies the algorithm to use to when decrypting the object (for
972
- # example, AES256).
973
- # @option options [String] :sse_customer_key
974
- # Specifies the customer-provided encryption key for Amazon S3 used to
975
- # encrypt the data. This value is used to decrypt the object when
976
- # recovering it and must match the one used when storing the data. The
977
- # key must be appropriate for use with the algorithm specified in the
978
- # `x-amz-server-side-encryption-customer-algorithm` header.
979
- # @option options [String] :sse_customer_key_md5
980
- # Specifies the 128-bit MD5 digest of the encryption key according to
981
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
982
- # ensure that the encryption key was transmitted without error.
983
- # @option options [String] :request_payer
984
- # Confirms that the requester knows that they will be charged for the
985
- # request. Bucket owners need not specify this parameter in their
986
- # requests. If either the source or destination Amazon S3 bucket has
987
- # Requester Pays enabled, the requester will pay for corresponding
988
- # charges to copy the object. For information about downloading objects
989
- # from Requester Pays buckets, see [Downloading Objects in Requester
990
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1624
+ # Version ID used to reference a specific version of the object.
991
1625
  #
1626
+ # By default, the `GetObject` operation returns the current version of
1627
+ # an object. To return a different version, use the `versionId`
1628
+ # subresource.
992
1629
  #
1630
+ # <note markdown="1"> * If you include a `versionId` in your request header, you must have
1631
+ # the `s3:GetObjectVersion` permission to access a specific version of
1632
+ # an object. The `s3:GetObject` permission is not required in this
1633
+ # scenario.
993
1634
  #
994
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
995
- # @option options [Integer] :part_number
996
- # Part number of the object being read. This is a positive integer
997
- # between 1 and 10,000. Effectively performs a 'ranged' GET request
998
- # for the part specified. Useful for downloading just a part of an
999
- # object.
1635
+ # * If you request the current version of an object without a specific
1636
+ # `versionId` in the request header, only the `s3:GetObject`
1637
+ # permission is required. The `s3:GetObjectVersion` permission is not
1638
+ # required in this scenario.
1639
+ #
1640
+ # * **Directory buckets** - S3 Versioning isn't enabled and supported
1641
+ # for directory buckets. For this API operation, only the `null` value
1642
+ # of the version ID is supported by directory buckets. You can only
1643
+ # specify `null` to the `versionId` query parameter in the request.
1644
+ #
1645
+ # </note>
1646
+ #
1647
+ # For more information about versioning, see [PutBucketVersioning][1].
1648
+ #
1649
+ #
1650
+ #
1651
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html
1652
+ # @option options [String] :sse_customer_algorithm
1653
+ # Specifies the algorithm to use when decrypting the object (for
1654
+ # example, `AES256`).
1655
+ #
1656
+ # If you encrypt an object by using server-side encryption with
1657
+ # customer-provided encryption keys (SSE-C) when you store the object in
1658
+ # Amazon S3, then when you GET the object, you must use the following
1659
+ # headers:
1660
+ #
1661
+ # * `x-amz-server-side-encryption-customer-algorithm`
1662
+ #
1663
+ # * `x-amz-server-side-encryption-customer-key`
1664
+ #
1665
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1666
+ #
1667
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1668
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1669
+ #
1670
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1671
+ #
1672
+ # </note>
1673
+ #
1674
+ #
1675
+ #
1676
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
1677
+ # @option options [String] :sse_customer_key
1678
+ # Specifies the customer-provided encryption key that you originally
1679
+ # provided for Amazon S3 to encrypt the data before storing it. This
1680
+ # value is used to decrypt the object when recovering it and must match
1681
+ # the one used when storing the data. The key must be appropriate for
1682
+ # use with the algorithm specified in the
1683
+ # `x-amz-server-side-encryption-customer-algorithm` header.
1684
+ #
1685
+ # If you encrypt an object by using server-side encryption with
1686
+ # customer-provided encryption keys (SSE-C) when you store the object in
1687
+ # Amazon S3, then when you GET the object, you must use the following
1688
+ # headers:
1689
+ #
1690
+ # * `x-amz-server-side-encryption-customer-algorithm`
1691
+ #
1692
+ # * `x-amz-server-side-encryption-customer-key`
1693
+ #
1694
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1695
+ #
1696
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1697
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1698
+ #
1699
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1700
+ #
1701
+ # </note>
1702
+ #
1703
+ #
1704
+ #
1705
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
1706
+ # @option options [String] :sse_customer_key_md5
1707
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
1708
+ # key according to RFC 1321. Amazon S3 uses this header for a message
1709
+ # integrity check to ensure that the encryption key was transmitted
1710
+ # without error.
1711
+ #
1712
+ # If you encrypt an object by using server-side encryption with
1713
+ # customer-provided encryption keys (SSE-C) when you store the object in
1714
+ # Amazon S3, then when you GET the object, you must use the following
1715
+ # headers:
1716
+ #
1717
+ # * `x-amz-server-side-encryption-customer-algorithm`
1718
+ #
1719
+ # * `x-amz-server-side-encryption-customer-key`
1720
+ #
1721
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1722
+ #
1723
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1724
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1725
+ #
1726
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1727
+ #
1728
+ # </note>
1729
+ #
1730
+ #
1731
+ #
1732
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
1733
+ # @option options [String] :request_payer
1734
+ # Confirms that the requester knows that they will be charged for the
1735
+ # request. Bucket owners need not specify this parameter in their
1736
+ # requests. If either the source or destination S3 bucket has Requester
1737
+ # Pays enabled, the requester will pay for corresponding charges to copy
1738
+ # the object. For information about downloading objects from Requester
1739
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1740
+ # in the *Amazon S3 User Guide*.
1741
+ #
1742
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1743
+ #
1744
+ # </note>
1745
+ #
1746
+ #
1747
+ #
1748
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1749
+ # @option options [Integer] :part_number
1750
+ # Part number of the object being read. This is a positive integer
1751
+ # between 1 and 10,000. Effectively performs a 'ranged' GET request
1752
+ # for the part specified. Useful for downloading just a part of an
1753
+ # object.
1000
1754
  # @option options [String] :expected_bucket_owner
1001
- # The account ID of the expected bucket owner. If the bucket is owned by
1002
- # a different account, the request fails with the HTTP status code `403
1003
- # Forbidden` (access denied).
1755
+ # The account ID of the expected bucket owner. If the account ID that
1756
+ # you provide does not match the actual owner of the bucket, the request
1757
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1004
1758
  # @option options [String] :checksum_mode
1005
1759
  # To retrieve the checksum, this mode must be enabled.
1760
+ #
1761
+ # **General purpose buckets** - In addition, if you enable checksum mode
1762
+ # and the object is uploaded with a [checksum][1] and encrypted with an
1763
+ # Key Management Service (KMS) key, you must have permission to use the
1764
+ # `kms:Decrypt` action to retrieve the checksum.
1765
+ #
1766
+ #
1767
+ #
1768
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
1006
1769
  # @return [Types::GetObjectOutput]
1007
1770
  def get(options = {}, &block)
1008
1771
  options = options.merge(
1009
1772
  bucket: @bucket_name,
1010
1773
  key: @key
1011
1774
  )
1012
- resp = Aws::Plugins::UserAgent.feature('resource') do
1775
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1013
1776
  @client.get_object(options, &block)
1014
1777
  end
1015
1778
  resp.data
@@ -1033,7 +1796,7 @@ module Aws::S3
1033
1796
  # "MetadataKey" => "MetadataValue",
1034
1797
  # },
1035
1798
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1036
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
1799
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1037
1800
  # website_redirect_location: "WebsiteRedirectLocation",
1038
1801
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1039
1802
  # sse_customer_key: "SSECustomerKey",
@@ -1051,9 +1814,29 @@ module Aws::S3
1051
1814
  # })
1052
1815
  # @param [Hash] options ({})
1053
1816
  # @option options [String] :acl
1054
- # The canned ACL to apply to the object.
1817
+ # The canned ACL to apply to the object. Amazon S3 supports a set of
1818
+ # predefined ACLs, known as *canned ACLs*. Each canned ACL has a
1819
+ # predefined set of grantees and permissions. For more information, see
1820
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
1821
+ #
1822
+ # By default, all objects are private. Only the owner has full access
1823
+ # control. When uploading an object, you can grant access permissions to
1824
+ # individual Amazon Web Services accounts or to predefined groups
1825
+ # defined by Amazon S3. These permissions are then added to the access
1826
+ # control list (ACL) on the new object. For more information, see [Using
1827
+ # ACLs][2]. One way to grant the permissions using the request headers
1828
+ # is to specify a canned ACL with the `x-amz-acl` request header.
1829
+ #
1830
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1831
+ #
1832
+ # * This functionality is not supported for Amazon S3 on Outposts.
1833
+ #
1834
+ # </note>
1835
+ #
1055
1836
  #
1056
- # This action is not supported by Amazon S3 on Outposts.
