aws-sdk-s3 1.139.0 → 1.141.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +15 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/bucket.rb +423 -93
  5. data/lib/aws-sdk-s3/bucket_acl.rb +9 -9
  6. data/lib/aws-sdk-s3/bucket_cors.rb +12 -12
  7. data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -12
  8. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -12
  9. data/lib/aws-sdk-s3/bucket_logging.rb +9 -9
  10. data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
  11. data/lib/aws-sdk-s3/bucket_policy.rb +58 -14
  12. data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -9
  13. data/lib/aws-sdk-s3/bucket_tagging.rb +12 -12
  14. data/lib/aws-sdk-s3/bucket_versioning.rb +27 -27
  15. data/lib/aws-sdk-s3/bucket_website.rb +12 -12
  16. data/lib/aws-sdk-s3/client.rb +5639 -2553
  17. data/lib/aws-sdk-s3/client_api.rb +97 -16
  18. data/lib/aws-sdk-s3/customizations.rb +5 -0
  19. data/lib/aws-sdk-s3/endpoint_parameters.rb +32 -0
  20. data/lib/aws-sdk-s3/endpoint_provider.rb +82 -0
  21. data/lib/aws-sdk-s3/endpoints.rb +440 -0
  22. data/lib/aws-sdk-s3/express_credentials.rb +55 -0
  23. data/lib/aws-sdk-s3/express_credentials_cache.rb +30 -0
  24. data/lib/aws-sdk-s3/express_credentials_provider.rb +36 -0
  25. data/lib/aws-sdk-s3/file_downloader.rb +0 -1
  26. data/lib/aws-sdk-s3/multipart_file_uploader.rb +0 -1
  27. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +0 -1
  28. data/lib/aws-sdk-s3/multipart_upload.rb +70 -24
  29. data/lib/aws-sdk-s3/multipart_upload_part.rb +164 -43
  30. data/lib/aws-sdk-s3/object.rb +1496 -248
  31. data/lib/aws-sdk-s3/object_acl.rb +31 -19
  32. data/lib/aws-sdk-s3/object_summary.rb +1366 -272
  33. data/lib/aws-sdk-s3/object_version.rb +304 -57
  34. data/lib/aws-sdk-s3/plugins/endpoints.rb +13 -2
  35. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +90 -0
  36. data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
  37. data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
  38. data/lib/aws-sdk-s3/presigner.rb +2 -2
  39. data/lib/aws-sdk-s3/resource.rb +83 -11
  40. data/lib/aws-sdk-s3/types.rb +4261 -1238
  41. data/lib/aws-sdk-s3.rb +1 -1
  42. metadata +10 -6
@@ -69,6 +69,10 @@ module Aws::S3
69
69
  # of encryption. If an object is larger than 16 MB, the Amazon Web
70
70
  # Services Management Console will upload or copy that object as a
71
71
  # Multipart Upload, and therefore the ETag will not be an MD5 digest.
72
+ #
73
+ # <note markdown="1"> **Directory buckets** - MD5 is not supported by directory buckets.
74
+ #
75
+ # </note>
72
76
  # @return [String]
73
77
  def etag
74
78
  data[:etag]
@@ -87,12 +91,22 @@ module Aws::S3
87
91
  end
88
92
 
89
93
  # The class of storage used to store the object.
94
+ #
95
+ # <note markdown="1"> **Directory buckets** - Only the S3 Express One Zone storage class is
96
+ # supported by directory buckets to store objects.
97
+ #
98
+ # </note>
90
99
  # @return [String]
91
100
  def storage_class
92
101
  data[:storage_class]
93
102
  end
94
103
 
95
104
  # The owner of the object
105
+ #
106
+ # <note markdown="1"> **Directory buckets** - The bucket owner is returned as the object
107
+ # owner.
108
+ #
109
+ # </note>
96
110
  # @return [Types::Owner]
97
111
  def owner
98
112
  data[:owner]
@@ -104,6 +118,12 @@ module Aws::S3
104
118
  # archived objects, see [ Working with archived objects][1] in the
105
119
  # *Amazon S3 User Guide*.
106
120
  #
121
+ # <note markdown="1"> This functionality is not supported for directory buckets. Only the S3
122
+ # Express One Zone storage class is supported by directory buckets to
123
+ # store objects.
