aws-sdk-s3 1.136.0 → 1.176.1

data/lib/aws-sdk-s3/customizations/bucket.rb

@@ -134,7 +134,7 @@ module Aws
 
       # @api private
       def load
-        @data = Aws::Plugins::UserAgent.feature('resource') do
+        @data = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           client.list_buckets.buckets.find { |b| b.name == name }
         end
         raise "unable to load bucket #{name}" if @data.nil?

data/lib/aws-sdk-s3/customizations/errors.rb

@@ -3,8 +3,8 @@
 module Aws
   module S3
     module Errors
-      # Hijack PermanentRedirect dynamic error to also include endpoint
-      # and bucket.
+      # Hijack PermanentRedirect dynamic error to include the bucket, region,
+      # and endpoint.
       class PermanentRedirect < ServiceError
         # @param [Seahorse::Client::RequestContext] context
         # @param [String] message
@@ -22,6 +22,19 @@ module Aws
           super(context, message, data)
         end
       end
+
+      # Hijack PermanentRedirect (HeadBucket case - no body) dynamic error to
+      # include the region.
+      class Http301Error < ServiceError
+        # @param [Seahorse::Client::RequestContext] context
+        # @param [String] message
+        # @param [Aws::S3::Types::PermanentRedirect] _data
+        def initialize(context, message, _data = Aws::EmptyStructure.new)
+          data = Aws::S3::Types::PermanentRedirect.new(message: message)
+          data.region = context.http_response.headers['x-amz-bucket-region']
+          super(context, message, data)
+        end
+      end
     end
   end
 end

data/lib/aws-sdk-s3/customizations/object.rb

@@ -76,7 +76,7 @@ module Aws
       # @see #copy_to
       #
       def copy_from(source, options = {})
-        Aws::Plugins::UserAgent.feature('resource') do
+        Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           if Hash === source && source[:copy_source]
             # for backwards compatibility
             @client.copy_object(source.merge(bucket: bucket_name, key: key))
@@ -119,7 +119,7 @@ module Aws
       #   object.copy_to('src-bucket/src-key', multipart_copy: true)
       #
       def copy_to(target, options = {})
-        Aws::Plugins::UserAgent.feature('resource') do
+        Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           ObjectCopier.new(self, options).copy_to(target, options)
         end
       end
@@ -390,7 +390,7 @@ module Aws
           tempfile: uploading_options.delete(:tempfile),
           part_size: uploading_options.delete(:part_size)
         )
-        Aws::Plugins::UserAgent.feature('resource') do
+        Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           uploader.upload(
             uploading_options.merge(bucket: bucket_name, key: key),
             &block
@@ -473,7 +473,7 @@ module Aws
           multipart_threshold: uploading_options.delete(:multipart_threshold),
           client: client
         )
-        response = Aws::Plugins::UserAgent.feature('resource') do
+        response = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           uploader.upload(
             source,
             uploading_options.merge(bucket: bucket_name, key: key)
@@ -551,7 +551,7 @@ module Aws
       # @see Client#head_object
       def download_file(destination, options = {})
         downloader = FileDownloader.new(client: client)
-        Aws::Plugins::UserAgent.feature('resource') do
+        Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           downloader.download(
             destination,
             options.merge(bucket: bucket_name, key: key)
@@ -559,6 +559,12 @@ module Aws
         end
         true
       end
+
+      class Collection < Aws::Resources::Collection
+        alias_method :delete, :batch_delete!
+        extend Aws::Deprecations
+        deprecated :delete, use: :batch_delete!
+      end
     end
   end
 end

data/lib/aws-sdk-s3/customizations/object_summary.rb

@@ -80,6 +80,11 @@ module Aws
         object.download_file(destination, options)
       end
 
+      class Collection < Aws::Resources::Collection
+        alias_method :delete, :batch_delete!
+        extend Aws::Deprecations
+        deprecated :delete, use: :batch_delete!
+      end
     end
   end
 end

data/lib/aws-sdk-s3/customizations/object_version.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    class ObjectVersion
+      class Collection < Aws::Resources::Collection
+        alias_method :delete, :batch_delete!
+        extend Aws::Deprecations
+        deprecated :delete, use: :batch_delete!
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/customizations.rb