1837
+ #
1838
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
1839
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
1057
1840
  # @option options [String] :cache_control
1058
1841
  # Specifies caching behavior along the request/reply chain.
1059
1842
  # @option options [String] :content_disposition
@@ -1062,41 +1845,334 @@ module Aws::S3
1062
1845
  # Specifies what content encodings have been applied to the object and
1063
1846
  # thus what decoding mechanisms must be applied to obtain the media-type
1064
1847
  # referenced by the Content-Type header field.
1848
+ #
1849
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
1850
+ # this header field.
1851
+ #
1852
+ # </note>
1065
1853
  # @option options [String] :content_language
1066
- # The language the content is in.
1854
+ # The language that the content is in.
1067
1855
  # @option options [String] :content_type
1068
1856
  # A standard MIME type describing the format of the object data.
1069
1857
  # @option options [Time,DateTime,Date,Integer,String] :expires
1070
1858
  # The date and time at which the object is no longer cacheable.
1071
1859
  # @option options [String] :grant_full_control
1072
- # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1073
- # object.
1860
+ # Specify access permissions explicitly to give the grantee READ,
1861
+ # READ\_ACP, and WRITE\_ACP permissions on the object.
1862
+ #
1863
+ # By default, all objects are private. Only the owner has full access
1864
+ # control. When uploading an object, you can use this header to
1865
+ # explicitly grant access permissions to specific Amazon Web Services
1866
+ # accounts or groups. This header maps to specific permissions that
1867
+ # Amazon S3 supports in an ACL. For more information, see [Access
1868
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1869
+ #
1870
+ # You specify each grantee as a type=value pair, where the type is one
1871
+ # of the following:
1872
+ #
1873
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1874
+ # Web Services account
1875
+ #
1876
+ # * `uri` – if you are granting permissions to a predefined group
1074
1877
  #
1075
- # This action is not supported by Amazon S3 on Outposts.
1878
+ # * `emailAddress` if the value specified is the email address of an
1879
+ # Amazon Web Services account
1880
+ #
1881
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1882
+ # following Amazon Web Services Regions:
1883
+ #
1884
+ # * US East (N. Virginia)
1885
+ #
1886
+ # * US West (N. California)
1887
+ #
1888
+ # * US West (Oregon)
1889
+ #
1890
+ # * Asia Pacific (Singapore)
1891
+ #
1892
+ # * Asia Pacific (Sydney)
1893
+ #
1894
+ # * Asia Pacific (Tokyo)
1895
+ #
1896
+ # * Europe (Ireland)
1897
+ #
1898
+ # * South America (São Paulo)
1899
+ #
1900
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1901
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1902
+ # Reference.
1903
+ #
1904
+ # </note>
1905
+ #
1906
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1907
+ # Web Services accounts identified by account IDs permissions to read
1908
+ # object data and its metadata:
1909
+ #
1910
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1911
+ #
1912
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1913
+ #
1914
+ # * This functionality is not supported for Amazon S3 on Outposts.
1915
+ #
1916
+ # </note>
1917
+ #
1918
+ #
1919
+ #
1920
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1921
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1076
1922
  # @option options [String] :grant_read
1077
- # Allows grantee to read the object data and its metadata.
1923
+ # Specify access permissions explicitly to allow grantee to read the
1924
+ # object data and its metadata.
1925
+ #
1926
+ # By default, all objects are private. Only the owner has full access
1927
+ # control. When uploading an object, you can use this header to
1928
+ # explicitly grant access permissions to specific Amazon Web Services
1929
+ # accounts or groups. This header maps to specific permissions that
1930
+ # Amazon S3 supports in an ACL. For more information, see [Access
1931
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1932
+ #
1933
+ # You specify each grantee as a type=value pair, where the type is one
1934
+ # of the following:
1935
+ #
1936
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1937
+ # Web Services account
1938
+ #
1939
+ # * `uri` – if you are granting permissions to a predefined group
1940
+ #
1941
+ # * `emailAddress` – if the value specified is the email address of an
1942
+ # Amazon Web Services account
1078
1943
  #
1079
- # This action is not supported by Amazon S3 on Outposts.
1944
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1945
+ # following Amazon Web Services Regions:
1946
+ #
1947
+ # * US East (N. Virginia)
1948
+ #
1949
+ # * US West (N. California)
1950
+ #
1951
+ # * US West (Oregon)
1952
+ #
1953
+ # * Asia Pacific (Singapore)
1954
+ #
1955
+ # * Asia Pacific (Sydney)
1956
+ #
1957
+ # * Asia Pacific (Tokyo)
1958
+ #
1959
+ # * Europe (Ireland)
1960
+ #
1961
+ # * South America (São Paulo)
1962
+ #
1963
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1964
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1965
+ # Reference.
1966
+ #
1967
+ # </note>
1968
+ #
1969
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1970
+ # Web Services accounts identified by account IDs permissions to read
1971
+ # object data and its metadata:
1972
+ #
1973
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1974
+ #
1975
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1976
+ #
1977
+ # * This functionality is not supported for Amazon S3 on Outposts.
1978
+ #
1979
+ # </note>
1980
+ #
1981
+ #
1982
+ #
1983
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1984
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1080
1985
  # @option options [String] :grant_read_acp
1081
- # Allows grantee to read the object ACL.
1986
+ # Specify access permissions explicitly to allows grantee to read the
1987
+ # object ACL.
1988
+ #
1989
+ # By default, all objects are private. Only the owner has full access
1990
+ # control. When uploading an object, you can use this header to
1991
+ # explicitly grant access permissions to specific Amazon Web Services
1992
+ # accounts or groups. This header maps to specific permissions that
1993
+ # Amazon S3 supports in an ACL. For more information, see [Access
1994
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1995
+ #
1996
+ # You specify each grantee as a type=value pair, where the type is one
1997
+ # of the following:
1998
+ #
1999
+ # * `id` – if the value specified is the canonical user ID of an Amazon
2000
+ # Web Services account
2001
+ #
2002
+ # * `uri` – if you are granting permissions to a predefined group
2003
+ #
2004
+ # * `emailAddress` – if the value specified is the email address of an
2005
+ # Amazon Web Services account
2006
+ #
2007
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
2008
+ # following Amazon Web Services Regions:
2009
+ #
2010
+ # * US East (N. Virginia)
1082
2011
  #
1083
- # This action is not supported by Amazon S3 on Outposts.
2012
+ # * US West (N. California)
2013
+ #
2014
+ # * US West (Oregon)
2015
+ #
2016
+ # * Asia Pacific (Singapore)
2017
+ #
2018
+ # * Asia Pacific (Sydney)
2019
+ #
2020
+ # * Asia Pacific (Tokyo)
2021
+ #
2022
+ # * Europe (Ireland)
2023
+ #
2024
+ # * South America (São Paulo)
2025
+ #
2026
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
2027
+ # [Regions and Endpoints][2] in the Amazon Web Services General
2028
+ # Reference.
2029
+ #
2030
+ # </note>
2031
+ #
2032
+ # For example, the following `x-amz-grant-read` header grants the Amazon
2033
+ # Web Services accounts identified by account IDs permissions to read
2034
+ # object data and its metadata:
2035
+ #
2036
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
2037
+ #
2038
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2039
+ #
2040
+ # * This functionality is not supported for Amazon S3 on Outposts.
2041
+ #
2042
+ # </note>
2043
+ #
2044
+ #
2045
+ #
2046
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
2047
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1084
2048
  # @option options [String] :grant_write_acp
1085
- # Allows grantee to write the ACL for the applicable object.
2049
+ # Specify access permissions explicitly to allows grantee to allow
2050
+ # grantee to write the ACL for the applicable object.
2051
+ #
2052
+ # By default, all objects are private. Only the owner has full access
2053
+ # control. When uploading an object, you can use this header to
2054
+ # explicitly grant access permissions to specific Amazon Web Services
2055
+ # accounts or groups. This header maps to specific permissions that
2056
+ # Amazon S3 supports in an ACL. For more information, see [Access
2057
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
2058
+ #
2059
+ # You specify each grantee as a type=value pair, where the type is one
2060
+ # of the following:
2061
+ #
2062
+ # * `id` – if the value specified is the canonical user ID of an Amazon
2063
+ # Web Services account
2064
+ #
2065
+ # * `uri` – if you are granting permissions to a predefined group
2066
+ #
2067
+ # * `emailAddress` – if the value specified is the email address of an
2068
+ # Amazon Web Services account
2069
+ #
2070
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
2071
+ # following Amazon Web Services Regions:
2072
+ #
2073
+ # * US East (N. Virginia)
2074
+ #
2075
+ # * US West (N. California)
1086
2076
  #
1087
- # This action is not supported by Amazon S3 on Outposts.
2077
+ # * US West (Oregon)
2078
+ #
2079
+ # * Asia Pacific (Singapore)
2080
+ #
2081
+ # * Asia Pacific (Sydney)
2082
+ #
2083
+ # * Asia Pacific (Tokyo)
2084
+ #
2085
+ # * Europe (Ireland)
2086
+ #
2087
+ # * South America (São Paulo)
2088
+ #
2089
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
2090
+ # [Regions and Endpoints][2] in the Amazon Web Services General
2091
+ # Reference.