124
+ #
125
+ # </note>
126
+ #
107
127
  #
108
128
  #
109
129
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html
@@ -325,7 +345,7 @@ module Aws::S3
325
345
  # metadata_directive: "COPY", # accepts COPY, REPLACE
326
346
  # tagging_directive: "COPY", # accepts COPY, REPLACE
327
347
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
328
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
348
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
329
349
  # website_redirect_location: "WebsiteRedirectLocation",
330
350
  # sse_customer_algorithm: "SSECustomerAlgorithm",
331
351
  # sse_customer_key: "SSECustomerKey",
@@ -346,40 +366,98 @@ module Aws::S3
346
366
  # })
347
367
  # @param [Hash] options ({})
348
368
  # @option options [String] :acl
349
- # The canned ACL to apply to the object.
369
+ # The canned access control list (ACL) to apply to the object.
370
+ #
371
+ # When you copy an object, the ACL metadata is not preserved and is set
372
+ # to `private` by default. Only the owner has full access control. To
373
+ # override the default ACL setting, specify a new ACL when you generate
374
+ # a copy request. For more information, see [Using ACLs][1].
375
+ #
376
+ # If the destination bucket that you're copying objects to uses the
377
+ # bucket owner enforced setting for S3 Object Ownership, ACLs are
378
+ # disabled and no longer affect permissions. Buckets that use this
379
+ # setting only accept `PUT` requests that don't specify an ACL or `PUT`
380
+ # requests that specify bucket owner full control ACLs, such as the
381
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
382
+ # ACL expressed in the XML format. For more information, see
383
+ # [Controlling ownership of objects and disabling ACLs][2] in the
384
+ # *Amazon S3 User Guide*.
385
+ #
386
+ # <note markdown="1"> * If your destination bucket uses the bucket owner enforced setting
387
+ # for Object Ownership, all objects written to the bucket by any
388
+ # account will be owned by the bucket owner.
389
+ #
390
+ # * This functionality is not supported for directory buckets.
391
+ #
392
+ # * This functionality is not supported for Amazon S3 on Outposts.
393
+ #
394
+ # </note>
395
+ #
350
396
  #
351
- # This action is not supported by Amazon S3 on Outposts.
397
+ #
398
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
399
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
352
400
  # @option options [String] :cache_control
353
- # Specifies caching behavior along the request/reply chain.
401
+ # Specifies the caching behavior along the request/reply chain.
354
402
  # @option options [String] :checksum_algorithm
355
- # Indicates the algorithm you want Amazon S3 to use to create the
403
+ # Indicates the algorithm that you want Amazon S3 to use to create the
356
404
  # checksum for the object. For more information, see [Checking object
357
405
  # integrity][1] in the *Amazon S3 User Guide*.
358
406
  #
407
+ # When you copy an object, if the source object has a checksum, that
408
+ # checksum value will be copied to the new object by default. If the
409
+ # `CopyObject` request does not include this `x-amz-checksum-algorithm`
410
+ # header, the checksum algorithm will be copied from the source object
411
+ # to the destination object (if it's present on the source object). You
412
+ # can optionally specify a different checksum algorithm to use with the
413
+ # `x-amz-checksum-algorithm` header. Unrecognized or unsupported values
414
+ # will respond with the HTTP status code `400 Bad Request`.
415
+ #
416
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
417
+ # is the default checksum algorithm that's used for performance.
418
+ #
419
+ # </note>
420
+ #
359
421
  #
360
422
  #
361
423
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
362
424
  # @option options [String] :content_disposition
363
- # Specifies presentational information for the object.
425
+ # Specifies presentational information for the object. Indicates whether
426
+ # an object should be displayed in a web browser or downloaded as a
427
+ # file. It allows specifying the desired filename for the downloaded
428
+ # file.
364
429
  # @option options [String] :content_encoding
365
430
  # Specifies what content encodings have been applied to the object and
366
431
  # thus what decoding mechanisms must be applied to obtain the media-type
367
432
  # referenced by the Content-Type header field.
433
+ #
434
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
435
+ # this header field.
436
+ #
437
+ # </note>
368
438
  # @option options [String] :content_language
369
439
  # The language the content is in.
370
440
  # @option options [String] :content_type
371
- # A standard MIME type describing the format of the object data.
441
+ # A standard MIME type that describes the format of the object data.
