aws-sdk-s3 1.139.0 → 1.141.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (42) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +15 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/bucket.rb +423 -93
  5. data/lib/aws-sdk-s3/bucket_acl.rb +9 -9
  6. data/lib/aws-sdk-s3/bucket_cors.rb +12 -12
  7. data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -12
  8. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -12
  9. data/lib/aws-sdk-s3/bucket_logging.rb +9 -9
  10. data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
  11. data/lib/aws-sdk-s3/bucket_policy.rb +58 -14
  12. data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -9
  13. data/lib/aws-sdk-s3/bucket_tagging.rb +12 -12
  14. data/lib/aws-sdk-s3/bucket_versioning.rb +27 -27
  15. data/lib/aws-sdk-s3/bucket_website.rb +12 -12
  16. data/lib/aws-sdk-s3/client.rb +5639 -2553
  17. data/lib/aws-sdk-s3/client_api.rb +97 -16
  18. data/lib/aws-sdk-s3/customizations.rb +5 -0
  19. data/lib/aws-sdk-s3/endpoint_parameters.rb +32 -0
  20. data/lib/aws-sdk-s3/endpoint_provider.rb +82 -0
  21. data/lib/aws-sdk-s3/endpoints.rb +440 -0
  22. data/lib/aws-sdk-s3/express_credentials.rb +55 -0
  23. data/lib/aws-sdk-s3/express_credentials_cache.rb +30 -0
  24. data/lib/aws-sdk-s3/express_credentials_provider.rb +36 -0
  25. data/lib/aws-sdk-s3/file_downloader.rb +0 -1
  26. data/lib/aws-sdk-s3/multipart_file_uploader.rb +0 -1
  27. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +0 -1
  28. data/lib/aws-sdk-s3/multipart_upload.rb +70 -24
  29. data/lib/aws-sdk-s3/multipart_upload_part.rb +164 -43
  30. data/lib/aws-sdk-s3/object.rb +1496 -248
  31. data/lib/aws-sdk-s3/object_acl.rb +31 -19
  32. data/lib/aws-sdk-s3/object_summary.rb +1366 -272
  33. data/lib/aws-sdk-s3/object_version.rb +304 -57
  34. data/lib/aws-sdk-s3/plugins/endpoints.rb +13 -2
  35. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +90 -0
  36. data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
  37. data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
  38. data/lib/aws-sdk-s3/presigner.rb +2 -2
  39. data/lib/aws-sdk-s3/resource.rb +83 -11
  40. data/lib/aws-sdk-s3/types.rb +4261 -1238
  41. data/lib/aws-sdk-s3.rb +1 -1
  42. metadata +10 -6
@@ -69,6 +69,10 @@ module Aws::S3
69
69
  # of encryption. If an object is larger than 16 MB, the Amazon Web
70
70
  # Services Management Console will upload or copy that object as a
71
71
  # Multipart Upload, and therefore the ETag will not be an MD5 digest.
72
+ #
73
+ # <note markdown="1"> **Directory buckets** - MD5 is not supported by directory buckets.
74
+ #
75
+ # </note>
72
76
  # @return [String]
73
77
  def etag
74
78
  data[:etag]
@@ -87,12 +91,22 @@ module Aws::S3
87
91
  end
88
92
 
89
93
  # The class of storage used to store the object.
94
+ #
95
+ # <note markdown="1"> **Directory buckets** - Only the S3 Express One Zone storage class is
96
+ # supported by directory buckets to store objects.
97
+ #
98
+ # </note>
90
99
  # @return [String]
91
100
  def storage_class
92
101
  data[:storage_class]
93
102
  end
94
103
 
95
104
  # The owner of the object
105
+ #
106
+ # <note markdown="1"> **Directory buckets** - The bucket owner is returned as the object
107
+ # owner.
108
+ #
109
+ # </note>
96
110
  # @return [Types::Owner]
97
111
  def owner
98
112
  data[:owner]
@@ -104,6 +118,12 @@ module Aws::S3
104
118
  # archived objects, see [ Working with archived objects][1] in the
105
119
  # *Amazon S3 User Guide*.
106
120
  #
121
+ # <note markdown="1"> This functionality is not supported for directory buckets. Only the S3
122
+ # Express One Zone storage class is supported by directory buckets to
123
+ # store objects.
124
+ #
125
+ # </note>
126
+ #
107
127
  #
108
128
  #
109
129
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html
@@ -325,7 +345,7 @@ module Aws::S3
325
345
  # metadata_directive: "COPY", # accepts COPY, REPLACE
326
346
  # tagging_directive: "COPY", # accepts COPY, REPLACE
327
347
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
328
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
348
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
329
349
  # website_redirect_location: "WebsiteRedirectLocation",
330
350
  # sse_customer_algorithm: "SSECustomerAlgorithm",
331
351
  # sse_customer_key: "SSECustomerKey",
@@ -346,40 +366,98 @@ module Aws::S3
346
366
  # })
347
367
  # @param [Hash] options ({})
348
368
  # @option options [String] :acl
349
- # The canned ACL to apply to the object.
369
+ # The canned access control list (ACL) to apply to the object.
370
+ #
371
+ # When you copy an object, the ACL metadata is not preserved and is set
372
+ # to `private` by default. Only the owner has full access control. To
373
+ # override the default ACL setting, specify a new ACL when you generate
374
+ # a copy request. For more information, see [Using ACLs][1].
375
+ #
376
+ # If the destination bucket that you're copying objects to uses the
377
+ # bucket owner enforced setting for S3 Object Ownership, ACLs are
378
+ # disabled and no longer affect permissions. Buckets that use this
379
+ # setting only accept `PUT` requests that don't specify an ACL or `PUT`
380
+ # requests that specify bucket owner full control ACLs, such as the
381
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
382
+ # ACL expressed in the XML format. For more information, see
383
+ # [Controlling ownership of objects and disabling ACLs][2] in the
384
+ # *Amazon S3 User Guide*.
385
+ #
386
+ # <note markdown="1"> * If your destination bucket uses the bucket owner enforced setting
387
+ # for Object Ownership, all objects written to the bucket by any
388
+ # account will be owned by the bucket owner.
389
+ #
390
+ # * This functionality is not supported for directory buckets.
391
+ #
392
+ # * This functionality is not supported for Amazon S3 on Outposts.
393
+ #
394
+ # </note>
395
+ #
350
396
  #
351
- # This action is not supported by Amazon S3 on Outposts.
397
+ #
398
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
399
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
352
400
  # @option options [String] :cache_control
353
- # Specifies caching behavior along the request/reply chain.
401
+ # Specifies the caching behavior along the request/reply chain.
354
402
  # @option options [String] :checksum_algorithm
355
- # Indicates the algorithm you want Amazon S3 to use to create the
403
+ # Indicates the algorithm that you want Amazon S3 to use to create the
356
404
  # checksum for the object. For more information, see [Checking object
357
405
  # integrity][1] in the *Amazon S3 User Guide*.
358
406
  #
407
+ # When you copy an object, if the source object has a checksum, that
408
+ # checksum value will be copied to the new object by default. If the
409
+ # `CopyObject` request does not include this `x-amz-checksum-algorithm`
410
+ # header, the checksum algorithm will be copied from the source object
411
+ # to the destination object (if it's present on the source object). You
412
+ # can optionally specify a different checksum algorithm to use with the
413
+ # `x-amz-checksum-algorithm` header. Unrecognized or unsupported values
414
+ # will respond with the HTTP status code `400 Bad Request`.
415
+ #
416
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
417
+ # is the default checksum algorithm that's used for performance.
418
+ #
419
+ # </note>
420
+ #
359
421
  #
360
422
  #
361
423
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
362
424
  # @option options [String] :content_disposition
363
- # Specifies presentational information for the object.
425
+ # Specifies presentational information for the object. Indicates whether
426
+ # an object should be displayed in a web browser or downloaded as a
427
+ # file. It allows specifying the desired filename for the downloaded
428
+ # file.
364
429
  # @option options [String] :content_encoding
365
430
  # Specifies what content encodings have been applied to the object and
366
431
  # thus what decoding mechanisms must be applied to obtain the media-type
367
432
  # referenced by the Content-Type header field.
433
+ #
434
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
435
+ # this header field.
436
+ #
437
+ # </note>
368
438
  # @option options [String] :content_language
369
439
  # The language the content is in.
370
440
  # @option options [String] :content_type
371
- # A standard MIME type describing the format of the object data.
441
+ # A standard MIME type that describes the format of the object data.
372
442
  # @option options [required, String] :copy_source
373
- # Specifies the source object for the copy operation. You specify the
374
- # value in one of two formats, depending on whether you want to access
375
- # the source object through an [access point][1]:
443
+ # Specifies the source object for the copy operation. The source object
444
+ # can be up to 5 GB. If the source object is an object that was uploaded
445
+ # by using a multipart upload, the object copy will be a single part
446
+ # object after the source object is copied to the destination bucket.
447
+ #
448
+ # You specify the value of the copy source in one of two formats,
449
+ # depending on whether you want to access the source object through an
450
+ # [access point][1]:
376
451
  #
377
452
  # * For objects not accessed through an access point, specify the name
378
453
  # of the source bucket and the key of the source object, separated by
379
454
  # a slash (/). For example, to copy the object `reports/january.pdf`
380
- # from the bucket `awsexamplebucket`, use
455
+ # from the general purpose bucket `awsexamplebucket`, use
381
456
  # `awsexamplebucket/reports/january.pdf`. The value must be
382
- # URL-encoded.
457
+ # URL-encoded. To copy the object `reports/january.pdf` from the
458
+ # directory bucket `awsexamplebucket--use1-az5--x-s3`, use
459
+ # `awsexamplebucket--use1-az5--x-s3/reports/january.pdf`. The value
460
+ # must be URL-encoded.
383
461
  #
384
462
  # * For objects accessed through access points, specify the Amazon
385
463
  # Resource Name (ARN) of the object as accessed through the access
@@ -391,9 +469,11 @@ module Aws::S3
391
469
  # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
392
470
  # The value must be URL encoded.
393
471
  #
394
- # <note markdown="1"> Amazon S3 supports copy operations using access points only when the
395
- # source and destination buckets are in the same Amazon Web Services
396
- # Region.
472
+ # <note markdown="1"> * Amazon S3 supports copy operations using Access points only when
473
+ # the source and destination buckets are in the same Amazon Web
474
+ # Services Region.
475
+ #
476
+ # * Access points are not supported by directory buckets.
397
477
  #
398
478
  # </note>
399
479
  #
@@ -406,87 +486,315 @@ module Aws::S3
406
486
  # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
407
487
  # The value must be URL-encoded.
408
488
  #
409
- # To copy a specific version of an object, append
410
- # `?versionId=<version-id>` to the value (for example,
489
+ # If your source bucket versioning is enabled, the `x-amz-copy-source`
490
+ # header by default identifies the current version of an object to copy.