2092
+ #
2093
+ # </note>
2094
+ #
2095
+ # For example, the following `x-amz-grant-read` header grants the Amazon
2096
+ # Web Services accounts identified by account IDs permissions to read
2097
+ # object data and its metadata:
2098
+ #
2099
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
2100
+ #
2101
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2102
+ #
2103
+ # * This functionality is not supported for Amazon S3 on Outposts.
2104
+ #
2105
+ # </note>
2106
+ #
2107
+ #
2108
+ #
2109
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
2110
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1088
2111
  # @option options [Hash<String,String>] :metadata
1089
2112
  # A map of metadata to store with the object in S3.
1090
2113
  # @option options [String] :server_side_encryption
1091
- # The server-side encryption algorithm used when storing this object in
1092
- # Amazon S3 (for example, `AES256`, `aws:kms`).
2114
+ # The server-side encryption algorithm used when you store this object
2115
+ # in Amazon S3 (for example, `AES256`, `aws:kms`).
2116
+ #
2117
+ # * <b>Directory buckets </b> - For directory buckets, there are only
2118
+ # two supported options for server-side encryption: server-side
2119
+ # encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
2120
+ # server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
2121
+ # recommend that the bucket's default encryption uses the desired
2122
+ # encryption configuration and you don't override the bucket default
2123
+ # encryption in your `CreateSession` requests or `PUT` object
2124
+ # requests. Then, new objects are automatically encrypted with the
2125
+ # desired encryption settings. For more information, see [Protecting
2126
+ # data with server-side encryption][1] in the *Amazon S3 User Guide*.
2127
+ # For more information about the encryption overriding behaviors in
2128
+ # directory buckets, see [Specifying server-side encryption with KMS
2129
+ # for new object uploads][2].
2130
+ #
2131
+ # In the Zonal endpoint API calls (except [CopyObject][3] and
2132
+ # [UploadPartCopy][4]) using the REST API, the encryption request
2133
+ # headers must match the encryption settings that are specified in the
2134
+ # `CreateSession` request. You can't override the values of the
2135
+ # encryption settings (`x-amz-server-side-encryption`,
2136
+ # `x-amz-server-side-encryption-aws-kms-key-id`,
2137
+ # `x-amz-server-side-encryption-context`, and
2138
+ # `x-amz-server-side-encryption-bucket-key-enabled`) that are
2139
+ # specified in the `CreateSession` request. You don't need to
2140
+ # explicitly specify these encryption settings values in Zonal
2141
+ # endpoint API calls, and Amazon S3 will use the encryption settings
2142
+ # values from the `CreateSession` request to protect new objects in
2143
+ # the directory bucket.
2144
+ #
2145
+ # <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
2146
+ # `CreateSession`, the session token refreshes automatically to avoid
2147
+ # service interruptions when a session expires. The CLI or the Amazon
2148
+ # Web Services SDKs use the bucket's default encryption configuration
2149
+ # for the `CreateSession` request. It's not supported to override the
2150
+ # encryption settings values in the `CreateSession` request. So in the
2151
+ # Zonal endpoint API calls (except [CopyObject][3] and
2152
+ # [UploadPartCopy][4]), the encryption request headers must match the
2153
+ # default encryption configuration of the directory bucket.
2154
+ #
2155
+ # </note>
2156
+ #
2157
+ #
2158
+ #
2159
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
2160
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
2161
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2162
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
1093
2163
  # @option options [String] :storage_class
1094
2164
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1095
2165
  # created objects. The STANDARD storage class provides high durability
1096
2166
  # and high availability. Depending on performance needs, you can specify
1097
- # a different Storage Class. Amazon S3 on Outposts only uses the
1098
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1099
- # in the *Amazon S3 User Guide*.
2167
+ # a different Storage Class. For more information, see [Storage
2168
+ # Classes][1] in the *Amazon S3 User Guide*.
2169
+ #
2170
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
2171
+ # supported to store newly created objects.
2172
+ #
2173
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
2174
+ #
2175
+ # </note>
1100
2176
  #
1101
2177
  #
1102
2178
  #
@@ -1105,51 +2181,117 @@ module Aws::S3
1105
2181
  # If the bucket is configured as a website, redirects requests for this
1106
2182
  # object to another object in the same bucket or to an external URL.
1107
2183
  # Amazon S3 stores the value of this header in the object metadata.
2184
+ #
2185
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2186
+ #
2187
+ # </note>
1108
2188
  # @option options [String] :sse_customer_algorithm
1109
- # Specifies the algorithm to use to when encrypting the object (for
2189
+ # Specifies the algorithm to use when encrypting the object (for
1110
2190
  # example, AES256).
2191
+ #
2192
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2193
+ #
2194
+ # </note>
1111
2195
  # @option options [String] :sse_customer_key
1112
2196
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1113
2197
  # encrypting data. This value is used to store the object and then it is
1114
2198
  # discarded; Amazon S3 does not store the encryption key. The key must
1115
2199
  # be appropriate for use with the algorithm specified in the
1116
2200
  # `x-amz-server-side-encryption-customer-algorithm` header.
1117
- # @option options [String] :sse_customer_key_md5
1118
- # Specifies the 128-bit MD5 digest of the encryption key according to
1119
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
1120
- # ensure that the encryption key was transmitted without error.
1121
- # @option options [String] :ssekms_key_id
1122
- # Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric
1123
- # encryption customer managed key to use for object encryption. All GET
1124
- # and PUT requests for an object protected by KMS will fail if they're
1125
- # not made via SSL or using SigV4. For information about configuring any
1126
- # of the officially supported Amazon Web Services SDKs and Amazon Web
1127
- # Services CLI, see [Specifying the Signature Version in Request
1128
- # Authentication][1] in the *Amazon S3 User Guide*.
1129
2201
  #
2202
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1130
2203
  #
2204
+ # </note>
2205
+ # @option options [String] :sse_customer_key_md5
2206
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
2207
+ # key according to RFC 1321. Amazon S3 uses this header for a message
2208
+ # integrity check to ensure that the encryption key was transmitted
2209
+ # without error.
1131
2210
  #
1132
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
2211
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2212
+ #
2213
+ # </note>
2214
+ # @option options [String] :ssekms_key_id
2215
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
2216
+ # object encryption. If the KMS key doesn't exist in the same account
2217
+ # that's issuing the command, you must use the full Key ARN not the Key
2218
+ # ID.
2219
+ #
2220
+ # **General purpose buckets** - If you specify
2221
+ # `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
2222
+ # header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
2223
+ # to use. If you specify `x-amz-server-side-encryption:aws:kms` or
2224
+ # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
2225
+ # `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
2226
+ # Amazon Web Services managed key (`aws/s3`) to protect the data.
2227
+ #
2228
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
2229
+ # with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id`
2230
+ # header is implicitly assigned the ID of the KMS symmetric encryption
2231
+ # customer managed key that's configured for your directory bucket's
2232
+ # default encryption setting. If you want to specify the `
2233
+ # x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
2234
+ # can only specify it with the ID (Key ID or Key ARN) of the KMS
2235
+ # customer managed key that's configured for your directory bucket's
2236
+ # default encryption setting. Otherwise, you get an HTTP `400 Bad
2237
+ # Request` error. Only use the key ID or key ARN. The key alias format
2238
+ # of the KMS key isn't supported. Your SSE-KMS configuration can only
2239
+ # support 1 [customer managed key][1] per directory bucket for the
2240
+ # lifetime of the bucket. The [Amazon Web Services managed key][2]
2241
+ # (`aws/s3`) isn't supported.
2242
+ #
2243
+ #
2244
+ #
2245
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
2246
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
1133
2247
  # @option options [String] :ssekms_encryption_context
1134
2248
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1135
- # object encryption. The value of this header is a base64-encoded UTF-8
1136
- # string holding JSON with the encryption context key-value pairs.
2249
+ # object encryption. The value of this header is a Base64-encoded string
2250
+ # of a UTF-8 encoded JSON, which contains the encryption context as
2251
+ # key-value pairs.
2252
+ #
2253
+ # **Directory buckets** - You can optionally provide an explicit
2254
+ # encryption context value. The value must match the default encryption
2255
+ # context - the bucket Amazon Resource Name (ARN). An additional
2256
+ # encryption context value is not supported.
1137
2257
  # @option options [Boolean] :bucket_key_enabled
1138
2258
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1139
2259
  # encryption with server-side encryption using Key Management Service
1140
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
1141
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
2260
+ # (KMS) keys (SSE-KMS).