@@ -1,36 +1,30 @@
 # frozen_string_literal: true
 
-# utility classes
-require 'aws-sdk-s3/bucket_region_cache'
-require 'aws-sdk-s3/encryption'
-require 'aws-sdk-s3/encryption_v2'
-require 'aws-sdk-s3/file_part'
-require 'aws-sdk-s3/file_uploader'
-require 'aws-sdk-s3/file_downloader'
-require 'aws-sdk-s3/legacy_signer'
-require 'aws-sdk-s3/multipart_file_uploader'
-require 'aws-sdk-s3/multipart_stream_uploader'
-require 'aws-sdk-s3/multipart_upload_error'
-require 'aws-sdk-s3/object_copier'
-require 'aws-sdk-s3/object_multipart_copier'
-require 'aws-sdk-s3/presigned_post'
-require 'aws-sdk-s3/presigner'
+module Aws
+  module S3
+    # utility classes
+    autoload :BucketRegionCache, 'aws-sdk-s3/bucket_region_cache'
+    autoload :Encryption, 'aws-sdk-s3/encryption'
+    autoload :EncryptionV2, 'aws-sdk-s3/encryption_v2'
+    autoload :FilePart, 'aws-sdk-s3/file_part'
+    autoload :FileUploader, 'aws-sdk-s3/file_uploader'
+    autoload :FileDownloader, 'aws-sdk-s3/file_downloader'
+    autoload :LegacySigner, 'aws-sdk-s3/legacy_signer'
+    autoload :MultipartFileUploader, 'aws-sdk-s3/multipart_file_uploader'
+    autoload :MultipartStreamUploader, 'aws-sdk-s3/multipart_stream_uploader'
+    autoload :MultipartUploadError, 'aws-sdk-s3/multipart_upload_error'
+    autoload :ObjectCopier, 'aws-sdk-s3/object_copier'
+    autoload :ObjectMultipartCopier, 'aws-sdk-s3/object_multipart_copier'
+    autoload :PresignedPost, 'aws-sdk-s3/presigned_post'
+    autoload :Presigner, 'aws-sdk-s3/presigner'
 
-# customizations to generated classes
-require 'aws-sdk-s3/customizations/bucket'
-require 'aws-sdk-s3/customizations/errors'
-require 'aws-sdk-s3/customizations/object'
-require 'aws-sdk-s3/customizations/object_summary'
-require 'aws-sdk-s3/customizations/multipart_upload'
-require 'aws-sdk-s3/customizations/types/list_object_versions_output'
-require 'aws-sdk-s3/customizations/types/permanent_redirect'
+    # s3 express session auth
+    autoload :ExpressCredentials, 'aws-sdk-s3/express_credentials'
+    autoload :ExpressCredentialsProvider, 'aws-sdk-s3/express_credentials_provider'
 
-[
-  Aws::S3::Object::Collection,
-  Aws::S3::ObjectSummary::Collection,
-  Aws::S3::ObjectVersion::Collection,
-].each do |klass|
-  klass.send(:alias_method, :delete, :batch_delete!)
-  klass.extend Aws::Deprecations
-  klass.send(:deprecated, :delete, use: :batch_delete!)
+    # s3 access grants auth
+
+    autoload :AccessGrantsCredentials, 'aws-sdk-s3/access_grants_credentials'
+    autoload :AccessGrantsCredentialsProvider, 'aws-sdk-s3/access_grants_credentials_provider'
+  end
 end

data/lib/aws-sdk-s3/encryption/client.rb

@@ -270,7 +270,7 @@ module Aws
             envelope_location: @envelope_location,
             instruction_file_suffix: @instruction_file_suffix,
           }
-          Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
+          Aws::Plugins::UserAgent.metric('S3_CRYPTO_V1N') do
             req.send_request
           end
         end
@@ -300,7 +300,7 @@ module Aws
             envelope_location: envelope_location,
             instruction_file_suffix: instruction_file_suffix,
           }
-          Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
+          Aws::Plugins::UserAgent.metric('S3_CRYPTO_V1N') do
             req.send_request(target: block)
           end
         end

data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb

@@ -17,7 +17,7 @@ module Aws
         #   envelope and encryption cipher.
         def encryption_cipher
           encryption_context = { "kms_cmk_id" => @kms_key_id }
-          key_data = Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
+          key_data = Aws::Plugins::UserAgent.metric('S3_CRYPTO_V1N') do
             @kms_client.generate_data_key(
               key_id: @kms_key_id,
               encryption_context: encryption_context,
@@ -60,7 +60,7 @@ module Aws
                 "#{envelope['x-amz-wrap-alg']}"
           end
 