372
442
  # @option options [required, String] :copy_source
373
- # Specifies the source object for the copy operation. You specify the
374
- # value in one of two formats, depending on whether you want to access
375
- # the source object through an [access point][1]:
443
+ # Specifies the source object for the copy operation. The source object
444
+ # can be up to 5 GB. If the source object is an object that was uploaded
445
+ # by using a multipart upload, the object copy will be a single part
446
+ # object after the source object is copied to the destination bucket.
447
+ #
448
+ # You specify the value of the copy source in one of two formats,
449
+ # depending on whether you want to access the source object through an
450
+ # [access point][1]:
376
451
  #
377
452
  # * For objects not accessed through an access point, specify the name
378
453
  # of the source bucket and the key of the source object, separated by
379
454
  # a slash (/). For example, to copy the object `reports/january.pdf`
380
- # from the bucket `awsexamplebucket`, use
455
+ # from the general purpose bucket `awsexamplebucket`, use
381
456
  # `awsexamplebucket/reports/january.pdf`. The value must be
382
- # URL-encoded.
457
+ # URL-encoded. To copy the object `reports/january.pdf` from the
458
+ # directory bucket `awsexamplebucket--use1-az5--x-s3`, use
459
+ # `awsexamplebucket--use1-az5--x-s3/reports/january.pdf`. The value
460
+ # must be URL-encoded.
383
461
  #
384
462
  # * For objects accessed through access points, specify the Amazon
385
463
  # Resource Name (ARN) of the object as accessed through the access
@@ -391,9 +469,11 @@ module Aws::S3
391
469
  # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
392
470
  # The value must be URL encoded.
393
471
  #
394
- # <note markdown="1"> Amazon S3 supports copy operations using access points only when the
395
- # source and destination buckets are in the same Amazon Web Services
396
- # Region.
472
+ # <note markdown="1"> * Amazon S3 supports copy operations using Access points only when
473
+ # the source and destination buckets are in the same Amazon Web
474
+ # Services Region.
475
+ #
476
+ # * Access points are not supported by directory buckets.
397
477
  #
398
478
  # </note>
399
479
  #
@@ -406,87 +486,315 @@ module Aws::S3
406
486
  # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
407
487
  # The value must be URL-encoded.
408
488
  #
409
- # To copy a specific version of an object, append
410
- # `?versionId=<version-id>` to the value (for example,
489
+ # If your source bucket versioning is enabled, the `x-amz-copy-source`
490
+ # header by default identifies the current version of an object to copy.
491
+ # If the current version is a delete marker, Amazon S3 behaves as if the
492
+ # object was deleted. To copy a different version, use the `versionId`
493
+ # query parameter. Specifically, append `?versionId=<version-id>` to the
494
+ # value (for example,
411
495
  # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
412
496
  # If you don't specify a version ID, Amazon S3 copies the latest
413
497
  # version of the source object.
414
498
  #
499
+ # If you enable versioning on the destination bucket, Amazon S3
500
+ # generates a unique version ID for the copied object. This version ID
501
+ # is different from the version ID of the source object. Amazon S3
502
+ # returns the version ID of the copied object in the `x-amz-version-id`
503
+ # response header in the response.
504
+ #
505
+ # If you do not enable versioning or suspend it on the destination
506
+ # bucket, the version ID that Amazon S3 generates in the
507
+ # `x-amz-version-id` response header is always null.
508
+ #
509
+ # <note markdown="1"> **Directory buckets** - S3 Versioning isn't enabled and supported for
510
+ # directory buckets.
511
+ #
512
+ # </note>
513
+ #
415
514
  #
416
515
  #
417
516
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
418
517
  # @option options [String] :copy_source_if_match
419
518
  # Copies the object if its entity tag (ETag) matches the specified tag.
519
+ #
520
+ # If both the `x-amz-copy-source-if-match` and
521
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
522
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
523
+ # the data:
524
+ #
525
+ # * `x-amz-copy-source-if-match` condition evaluates to true
526
+ #
527
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
420
528
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
421
529
  # Copies the object if it has been modified since the specified time.
530
+ #
531
+ # If both the `x-amz-copy-source-if-none-match` and
532
+ # `x-amz-copy-source-if-modified-since` headers are present in the
533
+ # request and evaluate as follows, Amazon S3 returns the `412
534
+ # Precondition Failed` response code:
535
+ #
536
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
537
+ #
538
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
422
539
  # @option options [String] :copy_source_if_none_match
423
540
  # Copies the object if its entity tag (ETag) is different than the
424
541
  # specified ETag.
542
+ #
543
+ # If both the `x-amz-copy-source-if-none-match` and
544
+ # `x-amz-copy-source-if-modified-since` headers are present in the
545
+ # request and evaluate as follows, Amazon S3 returns the `412
546
+ # Precondition Failed` response code:
547
+ #
548
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
549
+ #
550
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
425
551
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_unmodified_since
426
552
  # Copies the object if it hasn't been modified since the specified
427
553
  # time.
554
+ #
555
+ # If both the `x-amz-copy-source-if-match` and
556
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
557
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
558
+ # the data:
559
+ #
560
+ # * `x-amz-copy-source-if-match` condition evaluates to true
561
+ #
562
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
428
563
  # @option options [Time,DateTime,Date,Integer,String] :expires
429
564
  # The date and time at which the object is no longer cacheable.
430
565
  # @option options [String] :grant_full_control
431
566
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
432
567
  # object.
433
568
  #
434
- # This action is not supported by Amazon S3 on Outposts.
569
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
570
+ #
571
+ # * This functionality is not supported for Amazon S3 on Outposts.
572
+ #
573
+ # </note>
435
574
  # @option options [String] :grant_read
436
575
  # Allows grantee to read the object data and its metadata.
437
576
  #
438
- # This action is not supported by Amazon S3 on Outposts.
577
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
578
+ #
579
+ # * This functionality is not supported for Amazon S3 on Outposts.
580
+ #
581
+ # </note>
439
582
  # @option options [String] :grant_read_acp
440
583
  # Allows grantee to read the object ACL.
441
584
  #
442
- # This action is not supported by Amazon S3 on Outposts.
585
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
586
+ #
587
+ # * This functionality is not supported for Amazon S3 on Outposts.
588
+ #
589
+ # </note>
443
590
  # @option options [String] :grant_write_acp
444
591
  # Allows grantee to write the ACL for the applicable object.
445
592
  #
446
- # This action is not supported by Amazon S3 on Outposts.
593
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
594
+ #
595
+ # * This functionality is not supported for Amazon S3 on Outposts.
596
+ #
597
+ # </note>
447
598
  # @option options [Hash<String,String>] :metadata
448
599
  # A map of metadata to store with the object in S3.
449
600
  # @option options [String] :metadata_directive
450
601
  # Specifies whether the metadata is copied from the source object or
451
- # replaced with metadata provided in the request.
602
+ # replaced with metadata that's provided in the request. When copying
603
+ # an object, you can preserve all metadata (the default) or specify new
604
+ # metadata. If this header isn’t specified, `COPY` is the default
605
+ # behavior.
606
+ #
607
+ # **General purpose bucket** - For general purpose buckets, when you
608
+ # grant permissions, you can use the `s3:x-amz-metadata-directive`
609
+ # condition key to enforce certain metadata behavior when objects are
610
+ # uploaded. For more information, see [Amazon S3 condition key
611
+ # examples][1] in the *Amazon S3 User Guide*.
612
+ #
613
+ # <note markdown="1"> `x-amz-website-redirect-location` is unique to each object and is not
614
+ # copied when using the `x-amz-metadata-directive` header. To copy the
615
+ # value, you must specify `x-amz-website-redirect-location` in the
616
+ # request header.
617
+ #
618
+ # </note>
619
+ #
620
+ #
621
+ #
622
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
452
623
  # @option options [String] :tagging_directive
453
- # Specifies whether the object tag-set are copied from the source object
454
- # or replaced with tag-set provided in the request.
624
+ # Specifies whether the object tag-set is copied from the source object
625
+ # or replaced with the tag-set that's provided in the request.
626
+ #
627
+ # The default value is `COPY`.
628
+ #
629
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
630
+ # operation, only the empty tag-set is supported. Any requests that
631
+ # attempt to write non-empty tags into directory buckets will receive a
632
+ # `501 Not Implemented` status code. When the destination bucket is a
633
+ # directory bucket, you will receive a `501 Not Implemented` response in
634
+ # any of the following situations:
635
+ #
636
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
637
+ # has non-empty tags.
638
+ #
639
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
640
+ # a non-empty value to `x-amz-tagging`.
641
+ #
642
+ # * When you don't set the `x-amz-tagging-directive` header and the
643
+ # source object has non-empty tags. This is because the default value
644
+ # of `x-amz-tagging-directive` is `COPY`.