1142
2261
  #
1143
- # Specifying this header with an object action doesn’t affect
2262
+ # **General purpose buckets** - Setting this header to `true` causes
2263
+ # Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
2264
+ # Also, specifying this header with a PUT action doesn't affect
1144
2265
  # bucket-level settings for S3 Bucket Key.
2266
+ #
2267
+ # **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
2268
+ # and `PUT` operations in a directory bucket and can’t be disabled. S3
2269
+ # Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
2270
+ # from general purpose buckets to directory buckets, from directory
2271
+ # buckets to general purpose buckets, or between directory buckets,
2272
+ # through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
2273
+ # Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
2274
+ # makes a call to KMS every time a copy request is made for a
2275
+ # KMS-encrypted object.
2276
+ #
2277
+ #
2278
+ #
2279
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2280
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2281
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
2282
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
1145
2283
  # @option options [String] :request_payer
1146
2284
  # Confirms that the requester knows that they will be charged for the
1147
2285
  # request. Bucket owners need not specify this parameter in their
1148
- # requests. If either the source or destination Amazon S3 bucket has
1149
- # Requester Pays enabled, the requester will pay for corresponding
1150
- # charges to copy the object. For information about downloading objects
1151
- # from Requester Pays buckets, see [Downloading Objects in Requester
1152
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2286
+ # requests. If either the source or destination S3 bucket has Requester
2287
+ # Pays enabled, the requester will pay for corresponding charges to copy
2288
+ # the object. For information about downloading objects from Requester
2289
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2290
+ # in the *Amazon S3 User Guide*.
2291
+ #
2292
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2293
+ #
2294
+ # </note>
1153
2295
  #
1154
2296
  #
1155
2297
  #
@@ -1157,20 +2299,36 @@ module Aws::S3
1157
2299
  # @option options [String] :tagging
1158
2300
  # The tag-set for the object. The tag-set must be encoded as URL Query
1159
2301
  # parameters.
2302
+ #
2303
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2304
+ #
2305
+ # </note>
1160
2306
  # @option options [String] :object_lock_mode
1161
2307
  # Specifies the Object Lock mode that you want to apply to the uploaded
1162
2308
  # object.
2309
+ #
2310
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2311
+ #
2312
+ # </note>
1163
2313
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1164
2314
  # Specifies the date and time when you want the Object Lock to expire.
2315
+ #
2316
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2317
+ #
2318
+ # </note>
1165
2319
  # @option options [String] :object_lock_legal_hold_status
1166
2320
  # Specifies whether you want to apply a legal hold to the uploaded
1167
2321
  # object.
2322
+ #
2323
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2324
+ #
2325
+ # </note>
1168
2326
  # @option options [String] :expected_bucket_owner
1169
- # The account ID of the expected bucket owner. If the bucket is owned by
1170
- # a different account, the request fails with the HTTP status code `403
1171
- # Forbidden` (access denied).
2327
+ # The account ID of the expected bucket owner. If the account ID that
2328
+ # you provide does not match the actual owner of the bucket, the request
2329
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1172
2330
  # @option options [String] :checksum_algorithm
1173
- # Indicates the algorithm you want Amazon S3 to use to create the
2331
+ # Indicates the algorithm that you want Amazon S3 to use to create the
1174
2332
  # checksum for the object. For more information, see [Checking object
1175
2333
  # integrity][1] in the *Amazon S3 User Guide*.
1176
2334
  #
@@ -1183,7 +2341,7 @@ module Aws::S3
1183
2341
  bucket: @bucket_name,
1184
2342
  key: @key
1185
2343
  )
1186
- resp = Aws::Plugins::UserAgent.feature('resource') do
2344
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1187
2345
  @client.create_multipart_upload(options)
1188
2346
  end
1189
2347
  MultipartUpload.new(
@@ -1212,15 +2370,18 @@ module Aws::S3
1212
2370
  # checksum_sha1: "ChecksumSHA1",
1213
2371
  # checksum_sha256: "ChecksumSHA256",
1214
2372
  # expires: Time.now,
2373
+ # if_match: "IfMatch",
2374
+ # if_none_match: "IfNoneMatch",
1215
2375
  # grant_full_control: "GrantFullControl",
1216
2376
  # grant_read: "GrantRead",
1217
2377
  # grant_read_acp: "GrantReadACP",
1218
2378
  # grant_write_acp: "GrantWriteACP",
2379
+ # write_offset_bytes: 1,
1219
2380
  # metadata: {
1220
2381
  # "MetadataKey" => "MetadataValue",
1221
2382
  # },
1222
2383
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1223
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
2384
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1224
2385
  # website_redirect_location: "WebsiteRedirectLocation",
1225
2386
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1226
2387
  # sse_customer_key: "SSECustomerKey",
@@ -1238,13 +2399,41 @@ module Aws::S3
1238
2399
  # @param [Hash] options ({})
1239
2400
  # @option options [String] :acl
1240
2401
  # The canned ACL to apply to the object. For more information, see
1241
- # [Canned ACL][1].
2402
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
2403
+ #
2404
+ # When adding a new object, you can use headers to grant ACL-based
2405
+ # permissions to individual Amazon Web Services accounts or to
2406
+ # predefined groups defined by Amazon S3. These permissions are then
2407
+ # added to the ACL on the object. By default, all objects are private.
2408
+ # Only the owner has full access control. For more information, see
2409
+ # [Access Control List (ACL) Overview][2] and [Managing ACLs Using the
2410
+ # REST API][3] in the *Amazon S3 User Guide*.
2411
+ #
2412
+ # If the bucket that you're uploading objects to uses the bucket owner
2413
+ # enforced setting for S3 Object Ownership, ACLs are disabled and no
2414
+ # longer affect permissions. Buckets that use this setting only accept
2415
+ # PUT requests that don't specify an ACL or PUT requests that specify
2416
+ # bucket owner full control ACLs, such as the
2417
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
2418
+ # ACL expressed in the XML format. PUT requests that contain other ACLs
2419
+ # (for example, custom grants to certain Amazon Web Services accounts)
2420
+ # fail and return a `400` error with the error code
2421
+ # `AccessControlListNotSupported`. For more information, see [
2422
+ # Controlling ownership of objects and disabling ACLs][4] in the *Amazon
2423
+ # S3 User Guide*.
2424
+ #
2425
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2426
+ #
2427
+ # * This functionality is not supported for Amazon S3 on Outposts.
1242
2428
  #
1243
- # This action is not supported by Amazon S3 on Outposts.
2429
+ # </note>
1244
2430
  #
1245
2431
  #
1246
2432
  #
1247
2433
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
2434
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
2435
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
2436
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
1248
2437
  # @option options [String, StringIO, File] :body
1249
2438
  # Object data.
1250
2439
  # @option options [String] :cache_control
@@ -1291,9 +2480,22 @@ module Aws::S3
1291
2480
  # information about REST request authentication, see [REST
1292
2481
  # Authentication][1].
1293
2482
  #
2483
+ # <note markdown="1"> The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required
2484
+ # for any request to upload an object with a retention period configured
2485
+ # using Amazon S3 Object Lock. For more information, see [Uploading
2486
+ # objects to an Object Lock enabled bucket ][2] in the *Amazon S3 User
2487
+ # Guide*.
2488
+ #
2489
+ # </note>
2490
+ #
2491
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2492
+ #
2493
+ # </note>
2494
+ #
1294
2495
  #
1295
2496
  #
1296
2497
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
2498
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
1297
2499
  # @option options [String] :content_type
1298
2500
  # A standard MIME type describing the format of the contents. For more
1299
2501
  # information, see
@@ -1304,25 +2506,53 @@ module Aws::S3
1304
2506
  # [1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type
1305
2507
  # @option options [String] :checksum_algorithm
1306
2508
  # Indicates the algorithm used to create the checksum for the object
1307
- # when using the SDK. This header will not provide any additional
1308
- # functionality if not using the SDK. When sending this header, there
1309
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1310
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1311
- # `400 Bad Request`. For more information, see [Checking object
1312
- # integrity][1] in the *Amazon S3 User Guide*.
2509
+ # when you use the SDK. This header will not provide any additional
2510
+ # functionality if you don't use the SDK. When you send this header,
2511
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
2512
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
2513
+ # with the HTTP status code `400 Bad Request`.
1313
2514
  #
1314
- # If you provide an individual checksum, Amazon S3 ignores any provided
1315
- # `ChecksumAlgorithm` parameter.
2515
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
2516
+ # the supported algorithm from the following list:
2517
+ #
2518
+ # * `CRC32`
2519
+ #
2520
+ # * `CRC32C`
2521
+ #
2522
+ # * `SHA1`
2523
+ #
2524
+ # * `SHA256`
2525
+ #
2526
+ # For more information, see [Checking object integrity][1] in the
2527
+ # *Amazon S3 User Guide*.
2528
+ #
2529
+ # If the individual checksum value you provide through
2530
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
2531
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
2532
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
2533
+ # that matches the provided value in `x-amz-checksum-algorithm `.
2534
+ #
2535
+ # <note markdown="1"> The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required
2536
+ # for any request to upload an object with a retention period configured
2537
+ # using Amazon S3 Object Lock. For more information, see [Uploading
2538
+ # objects to an Object Lock enabled bucket ][2] in the *Amazon S3 User
2539
+ # Guide*.