-          key = Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
+          key = Aws::Plugins::UserAgent.metric('S3_CRYPTO_V1N') do
             @kms_client.decrypt(
               ciphertext_blob: decode64(envelope['x-amz-key-v2']),
               encryption_context: encryption_context

data/lib/aws-sdk-s3/encryptionV2/client.rb

@@ -361,7 +361,7 @@ module Aws
             instruction_file_suffix: @instruction_file_suffix,
             kms_encryption_context: kms_encryption_context
           }
-          Aws::Plugins::UserAgent.feature('S3CryptoV2') do
+          Aws::Plugins::UserAgent.metric('S3_CRYPTO_V2') do
             req.send_request
           end
         end
@@ -416,7 +416,7 @@ module Aws
             kms_allow_decrypt_with_any_cmk: kms_any_cmk_mode,
             security_profile: security_profile
           }
-          Aws::Plugins::UserAgent.feature('S3CryptoV2') do
+          Aws::Plugins::UserAgent.metric('S3_CRYPTO_V2') do
             req.send_request(target: block)
           end
         end

data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb

@@ -24,7 +24,7 @@ module Aws
         def encryption_cipher(options = {})
           validate_key_for_encryption
           encryption_context = build_encryption_context(@content_encryption_schema, options)
-          key_data = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
+          key_data = Aws::Plugins::UserAgent.metric('S3_CRYPTO_V2') do
             @kms_client.generate_data_key(
               key_id: @kms_key_id,
               encryption_context: encryption_context,
@@ -85,7 +85,7 @@ module Aws
             decrypt_options[:key_id] = @kms_key_id
           end
 
-          key = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
+          key = Aws::Plugins::UserAgent.metric('S3_CRYPTO_V2') do
             @kms_client.decrypt(decrypt_options).plaintext
           end
           iv = decode64(envelope['x-amz-iv'])

data/lib/aws-sdk-s3/endpoint_parameters.rb

@@ -55,6 +55,21 @@ module Aws::S3
   #
   #   @return [Boolean]
   #
+  # @!attribute key
+  #   The S3 Key used to send the request. This is an optional parameter that will be set automatically for operations that are scoped to an S3 Key.
+  #
+  #   @return [String]
+  #
+  # @!attribute prefix
+  #   The S3 Prefix used to send the request. This is an optional parameter that will be set automatically for operations that are scoped to an S3 Prefix.
+  #
+  #   @return [String]
+  #
+  # @!attribute copy_source
+  #   The Copy Source used for Copy Object request. This is an optional parameter that will be set automatically for operations that are scoped to Copy Source.
+  #
+  #   @return [String]
+  #
   # @!attribute disable_access_points
   #   Internal parameter to disable Access Point Buckets
   #
@@ -70,6 +85,16 @@ module Aws::S3
   #
   #   @return [Boolean]
   #
+  # @!attribute use_s3_express_control_endpoint
+  #   Internal parameter to indicate whether S3Express operation should use control plane, (ex. CreateBucket)
+  #
+  #   @return [Boolean]
+  #
+  # @!attribute disable_s3_express_session_auth
+  #   Parameter to indicate whether S3Express session auth should be disabled
+  #
+  #   @return [Boolean]
+  #
   EndpointParameters = Struct.new(
     :bucket,
     :region,
@@ -80,9 +105,14 @@ module Aws::S3
     :accelerate,
     :use_global_endpoint,
     :use_object_lambda_endpoint,
+    :key,
+    :prefix,
+    :copy_source,
     :disable_access_points,
     :disable_multi_region_access_points,
     :use_arn_region,
+    :use_s3_express_control_endpoint,
+    :disable_s3_express_session_auth,
   ) do
     include Aws::Structure
 
@@ -98,9 +128,14 @@ module Aws::S3
         'Accelerate' => :accelerate,
         'UseGlobalEndpoint' => :use_global_endpoint,
         'UseObjectLambdaEndpoint' => :use_object_lambda_endpoint,
+        'Key' => :key,
+        'Prefix' => :prefix,
+        'CopySource' => :copy_source,
         'DisableAccessPoints' => :disable_access_points,
         'DisableMultiRegionAccessPoints' => :disable_multi_region_access_points,
         'UseArnRegion' => :use_arn_region,
+        'UseS3ExpressControlEndpoint' => :use_s3_express_control_endpoint,
+        'DisableS3ExpressSessionAuth' => :disable_s3_express_session_auth,
       }.freeze
     end
 