491
+ # If the current version is a delete marker, Amazon S3 behaves as if the
492
+ # object was deleted. To copy a different version, use the `versionId`
493
+ # query parameter. Specifically, append `?versionId=<version-id>` to the
494
+ # value (for example,
411
495
  # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
412
496
  # If you don't specify a version ID, Amazon S3 copies the latest
413
497
  # version of the source object.
414
498
  #
499
+ # If you enable versioning on the destination bucket, Amazon S3
500
+ # generates a unique version ID for the copied object. This version ID
501
+ # is different from the version ID of the source object. Amazon S3
502
+ # returns the version ID of the copied object in the `x-amz-version-id`
503
+ # response header in the response.
504
+ #
505
+ # If you do not enable versioning or suspend it on the destination
506
+ # bucket, the version ID that Amazon S3 generates in the
507
+ # `x-amz-version-id` response header is always null.
508
+ #
509
+ # <note markdown="1"> **Directory buckets** - S3 Versioning isn't enabled and supported for
510
+ # directory buckets.
511
+ #
512
+ # </note>
513
+ #
415
514
  #
416
515
  #
417
516
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
418
517
  # @option options [String] :copy_source_if_match
419
518
  # Copies the object if its entity tag (ETag) matches the specified tag.
519
+ #
520
+ # If both the `x-amz-copy-source-if-match` and
521
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
522
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
523
+ # the data:
524
+ #
525
+ # * `x-amz-copy-source-if-match` condition evaluates to true
526
+ #
527
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
420
528
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
421
529
  # Copies the object if it has been modified since the specified time.
530
+ #
531
+ # If both the `x-amz-copy-source-if-none-match` and
532
+ # `x-amz-copy-source-if-modified-since` headers are present in the
533
+ # request and evaluate as follows, Amazon S3 returns the `412
534
+ # Precondition Failed` response code:
535
+ #
536
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
537
+ #
538
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
422
539
  # @option options [String] :copy_source_if_none_match
423
540
  # Copies the object if its entity tag (ETag) is different than the
424
541
  # specified ETag.
542
+ #
543
+ # If both the `x-amz-copy-source-if-none-match` and
544
+ # `x-amz-copy-source-if-modified-since` headers are present in the
545
+ # request and evaluate as follows, Amazon S3 returns the `412
546
+ # Precondition Failed` response code:
547
+ #
548
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
549
+ #
550
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
425
551
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_unmodified_since
426
552
  # Copies the object if it hasn't been modified since the specified
427
553
  # time.
554
+ #
555
+ # If both the `x-amz-copy-source-if-match` and
556
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
557
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
558
+ # the data:
559
+ #
560
+ # * `x-amz-copy-source-if-match` condition evaluates to true
561
+ #
562
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
428
563
  # @option options [Time,DateTime,Date,Integer,String] :expires
429
564
  # The date and time at which the object is no longer cacheable.
430
565
  # @option options [String] :grant_full_control
431
566
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
432
567
  # object.
433
568
  #
434
- # This action is not supported by Amazon S3 on Outposts.
569
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
570
+ #
571
+ # * This functionality is not supported for Amazon S3 on Outposts.
572
+ #
573
+ # </note>
435
574
  # @option options [String] :grant_read
436
575
  # Allows grantee to read the object data and its metadata.
437
576
  #
438
- # This action is not supported by Amazon S3 on Outposts.
577
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
578
+ #
579
+ # * This functionality is not supported for Amazon S3 on Outposts.
580
+ #
581
+ # </note>
439
582
  # @option options [String] :grant_read_acp
440
583
  # Allows grantee to read the object ACL.
441
584
  #
442
- # This action is not supported by Amazon S3 on Outposts.
585
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
586
+ #
587
+ # * This functionality is not supported for Amazon S3 on Outposts.
588
+ #
589
+ # </note>
443
590
  # @option options [String] :grant_write_acp
444
591
  # Allows grantee to write the ACL for the applicable object.
445
592
  #
446
- # This action is not supported by Amazon S3 on Outposts.
593
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
594
+ #
595
+ # * This functionality is not supported for Amazon S3 on Outposts.
596
+ #
597
+ # </note>
447
598
  # @option options [Hash<String,String>] :metadata
448
599
  # A map of metadata to store with the object in S3.
449
600
  # @option options [String] :metadata_directive
450
601
  # Specifies whether the metadata is copied from the source object or
451
- # replaced with metadata provided in the request.
602
+ # replaced with metadata that's provided in the request. When copying
603
+ # an object, you can preserve all metadata (the default) or specify new
604
+ # metadata. If this header isn’t specified, `COPY` is the default
605
+ # behavior.
606
+ #
607
+ # **General purpose bucket** - For general purpose buckets, when you
608
+ # grant permissions, you can use the `s3:x-amz-metadata-directive`
609
+ # condition key to enforce certain metadata behavior when objects are
610
+ # uploaded. For more information, see [Amazon S3 condition key
611
+ # examples][1] in the *Amazon S3 User Guide*.
612
+ #
613
+ # <note markdown="1"> `x-amz-website-redirect-location` is unique to each object and is not
614
+ # copied when using the `x-amz-metadata-directive` header. To copy the
615
+ # value, you must specify `x-amz-website-redirect-location` in the
616
+ # request header.
617
+ #
618
+ # </note>
619
+ #
620
+ #
621
+ #
622
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
452
623
  # @option options [String] :tagging_directive
453
- # Specifies whether the object tag-set are copied from the source object
454
- # or replaced with tag-set provided in the request.
624
+ # Specifies whether the object tag-set is copied from the source object
625
+ # or replaced with the tag-set that's provided in the request.
626
+ #
627
+ # The default value is `COPY`.
628
+ #
629
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
630
+ # operation, only the empty tag-set is supported. Any requests that
631
+ # attempt to write non-empty tags into directory buckets will receive a
632
+ # `501 Not Implemented` status code. When the destination bucket is a
633
+ # directory bucket, you will receive a `501 Not Implemented` response in
634
+ # any of the following situations:
635
+ #
636
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
637
+ # has non-empty tags.
638
+ #
639
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
640
+ # a non-empty value to `x-amz-tagging`.
641
+ #
642
+ # * When you don't set the `x-amz-tagging-directive` header and the
643
+ # source object has non-empty tags. This is because the default value
644
+ # of `x-amz-tagging-directive` is `COPY`.
645
+ #
646
+ # Because only the empty tag-set is supported for directory buckets in a
647
+ # `CopyObject` operation, the following situations are allowed:
648
+ #
649
+ # * When you attempt to `COPY` the tag-set from a directory bucket
650
+ # source object that has no tags to a general purpose bucket. It
651
+ # copies an empty tag-set to the destination object.
652
+ #
653
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
654
+ # source object and set the `x-amz-tagging` value of the directory
655
+ # bucket destination object to empty.
656
+ #
657
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
658
+ # bucket source object that has non-empty tags and set the
659
+ # `x-amz-tagging` value of the directory bucket destination object to
660
+ # empty.
661
+ #
662
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
663
+ # source object and don't set the `x-amz-tagging` value of the
664
+ # directory bucket destination object. This is because the default
665
+ # value of `x-amz-tagging` is the empty value.
666
+ #
667
+ # </note>
455
668
  # @option options [String] :server_side_encryption
456
669
  # The server-side encryption algorithm used when storing this object in
457
670
  # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
671
+ # Unrecognized or unsupported values won’t write a destination object
672
+ # and will receive a `400 Bad Request` response.
673
+ #
674
+ # Amazon S3 automatically encrypts all new objects that are copied to an
675
+ # S3 bucket. When copying an object, if you don't specify encryption
676
+ # information in your copy request, the encryption setting of the target
677
+ # object is set to the default encryption configuration of the
678
+ # destination bucket. By default, all buckets have a base level of
679
+ # encryption configuration that uses server-side encryption with Amazon
680
+ # S3 managed keys (SSE-S3). If the destination bucket has a default
681
+ # encryption configuration that uses server-side encryption with Key
682
+ # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
683
+ # encryption with Amazon Web Services KMS keys (DSSE-KMS), or
684
+ # server-side encryption with customer-provided encryption keys (SSE-C),
685
+ # Amazon S3 uses the corresponding KMS key, or a customer-provided key
686
+ # to encrypt the target object copy.
687
+ #
688
+ # When you perform a `CopyObject` operation, if you want to use a
689
+ # different type of encryption setting for the target object, you can
690
+ # specify appropriate encryption-related headers to encrypt the target
691
+ # object with an Amazon S3 managed key, a KMS key, or a
692
+ # customer-provided key. If the encryption setting in your request is
693
+ # different from the default encryption configuration of the destination
694
+ # bucket, the encryption setting in your request takes precedence.
695
+ #
696
+ # With server-side encryption, Amazon S3 encrypts your data as it writes
697
+ # your data to disks in its data centers and decrypts the data when you
698
+ # access it. For more information about server-side encryption, see
699
+ # [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
700
+ #
701
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
702
+ # managed keys (SSE-S3) (`AES256`) is supported.
703
+ #
704
+ # </note>
705
+ #
706
+ #
707
+ #
708
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
458
709
  # @option options [String] :storage_class
459
710
  # If the `x-amz-storage-class` header is not used, the copied object
460
- # will be stored in the STANDARD Storage Class by default. The STANDARD
461
- # storage class provides high durability and high availability.
462
- # Depending on performance needs, you can specify a different Storage
463
- # Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
464
- # more information, see [Storage Classes][1] in the *Amazon S3 User
465
- # Guide*.
711
+ # will be stored in the `STANDARD` Storage Class by default. The
712
+ # `STANDARD` storage class provides high durability and high
713
+ # availability. Depending on performance needs, you can specify a
714
+ # different Storage Class.
715
+ #
716
+ # <note markdown="1"> * <b>Directory buckets </b> - For directory buckets, only the S3
717
+ # Express One Zone storage class is supported to store newly created
718
+ # objects. Unsupported storage class values won't write a destination
719
+ # object and will respond with the HTTP status code `400 Bad Request`.
720
+ #
721
+ # * <b>Amazon S3 on Outposts </b> - S3 on Outposts only uses the
722
+ # `OUTPOSTS` Storage Class.
723
+ #
724
+ # </note>
725
+ #
726
+ # You can use the `CopyObject` action to change the storage class of an
727
+ # object that is already stored in Amazon S3 by using the
728
+ # `x-amz-storage-class` header. For more information, see [Storage
729
+ # Classes][1] in the *Amazon S3 User Guide*.
730
+ #
731
+ # Before using an object as a source object for the copy operation, you
732
+ # must restore a copy of it if it meets any of the following conditions:
733
+ #
734
+ # * The storage class of the source object is `GLACIER` or
735
+ # `DEEP_ARCHIVE`.
736
+ #
737
+ # * The storage class of the source object is `INTELLIGENT_TIERING` and
738
+ # it's [S3 Intelligent-Tiering access tier][2] is `Archive Access` or
739
+ # `Deep Archive Access`.
740
+ #
741
+ # For more information, see [RestoreObject][3] and [Copying Objects][4]
742
+ # in the *Amazon S3 User Guide*.
466
743
  #
467
744
  #
468
745
  #
469
746
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
747
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition
748
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
749
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
470
750
  # @option options [String] :website_redirect_location
471
- # If the bucket is configured as a website, redirects requests for this
472
- # object to another object in the same bucket or to an external URL.