2540
+ #
2541
+ # </note>
2542
+ #
2543
+ # For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
2544
+ # is the default checksum algorithm that's used for performance.
1316
2545
  #
1317
2546
  #
1318
2547
  #
1319
2548
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
2549
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
1320
2550
  # @option options [String] :checksum_crc32
1321
2551
  # This header can be used as a data integrity check to verify that the
1322
2552
  # data received is the same data that was originally sent. This header
1323
- # specifies the base64-encoded, 32-bit CRC32 checksum of the object. For
1324
- # more information, see [Checking object integrity][1] in the *Amazon S3
1325
- # User Guide*.
2553
+ # specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
2554
+ # For more information, see [Checking object integrity][1] in the
2555
+ # *Amazon S3 User Guide*.
1326
2556
  #
1327
2557
  #
1328
2558
  #
@@ -1330,7 +2560,7 @@ module Aws::S3
1330
2560
  # @option options [String] :checksum_crc32c
1331
2561
  # This header can be used as a data integrity check to verify that the
1332
2562
  # data received is the same data that was originally sent. This header
1333
- # specifies the base64-encoded, 32-bit CRC32C checksum of the object.
2563
+ # specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
1334
2564
  # For more information, see [Checking object integrity][1] in the
1335
2565
  # *Amazon S3 User Guide*.
1336
2566
  #
@@ -1365,35 +2595,165 @@ module Aws::S3
1365
2595
  #
1366
2596
  #
1367
2597
  # [1]: https://www.rfc-editor.org/rfc/rfc7234#section-5.3
2598
+ # @option options [String] :if_match
2599
+ # Uploads the object only if the ETag (entity tag) value provided during
2600
+ # the WRITE operation matches the ETag of the object in S3. If the ETag
2601
+ # values do not match, the operation returns a `412 Precondition Failed`
2602
+ # error.
2603
+ #
2604
+ # If a conflicting operation occurs during the upload S3 returns a `409
2605
+ # ConditionalRequestConflict` response. On a 409 failure you should
2606
+ # fetch the object's ETag and retry the upload.
2607
+ #
2608
+ # Expects the ETag value as a string.
2609
+ #
2610
+ # For more information about conditional requests, see [RFC 7232][1], or
2611
+ # [Conditional requests][2] in the *Amazon S3 User Guide*.
2612
+ #
2613
+ #
2614
+ #
2615
+ # [1]: https://tools.ietf.org/html/rfc7232
2616
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
2617
+ # @option options [String] :if_none_match
2618
+ # Uploads the object only if the object key name does not already exist
2619
+ # in the bucket specified. Otherwise, Amazon S3 returns a `412
2620
+ # Precondition Failed` error.
2621
+ #
2622
+ # If a conflicting operation occurs during the upload S3 returns a `409
2623
+ # ConditionalRequestConflict` response. On a 409 failure you should
2624
+ # retry the upload.
2625
+ #
2626
+ # Expects the '*' (asterisk) character.
2627
+ #
2628
+ # For more information about conditional requests, see [RFC 7232][1], or
2629
+ # [Conditional requests][2] in the *Amazon S3 User Guide*.
2630
+ #
2631
+ #
2632
+ #
2633
+ # [1]: https://tools.ietf.org/html/rfc7232
2634
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
1368
2635
  # @option options [String] :grant_full_control
1369
2636
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1370
2637
  # object.
1371
2638
  #
1372
- # This action is not supported by Amazon S3 on Outposts.
2639
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2640
+ #
2641
+ # * This functionality is not supported for Amazon S3 on Outposts.
2642
+ #
2643
+ # </note>
1373
2644
  # @option options [String] :grant_read
1374
2645
  # Allows grantee to read the object data and its metadata.
1375
2646
  #
1376
- # This action is not supported by Amazon S3 on Outposts.
2647
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2648
+ #
2649
+ # * This functionality is not supported for Amazon S3 on Outposts.
2650
+ #
2651
+ # </note>
1377
2652
  # @option options [String] :grant_read_acp
1378
2653
  # Allows grantee to read the object ACL.
1379
2654
  #
1380
- # This action is not supported by Amazon S3 on Outposts.
2655
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2656
+ #
2657
+ # * This functionality is not supported for Amazon S3 on Outposts.
2658
+ #
2659
+ # </note>
1381
2660
  # @option options [String] :grant_write_acp
1382
2661
  # Allows grantee to write the ACL for the applicable object.
1383
2662
  #
1384
- # This action is not supported by Amazon S3 on Outposts.
2663
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2664
+ #
2665
+ # * This functionality is not supported for Amazon S3 on Outposts.
2666
+ #
2667
+ # </note>
2668
+ # @option options [Integer] :write_offset_bytes
2669
+ # Specifies the offset for appending data to existing objects in bytes.
2670
+ # The offset must be equal to the size of the existing object being
2671
+ # appended to. If no object exists, setting this header to 0 will create
2672
+ # a new object.
2673
+ #
2674
+ # <note markdown="1"> This functionality is only supported for objects in the Amazon S3
2675
+ # Express One Zone storage class in directory buckets.
2676
+ #
2677
+ # </note>
1385
2678
  # @option options [Hash<String,String>] :metadata
1386
2679
  # A map of metadata to store with the object in S3.
1387
2680
  # @option options [String] :server_side_encryption
1388
- # The server-side encryption algorithm used when storing this object in
1389
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
2681
+ # The server-side encryption algorithm that was used when you store this
2682
+ # object in Amazon S3 (for example, `AES256`, `aws:kms`,
2683
+ # `aws:kms:dsse`).
2684
+ #
2685
+ # * <b>General purpose buckets </b> - You have four mutually exclusive
2686
+ # options to protect data using server-side encryption in Amazon S3,
2687
+ # depending on how you choose to manage the encryption keys.
2688
+ # Specifically, the encryption key options are Amazon S3 managed keys
2689
+ # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2690
+ # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2691
+ # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2692
+ # default. You can optionally tell Amazon S3 to encrypt data at rest
2693
+ # by using server-side encryption with other key options. For more
2694
+ # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2695
+ # User Guide*.
2696
+ #
2697
+ # * <b>Directory buckets </b> - For directory buckets, there are only
2698
+ # two supported options for server-side encryption: server-side
2699
+ # encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
2700
+ # server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
2701
+ # recommend that the bucket's default encryption uses the desired
2702
+ # encryption configuration and you don't override the bucket default
2703
+ # encryption in your `CreateSession` requests or `PUT` object
2704
+ # requests. Then, new objects are automatically encrypted with the
2705
+ # desired encryption settings. For more information, see [Protecting
2706
+ # data with server-side encryption][2] in the *Amazon S3 User Guide*.
2707
+ # For more information about the encryption overriding behaviors in
2708
+ # directory buckets, see [Specifying server-side encryption with KMS
2709
+ # for new object uploads][3].
2710
+ #
2711
+ # In the Zonal endpoint API calls (except [CopyObject][4] and
2712
+ # [UploadPartCopy][5]) using the REST API, the encryption request
2713
+ # headers must match the encryption settings that are specified in the
2714
+ # `CreateSession` request. You can't override the values of the
2715
+ # encryption settings (`x-amz-server-side-encryption`,
2716
+ # `x-amz-server-side-encryption-aws-kms-key-id`,
2717
+ # `x-amz-server-side-encryption-context`, and
2718
+ # `x-amz-server-side-encryption-bucket-key-enabled`) that are
2719
+ # specified in the `CreateSession` request. You don't need to
2720
+ # explicitly specify these encryption settings values in Zonal
2721
+ # endpoint API calls, and Amazon S3 will use the encryption settings
2722
+ # values from the `CreateSession` request to protect new objects in
2723
+ # the directory bucket.
2724
+ #
2725
+ # <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
2726
+ # `CreateSession`, the session token refreshes automatically to avoid
2727
+ # service interruptions when a session expires. The CLI or the Amazon
2728
+ # Web Services SDKs use the bucket's default encryption configuration
2729
+ # for the `CreateSession` request. It's not supported to override the
2730
+ # encryption settings values in the `CreateSession` request. So in the
2731
+ # Zonal endpoint API calls (except [CopyObject][4] and
2732
+ # [UploadPartCopy][5]), the encryption request headers must match the
2733
+ # default encryption configuration of the directory bucket.
2734
+ #
2735
+ # </note>
2736
+ #
2737
+ #
2738
+ #
2739
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
2740
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
2741
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
2742
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2743
+ # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
1390
2744
  # @option options [String] :storage_class
1391
2745
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1392
2746
  # created objects. The STANDARD storage class provides high durability
1393
2747
  # and high availability. Depending on performance needs, you can specify
1394
- # a different Storage Class. Amazon S3 on Outposts only uses the
1395
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1396
- # in the *Amazon S3 User Guide*.