@@ -109,38 +144,38 @@ module Aws::S3
       self[:region] = options[:region]
       self[:use_fips] = options[:use_fips]
       self[:use_fips] = false if self[:use_fips].nil?
-      if self[:use_fips].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_fips"
-      end
       self[:use_dual_stack] = options[:use_dual_stack]
       self[:use_dual_stack] = false if self[:use_dual_stack].nil?
-      if self[:use_dual_stack].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
-      end
       self[:endpoint] = options[:endpoint]
       self[:force_path_style] = options[:force_path_style]
       self[:force_path_style] = false if self[:force_path_style].nil?
-      if self[:force_path_style].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :force_path_style"
-      end
       self[:accelerate] = options[:accelerate]
       self[:accelerate] = false if self[:accelerate].nil?
-      if self[:accelerate].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :accelerate"
-      end
       self[:use_global_endpoint] = options[:use_global_endpoint]
       self[:use_global_endpoint] = false if self[:use_global_endpoint].nil?
-      if self[:use_global_endpoint].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_global_endpoint"
-      end
       self[:use_object_lambda_endpoint] = options[:use_object_lambda_endpoint]
+      self[:key] = options[:key]
+      self[:prefix] = options[:prefix]
+      self[:copy_source] = options[:copy_source]
       self[:disable_access_points] = options[:disable_access_points]
       self[:disable_multi_region_access_points] = options[:disable_multi_region_access_points]
       self[:disable_multi_region_access_points] = false if self[:disable_multi_region_access_points].nil?
-      if self[:disable_multi_region_access_points].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :disable_multi_region_access_points"
-      end
       self[:use_arn_region] = options[:use_arn_region]
+      self[:use_s3_express_control_endpoint] = options[:use_s3_express_control_endpoint]
+      self[:disable_s3_express_session_auth] = options[:disable_s3_express_session_auth]
+    end
+
+    def self.create(config, options={})
+      new({
+        region: config.region,
+        use_fips: config.use_fips_endpoint,
+        endpoint: (config.endpoint.to_s unless config.regional_endpoint),
+        force_path_style: config.force_path_style,
+        use_global_endpoint: config.s3_us_east_1_regional_endpoint == 'legacy',
+        disable_multi_region_access_points: config.s3_disable_multiregion_access_points,
+        use_arn_region: config.s3_use_arn_region,
+        disable_s3_express_session_auth: config.disable_s3_express_session_auth,
+      }.merge(options))
     end
   end
 end