473
- # Amazon S3 stores the value of this header in the object metadata. This
474
- # value is unique to each object and is not copied when using the
475
- # `x-amz-metadata-directive` header. Instead, you may opt to provide
476
- # this header in combination with the directive.
751
+ # If the destination bucket is configured as a website, redirects
752
+ # requests for this object copy to another object in the same bucket or
753
+ # to an external URL. Amazon S3 stores the value of this header in the
754
+ # object metadata. This value is unique to each object and is not copied
755
+ # when using the `x-amz-metadata-directive` header. Instead, you may opt
756
+ # to provide this header in combination with the
757
+ # `x-amz-metadata-directive` header.
758
+ #
759
+ # <note markdown="1"> This functionality is not supported for directory buckets.
760
+ #
761
+ # </note>
477
762
  # @option options [String] :sse_customer_algorithm
478
- # Specifies the algorithm to use to when encrypting the object (for
479
- # example, AES256).
763
+ # Specifies the algorithm to use when encrypting the object (for
764
+ # example, `AES256`).
765
+ #
766
+ # When you perform a `CopyObject` operation, if you want to use a
767
+ # different type of encryption setting for the target object, you can
768
+ # specify appropriate encryption-related headers to encrypt the target
769
+ # object with an Amazon S3 managed key, a KMS key, or a
770
+ # customer-provided key. If the encryption setting in your request is
771
+ # different from the default encryption configuration of the destination
772
+ # bucket, the encryption setting in your request takes precedence.
773
+ #
774
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
775
+ # directory bucket.
776
+ #
777
+ # </note>
480
778
  # @option options [String] :sse_customer_key
481
779
  # Specifies the customer-provided encryption key for Amazon S3 to use in
482
780
  # encrypting data. This value is used to store the object and then it is
483
- # discarded; Amazon S3 does not store the encryption key. The key must
781
+ # discarded. Amazon S3 does not store the encryption key. The key must
484
782
  # be appropriate for use with the algorithm specified in the
485
783
  # `x-amz-server-side-encryption-customer-algorithm` header.
784
+ #
785
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
786
+ # directory bucket.
787
+ #
788
+ # </note>
486
789
  # @option options [String] :sse_customer_key_md5
487
790
  # Specifies the 128-bit MD5 digest of the encryption key according to
488
791
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
489
792
  # ensure that the encryption key was transmitted without error.
793
+ #
794
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
795
+ # directory bucket.
796
+ #
797
+ # </note>
490
798
  # @option options [String] :ssekms_key_id
491
799
  # Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object
492
800
  # encryption. All GET and PUT requests for an object protected by KMS
@@ -495,6 +803,11 @@ module Aws::S3
495
803
  # SDKs and Amazon Web Services CLI, see [Specifying the Signature
496
804
  # Version in Request Authentication][1] in the *Amazon S3 User Guide*.
497
805
  #
806
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
807
+ # directory bucket.
808
+ #
809
+ # </note>
810
+ #
498
811
  #
499
812
  #
500
813
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
@@ -503,57 +816,166 @@ module Aws::S3
503
816
  # object encryption. The value of this header is a base64-encoded UTF-8
504
817
  # string holding JSON with the encryption context key-value pairs. This
505
818
  # value must be explicitly added to specify encryption context for
506
- # CopyObject requests.
819
+ # `CopyObject` requests.
820
+ #
821
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
822
+ # directory bucket.
823
+ #
824
+ # </note>
507
825
  # @option options [Boolean] :bucket_key_enabled
508
826
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
509
827
  # encryption with server-side encryption using Key Management Service
510
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
511
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
828
+ # (KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable
829
+ # an S3 Bucket Key for the object.
512
830
  #
513
- # Specifying this header with a COPY action doesn’t affect bucket-level
514
- # settings for S3 Bucket Key.
831
+ # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
832
+ # for object encryption with SSE-KMS. Specifying this header with a COPY
833
+ # action doesn’t affect bucket-level settings for S3 Bucket Key.
834
+ #
835
+ # For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
836
+ # User Guide*.
837
+ #
838
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
839
+ # directory bucket.
840
+ #
841
+ # </note>
842
+ #
843
+ #
844
+ #
845
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
515
846
  # @option options [String] :copy_source_sse_customer_algorithm
516
847
  # Specifies the algorithm to use when decrypting the source object (for
517
- # example, AES256).
848
+ # example, `AES256`).
849
+ #
850
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
851
+ # you must provide the necessary encryption information in your request
852
+ # so that Amazon S3 can decrypt the object for copying.
853
+ #
854
+ # <note markdown="1"> This functionality is not supported when the source object is in a
855
+ # directory bucket.
856
+ #
857
+ # </note>
518
858
  # @option options [String] :copy_source_sse_customer_key
519
859
  # Specifies the customer-provided encryption key for Amazon S3 to use to
520
860
  # decrypt the source object. The encryption key provided in this header
521
- # must be one that was used when the source object was created.
861
+ # must be the same one that was used when the source object was created.
862
+ #
863
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
864
+ # you must provide the necessary encryption information in your request
865
+ # so that Amazon S3 can decrypt the object for copying.
866
+ #
867
+ # <note markdown="1"> This functionality is not supported when the source object is in a
868
+ # directory bucket.
869
+ #
870
+ # </note>
522
871
  # @option options [String] :copy_source_sse_customer_key_md5
523
872
  # Specifies the 128-bit MD5 digest of the encryption key according to
524
873
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
525
874
  # ensure that the encryption key was transmitted without error.
875
+ #
876
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
877
+ # you must provide the necessary encryption information in your request
878
+ # so that Amazon S3 can decrypt the object for copying.
879
+ #
880
+ # <note markdown="1"> This functionality is not supported when the source object is in a
881
+ # directory bucket.
882
+ #
883
+ # </note>
526
884
  # @option options [String] :request_payer
527
885
  # Confirms that the requester knows that they will be charged for the
528
886
  # request. Bucket owners need not specify this parameter in their
529
- # requests. If either the source or destination Amazon S3 bucket has
530
- # Requester Pays enabled, the requester will pay for corresponding
531
- # charges to copy the object. For information about downloading objects
532
- # from Requester Pays buckets, see [Downloading Objects in Requester
533
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
887
+ # requests. If either the source or destination S3 bucket has Requester
888
+ # Pays enabled, the requester will pay for corresponding charges to copy
889
+ # the object. For information about downloading objects from Requester
890
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
891
+ # in the *Amazon S3 User Guide*.
892
+ #
893
+ # <note markdown="1"> This functionality is not supported for directory buckets.
894
+ #
895
+ # </note>
534
896
  #
535
897
  #
536
898
  #
537
899
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
538
900
  # @option options [String] :tagging
539
- # The tag-set for the object destination object this value must be used
540
- # in conjunction with the `TaggingDirective`. The tag-set must be
541
- # encoded as URL Query parameters.
901
+ # The tag-set for the object copy in the destination bucket. This value
902
+ # must be used in conjunction with the `x-amz-tagging-directive` if you
903
+ # choose `REPLACE` for the `x-amz-tagging-directive`. If you choose
904
+ # `COPY` for the `x-amz-tagging-directive`, you don't need to set the
905
+ # `x-amz-tagging` header, because the tag-set will be copied from the
906
+ # source object directly. The tag-set must be encoded as URL Query
907
+ # parameters.
908
+ #
909
+ # The default value is the empty value.
910
+ #
911
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
912
+ # operation, only the empty tag-set is supported. Any requests that
913
+ # attempt to write non-empty tags into directory buckets will receive a
914
+ # `501 Not Implemented` status code. When the destination bucket is a
915
+ # directory bucket, you will receive a `501 Not Implemented` response in
916
+ # any of the following situations:
917
+ #
918
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
919
+ # has non-empty tags.
920
+ #
921
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
922
+ # a non-empty value to `x-amz-tagging`.
923
+ #
924
+ # * When you don't set the `x-amz-tagging-directive` header and the
925
+ # source object has non-empty tags. This is because the default value
926
+ # of `x-amz-tagging-directive` is `COPY`.
927
+ #
928
+ # Because only the empty tag-set is supported for directory buckets in a
929
+ # `CopyObject` operation, the following situations are allowed:
930
+ #
931
+ # * When you attempt to `COPY` the tag-set from a directory bucket
932
+ # source object that has no tags to a general purpose bucket. It
933
+ # copies an empty tag-set to the destination object.
934
+ #
935
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
936
+ # source object and set the `x-amz-tagging` value of the directory
937
+ # bucket destination object to empty.
938
+ #
939
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
940
+ # bucket source object that has non-empty tags and set the
941
+ # `x-amz-tagging` value of the directory bucket destination object to
942
+ # empty.
943
+ #
944
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
945
+ # source object and don't set the `x-amz-tagging` value of the
946
+ # directory bucket destination object. This is because the default
947
+ # value of `x-amz-tagging` is the empty value.
948
+ #
949
+ # </note>
542
950
  # @option options [String] :object_lock_mode
543
- # The Object Lock mode that you want to apply to the copied object.
951
+ # The Object Lock mode that you want to apply to the object copy.
952
+ #
953
+ # <note markdown="1"> This functionality is not supported for directory buckets.
954
+ #
955
+ # </note>
544
956
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
545
- # The date and time when you want the copied object's Object Lock to
957
+ # The date and time when you want the Object Lock of the object copy to
546
958
  # expire.
959
+ #
960
+ # <note markdown="1"> This functionality is not supported for directory buckets.
961
+ #
962
+ # </note>
547
963
  # @option options [String] :object_lock_legal_hold_status
548
- # Specifies whether you want to apply a legal hold to the copied object.
964
+ # Specifies whether you want to apply a legal hold to the object copy.
965
+ #
966
+ # <note markdown="1"> This functionality is not supported for directory buckets.
967
+ #
968
+ # </note>
549
969
  # @option options [String] :expected_bucket_owner
550
970
  # The account ID of the expected destination bucket owner. If the
551
- # destination bucket is owned by a different account, the request fails
552
- # with the HTTP status code `403 Forbidden` (access denied).
971
+ # account ID that you provide does not match the actual owner of the
972
+ # destination bucket, the request fails with the HTTP status code `403
973
+ # Forbidden` (access denied).
553
974
  # @option options [String] :expected_source_bucket_owner
554
- # The account ID of the expected source bucket owner. If the source
555
- # bucket is owned by a different account, the request fails with the
556
- # HTTP status code `403 Forbidden` (access denied).
975
+ # The account ID of the expected source bucket owner. If the account ID
976
+ # that you provide does not match the actual owner of the source bucket,
977
+ # the request fails with the HTTP status code `403 Forbidden` (access
978
+ # denied).
557
979
  # @return [Types::CopyObjectOutput]
558
980
  def copy_from(options = {})
559
981
  options = options.merge(
@@ -581,16 +1003,29 @@ module Aws::S3
581
1003
  # space, and the value that is displayed on your authentication device.
582
1004
  # Required to permanently delete a versioned object if versioning is
583
1005
  # configured with MFA delete enabled.
1006
+ #
1007
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1008
+ #
1009
+ # </note>
584
1010
  # @option options [String] :version_id
585
- # VersionId used to reference a specific version of the object.