2748
+ # a different Storage Class. For more information, see [Storage
2749
+ # Classes][1] in the *Amazon S3 User Guide*.
2750
+ #
2751
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
2752
+ # supported to store newly created objects.
2753
+ #
2754
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
2755
+ #
2756
+ # </note>
1397
2757
  #
1398
2758
  #
1399
2759
  #
@@ -1402,7 +2762,8 @@ module Aws::S3
1402
2762
  # If the bucket is configured as a website, redirects requests for this
1403
2763
  # object to another object in the same bucket or to an external URL.
1404
2764
  # Amazon S3 stores the value of this header in the object metadata. For
1405
- # information about object metadata, see [Object Key and Metadata][1].
2765
+ # information about object metadata, see [Object Key and Metadata][1] in
2766
+ # the *Amazon S3 User Guide*.
1406
2767
  #
1407
2768
  # In the following example, the request header sets the redirect to an
1408
2769
  # object (anotherPage.html) in the same bucket:
@@ -1416,7 +2777,11 @@ module Aws::S3
1416
2777
  #
1417
2778
  # For more information about website hosting in Amazon S3, see [Hosting
1418
2779
  # Websites on Amazon S3][2] and [How to Configure Website Page
1419
- # Redirects][3].
2780
+ # Redirects][3] in the *Amazon S3 User Guide*.
2781
+ #
2782
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2783
+ #
2784
+ # </note>
1420
2785
  #
1421
2786
  #
1422
2787
  #
@@ -1424,52 +2789,123 @@ module Aws::S3
1424
2789
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
1425
2790
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
1426
2791
  # @option options [String] :sse_customer_algorithm
1427
- # Specifies the algorithm to use to when encrypting the object (for
1428
- # example, AES256).
2792
+ # Specifies the algorithm to use when encrypting the object (for
2793
+ # example, `AES256`).
2794
+ #
2795
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2796
+ #
2797
+ # </note>
1429
2798
  # @option options [String] :sse_customer_key
1430
2799
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1431
2800
  # encrypting data. This value is used to store the object and then it is
1432
2801
  # discarded; Amazon S3 does not store the encryption key. The key must
1433
2802
  # be appropriate for use with the algorithm specified in the
1434
2803
  # `x-amz-server-side-encryption-customer-algorithm` header.
2804
+ #
2805
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2806
+ #
2807
+ # </note>
1435
2808
  # @option options [String] :sse_customer_key_md5
1436
2809
  # Specifies the 128-bit MD5 digest of the encryption key according to
1437
2810
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1438
2811
  # ensure that the encryption key was transmitted without error.
2812
+ #
2813
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2814
+ #
2815
+ # </note>
1439
2816
  # @option options [String] :ssekms_key_id
1440
- # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
1441
- # `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key
1442
- # Alias) of the Key Management Service (KMS) symmetric encryption
1443
- # customer managed key that was used for the object. If you specify
1444
- # `x-amz-server-side-encryption:aws:kms` or
1445
- # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
1446
- # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
1447
- # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
1448
- # KMS key does not exist in the same account that's issuing the
1449
- # command, you must use the full ARN and not just the ID.
2817
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
2818
+ # object encryption. If the KMS key doesn't exist in the same account
2819
+ # that's issuing the command, you must use the full Key ARN not the Key
2820
+ # ID.
2821
+ #
2822
+ # **General purpose buckets** - If you specify
2823
+ # `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
2824
+ # header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
2825
+ # to use. If you specify `x-amz-server-side-encryption:aws:kms` or
2826
+ # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
2827
+ # `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
2828
+ # Amazon Web Services managed key (`aws/s3`) to protect the data.
2829
+ #
2830
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
2831
+ # with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id`
2832
+ # header is implicitly assigned the ID of the KMS symmetric encryption
2833
+ # customer managed key that's configured for your directory bucket's
2834
+ # default encryption setting. If you want to specify the `
2835
+ # x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
2836
+ # can only specify it with the ID (Key ID or Key ARN) of the KMS
2837
+ # customer managed key that's configured for your directory bucket's
2838
+ # default encryption setting. Otherwise, you get an HTTP `400 Bad
2839
+ # Request` error. Only use the key ID or key ARN. The key alias format
2840
+ # of the KMS key isn't supported. Your SSE-KMS configuration can only
2841
+ # support 1 [customer managed key][1] per directory bucket for the
2842
+ # lifetime of the bucket. The [Amazon Web Services managed key][2]
2843
+ # (`aws/s3`) isn't supported.
2844
+ #
2845
+ #
2846
+ #
2847
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
2848
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
1450
2849
  # @option options [String] :ssekms_encryption_context
1451
- # Specifies the Amazon Web Services KMS Encryption Context to use for
1452
- # object encryption. The value of this header is a base64-encoded UTF-8
1453
- # string holding JSON with the encryption context key-value pairs. This
1454
- # value is stored as object metadata and automatically gets passed on to
1455
- # Amazon Web Services KMS for future `GetObject` or `CopyObject`
1456
- # operations on this object.
2850
+ # Specifies the Amazon Web Services KMS Encryption Context as an
2851
+ # additional encryption context to use for object encryption. The value
2852
+ # of this header is a Base64-encoded string of a UTF-8 encoded JSON,
2853
+ # which contains the encryption context as key-value pairs. This value
2854
+ # is stored as object metadata and automatically gets passed on to
2855
+ # Amazon Web Services KMS for future `GetObject` operations on this
2856
+ # object.
2857
+ #
2858
+ # **General purpose buckets** - This value must be explicitly added
2859
+ # during `CopyObject` operations if you want an additional encryption
2860
+ # context for your object. For more information, see [Encryption
2861
+ # context][1] in the *Amazon S3 User Guide*.
2862
+ #
2863
+ # **Directory buckets** - You can optionally provide an explicit
2864
+ # encryption context value. The value must match the default encryption
2865
+ # context - the bucket Amazon Resource Name (ARN). An additional
2866
+ # encryption context value is not supported.
2867
+ #
2868
+ #
2869
+ #
2870
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
1457
2871
  # @option options [Boolean] :bucket_key_enabled
1458
2872
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1459
2873
  # encryption with server-side encryption using Key Management Service
1460
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
1461
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
2874
+ # (KMS) keys (SSE-KMS).
2875
+ #
2876
+ # **General purpose buckets** - Setting this header to `true` causes
2877
+ # Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
2878
+ # Also, specifying this header with a PUT action doesn't affect
2879
+ # bucket-level settings for S3 Bucket Key.
2880
+ #
2881
+ # **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
2882
+ # and `PUT` operations in a directory bucket and can’t be disabled. S3
2883
+ # Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
2884
+ # from general purpose buckets to directory buckets, from directory
2885
+ # buckets to general purpose buckets, or between directory buckets,
2886
+ # through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
2887
+ # Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
2888
+ # makes a call to KMS every time a copy request is made for a
2889
+ # KMS-encrypted object.
1462
2890
  #
1463
- # Specifying this header with a PUT action doesn’t affect bucket-level
1464
- # settings for S3 Bucket Key.
2891
+ #
2892
+ #
2893
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2894
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2895
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
2896
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
1465
2897
  # @option options [String] :request_payer
1466
2898
  # Confirms that the requester knows that they will be charged for the
1467
2899
  # request. Bucket owners need not specify this parameter in their
1468
- # requests. If either the source or destination Amazon S3 bucket has
1469
- # Requester Pays enabled, the requester will pay for corresponding
1470
- # charges to copy the object. For information about downloading objects
1471
- # from Requester Pays buckets, see [Downloading Objects in Requester
1472
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2900
+ # requests. If either the source or destination S3 bucket has Requester
2901
+ # Pays enabled, the requester will pay for corresponding charges to copy
2902
+ # the object. For information about downloading objects from Requester
2903
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2904
+ # in the *Amazon S3 User Guide*.
2905
+ #
2906
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2907
+ #
2908
+ # </note>
1473
2909
  #
1474
2910
  #
1475
2911
  #
@@ -1477,29 +2913,46 @@ module Aws::S3
1477
2913
  # @option options [String] :tagging
1478
2914
  # The tag-set for the object. The tag-set must be encoded as URL Query
1479
2915
  # parameters. (For example, "Key1=Value1")
2916
+ #
2917
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2918
+ #
2919
+ # </note>
1480
2920
  # @option options [String] :object_lock_mode
1481
2921
  # The Object Lock mode that you want to apply to this object.
2922
+ #
2923
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2924
+ #
2925
+ # </note>
1482
2926
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1483
2927
  # The date and time when you want this object's Object Lock to expire.
1484
2928
  # Must be formatted as a timestamp parameter.
2929
+ #
2930
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2931
+ #
2932
+ # </note>
1485
2933
  # @option options [String] :object_lock_legal_hold_status
1486
2934
  # Specifies whether a legal hold will be applied to this object. For
1487
- # more information about S3 Object Lock, see [Object Lock][1].
2935
+ # more information about S3 Object Lock, see [Object Lock][1] in the
2936
+ # *Amazon S3 User Guide*.