645
+ #
646
+ # Because only the empty tag-set is supported for directory buckets in a
647
+ # `CopyObject` operation, the following situations are allowed:
648
+ #
649
+ # * When you attempt to `COPY` the tag-set from a directory bucket
650
+ # source object that has no tags to a general purpose bucket. It
651
+ # copies an empty tag-set to the destination object.
652
+ #
653
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
654
+ # source object and set the `x-amz-tagging` value of the directory
655
+ # bucket destination object to empty.
656
+ #
657
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
658
+ # bucket source object that has non-empty tags and set the
659
+ # `x-amz-tagging` value of the directory bucket destination object to
660
+ # empty.
661
+ #
662
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
663
+ # source object and don't set the `x-amz-tagging` value of the
664
+ # directory bucket destination object. This is because the default
665
+ # value of `x-amz-tagging` is the empty value.
666
+ #
667
+ # </note>
455
668
  # @option options [String] :server_side_encryption
456
669
  # The server-side encryption algorithm used when storing this object in
457
670
  # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
671
+ # Unrecognized or unsupported values won’t write a destination object
672
+ # and will receive a `400 Bad Request` response.
673
+ #
674
+ # Amazon S3 automatically encrypts all new objects that are copied to an
675
+ # S3 bucket. When copying an object, if you don't specify encryption
676
+ # information in your copy request, the encryption setting of the target
677
+ # object is set to the default encryption configuration of the
678
+ # destination bucket. By default, all buckets have a base level of
679
+ # encryption configuration that uses server-side encryption with Amazon
680
+ # S3 managed keys (SSE-S3). If the destination bucket has a default
681
+ # encryption configuration that uses server-side encryption with Key
682
+ # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
683
+ # encryption with Amazon Web Services KMS keys (DSSE-KMS), or
684
+ # server-side encryption with customer-provided encryption keys (SSE-C),
685
+ # Amazon S3 uses the corresponding KMS key, or a customer-provided key
686
+ # to encrypt the target object copy.
687
+ #
688
+ # When you perform a `CopyObject` operation, if you want to use a
689
+ # different type of encryption setting for the target object, you can
690
+ # specify appropriate encryption-related headers to encrypt the target
691
+ # object with an Amazon S3 managed key, a KMS key, or a
692
+ # customer-provided key. If the encryption setting in your request is
693
+ # different from the default encryption configuration of the destination
694
+ # bucket, the encryption setting in your request takes precedence.
695
+ #
696
+ # With server-side encryption, Amazon S3 encrypts your data as it writes
697
+ # your data to disks in its data centers and decrypts the data when you
698
+ # access it. For more information about server-side encryption, see
699
+ # [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
700
+ #
701
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
702
+ # managed keys (SSE-S3) (`AES256`) is supported.
703
+ #
704
+ # </note>
705
+ #
706
+ #
707
+ #
708
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
458
709
  # @option options [String] :storage_class
459
710
  # If the `x-amz-storage-class` header is not used, the copied object
460
- # will be stored in the STANDARD Storage Class by default. The STANDARD
461
- # storage class provides high durability and high availability.
462
- # Depending on performance needs, you can specify a different Storage
463
- # Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
464
- # more information, see [Storage Classes][1] in the *Amazon S3 User
465
- # Guide*.
711
+ # will be stored in the `STANDARD` Storage Class by default. The
712
+ # `STANDARD` storage class provides high durability and high
713
+ # availability. Depending on performance needs, you can specify a
714
+ # different Storage Class.
715
+ #
716
+ # <note markdown="1"> * <b>Directory buckets </b> - For directory buckets, only the S3
717
+ # Express One Zone storage class is supported to store newly created
718
+ # objects. Unsupported storage class values won't write a destination
719
+ # object and will respond with the HTTP status code `400 Bad Request`.
720
+ #
721
+ # * <b>Amazon S3 on Outposts </b> - S3 on Outposts only uses the
722
+ # `OUTPOSTS` Storage Class.
723
+ #
724
+ # </note>
725
+ #
726
+ # You can use the `CopyObject` action to change the storage class of an
727
+ # object that is already stored in Amazon S3 by using the
728
+ # `x-amz-storage-class` header. For more information, see [Storage
729
+ # Classes][1] in the *Amazon S3 User Guide*.
730
+ #
731
+ # Before using an object as a source object for the copy operation, you
732
+ # must restore a copy of it if it meets any of the following conditions:
733
+ #
734
+ # * The storage class of the source object is `GLACIER` or
735
+ # `DEEP_ARCHIVE`.