1011
+ # Version ID used to reference a specific version of the object.
1012
+ #
1013
+ # <note markdown="1"> For directory buckets in this API operation, only the `null` value of
1014
+ # the version ID is supported.
1015
+ #
1016
+ # </note>
586
1017
  # @option options [String] :request_payer
587
1018
  # Confirms that the requester knows that they will be charged for the
588
1019
  # request. Bucket owners need not specify this parameter in their
589
- # requests. If either the source or destination Amazon S3 bucket has
590
- # Requester Pays enabled, the requester will pay for corresponding
591
- # charges to copy the object. For information about downloading objects
592
- # from Requester Pays buckets, see [Downloading Objects in Requester
593
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1020
+ # requests. If either the source or destination S3 bucket has Requester
1021
+ # Pays enabled, the requester will pay for corresponding charges to copy
1022
+ # the object. For information about downloading objects from Requester
1023
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1024
+ # in the *Amazon S3 User Guide*.
1025
+ #
1026
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1027
+ #
1028
+ # </note>
594
1029
  #
595
1030
  #
596
1031
  #
@@ -599,10 +1034,14 @@ module Aws::S3
599
1034
  # Indicates whether S3 Object Lock should bypass Governance-mode
600
1035
  # restrictions to process this operation. To use this header, you must
601
1036
  # have the `s3:BypassGovernanceRetention` permission.
1037
+ #
1038
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1039
+ #
1040
+ # </note>
602
1041
  # @option options [String] :expected_bucket_owner
603
- # The account ID of the expected bucket owner. If the bucket is owned by
604
- # a different account, the request fails with the HTTP status code `403
605
- # Forbidden` (access denied).
1042
+ # The account ID of the expected bucket owner. If the account ID that
1043
+ # you provide does not match the actual owner of the bucket, the request
1044
+ # fails with the HTTP status code `403 Forbidden` (access denied).
606
1045
  # @return [Types::DeleteObjectOutput]
607
1046
  def delete(options = {})
608
1047
  options = options.merge(
@@ -641,18 +1080,64 @@ module Aws::S3
641
1080
  # @param [Hash] options ({})
642
1081
  # @option options [String] :if_match
643
1082
  # Return the object only if its entity tag (ETag) is the same as the one
644
- # specified; otherwise, return a 412 (precondition failed) error.
1083
+ # specified in this header; otherwise, return a `412 Precondition
1084
+ # Failed` error.
1085
+ #
1086
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1087
+ # present in the request as follows: `If-Match` condition evaluates to
1088
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1089
+ # then, S3 returns `200 OK` and the data requested.
1090
+ #
1091
+ # For more information about conditional requests, see [RFC 7232][1].
1092
+ #
1093
+ #
1094
+ #
1095
+ # [1]: https://tools.ietf.org/html/rfc7232
645
1096
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
646
1097
  # Return the object only if it has been modified since the specified
647
- # time; otherwise, return a 304 (not modified) error.
1098
+ # time; otherwise, return a `304 Not Modified` error.
1099
+ #
1100
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1101
+ # present in the request as follows:` If-None-Match` condition evaluates
1102
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1103
+ # then, S3 returns `304 Not Modified` status code.
1104
+ #
1105
+ # For more information about conditional requests, see [RFC 7232][1].
1106
+ #
1107
+ #
1108
+ #
1109
+ # [1]: https://tools.ietf.org/html/rfc7232
648
1110
  # @option options [String] :if_none_match
649
1111
  # Return the object only if its entity tag (ETag) is different from the
650
- # one specified; otherwise, return a 304 (not modified) error.
1112
+ # one specified in this header; otherwise, return a `304 Not Modified`
1113
+ # error.
1114
+ #
1115
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1116
+ # present in the request as follows:` If-None-Match` condition evaluates
1117
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1118
+ # then, S3 returns `304 Not Modified` HTTP status code.
1119
+ #
1120
+ # For more information about conditional requests, see [RFC 7232][1].
1121
+ #
1122
+ #
1123
+ #
1124
+ # [1]: https://tools.ietf.org/html/rfc7232
651
1125
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
652
1126
  # Return the object only if it has not been modified since the specified
653
- # time; otherwise, return a 412 (precondition failed) error.
1127
+ # time; otherwise, return a `412 Precondition Failed` error.
1128
+ #
1129
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1130
+ # present in the request as follows: `If-Match` condition evaluates to
1131
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1132
+ # then, S3 returns `200 OK` and the data requested.
1133
+ #
1134
+ # For more information about conditional requests, see [RFC 7232][1].
1135
+ #
1136
+ #
1137
+ #
1138
+ # [1]: https://tools.ietf.org/html/rfc7232
654
1139
  # @option options [String] :range
655
- # Downloads the specified range bytes of an object. For more information
1140
+ # Downloads the specified byte range of an object. For more information
656
1141
  # about the HTTP Range header, see
657
1142
  # [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
658
1143
  #
@@ -667,7 +1152,7 @@ module Aws::S3
667
1152
  # @option options [String] :response_cache_control
668
1153
  # Sets the `Cache-Control` header of the response.
669
1154
  # @option options [String] :response_content_disposition
670
- # Sets the `Content-Disposition` header of the response
1155
+ # Sets the `Content-Disposition` header of the response.
671
1156
  # @option options [String] :response_content_encoding
672
1157
  # Sets the `Content-Encoding` header of the response.
673
1158
  # @option options [String] :response_content_language
@@ -677,137 +1162,507 @@ module Aws::S3
677
1162
  # @option options [Time,DateTime,Date,Integer,String] :response_expires
678
1163
  # Sets the `Expires` header of the response.
679
1164
  # @option options [String] :version_id
680
- # VersionId used to reference a specific version of the object.
1165
+ # Version ID used to reference a specific version of the object.
1166
+ #
1167
+ # By default, the `GetObject` operation returns the current version of
1168
+ # an object. To return a different version, use the `versionId`
1169
+ # subresource.
1170
+ #
1171
+ # <note markdown="1"> * If you include a `versionId` in your request header, you must have
1172
+ # the `s3:GetObjectVersion` permission to access a specific version of
1173
+ # an object. The `s3:GetObject` permission is not required in this
1174
+ # scenario.
1175
+ #
1176
+ # * If you request the current version of an object without a specific
1177
+ # `versionId` in the request header, only the `s3:GetObject`
1178
+ # permission is required. The `s3:GetObjectVersion` permission is not
1179
+ # required in this scenario.
1180
+ #
1181
+ # * **Directory buckets** - S3 Versioning isn't enabled and supported
1182
+ # for directory buckets. For this API operation, only the `null` value
1183
+ # of the version ID is supported by directory buckets. You can only
1184
+ # specify `null` to the `versionId` query parameter in the request.
1185
+ #
1186
+ # </note>
1187
+ #
1188
+ # For more information about versioning, see [PutBucketVersioning][1].
1189
+ #
1190
+ #
1191
+ #
1192
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html
681
1193
  # @option options [String] :sse_customer_algorithm
682
- # Specifies the algorithm to use to when decrypting the object (for
683
- # example, AES256).
1194
+ # Specifies the algorithm to use when decrypting the object (for
1195
+ # example, `AES256`).
1196
+ #
1197
+ # If you encrypt an object by using server-side encryption with
1198
+ # customer-provided encryption keys (SSE-C) when you store the object in
1199
+ # Amazon S3, then when you GET the object, you must use the following
1200
+ # headers:
1201
+ #
1202
+ # * `x-amz-server-side-encryption-customer-algorithm`
1203
+ #
1204
+ # * `x-amz-server-side-encryption-customer-key`
1205
+ #
1206
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1207
+ #
1208
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1209
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1210
+ #
1211
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1212
+ #
1213
+ # </note>
1214
+ #
1215
+ #
1216
+ #
1217
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
684
1218
  # @option options [String] :sse_customer_key
685
- # Specifies the customer-provided encryption key for Amazon S3 used to
686
- # encrypt the data. This value is used to decrypt the object when
687
- # recovering it and must match the one used when storing the data. The
688
- # key must be appropriate for use with the algorithm specified in the
1219
+ # Specifies the customer-provided encryption key that you originally
1220
+ # provided for Amazon S3 to encrypt the data before storing it. This
1221
+ # value is used to decrypt the object when recovering it and must match
1222
+ # the one used when storing the data. The key must be appropriate for
1223
+ # use with the algorithm specified in the
689
1224
  # `x-amz-server-side-encryption-customer-algorithm` header.
1225
+ #
1226
+ # If you encrypt an object by using server-side encryption with
1227
+ # customer-provided encryption keys (SSE-C) when you store the object in
1228
+ # Amazon S3, then when you GET the object, you must use the following
1229
+ # headers:
1230
+ #
1231
+ # * `x-amz-server-side-encryption-customer-algorithm`
1232
+ #
1233
+ # * `x-amz-server-side-encryption-customer-key`
1234
+ #
1235
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1236
+ #
1237
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1238
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1239
+ #
1240
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1241
+ #
1242
+ # </note>
1243
+ #
1244
+ #
1245
+ #
1246
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
690
1247
  # @option options [String] :sse_customer_key_md5
691
- # Specifies the 128-bit MD5 digest of the encryption key according to
692
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
693
- # ensure that the encryption key was transmitted without error.
1248
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
1249
+ # key according to RFC 1321. Amazon S3 uses this header for a message
1250
+ # integrity check to ensure that the encryption key was transmitted
1251
+ # without error.
1252
+ #
1253
+ # If you encrypt an object by using server-side encryption with
1254
+ # customer-provided encryption keys (SSE-C) when you store the object in
1255
+ # Amazon S3, then when you GET the object, you must use the following
1256
+ # headers:
1257
+ #
1258
+ # * `x-amz-server-side-encryption-customer-algorithm`
1259
+ #
1260
+ # * `x-amz-server-side-encryption-customer-key`
1261
+ #
1262
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1263
+ #
1264
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1265
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1266
+ #
1267
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1268
+ #
1269
+ # </note>
1270
+ #
1271
+ #
1272
+ #
1273
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
694
1274
  # @option options [String] :request_payer
695
1275
  # Confirms that the requester knows that they will be charged for the
696
1276
  # request. Bucket owners need not specify this parameter in their
697
- # requests. If either the source or destination Amazon S3 bucket has
698
- # Requester Pays enabled, the requester will pay for corresponding
699
- # charges to copy the object. For information about downloading objects
700
- # from Requester Pays buckets, see [Downloading Objects in Requester
701
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1277
+ # requests. If either the source or destination S3 bucket has Requester
1278
+ # Pays enabled, the requester will pay for corresponding charges to copy
1279
+ # the object. For information about downloading objects from Requester
1280
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1281
+ # in the *Amazon S3 User Guide*.