2937
+ #
2938
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2939
+ #
2940
+ # </note>
1488
2941
  #
1489
2942
  #
1490
2943
  #
1491
2944
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
1492
2945
  # @option options [String] :expected_bucket_owner
1493
- # The account ID of the expected bucket owner. If the bucket is owned by
1494
- # a different account, the request fails with the HTTP status code `403
1495
- # Forbidden` (access denied).
2946
+ # The account ID of the expected bucket owner. If the account ID that
2947
+ # you provide does not match the actual owner of the bucket, the request
2948
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1496
2949
  # @return [Types::PutObjectOutput]
1497
2950
  def put(options = {})
1498
2951
  options = options.merge(
1499
2952
  bucket: @bucket_name,
1500
2953
  key: @key
1501
2954
  )
1502
- resp = Aws::Plugins::UserAgent.feature('resource') do
2955
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1503
2956
  @client.put_object(options)
1504
2957
  end
1505
2958
  resp.data
@@ -1586,7 +3039,7 @@ module Aws::S3
1586
3039
  # value: "MetadataValue",
1587
3040
  # },
1588
3041
  # ],
1589
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
3042
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1590
3043
  # },
1591
3044
  # },
1592
3045
  # },
@@ -1602,23 +3055,27 @@ module Aws::S3
1602
3055
  # @option options [String] :request_payer
1603
3056
  # Confirms that the requester knows that they will be charged for the
1604
3057
  # request. Bucket owners need not specify this parameter in their
1605
- # requests. If either the source or destination Amazon S3 bucket has
1606
- # Requester Pays enabled, the requester will pay for corresponding
1607
- # charges to copy the object. For information about downloading objects
1608
- # from Requester Pays buckets, see [Downloading Objects in Requester
1609
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
3058
+ # requests. If either the source or destination S3 bucket has Requester
3059
+ # Pays enabled, the requester will pay for corresponding charges to copy
3060
+ # the object. For information about downloading objects from Requester
3061
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
3062
+ # in the *Amazon S3 User Guide*.
3063
+ #
3064
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3065
+ #
3066
+ # </note>
1610
3067
  #
1611
3068
  #
1612
3069
  #
1613
3070
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1614
3071
  # @option options [String] :checksum_algorithm
1615
3072
  # Indicates the algorithm used to create the checksum for the object
1616
- # when using the SDK. This header will not provide any additional
1617
- # functionality if not using the SDK. When sending this header, there
1618
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1619
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1620
- # `400 Bad Request`. For more information, see [Checking object
1621
- # integrity][1] in the *Amazon S3 User Guide*.
3073
+ # when you use the SDK. This header will not provide any additional
3074
+ # functionality if you don't use the SDK. When you send this header,
3075
+ # there must be a corresponding `x-amz-checksum` or `x-amz-trailer`
3076
+ # header sent. Otherwise, Amazon S3 fails the request with the HTTP
3077
+ # status code `400 Bad Request`. For more information, see [Checking
3078
+ # object integrity][1] in the *Amazon S3 User Guide*.
1622
3079
  #
1623
3080
  # If you provide an individual checksum, Amazon S3 ignores any provided
1624
3081
  # `ChecksumAlgorithm` parameter.
@@ -1627,16 +3084,16 @@ module Aws::S3
1627
3084
  #
1628
3085
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
1629
3086
  # @option options [String] :expected_bucket_owner
1630
- # The account ID of the expected bucket owner. If the bucket is owned by
1631
- # a different account, the request fails with the HTTP status code `403
1632
- # Forbidden` (access denied).
3087
+ # The account ID of the expected bucket owner. If the account ID that
3088
+ # you provide does not match the actual owner of the bucket, the request
3089
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1633
3090
  # @return [Types::RestoreObjectOutput]
1634
3091
  def restore_object(options = {})
1635
3092
  options = options.merge(
1636
3093
  bucket: @bucket_name,
1637
3094
  key: @key
1638
3095
  )
1639
- resp = Aws::Plugins::UserAgent.feature('resource') do
3096
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1640
3097
  @client.restore_object(options)
1641
3098
  end
1642
3099
  resp.data
@@ -1650,6 +3107,12 @@ module Aws::S3
1650
3107
  # if_none_match: "IfNoneMatch",
1651
3108
  # if_unmodified_since: Time.now,
1652
3109
  # range: "Range",
3110
+ # response_cache_control: "ResponseCacheControl",
3111
+ # response_content_disposition: "ResponseContentDisposition",
3112
+ # response_content_encoding: "ResponseContentEncoding",
3113
+ # response_content_language: "ResponseContentLanguage",
3114
+ # response_content_type: "ResponseContentType",
3115
+ # response_expires: Time.now,
1653
3116
  # version_id: "ObjectVersionId",
1654
3117
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1655
3118
  # sse_customer_key: "SSECustomerKey",
@@ -1663,43 +3126,136 @@ module Aws::S3
1663
3126
  # @option options [String] :if_match
1664
3127
  # Return the object only if its entity tag (ETag) is the same as the one
1665
3128
  # specified; otherwise, return a 412 (precondition failed) error.
3129
+ #
3130
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
3131
+ # present in the request as follows:
3132
+ #
3133
+ # * `If-Match` condition evaluates to `true`, and;
3134
+ #
3135
+ # * `If-Unmodified-Since` condition evaluates to `false`;
3136
+ #
3137
+ # Then Amazon S3 returns `200 OK` and the data requested.
3138
+ #
3139
+ # For more information about conditional requests, see [RFC 7232][1].
3140
+ #
3141
+ #
3142
+ #
3143
+ # [1]: https://tools.ietf.org/html/rfc7232
1666
3144
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
1667
3145
  # Return the object only if it has been modified since the specified
1668
3146
  # time; otherwise, return a 304 (not modified) error.
3147
+ #
3148
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
3149
+ # present in the request as follows:
3150
+ #
3151
+ # * `If-None-Match` condition evaluates to `false`, and;
3152
+ #
3153
+ # * `If-Modified-Since` condition evaluates to `true`;
3154
+ #
3155
+ # Then Amazon S3 returns the `304 Not Modified` response code.
3156
+ #
3157
+ # For more information about conditional requests, see [RFC 7232][1].
3158
+ #
3159
+ #
3160
+ #
3161
+ # [1]: https://tools.ietf.org/html/rfc7232
1669
3162
  # @option options [String] :if_none_match
1670
3163
  # Return the object only if its entity tag (ETag) is different from the
1671
3164
  # one specified; otherwise, return a 304 (not modified) error.
3165
+ #
3166
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
3167
+ # present in the request as follows:
3168
+ #
3169
+ # * `If-None-Match` condition evaluates to `false`, and;
3170
+ #
3171
+ # * `If-Modified-Since` condition evaluates to `true`;
3172
+ #
3173
+ # Then Amazon S3 returns the `304 Not Modified` response code.
3174
+ #
3175
+ # For more information about conditional requests, see [RFC 7232][1].
3176
+ #
3177
+ #
3178
+ #
3179
+ # [1]: https://tools.ietf.org/html/rfc7232
1672
3180
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
1673
3181
  # Return the object only if it has not been modified since the specified
1674
3182
  # time; otherwise, return a 412 (precondition failed) error.
3183
+ #
3184
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
3185
+ # present in the request as follows:
3186
+ #
3187
+ # * `If-Match` condition evaluates to `true`, and;
3188
+ #
3189
+ # * `If-Unmodified-Since` condition evaluates to `false`;
3190
+ #
3191
+ # Then Amazon S3 returns `200 OK` and the data requested.
3192
+ #
3193
+ # For more information about conditional requests, see [RFC 7232][1].
3194
+ #
3195
+ #
3196
+ #
3197
+ # [1]: https://tools.ietf.org/html/rfc7232
1675
3198
  # @option options [String] :range
1676
3199
  # HeadObject returns only the metadata for an object. If the Range is
1677
3200
  # satisfiable, only the `ContentLength` is affected in the response. If
1678
3201
  # the Range is not satisfiable, S3 returns a `416 - Requested Range Not
1679
3202
  # Satisfiable` error.
3203
+ # @option options [String] :response_cache_control
3204
+ # Sets the `Cache-Control` header of the response.
3205
+ # @option options [String] :response_content_disposition
3206
+ # Sets the `Content-Disposition` header of the response.
3207
+ # @option options [String] :response_content_encoding
3208
+ # Sets the `Content-Encoding` header of the response.
3209
+ # @option options [String] :response_content_language
3210
+ # Sets the `Content-Language` header of the response.
3211
+ # @option options [String] :response_content_type
3212
+ # Sets the `Content-Type` header of the response.
3213
+ # @option options [Time,DateTime,Date,Integer,String] :response_expires
3214
+ # Sets the `Expires` header of the response.
1680
3215
  # @option options [String] :version_id
1681
- # VersionId used to reference a specific version of the object.
3216
+ # Version ID used to reference a specific version of the object.