data/lib/aws-sdk-s3/endpoint_provider.rb

@@ -19,9 +19,14 @@ module Aws::S3
       accelerate = parameters.accelerate
       use_global_endpoint = parameters.use_global_endpoint
       use_object_lambda_endpoint = parameters.use_object_lambda_endpoint
+      key = parameters.key
+      prefix = parameters.prefix
+      copy_source = parameters.copy_source
       disable_access_points = parameters.disable_access_points
       disable_multi_region_access_points = parameters.disable_multi_region_access_points
       use_arn_region = parameters.use_arn_region
+      use_s3_express_control_endpoint = parameters.use_s3_express_control_endpoint
+      disable_s3_express_session_auth = parameters.disable_s3_express_session_auth
       if Aws::Endpoints::Matchers.set?(region)
         if Aws::Endpoints::Matchers.boolean_equals?(accelerate, true) && Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
           raise ArgumentError, "Accelerate cannot be used with FIPS"
@@ -38,6 +43,120 @@ module Aws::S3
         if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) && Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-cn")
           raise ArgumentError, "Partition does not support FIPS"
         end
+        if Aws::Endpoints::Matchers.set?(bucket) && (bucket_suffix = Aws::Endpoints::Matchers.substring(bucket, 0, 6, true)) && Aws::Endpoints::Matchers.string_equals?(bucket_suffix, "--x-s3")
+          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            raise ArgumentError, "S3Express does not support Dual-stack."
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(accelerate, true)
+            raise ArgumentError, "S3Express does not support S3 Accelerate."
+          end
+          if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
+            if Aws::Endpoints::Matchers.set?(disable_s3_express_session_auth) && Aws::Endpoints::Matchers.boolean_equals?(disable_s3_express_session_auth, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(url, "isIp"), true)
+                if (uri_encoded_bucket = Aws::Endpoints::Matchers.uri_encode(bucket))
+                  return Aws::Endpoints::Endpoint.new(url: "#{url['scheme']}://#{url['authority']}/#{uri_encoded_bucket}#{url['path']}", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+                end
+              end
+              if Aws::Endpoints::Matchers.aws_virtual_hostable_s3_bucket?(bucket, false)
+                return Aws::Endpoints::Endpoint.new(url: "#{url['scheme']}://#{bucket}.#{url['authority']}#{url['path']}", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              raise ArgumentError, "S3Express bucket name is not a valid virtual hostable name."
+            end
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(url, "isIp"), true)
+              if (uri_encoded_bucket = Aws::Endpoints::Matchers.uri_encode(bucket))
+                return Aws::Endpoints::Endpoint.new(url: "#{url['scheme']}://#{url['authority']}/#{uri_encoded_bucket}#{url['path']}", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+            end
+            if Aws::Endpoints::Matchers.aws_virtual_hostable_s3_bucket?(bucket, false)
+              return Aws::Endpoints::Endpoint.new(url: "#{url['scheme']}://#{bucket}.#{url['authority']}#{url['path']}", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+            end
+            raise ArgumentError, "S3Express bucket name is not a valid virtual hostable name."
+          end
+          if Aws::Endpoints::Matchers.set?(use_s3_express_control_endpoint) && Aws::Endpoints::Matchers.boolean_equals?(use_s3_express_control_endpoint, true)
+            if (uri_encoded_bucket = Aws::Endpoints::Matchers.uri_encode(bucket)) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(endpoint))
+              if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                return Aws::Endpoints::Endpoint.new(url: "https://s3express-control-fips.#{region}.amazonaws.com/#{uri_encoded_bucket}", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://s3express-control.#{region}.amazonaws.com/#{uri_encoded_bucket}", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+            end
+          end
+          if Aws::Endpoints::Matchers.aws_virtual_hostable_s3_bucket?(bucket, false)
+            if Aws::Endpoints::Matchers.set?(disable_s3_express_session_auth) && Aws::Endpoints::Matchers.boolean_equals?(disable_s3_express_session_auth, true)
+              if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 14, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 14, 16, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+                if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                  return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+                end
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 15, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 15, 17, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+                if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                  return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+                end
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 19, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 19, 21, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+                if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                  return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+                end
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 20, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 20, 22, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+                if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                  return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+                end
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 26, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 26, 28, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+                if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                  return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+                end
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              raise ArgumentError, "Unrecognized S3Express bucket name format."
+            end
+            if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 14, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 14, 16, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+              if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+            end
+            if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 15, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 15, 17, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+              if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+            end
+            if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 19, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 19, 21, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+              if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+            end
+            if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 20, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 20, 22, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+              if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+            end