1282
+ #
1283
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1284
+ #
1285
+ # </note>
1286
+ #
1287
+ #
1288
+ #
1289
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1290
+ # @option options [Integer] :part_number
1291
+ # Part number of the object being read. This is a positive integer
1292
+ # between 1 and 10,000. Effectively performs a 'ranged' GET request
1293
+ # for the part specified. Useful for downloading just a part of an
1294
+ # object.
1295
+ # @option options [String] :expected_bucket_owner
1296
+ # The account ID of the expected bucket owner. If the account ID that
1297
+ # you provide does not match the actual owner of the bucket, the request
1298
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1299
+ # @option options [String] :checksum_mode
1300
+ # To retrieve the checksum, this mode must be enabled.
1301
+ # @return [Types::GetObjectOutput]
1302
+ def get(options = {}, &block)
1303
+ options = options.merge(
1304
+ bucket: @bucket_name,
1305
+ key: @key
1306
+ )
1307
+ resp = Aws::Plugins::UserAgent.feature('resource') do
1308
+ @client.get_object(options, &block)
1309
+ end
1310
+ resp.data
1311
+ end
1312
+
1313
+ # @example Request syntax with placeholder values
1314
+ #
1315
+ # multipartupload = object_summary.initiate_multipart_upload({
1316
+ # acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
1317
+ # cache_control: "CacheControl",
1318
+ # content_disposition: "ContentDisposition",
1319
+ # content_encoding: "ContentEncoding",
1320
+ # content_language: "ContentLanguage",
1321
+ # content_type: "ContentType",
1322
+ # expires: Time.now,
1323
+ # grant_full_control: "GrantFullControl",
1324
+ # grant_read: "GrantRead",
1325
+ # grant_read_acp: "GrantReadACP",
1326
+ # grant_write_acp: "GrantWriteACP",
1327
+ # metadata: {
1328
+ # "MetadataKey" => "MetadataValue",
1329
+ # },
1330
+ # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1331
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1332
+ # website_redirect_location: "WebsiteRedirectLocation",
1333
+ # sse_customer_algorithm: "SSECustomerAlgorithm",
1334
+ # sse_customer_key: "SSECustomerKey",
1335
+ # sse_customer_key_md5: "SSECustomerKeyMD5",
1336
+ # ssekms_key_id: "SSEKMSKeyId",
1337
+ # ssekms_encryption_context: "SSEKMSEncryptionContext",
1338
+ # bucket_key_enabled: false,
1339
+ # request_payer: "requester", # accepts requester
1340
+ # tagging: "TaggingHeader",
1341
+ # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
1342
+ # object_lock_retain_until_date: Time.now,
1343
+ # object_lock_legal_hold_status: "ON", # accepts ON, OFF
1344
+ # expected_bucket_owner: "AccountId",
1345
+ # checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
1346
+ # })
1347
+ # @param [Hash] options ({})
1348
+ # @option options [String] :acl
1349
+ # The canned ACL to apply to the object. Amazon S3 supports a set of
1350
+ # predefined ACLs, known as *canned ACLs*. Each canned ACL has a
1351
+ # predefined set of grantees and permissions. For more information, see
1352
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
1353
+ #
1354
+ # By default, all objects are private. Only the owner has full access
1355
+ # control. When uploading an object, you can grant access permissions to
1356
+ # individual Amazon Web Services accounts or to predefined groups
1357
+ # defined by Amazon S3. These permissions are then added to the access
1358
+ # control list (ACL) on the new object. For more information, see [Using
1359
+ # ACLs][2]. One way to grant the permissions using the request headers
1360
+ # is to specify a canned ACL with the `x-amz-acl` request header.
1361
+ #
1362
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1363
+ #
1364
+ # * This functionality is not supported for Amazon S3 on Outposts.
1365
+ #
1366
+ # </note>
1367
+ #
1368
+ #
1369
+ #
1370
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
1371
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
1372
+ # @option options [String] :cache_control
1373
+ # Specifies caching behavior along the request/reply chain.
1374
+ # @option options [String] :content_disposition
1375
+ # Specifies presentational information for the object.
1376
+ # @option options [String] :content_encoding
1377
+ # Specifies what content encodings have been applied to the object and
1378
+ # thus what decoding mechanisms must be applied to obtain the media-type
1379
+ # referenced by the Content-Type header field.
1380
+ #
1381
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
1382
+ # this header field.
1383
+ #
1384
+ # </note>
1385
+ # @option options [String] :content_language
1386
+ # The language that the content is in.
1387
+ # @option options [String] :content_type
1388
+ # A standard MIME type describing the format of the object data.
1389
+ # @option options [Time,DateTime,Date,Integer,String] :expires
1390
+ # The date and time at which the object is no longer cacheable.
1391
+ # @option options [String] :grant_full_control
1392
+ # Specify access permissions explicitly to give the grantee READ,
1393
+ # READ\_ACP, and WRITE\_ACP permissions on the object.
1394
+ #
1395
+ # By default, all objects are private. Only the owner has full access
1396
+ # control. When uploading an object, you can use this header to
1397
+ # explicitly grant access permissions to specific Amazon Web Services
1398
+ # accounts or groups. This header maps to specific permissions that
1399
+ # Amazon S3 supports in an ACL. For more information, see [Access
1400
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1401
+ #
1402
+ # You specify each grantee as a type=value pair, where the type is one
1403
+ # of the following:
1404
+ #
1405
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1406
+ # Web Services account
1407
+ #
1408
+ # * `uri` – if you are granting permissions to a predefined group
1409
+ #
1410
+ # * `emailAddress` – if the value specified is the email address of an
1411
+ # Amazon Web Services account
1412
+ #
1413
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1414
+ # following Amazon Web Services Regions:
1415
+ #
1416
+ # * US East (N. Virginia)
1417
+ #
1418
+ # * US West (N. California)
1419
+ #
1420
+ # * US West (Oregon)
1421
+ #
1422
+ # * Asia Pacific (Singapore)
1423
+ #
1424
+ # * Asia Pacific (Sydney)
1425
+ #
1426
+ # * Asia Pacific (Tokyo)
1427
+ #
1428
+ # * Europe (Ireland)
1429
+ #
1430
+ # * South America (São Paulo)
1431
+ #
1432
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1433
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1434
+ # Reference.
1435
+ #
1436
+ # </note>
1437
+ #
1438
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1439
+ # Web Services accounts identified by account IDs permissions to read
1440
+ # object data and its metadata:
1441
+ #
1442
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1443
+ #
1444
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1445
+ #
1446
+ # * This functionality is not supported for Amazon S3 on Outposts.
1447
+ #
1448
+ # </note>
1449
+ #
1450
+ #
1451
+ #
1452
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1453
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1454
+ # @option options [String] :grant_read
1455
+ # Specify access permissions explicitly to allow grantee to read the
1456
+ # object data and its metadata.
1457
+ #
1458
+ # By default, all objects are private. Only the owner has full access
1459
+ # control. When uploading an object, you can use this header to
1460
+ # explicitly grant access permissions to specific Amazon Web Services
1461
+ # accounts or groups. This header maps to specific permissions that
1462
+ # Amazon S3 supports in an ACL. For more information, see [Access
1463
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1464
+ #
1465
+ # You specify each grantee as a type=value pair, where the type is one
1466
+ # of the following:
1467
+ #
1468
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1469
+ # Web Services account
1470
+ #
1471
+ # * `uri` – if you are granting permissions to a predefined group
1472
+ #
1473
+ # * `emailAddress` – if the value specified is the email address of an
1474
+ # Amazon Web Services account
1475
+ #
1476
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1477
+ # following Amazon Web Services Regions:
1478
+ #
1479
+ # * US East (N. Virginia)
1480
+ #
1481
+ # * US West (N. California)
1482
+ #
1483
+ # * US West (Oregon)
1484
+ #
1485
+ # * Asia Pacific (Singapore)
1486
+ #
1487
+ # * Asia Pacific (Sydney)
1488
+ #
1489
+ # * Asia Pacific (Tokyo)
1490
+ #
1491
+ # * Europe (Ireland)
1492
+ #
1493
+ # * South America (São Paulo)
1494
+ #
1495
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1496
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1497
+ # Reference.
1498
+ #
1499
+ # </note>
1500
+ #
1501
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1502
+ # Web Services accounts identified by account IDs permissions to read
1503
+ # object data and its metadata:
1504
+ #
1505
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1506
+ #
1507
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1508
+ #
1509
+ # * This functionality is not supported for Amazon S3 on Outposts.
1510
+ #
1511
+ # </note>
1512
+ #
1513
+ #
1514
+ #
1515
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1516
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1517
+ # @option options [String] :grant_read_acp
1518
+ # Specify access permissions explicitly to allows grantee to read the
1519
+ # object ACL.
1520
+ #
1521
+ # By default, all objects are private. Only the owner has full access
1522
+ # control. When uploading an object, you can use this header to
1523
+ # explicitly grant access permissions to specific Amazon Web Services
1524
+ # accounts or groups. This header maps to specific permissions that
1525
+ # Amazon S3 supports in an ACL. For more information, see [Access
1526
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1527
+ #
1528
+ # You specify each grantee as a type=value pair, where the type is one
1529
+ # of the following:
1530
+ #
1531
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1532
+ # Web Services account
1533
+ #
1534
+ # * `uri` – if you are granting permissions to a predefined group
1535
+ #
1536
+ # * `emailAddress` – if the value specified is the email address of an
1537
+ # Amazon Web Services account
1538
+ #
1539
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1540
+ # following Amazon Web Services Regions:
1541
+ #
1542
+ # * US East (N. Virginia)
1543
+ #
1544
+ # * US West (N. California)
1545
+ #
1546
+ # * US West (Oregon)
1547
+ #
1548
+ # * Asia Pacific (Singapore)
1549
+ #
1550
+ # * Asia Pacific (Sydney)
1551
+ #
1552
+ # * Asia Pacific (Tokyo)
1553
+ #
1554
+ # * Europe (Ireland)
1555
+ #
1556
+ # * South America (São Paulo)
1557
+ #
1558
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1559
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1560
+ # Reference.
1561
+ #
1562
+ # </note>
1563
+ #
1564
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1565
+ # Web Services accounts identified by account IDs permissions to read
1566
+ # object data and its metadata:
1567
+ #
1568
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1569
+ #
1570
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1571
+ #
1572
+ # * This functionality is not supported for Amazon S3 on Outposts.
1573
+ #
1574
+ # </note>
1575
+ #
1576
+ #
1577
+ #
1578
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1579
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1580
+ # @option options [String] :grant_write_acp
1581
+ # Specify access permissions explicitly to allows grantee to allow
1582
+ # grantee to write the ACL for the applicable object.
702
1583
  #
1584
+ # By default, all objects are private. Only the owner has full access
1585
+ # control. When uploading an object, you can use this header to
1586
+ # explicitly grant access permissions to specific Amazon Web Services
1587
+ # accounts or groups. This header maps to specific permissions that
1588
+ # Amazon S3 supports in an ACL. For more information, see [Access
1589
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
703
1590
  #
1591
+ # You specify each grantee as a type=value pair, where the type is one
1592
+ # of the following:
704
1593
  #
705
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
706
- # @option options [Integer] :part_number
707
- # Part number of the object being read. This is a positive integer
708
- # between 1 and 10,000. Effectively performs a 'ranged' GET request
709
- # for the part specified. Useful for downloading just a part of an
710
- # object.