3217
+ #
3218
+ # <note markdown="1"> For directory buckets in this API operation, only the `null` value of
3219
+ # the version ID is supported.
3220
+ #
3221
+ # </note>
1682
3222
  # @option options [String] :sse_customer_algorithm
1683
- # Specifies the algorithm to use to when encrypting the object (for
3223
+ # Specifies the algorithm to use when encrypting the object (for
1684
3224
  # example, AES256).
3225
+ #
3226
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3227
+ #
3228
+ # </note>
1685
3229
  # @option options [String] :sse_customer_key
1686
3230
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1687
3231
  # encrypting data. This value is used to store the object and then it is
1688
3232
  # discarded; Amazon S3 does not store the encryption key. The key must
1689
3233
  # be appropriate for use with the algorithm specified in the
1690
3234
  # `x-amz-server-side-encryption-customer-algorithm` header.
3235
+ #
3236
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3237
+ #
3238
+ # </note>
1691
3239
  # @option options [String] :sse_customer_key_md5
1692
3240
  # Specifies the 128-bit MD5 digest of the encryption key according to
1693
3241
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1694
3242
  # ensure that the encryption key was transmitted without error.
3243
+ #
3244
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3245
+ #
3246
+ # </note>
1695
3247
  # @option options [String] :request_payer
1696
3248
  # Confirms that the requester knows that they will be charged for the
1697
3249
  # request. Bucket owners need not specify this parameter in their
1698
- # requests. If either the source or destination Amazon S3 bucket has
1699
- # Requester Pays enabled, the requester will pay for corresponding
1700
- # charges to copy the object. For information about downloading objects
1701
- # from Requester Pays buckets, see [Downloading Objects in Requester
1702
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
3250
+ # requests. If either the source or destination S3 bucket has Requester
3251
+ # Pays enabled, the requester will pay for corresponding charges to copy
3252
+ # the object. For information about downloading objects from Requester
3253
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
3254
+ # in the *Amazon S3 User Guide*.
3255
+ #
3256
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3257
+ #
3258
+ # </note>
1703
3259
  #
1704
3260
  #
1705
3261
  #
@@ -1710,23 +3266,33 @@ module Aws::S3
1710
3266
  # for the part specified. Useful querying about the size of the part and
1711
3267
  # the number of parts in this object.
1712
3268
  # @option options [String] :expected_bucket_owner
1713
- # The account ID of the expected bucket owner. If the bucket is owned by
1714
- # a different account, the request fails with the HTTP status code `403
1715
- # Forbidden` (access denied).
3269
+ # The account ID of the expected bucket owner. If the account ID that
3270
+ # you provide does not match the actual owner of the bucket, the request
3271
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1716
3272
  # @option options [String] :checksum_mode
1717
3273
  # To retrieve the checksum, this parameter must be enabled.
1718
3274
  #
1719
- # In addition, if you enable `ChecksumMode` and the object is encrypted
1720
- # with Amazon Web Services Key Management Service (Amazon Web Services
1721
- # KMS), you must have permission to use the `kms:Decrypt` action for the
1722
- # request to succeed.
3275
+ # **General purpose buckets** - If you enable checksum mode and the
3276
+ # object is uploaded with a [checksum][1] and encrypted with an Key
3277
+ # Management Service (KMS) key, you must have permission to use the
3278
+ # `kms:Decrypt` action to retrieve the checksum.
3279
+ #
3280
+ # **Directory buckets** - If you enable `ChecksumMode` and the object is
3281
+ # encrypted with Amazon Web Services Key Management Service (Amazon Web
3282
+ # Services KMS), you must also have the `kms:GenerateDataKey` and
3283
+ # `kms:Decrypt` permissions in IAM identity-based policies and KMS key
3284
+ # policies for the KMS key to retrieve the checksum of the object.
3285
+ #
3286
+ #
3287
+ #
3288
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
1723
3289
  # @return [Types::HeadObjectOutput]
1724
3290
  def head(options = {})
1725
3291
  options = options.merge(
1726
3292
  bucket: @bucket_name,
1727
3293
  key: @key
1728
3294
  )
1729
- resp = Aws::Plugins::UserAgent.feature('resource') do
3295
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1730
3296
  @client.head_object(options)
1731
3297
  end
1732
3298
  resp.data
@@ -1853,14 +3419,35 @@ module Aws::S3
1853
3419
  # space, and the value that is displayed on your authentication device.
1854
3420
  # Required to permanently delete a versioned object if versioning is
1855
3421
  # configured with MFA delete enabled.
3422
+ #
3423
+ # When performing the `DeleteObjects` operation on an MFA delete enabled
3424
+ # bucket, which attempts to delete the specified versioned objects, you
3425
+ # must include an MFA token. If you don't provide an MFA token, the
3426
+ # entire request will fail, even if there are non-versioned objects that
3427
+ # you are trying to delete. If you provide an invalid token, whether
3428
+ # there are versioned object keys in the request or not, the entire
3429
+ # Multi-Object Delete request will fail. For information about MFA
3430
+ # Delete, see [ MFA Delete][1] in the *Amazon S3 User Guide*.
3431
+ #
3432
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3433
+ #
3434
+ # </note>
3435
+ #
3436
+ #
3437
+ #
3438
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete
1856
3439
  # @option options [String] :request_payer
1857
3440
  # Confirms that the requester knows that they will be charged for the
1858
3441
  # request. Bucket owners need not specify this parameter in their
1859
- # requests. If either the source or destination Amazon S3 bucket has
1860
- # Requester Pays enabled, the requester will pay for corresponding
1861
- # charges to copy the object. For information about downloading objects
1862
- # from Requester Pays buckets, see [Downloading Objects in Requester
1863
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
3442
+ # requests. If either the source or destination S3 bucket has Requester
3443
+ # Pays enabled, the requester will pay for corresponding charges to copy
3444
+ # the object. For information about downloading objects from Requester
3445
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
3446
+ # in the *Amazon S3 User Guide*.
3447
+ #
3448
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3449
+ #
3450
+ # </note>
1864
3451
  #
1865
3452
  #
1866
3453
  #
@@ -1869,25 +3456,45 @@ module Aws::S3
1869
3456
  # Specifies whether you want to delete this object even if it has a
1870
3457
  # Governance-type Object Lock in place. To use this header, you must
1871
3458
  # have the `s3:BypassGovernanceRetention` permission.
3459
+ #
3460
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3461
+ #
3462
+ # </note>
1872
3463
  # @option options [String] :expected_bucket_owner
1873
- # The account ID of the expected bucket owner. If the bucket is owned by
1874
- # a different account, the request fails with the HTTP status code `403
1875
- # Forbidden` (access denied).
3464
+ # The account ID of the expected bucket owner. If the account ID that
3465
+ # you provide does not match the actual owner of the bucket, the request
3466
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1876
3467
  # @option options [String] :checksum_algorithm
1877
3468
  # Indicates the algorithm used to create the checksum for the object
1878
- # when using the SDK. This header will not provide any additional
1879
- # functionality if not using the SDK. When sending this header, there
1880
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1881
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1882
- # `400 Bad Request`. For more information, see [Checking object
1883
- # integrity][1] in the *Amazon S3 User Guide*.
3469
+ # when you use the SDK. This header will not provide any additional
3470
+ # functionality if you don't use the SDK. When you send this header,
3471
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
3472
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
3473
+ # with the HTTP status code `400 Bad Request`.
3474
+ #
3475
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
3476
+ # the supported algorithm from the following list:
3477
+ #
3478
+ # * `CRC32`
3479
+ #
3480
+ # * `CRC32C`
3481
+ #
3482
+ # * `SHA1`
3483
+ #
3484
+ # * `SHA256`
3485
+ #
3486
+ # For more information, see [Checking object integrity][1] in the
3487
+ # *Amazon S3 User Guide*.
3488
+ #
3489
+ # If the individual checksum value you provide through
3490
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
3491
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
3492
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
3493
+ # that matches the provided value in `x-amz-checksum-algorithm `.
1884
3494
  #
1885
3495
  # If you provide an individual checksum, Amazon S3 ignores any provided
1886
3496
  # `ChecksumAlgorithm` parameter.
1887
3497
  #
1888
- # This checksum algorithm must be the same for all parts and it match
1889
- # the checksum value supplied in the `CreateMultipartUpload` request.
1890
- #
1891
3498
  #
1892
3499
  #
1893
3500
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
@@ -1903,7 +3510,7 @@ module Aws::S3
1903
3510
  key: item.key
1904
3511
  }
1905
3512
  end
1906
- Aws::Plugins::UserAgent.feature('resource') do
3513
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1907
3514
  batch[0].client.delete_objects(params)
1908
3515
  end
1909
3516
  end
@@ -1915,3 +3522,6 @@ module Aws::S3
1915
3522
  end
1916
3523
  end
1917
3524
  end
3525
+
3526
+ # Load customizations if they exist
3527
+ require 'aws-sdk-s3/customizations/object'