+            if (s3express_availability_zone_id = Aws::Endpoints::Matchers.substring(bucket, 6, 26, true)) && (s3express_availability_zone_delim = Aws::Endpoints::Matchers.substring(bucket, 26, 28, true)) && Aws::Endpoints::Matchers.string_equals?(s3express_availability_zone_delim, "--")
+              if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+                return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-fips-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.s3express-#{s3express_availability_zone_id}.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4-s3express", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+            end
+            raise ArgumentError, "Unrecognized S3Express bucket name format."
+          end
+          raise ArgumentError, "S3Express bucket name is not a valid virtual hostable name."
+        end
+        if Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(bucket)) && Aws::Endpoints::Matchers.set?(use_s3_express_control_endpoint) && Aws::Endpoints::Matchers.boolean_equals?(use_s3_express_control_endpoint, true)
+          if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
+            return Aws::Endpoints::Endpoint.new(url: "#{url['scheme']}://#{url['authority']}#{url['path']}", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+            return Aws::Endpoints::Endpoint.new(url: "https://s3express-control-fips.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+          end
+          return Aws::Endpoints::Endpoint.new(url: "https://s3express-control.#{region}.amazonaws.com", headers: {}, properties: {"backend"=>"S3Express", "authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3express", "signingRegion"=>"#{region}"}]})
+        end
         if Aws::Endpoints::Matchers.set?(bucket) && (hardware_type = Aws::Endpoints::Matchers.substring(bucket, 49, 50, true)) && (region_prefix = Aws::Endpoints::Matchers.substring(bucket, 8, 12, true)) && (bucket_alias_suffix = Aws::Endpoints::Matchers.substring(bucket, 0, 7, true)) && (outpost_id = Aws::Endpoints::Matchers.substring(bucket, 32, 49, true)) && (region_partition = Aws::Endpoints::Matchers.aws_partition(region)) && Aws::Endpoints::Matchers.string_equals?(bucket_alias_suffix, "--op-s3")
           if Aws::Endpoints::Matchers.valid_host_label?(outpost_id, false)
             if Aws::Endpoints::Matchers.string_equals?(hardware_type, "e")
@@ -46,10 +165,10 @@ module Aws::S3
                   raise ArgumentError, "Expected a endpoint to be specified but no endpoint was found"
                 end
                 if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
-                  return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.ec2.#{url['authority']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{region}"}]})
+                  return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.ec2.#{url['authority']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4a", "signingName"=>"s3-outposts", "signingRegionSet"=>["*"]}, {"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{region}"}]})
                 end
               end
-              return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.ec2.s3-outposts.#{region}.#{region_partition['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{region}"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.ec2.s3-outposts.#{region}.#{region_partition['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4a", "signingName"=>"s3-outposts", "signingRegionSet"=>["*"]}, {"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{region}"}]})
             end
             if Aws::Endpoints::Matchers.string_equals?(hardware_type, "o")
               if Aws::Endpoints::Matchers.string_equals?(region_prefix, "beta")
@@ -57,10 +176,10 @@ module Aws::S3
                   raise ArgumentError, "Expected a endpoint to be specified but no endpoint was found"
                 end
                 if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
-                  return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.op-#{outpost_id}.#{url['authority']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{region}"}]})
+                  return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.op-#{outpost_id}.#{url['authority']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4a", "signingName"=>"s3-outposts", "signingRegionSet"=>["*"]}, {"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{region}"}]})
                 end
               end
-              return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.op-#{outpost_id}.s3-outposts.#{region}.#{region_partition['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{region}"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://#{bucket}.op-#{outpost_id}.s3-outposts.#{region}.#{region_partition['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4a", "signingName"=>"s3-outposts", "signingRegionSet"=>["*"]}, {"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{region}"}]})
             end
             raise ArgumentError, "Unrecognized hardware type: \"Expected hardware type o or e but got #{hardware_type}\""
           end
@@ -331,9 +450,9 @@ module Aws::S3
                                 if (access_point_name = Aws::Endpoints::Matchers.attr(bucket_arn, "resourceId[3]"))
                                   if Aws::Endpoints::Matchers.string_equals?(outpost_type, "accesspoint")
                                     if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
-                                      return Aws::Endpoints::Endpoint.new(url: "https://#{access_point_name}-#{bucket_arn['accountId']}.#{outpost_id}.#{url['authority']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{bucket_arn['region']}"}]})
+                                      return Aws::Endpoints::Endpoint.new(url: "https://#{access_point_name}-#{bucket_arn['accountId']}.#{outpost_id}.#{url['authority']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4a", "signingName"=>"s3-outposts", "signingRegionSet"=>["*"]}, {"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{bucket_arn['region']}"}]})
                                     end
-                                    return Aws::Endpoints::Endpoint.new(url: "https://#{access_point_name}-#{bucket_arn['accountId']}.#{outpost_id}.s3-outposts.#{bucket_arn['region']}.#{bucket_partition['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{bucket_arn['region']}"}]})
+                                    return Aws::Endpoints::Endpoint.new(url: "https://#{access_point_name}-#{bucket_arn['accountId']}.#{outpost_id}.s3-outposts.#{bucket_arn['region']}.#{bucket_partition['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"disableDoubleEncoding"=>true, "name"=>"sigv4a", "signingName"=>"s3-outposts", "signingRegionSet"=>["*"]}, {"disableDoubleEncoding"=>true, "name"=>"sigv4", "signingName"=>"s3-outposts", "signingRegion"=>"#{bucket_arn['region']}"}]})
                                   end
                                   raise ArgumentError, "Expected an outpost type `accesspoint`, found #{outpost_type}"
                                 end