711
- # @option options [String] :expected_bucket_owner
712
- # The account ID of the expected bucket owner. If the bucket is owned by
713
- # a different account, the request fails with the HTTP status code `403
714
- # Forbidden` (access denied).
715
- # @option options [String] :checksum_mode
716
- # To retrieve the checksum, this mode must be enabled.
717
- # @return [Types::GetObjectOutput]
718
- def get(options = {}, &block)
719
- options = options.merge(
720
- bucket: @bucket_name,
721
- key: @key
722
- )
723
- resp = Aws::Plugins::UserAgent.feature('resource') do
724
- @client.get_object(options, &block)
725
- end
726
- resp.data
727
- end
728
-
729
- # @example Request syntax with placeholder values
1594
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1595
+ # Web Services account
730
1596
  #
731
- # multipartupload = object_summary.initiate_multipart_upload({
732
- # acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
733
- # cache_control: "CacheControl",
734
- # content_disposition: "ContentDisposition",
735
- # content_encoding: "ContentEncoding",
736
- # content_language: "ContentLanguage",
737
- # content_type: "ContentType",
738
- # expires: Time.now,
739
- # grant_full_control: "GrantFullControl",
740
- # grant_read: "GrantRead",
741
- # grant_read_acp: "GrantReadACP",
742
- # grant_write_acp: "GrantWriteACP",
743
- # metadata: {
744
- # "MetadataKey" => "MetadataValue",
745
- # },
746
- # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
747
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
748
- # website_redirect_location: "WebsiteRedirectLocation",
749
- # sse_customer_algorithm: "SSECustomerAlgorithm",
750
- # sse_customer_key: "SSECustomerKey",
751
- # sse_customer_key_md5: "SSECustomerKeyMD5",
752
- # ssekms_key_id: "SSEKMSKeyId",
753
- # ssekms_encryption_context: "SSEKMSEncryptionContext",
754
- # bucket_key_enabled: false,
755
- # request_payer: "requester", # accepts requester
756
- # tagging: "TaggingHeader",
757
- # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
758
- # object_lock_retain_until_date: Time.now,
759
- # object_lock_legal_hold_status: "ON", # accepts ON, OFF
760
- # expected_bucket_owner: "AccountId",
761
- # checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
762
- # })
763
- # @param [Hash] options ({})
764
- # @option options [String] :acl
765
- # The canned ACL to apply to the object.
1597
+ # * `uri` – if you are granting permissions to a predefined group
766
1598
  #
767
- # This action is not supported by Amazon S3 on Outposts.
768
- # @option options [String] :cache_control
769
- # Specifies caching behavior along the request/reply chain.
770
- # @option options [String] :content_disposition
771
- # Specifies presentational information for the object.
772
- # @option options [String] :content_encoding
773
- # Specifies what content encodings have been applied to the object and
774
- # thus what decoding mechanisms must be applied to obtain the media-type
775
- # referenced by the Content-Type header field.
776
- # @option options [String] :content_language
777
- # The language the content is in.
778
- # @option options [String] :content_type
779
- # A standard MIME type describing the format of the object data.
780
- # @option options [Time,DateTime,Date,Integer,String] :expires
781
- # The date and time at which the object is no longer cacheable.
782
- # @option options [String] :grant_full_control
783
- # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
784
- # object.
1599
+ # * `emailAddress` if the value specified is the email address of an
1600
+ # Amazon Web Services account
785
1601
  #
786
- # This action is not supported by Amazon S3 on Outposts.
787
- # @option options [String] :grant_read
788
- # Allows grantee to read the object data and its metadata.
1602
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1603
+ # following Amazon Web Services Regions:
789
1604
  #
790
- # This action is not supported by Amazon S3 on Outposts.
791
- # @option options [String] :grant_read_acp
792
- # Allows grantee to read the object ACL.
1605
+ # * US East (N. Virginia)
1606
+ #
1607
+ # * US West (N. California)
1608
+ #
1609
+ # * US West (Oregon)
1610
+ #
1611
+ # * Asia Pacific (Singapore)
1612
+ #
1613
+ # * Asia Pacific (Sydney)
1614
+ #
1615
+ # * Asia Pacific (Tokyo)
1616
+ #
1617
+ # * Europe (Ireland)
1618
+ #
1619
+ # * South America (São Paulo)
1620
+ #
1621
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1622
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1623
+ # Reference.
1624
+ #
1625
+ # </note>
1626
+ #
1627
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1628
+ # Web Services accounts identified by account IDs permissions to read
1629
+ # object data and its metadata:
1630
+ #
1631
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1632
+ #
1633
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1634
+ #
1635
+ # * This functionality is not supported for Amazon S3 on Outposts.
1636
+ #
1637
+ # </note>
793
1638
  #
794
- # This action is not supported by Amazon S3 on Outposts.
795
- # @option options [String] :grant_write_acp
796
- # Allows grantee to write the ACL for the applicable object.
797
1639
  #
798
- # This action is not supported by Amazon S3 on Outposts.
1640
+ #
1641
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1642
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
799
1643
  # @option options [Hash<String,String>] :metadata
800
1644
  # A map of metadata to store with the object in S3.
801
1645
  # @option options [String] :server_side_encryption
802
- # The server-side encryption algorithm used when storing this object in
803
- # Amazon S3 (for example, `AES256`, `aws:kms`).
1646
+ # The server-side encryption algorithm used when you store this object
1647
+ # in Amazon S3 (for example, `AES256`, `aws:kms`).
1648
+ #
1649
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
1650
+ # managed keys (SSE-S3) (`AES256`) is supported.
1651
+ #
1652
+ # </note>
804
1653
  # @option options [String] :storage_class
805
1654
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
806
1655
  # created objects. The STANDARD storage class provides high durability
807
1656
  # and high availability. Depending on performance needs, you can specify
808
- # a different Storage Class. Amazon S3 on Outposts only uses the
809
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
810
- # in the *Amazon S3 User Guide*.
1657
+ # a different Storage Class. For more information, see [Storage
1658
+ # Classes][1] in the *Amazon S3 User Guide*.
1659
+ #
1660
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
1661
+ # supported to store newly created objects.
1662
+ #
1663
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
1664
+ #
1665
+ # </note>
811
1666
  #
812
1667
  #
813
1668
  #
@@ -816,35 +1671,51 @@ module Aws::S3
816
1671
  # If the bucket is configured as a website, redirects requests for this
817
1672
  # object to another object in the same bucket or to an external URL.
818
1673
  # Amazon S3 stores the value of this header in the object metadata.
1674
+ #
1675
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1676
+ #
1677
+ # </note>
819
1678
  # @option options [String] :sse_customer_algorithm
820
- # Specifies the algorithm to use to when encrypting the object (for
1679
+ # Specifies the algorithm to use when encrypting the object (for
821
1680
  # example, AES256).
1681
+ #
1682
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1683
+ #
1684
+ # </note>
822
1685
  # @option options [String] :sse_customer_key
823
1686
  # Specifies the customer-provided encryption key for Amazon S3 to use in
824
1687
  # encrypting data. This value is used to store the object and then it is
825
1688
  # discarded; Amazon S3 does not store the encryption key. The key must
826
1689
  # be appropriate for use with the algorithm specified in the
827
1690
  # `x-amz-server-side-encryption-customer-algorithm` header.
1691
+ #
1692
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1693
+ #
1694
+ # </note>
828
1695
  # @option options [String] :sse_customer_key_md5
829
- # Specifies the 128-bit MD5 digest of the encryption key according to
830
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
831
- # ensure that the encryption key was transmitted without error.
1696
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
1697
+ # key according to RFC 1321. Amazon S3 uses this header for a message
1698
+ # integrity check to ensure that the encryption key was transmitted
1699
+ # without error.
1700
+ #
1701
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1702
+ #
1703
+ # </note>
832
1704
  # @option options [String] :ssekms_key_id
833
1705
  # Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric
834
- # encryption customer managed key to use for object encryption. All GET
835
- # and PUT requests for an object protected by KMS will fail if they're
836
- # not made via SSL or using SigV4. For information about configuring any
837
- # of the officially supported Amazon Web Services SDKs and Amazon Web
838
- # Services CLI, see [Specifying the Signature Version in Request
839
- # Authentication][1] in the *Amazon S3 User Guide*.
840
- #
1706
+ # encryption customer managed key to use for object encryption.
841
1707
  #
1708
+ # <note markdown="1"> This functionality is not supported for directory buckets.
842
1709
  #
843
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
1710
+ # </note>
844
1711
  # @option options [String] :ssekms_encryption_context
845
1712
  # Specifies the Amazon Web Services KMS Encryption Context to use for
846
1713
  # object encryption. The value of this header is a base64-encoded UTF-8
847
1714
  # string holding JSON with the encryption context key-value pairs.
1715
+ #
1716
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1717
+ #
1718
+ # </note>
848
1719
  # @option options [Boolean] :bucket_key_enabled
849
1720
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
850
1721
  # encryption with server-side encryption using Key Management Service
@@ -853,14 +1724,22 @@ module Aws::S3
853
1724
  #
854
1725
  # Specifying this header with an object action doesn’t affect
855
1726
  # bucket-level settings for S3 Bucket Key.
1727
+ #
1728
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1729
+ #
1730
+ # </note>
856
1731
  # @option options [String] :request_payer
857
1732
  # Confirms that the requester knows that they will be charged for the
858
1733
  # request. Bucket owners need not specify this parameter in their
859
- # requests. If either the source or destination Amazon S3 bucket has
860
- # Requester Pays enabled, the requester will pay for corresponding
861
- # charges to copy the object. For information about downloading objects
862
- # from Requester Pays buckets, see [Downloading Objects in Requester
863
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1734
+ # requests. If either the source or destination S3 bucket has Requester
1735
+ # Pays enabled, the requester will pay for corresponding charges to copy
1736
+ # the object. For information about downloading objects from Requester
1737
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1738
+ # in the *Amazon S3 User Guide*.
1739
+ #
1740
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1741
+ #
1742
+ # </note>
864
1743
  #
865
1744
  #
866
1745
  #
@@ -868,20 +1747,36 @@ module Aws::S3
868
1747
  # @option options [String] :tagging
869
1748
  # The tag-set for the object. The tag-set must be encoded as URL Query
870
1749
  # parameters.
1750
+ #
1751
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1752
+ #
1753
+ # </note>
871
1754
  # @option options [String] :object_lock_mode
872
1755
  # Specifies the Object Lock mode that you want to apply to the uploaded
873
1756
  # object.
1757
+ #
1758
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1759
+ #
1760
+ # </note>
874
1761
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
875
1762
  # Specifies the date and time when you want the Object Lock to expire.
1763
+ #
1764
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1765
+ #
1766
+ # </note>
876
1767
  # @option options [String] :object_lock_legal_hold_status
877
1768
  # Specifies whether you want to apply a legal hold to the uploaded
878
1769
  # object.
1770
+ #
1771
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1772
+ #
1773
+ # </note>
879
1774
  # @option options [String] :expected_bucket_owner
880
- # The account ID of the expected bucket owner. If the bucket is owned by
881
- # a different account, the request fails with the HTTP status code `403
882
- # Forbidden` (access denied).