736
+ #
737
+ # * The storage class of the source object is `INTELLIGENT_TIERING` and
738
+ # it's [S3 Intelligent-Tiering access tier][2] is `Archive Access` or
739
+ # `Deep Archive Access`.
740
+ #
741
+ # For more information, see [RestoreObject][3] and [Copying Objects][4]
742
+ # in the *Amazon S3 User Guide*.
466
743
  #
467
744
  #
468
745
  #
469
746
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
747
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition
748
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
749
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
470
750
  # @option options [String] :website_redirect_location
471
- # If the bucket is configured as a website, redirects requests for this
472
- # object to another object in the same bucket or to an external URL.
473
- # Amazon S3 stores the value of this header in the object metadata. This
474
- # value is unique to each object and is not copied when using the
475
- # `x-amz-metadata-directive` header. Instead, you may opt to provide
476
- # this header in combination with the directive.
751
+ # If the destination bucket is configured as a website, redirects
752
+ # requests for this object copy to another object in the same bucket or
753
+ # to an external URL. Amazon S3 stores the value of this header in the
754
+ # object metadata. This value is unique to each object and is not copied
755
+ # when using the `x-amz-metadata-directive` header. Instead, you may opt
756
+ # to provide this header in combination with the
757
+ # `x-amz-metadata-directive` header.
758
+ #
759
+ # <note markdown="1"> This functionality is not supported for directory buckets.
760
+ #
761
+ # </note>
477
762
  # @option options [String] :sse_customer_algorithm
478
- # Specifies the algorithm to use to when encrypting the object (for
479
- # example, AES256).
763
+ # Specifies the algorithm to use when encrypting the object (for
764
+ # example, `AES256`).
765
+ #
766
+ # When you perform a `CopyObject` operation, if you want to use a
767
+ # different type of encryption setting for the target object, you can
768
+ # specify appropriate encryption-related headers to encrypt the target
769
+ # object with an Amazon S3 managed key, a KMS key, or a
770
+ # customer-provided key. If the encryption setting in your request is
771
+ # different from the default encryption configuration of the destination
772
+ # bucket, the encryption setting in your request takes precedence.
773
+ #
774
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
775
+ # directory bucket.
776
+ #
777
+ # </note>
480
778
  # @option options [String] :sse_customer_key
481
779
  # Specifies the customer-provided encryption key for Amazon S3 to use in
482
780
  # encrypting data. This value is used to store the object and then it is
483
- # discarded; Amazon S3 does not store the encryption key. The key must
781
+ # discarded. Amazon S3 does not store the encryption key. The key must
484
782
  # be appropriate for use with the algorithm specified in the
485
783
  # `x-amz-server-side-encryption-customer-algorithm` header.
784
+ #
785
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
786
+ # directory bucket.
787
+ #
788
+ # </note>
486
789
  # @option options [String] :sse_customer_key_md5
487
790
  # Specifies the 128-bit MD5 digest of the encryption key according to
488
791
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
489
792
  # ensure that the encryption key was transmitted without error.
793
+ #
794
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
795
+ # directory bucket.
796
+ #
797
+ # </note>
490
798
  # @option options [String] :ssekms_key_id
491
799
  # Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object
492
800
  # encryption. All GET and PUT requests for an object protected by KMS
@@ -495,6 +803,11 @@ module Aws::S3
495
803
  # SDKs and Amazon Web Services CLI, see [Specifying the Signature
496
804
  # Version in Request Authentication][1] in the *Amazon S3 User Guide*.
497
805
  #
806
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
807
+ # directory bucket.
808
+ #
809
+ # </note>
810
+ #
498
811
  #
499
812
  #
500
813
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
@@ -503,57 +816,166 @@ module Aws::S3
503
816
  # object encryption. The value of this header is a base64-encoded UTF-8
504
817
  # string holding JSON with the encryption context key-value pairs. This
505
818
  # value must be explicitly added to specify encryption context for
506
- # CopyObject requests.
819
+ # `CopyObject` requests.
820
+ #
821
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
822
+ # directory bucket.
823
+ #
824
+ # </note>
507
825
  # @option options [Boolean] :bucket_key_enabled
508
826
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
509
827
  # encryption with server-side encryption using Key Management Service
510
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
511
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
828
+ # (KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable
829
+ # an S3 Bucket Key for the object.