1775
+ # The account ID of the expected bucket owner. If the account ID that
1776
+ # you provide does not match the actual owner of the bucket, the request
1777
+ # fails with the HTTP status code `403 Forbidden` (access denied).
883
1778
  # @option options [String] :checksum_algorithm
884
- # Indicates the algorithm you want Amazon S3 to use to create the
1779
+ # Indicates the algorithm that you want Amazon S3 to use to create the
885
1780
  # checksum for the object. For more information, see [Checking object
886
1781
  # integrity][1] in the *Amazon S3 User Guide*.
887
1782
  #
@@ -931,7 +1826,7 @@ module Aws::S3
931
1826
  # "MetadataKey" => "MetadataValue",
932
1827
  # },
933
1828
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
934
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
1829
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
935
1830
  # website_redirect_location: "WebsiteRedirectLocation",
936
1831
  # sse_customer_algorithm: "SSECustomerAlgorithm",
937
1832
  # sse_customer_key: "SSECustomerKey",
@@ -949,13 +1844,41 @@ module Aws::S3
949
1844
  # @param [Hash] options ({})
950
1845
  # @option options [String] :acl
951
1846
  # The canned ACL to apply to the object. For more information, see
952
- # [Canned ACL][1].
1847
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
1848
+ #
1849
+ # When adding a new object, you can use headers to grant ACL-based
1850
+ # permissions to individual Amazon Web Services accounts or to
1851
+ # predefined groups defined by Amazon S3. These permissions are then
1852
+ # added to the ACL on the object. By default, all objects are private.
1853
+ # Only the owner has full access control. For more information, see
1854
+ # [Access Control List (ACL) Overview][2] and [Managing ACLs Using the
1855
+ # REST API][3] in the *Amazon S3 User Guide*.
1856
+ #
1857
+ # If the bucket that you're uploading objects to uses the bucket owner
1858
+ # enforced setting for S3 Object Ownership, ACLs are disabled and no
1859
+ # longer affect permissions. Buckets that use this setting only accept
1860
+ # PUT requests that don't specify an ACL or PUT requests that specify
1861
+ # bucket owner full control ACLs, such as the
1862
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
1863
+ # ACL expressed in the XML format. PUT requests that contain other ACLs
1864
+ # (for example, custom grants to certain Amazon Web Services accounts)
1865
+ # fail and return a `400` error with the error code
1866
+ # `AccessControlListNotSupported`. For more information, see [
1867
+ # Controlling ownership of objects and disabling ACLs][4] in the *Amazon
1868
+ # S3 User Guide*.
1869
+ #
1870
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1871
+ #
1872
+ # * This functionality is not supported for Amazon S3 on Outposts.
953
1873
  #
954
- # This action is not supported by Amazon S3 on Outposts.
1874
+ # </note>
955
1875
  #
956
1876
  #
957
1877
  #
958
1878
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
1879
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1880
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
1881
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
959
1882
  # @option options [String, StringIO, File] :body
960
1883
  # Object data.
961
1884
  # @option options [String] :cache_control
@@ -1002,9 +1925,21 @@ module Aws::S3
1002
1925
  # information about REST request authentication, see [REST
1003
1926
  # Authentication][1].
1004
1927
  #
1928
+ # <note markdown="1"> The `Content-MD5` header is required for any request to upload an
1929
+ # object with a retention period configured using Amazon S3 Object Lock.
1930
+ # For more information about Amazon S3 Object Lock, see [Amazon S3
1931
+ # Object Lock Overview][2] in the *Amazon S3 User Guide*.
1932
+ #
1933
+ # </note>
1934
+ #
1935
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1936
+ #
1937
+ # </note>
1938
+ #
1005
1939
  #
1006
1940
  #
1007
1941
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
1942
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
1008
1943
  # @option options [String] :content_type
1009
1944
  # A standard MIME type describing the format of the contents. For more
1010
1945
  # information, see
@@ -1015,15 +1950,36 @@ module Aws::S3
1015
1950
  # [1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type
1016
1951
  # @option options [String] :checksum_algorithm
1017
1952
  # Indicates the algorithm used to create the checksum for the object
1018
- # when using the SDK. This header will not provide any additional
1019
- # functionality if not using the SDK. When sending this header, there
1020
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1021
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1022
- # `400 Bad Request`. For more information, see [Checking object
1023
- # integrity][1] in the *Amazon S3 User Guide*.
1953
+ # when you use the SDK. This header will not provide any additional
1954
+ # functionality if you don't use the SDK. When you send this header,
1955
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
1956
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
1957
+ # with the HTTP status code `400 Bad Request`.
1024
1958
  #
1025
- # If you provide an individual checksum, Amazon S3 ignores any provided
1026
- # `ChecksumAlgorithm` parameter.
1959
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
1960
+ # the supported algorithm from the following list:
1961
+ #
1962
+ # * CRC32
1963
+ #
1964
+ # * CRC32C
1965
+ #
1966
+ # * SHA1
1967
+ #
1968
+ # * SHA256
1969
+ #
1970
+ # For more information, see [Checking object integrity][1] in the
1971
+ # *Amazon S3 User Guide*.
1972
+ #
1973
+ # If the individual checksum value you provide through
1974
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
1975
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
1976
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
1977
+ # that matches the provided value in `x-amz-checksum-algorithm `.
1978
+ #
1979
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
1980
+ # is the default checksum algorithm that's used for performance.
1981
+ #
1982
+ # </note>
1027
1983
  #
1028
1984
  #
1029
1985
  #
@@ -1080,31 +2036,74 @@ module Aws::S3
1080
2036
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1081
2037
  # object.
1082
2038
  #
1083
- # This action is not supported by Amazon S3 on Outposts.
2039
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2040
+ #
2041
+ # * This functionality is not supported for Amazon S3 on Outposts.
2042
+ #
2043
+ # </note>
1084
2044
  # @option options [String] :grant_read
1085
2045
  # Allows grantee to read the object data and its metadata.
1086
2046
  #
1087
- # This action is not supported by Amazon S3 on Outposts.
2047
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2048
+ #
2049
+ # * This functionality is not supported for Amazon S3 on Outposts.
2050
+ #
2051
+ # </note>
1088
2052
  # @option options [String] :grant_read_acp
1089
2053
  # Allows grantee to read the object ACL.
1090
2054
  #
1091
- # This action is not supported by Amazon S3 on Outposts.
2055
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2056
+ #
2057
+ # * This functionality is not supported for Amazon S3 on Outposts.
2058
+ #
2059
+ # </note>
1092
2060
  # @option options [String] :grant_write_acp
1093
2061
  # Allows grantee to write the ACL for the applicable object.
1094
2062
  #
1095
- # This action is not supported by Amazon S3 on Outposts.
2063
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2064
+ #
2065
+ # * This functionality is not supported for Amazon S3 on Outposts.
2066
+ #
2067
+ # </note>
1096
2068
  # @option options [Hash<String,String>] :metadata
1097
2069
  # A map of metadata to store with the object in S3.
1098
2070
  # @option options [String] :server_side_encryption
1099
- # The server-side encryption algorithm used when storing this object in
1100
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
2071
+ # The server-side encryption algorithm that was used when you store this
2072
+ # object in Amazon S3 (for example, `AES256`, `aws:kms`,
2073
+ # `aws:kms:dsse`).
2074
+ #
2075
+ # <b>General purpose buckets </b> - You have four mutually exclusive
2076
+ # options to protect data using server-side encryption in Amazon S3,
2077
+ # depending on how you choose to manage the encryption keys.
2078
+ # Specifically, the encryption key options are Amazon S3 managed keys
2079
+ # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2080
+ # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2081
+ # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2082
+ # default. You can optionally tell Amazon S3 to encrypt data at rest by
2083
+ # using server-side encryption with other key options. For more
2084
+ # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2085
+ # User Guide*.
2086
+ #
2087
+ # <b>Directory buckets </b> - For directory buckets, only the
2088
+ # server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`)
2089
+ # value is supported.
2090
+ #
2091
+ #
2092
+ #
2093
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
1101
2094
  # @option options [String] :storage_class
1102
2095
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1103
2096
  # created objects. The STANDARD storage class provides high durability
1104
2097
  # and high availability. Depending on performance needs, you can specify
1105
- # a different Storage Class. Amazon S3 on Outposts only uses the
1106
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1107
- # in the *Amazon S3 User Guide*.
2098
+ # a different Storage Class. For more information, see [Storage
2099
+ # Classes][1] in the *Amazon S3 User Guide*.
2100
+ #
2101
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
2102
+ # supported to store newly created objects.
2103
+ #
2104
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
2105
+ #
2106
+ # </note>
1108
2107
  #
1109
2108
  #
1110
2109
  #
@@ -1113,7 +2112,8 @@ module Aws::S3
1113
2112
  # If the bucket is configured as a website, redirects requests for this
1114
2113
  # object to another object in the same bucket or to an external URL.
1115
2114
  # Amazon S3 stores the value of this header in the object metadata. For
1116
- # information about object metadata, see [Object Key and Metadata][1].
2115
+ # information about object metadata, see [Object Key and Metadata][1] in
2116
+ # the *Amazon S3 User Guide*.
1117
2117
  #
1118
2118
  # In the following example, the request header sets the redirect to an
1119
2119
  # object (anotherPage.html) in the same bucket:
@@ -1127,7 +2127,11 @@ module Aws::S3
1127
2127
  #
1128
2128
  # For more information about website hosting in Amazon S3, see [Hosting
1129
2129
  # Websites on Amazon S3][2] and [How to Configure Website Page
1130
- # Redirects][3].
2130
+ # Redirects][3] in the *Amazon S3 User Guide*.
2131
+ #
2132
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2133
+ #
2134
+ # </note>
1131
2135
  #
1132
2136
  #
1133
2137
  #
@@ -1135,18 +2139,30 @@ module Aws::S3
1135
2139
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
1136
2140
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
1137
2141
  # @option options [String] :sse_customer_algorithm
1138
- # Specifies the algorithm to use to when encrypting the object (for
1139
- # example, AES256).
2142
+ # Specifies the algorithm to use when encrypting the object (for
2143
+ # example, `AES256`).
2144
+ #
2145
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2146
+ #
2147
+ # </note>
1140
2148
  # @option options [String] :sse_customer_key
1141
2149
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1142
2150
  # encrypting data. This value is used to store the object and then it is
1143
2151
  # discarded; Amazon S3 does not store the encryption key. The key must
1144
2152
  # be appropriate for use with the algorithm specified in the
1145
2153
  # `x-amz-server-side-encryption-customer-algorithm` header.
2154
+ #
2155
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2156
+ #
2157
+ # </note>
1146
2158
  # @option options [String] :sse_customer_key_md5
1147
2159
  # Specifies the 128-bit MD5 digest of the encryption key according to
1148
2160
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1149
2161
  # ensure that the encryption key was transmitted without error.
2162
+ #
2163
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2164
+ #
2165
+ # </note>
1150
2166
  # @option options [String] :ssekms_key_id
1151
2167
  # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
1152
2168
  # `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key
@@ -1158,6 +2174,10 @@ module Aws::S3
1158
2174
  # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
1159
2175
  # KMS key does not exist in the same account that's issuing the
1160
2176
  # command, you must use the full ARN and not just the ID.
2177
+ #
2178
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2179
+ #
2180
+ # </note>
1161
2181
  # @option options [String] :ssekms_encryption_context
1162
2182
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1163
2183
  # object encryption. The value of this header is a base64-encoded UTF-8
@@ -1165,7 +2185,11 @@ module Aws::S3
1165
2185
  # value is stored as object metadata and automatically gets passed on to
1166
2186
  # Amazon Web Services KMS for future `GetObject` or `CopyObject`
1167
2187
  # operations on this object. This value must be explicitly added during
1168
- # CopyObject operations.
2188
+ # `CopyObject` operations.
2189
+ #
2190
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2191
+ #
2192
+ # </note>
1169
2193
  # @option options [Boolean] :bucket_key_enabled
1170
2194
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1171
2195
  # encryption with server-side encryption using Key Management Service
@@ -1174,14 +2198,22 @@ module Aws::S3
1174
2198
  #
1175
2199
  # Specifying this header with a PUT action doesn’t affect bucket-level
1176
2200
  # settings for S3 Bucket Key.
2201
+ #
2202
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2203
+ #
2204
+ # </note>
1177
2205
  # @option options [String] :request_payer
1178
2206
  # Confirms that the requester knows that they will be charged for the
1179
2207
  # request. Bucket owners need not specify this parameter in their
1180
- # requests. If either the source or destination Amazon S3 bucket has
1181
- # Requester Pays enabled, the requester will pay for corresponding
1182
- # charges to copy the object. For information about downloading objects
1183
- # from Requester Pays buckets, see [Downloading Objects in Requester
1184
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2208
+ # requests. If either the source or destination S3 bucket has Requester
2209
+ # Pays enabled, the requester will pay for corresponding charges to copy
2210
+ # the object. For information about downloading objects from Requester
2211
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2212
+ # in the *Amazon S3 User Guide*.
2213
+ #
2214
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2215
+ #
2216
+ # </note>
1185
2217
  #
1186
2218
  #
1187
2219
  #
@@ -1189,22 +2221,39 @@ module Aws::S3
1189
2221
  # @option options [String] :tagging
1190
2222
  # The tag-set for the object. The tag-set must be encoded as URL Query
1191
2223
  # parameters. (For example, "Key1=Value1")
2224
+ #
2225
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2226
+ #
2227
+ # </note>
1192
2228
  # @option options [String] :object_lock_mode
1193
2229
  # The Object Lock mode that you want to apply to this object.
2230
+ #
2231
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2232
+ #
2233
+ # </note>
1194
2234
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1195
2235
  # The date and time when you want this object's Object Lock to expire.
1196
2236
  # Must be formatted as a timestamp parameter.
2237
+ #
2238
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2239
+ #
2240
+ # </note>
1197
2241
  # @option options [String] :object_lock_legal_hold_status
1198
2242
  # Specifies whether a legal hold will be applied to this object. For
1199
- # more information about S3 Object Lock, see [Object Lock][1].
2243
+ # more information about S3 Object Lock, see [Object Lock][1] in the
2244
+ # *Amazon S3 User Guide*.
2245
+ #
2246
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2247
+ #
2248
+ # </note>
1200
2249
  #
1201
2250
  #
1202
2251
  #
1203
2252
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
1204
2253
  # @option options [String] :expected_bucket_owner
1205
- # The account ID of the expected bucket owner. If the bucket is owned by
1206
- # a different account, the request fails with the HTTP status code `403
1207
- # Forbidden` (access denied).
2254
+ # The account ID of the expected bucket owner. If the account ID that
2255
+ # you provide does not match the actual owner of the bucket, the request
2256
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1208
2257
  # @return [Types::PutObjectOutput]
1209
2258
  def put(options = {})
1210
2259
  options = options.merge(
@@ -1298,7 +2347,7 @@ module Aws::S3
1298
2347
  # value: "MetadataValue",
1299
2348
  # },
1300
2349
  # ],
1301
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
2350
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1302
2351
  # },
1303
2352
  # },
1304
2353
  # },
@@ -1314,23 +2363,27 @@ module Aws::S3
1314
2363
  # @option options [String] :request_payer
1315
2364
  # Confirms that the requester knows that they will be charged for the
1316
2365
  # request. Bucket owners need not specify this parameter in their
1317
- # requests. If either the source or destination Amazon S3 bucket has
1318
- # Requester Pays enabled, the requester will pay for corresponding
1319
- # charges to copy the object. For information about downloading objects
1320
- # from Requester Pays buckets, see [Downloading Objects in Requester
1321
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2366
+ # requests. If either the source or destination S3 bucket has Requester
2367
+ # Pays enabled, the requester will pay for corresponding charges to copy
2368
+ # the object. For information about downloading objects from Requester
2369
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2370
+ # in the *Amazon S3 User Guide*.
2371
+ #
2372
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2373
+ #
2374
+ # </note>
1322
2375
  #
1323
2376
  #
1324
2377
  #
1325
2378
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1326
2379
  # @option options [String] :checksum_algorithm
1327
2380
  # Indicates the algorithm used to create the checksum for the object
1328
- # when using the SDK. This header will not provide any additional
1329
- # functionality if not using the SDK. When sending this header, there
1330
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1331
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1332
- # `400 Bad Request`. For more information, see [Checking object
1333
- # integrity][1] in the *Amazon S3 User Guide*.
2381
+ # when you use the SDK. This header will not provide any additional
2382
+ # functionality if you don't use the SDK. When you send this header,
2383
+ # there must be a corresponding `x-amz-checksum` or `x-amz-trailer`
2384
+ # header sent. Otherwise, Amazon S3 fails the request with the HTTP
2385
+ # status code `400 Bad Request`. For more information, see [Checking
2386
+ # object integrity][1] in the *Amazon S3 User Guide*.
1334
2387
  #
1335
2388
  # If you provide an individual checksum, Amazon S3 ignores any provided
1336
2389
  # `ChecksumAlgorithm` parameter.
@@ -1339,9 +2392,9 @@ module Aws::S3
1339
2392
  #
1340
2393
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
1341
2394
  # @option options [String] :expected_bucket_owner
1342
- # The account ID of the expected bucket owner. If the bucket is owned by
1343
- # a different account, the request fails with the HTTP status code `403
1344
- # Forbidden` (access denied).
2395
+ # The account ID of the expected bucket owner. If the account ID that
2396
+ # you provide does not match the actual owner of the bucket, the request
2397
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1345
2398
  # @return [Types::RestoreObjectOutput]
1346
2399
  def restore_object(options = {})
1347
2400
  options = options.merge(
@@ -1484,14 +2537,35 @@ module Aws::S3
1484
2537
  # space, and the value that is displayed on your authentication device.
1485
2538
  # Required to permanently delete a versioned object if versioning is
1486
2539
  # configured with MFA delete enabled.
2540
+ #
2541
+ # When performing the `DeleteObjects` operation on an MFA delete enabled
2542
+ # bucket, which attempts to delete the specified versioned objects, you
2543
+ # must include an MFA token. If you don't provide an MFA token, the
2544
+ # entire request will fail, even if there are non-versioned objects that
2545
+ # you are trying to delete. If you provide an invalid token, whether
2546
+ # there are versioned object keys in the request or not, the entire
2547
+ # Multi-Object Delete request will fail. For information about MFA
2548
+ # Delete, see [ MFA Delete][1] in the *Amazon S3 User Guide*.
2549
+ #
2550
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2551
+ #
2552
+ # </note>
2553
+ #
2554
+ #
2555
+ #
2556
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete
1487
2557
  # @option options [String] :request_payer
1488
2558
  # Confirms that the requester knows that they will be charged for the
1489
2559
  # request. Bucket owners need not specify this parameter in their
1490
- # requests. If either the source or destination Amazon S3 bucket has
1491
- # Requester Pays enabled, the requester will pay for corresponding
1492
- # charges to copy the object. For information about downloading objects
1493
- # from Requester Pays buckets, see [Downloading Objects in Requester
1494
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2560
+ # requests. If either the source or destination S3 bucket has Requester
2561
+ # Pays enabled, the requester will pay for corresponding charges to copy
2562
+ # the object. For information about downloading objects from Requester
2563
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2564
+ # in the *Amazon S3 User Guide*.
2565
+ #
2566
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2567
+ #
2568
+ # </note>
1495
2569
  #
1496
2570
  #
1497
2571
  #
@@ -1500,25 +2574,45 @@ module Aws::S3
1500
2574
  # Specifies whether you want to delete this object even if it has a
1501
2575
  # Governance-type Object Lock in place. To use this header, you must
1502
2576
  # have the `s3:BypassGovernanceRetention` permission.
2577
+ #
2578
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2579
+ #
2580
+ # </note>
1503
2581
  # @option options [String] :expected_bucket_owner
1504
- # The account ID of the expected bucket owner. If the bucket is owned by
1505
- # a different account, the request fails with the HTTP status code `403
1506
- # Forbidden` (access denied).
2582
+ # The account ID of the expected bucket owner. If the account ID that
2583
+ # you provide does not match the actual owner of the bucket, the request
2584
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1507
2585
  # @option options [String] :checksum_algorithm
1508
2586
  # Indicates the algorithm used to create the checksum for the object
1509
- # when using the SDK. This header will not provide any additional
1510
- # functionality if not using the SDK. When sending this header, there
1511
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1512
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1513
- # `400 Bad Request`. For more information, see [Checking object
1514
- # integrity][1] in the *Amazon S3 User Guide*.
2587
+ # when you use the SDK. This header will not provide any additional
2588
+ # functionality if you don't use the SDK. When you send this header,
2589
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
2590
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
2591
+ # with the HTTP status code `400 Bad Request`.
2592
+ #
2593
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
2594
+ # the supported algorithm from the following list:
2595
+ #
2596
+ # * CRC32
2597
+ #
2598
+ # * CRC32C
2599
+ #
2600
+ # * SHA1
2601
+ #
2602
+ # * SHA256
2603
+ #
2604
+ # For more information, see [Checking object integrity][1] in the
2605
+ # *Amazon S3 User Guide*.
2606
+ #
2607
+ # If the individual checksum value you provide through
2608
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
2609
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
2610
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
2611
+ # that matches the provided value in `x-amz-checksum-algorithm `.
1515
2612
  #
1516
2613
  # If you provide an individual checksum, Amazon S3 ignores any provided
1517
2614
  # `ChecksumAlgorithm` parameter.
1518
2615
  #
1519
- # This checksum algorithm must be the same for all parts and it match
1520
- # the checksum value supplied in the `CreateMultipartUpload` request.
1521
- #
1522
2616
  #
1523
2617
  #
1524
2618
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html