512
830
  #
513
- # Specifying this header with a COPY action doesn’t affect bucket-level
514
- # settings for S3 Bucket Key.
831
+ # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
832
+ # for object encryption with SSE-KMS. Specifying this header with a COPY
833
+ # action doesn’t affect bucket-level settings for S3 Bucket Key.
834
+ #
835
+ # For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
836
+ # User Guide*.
837
+ #
838
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
839
+ # directory bucket.
840
+ #
841
+ # </note>
842
+ #
843
+ #
844
+ #
845
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
515
846
  # @option options [String] :copy_source_sse_customer_algorithm
516
847
  # Specifies the algorithm to use when decrypting the source object (for
517
- # example, AES256).
848
+ # example, `AES256`).
849
+ #
850
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
851
+ # you must provide the necessary encryption information in your request
852
+ # so that Amazon S3 can decrypt the object for copying.
853
+ #
854
+ # <note markdown="1"> This functionality is not supported when the source object is in a
855
+ # directory bucket.
856
+ #
857
+ # </note>
518
858
  # @option options [String] :copy_source_sse_customer_key
519
859
  # Specifies the customer-provided encryption key for Amazon S3 to use to
520
860
  # decrypt the source object. The encryption key provided in this header
521
- # must be one that was used when the source object was created.
861
+ # must be the same one that was used when the source object was created.
862
+ #
863
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
864
+ # you must provide the necessary encryption information in your request
865
+ # so that Amazon S3 can decrypt the object for copying.
866
+ #
867
+ # <note markdown="1"> This functionality is not supported when the source object is in a
868
+ # directory bucket.
869
+ #
870
+ # </note>
522
871
  # @option options [String] :copy_source_sse_customer_key_md5
523
872
  # Specifies the 128-bit MD5 digest of the encryption key according to
524
873
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
525
874
  # ensure that the encryption key was transmitted without error.
875
+ #
876
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
877
+ # you must provide the necessary encryption information in your request
878
+ # so that Amazon S3 can decrypt the object for copying.
879
+ #
880
+ # <note markdown="1"> This functionality is not supported when the source object is in a
881
+ # directory bucket.
882
+ #
883
+ # </note>
526
884
  # @option options [String] :request_payer
527
885
  # Confirms that the requester knows that they will be charged for the
528
886
  # request. Bucket owners need not specify this parameter in their
529
- # requests. If either the source or destination Amazon S3 bucket has
530
- # Requester Pays enabled, the requester will pay for corresponding
531
- # charges to copy the object. For information about downloading objects
532
- # from Requester Pays buckets, see [Downloading Objects in Requester
533
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
887
+ # requests. If either the source or destination S3 bucket has Requester
888
+ # Pays enabled, the requester will pay for corresponding charges to copy
889
+ # the object. For information about downloading objects from Requester
890
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
891
+ # in the *Amazon S3 User Guide*.
892
+ #
893
+ # <note markdown="1"> This functionality is not supported for directory buckets.
894
+ #
895
+ # </note>
534
896
  #
535
897
  #
536
898
  #
537
899
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
538
900
  # @option options [String] :tagging
539
- # The tag-set for the object destination object this value must be used
540
- # in conjunction with the `TaggingDirective`. The tag-set must be
541
- # encoded as URL Query parameters.
901
+ # The tag-set for the object copy in the destination bucket. This value
902
+ # must be used in conjunction with the `x-amz-tagging-directive` if you
903
+ # choose `REPLACE` for the `x-amz-tagging-directive`. If you choose
904
+ # `COPY` for the `x-amz-tagging-directive`, you don't need to set the
905
+ # `x-amz-tagging` header, because the tag-set will be copied from the
906
+ # source object directly. The tag-set must be encoded as URL Query
907
+ # parameters.
908
+ #
909
+ # The default value is the empty value.
910
+ #
911
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
912
+ # operation, only the empty tag-set is supported. Any requests that
913
+ # attempt to write non-empty tags into directory buckets will receive a
914
+ # `501 Not Implemented` status code. When the destination bucket is a
915
+ # directory bucket, you will receive a `501 Not Implemented` response in
916
+ # any of the following situations:
917
+ #
918
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
919
+ # has non-empty tags.
920
+ #
921
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
922
+ # a non-empty value to `x-amz-tagging`.
923
+ #
924
+ # * When you don't set the `x-amz-tagging-directive` header and the
925
+ # source object has non-empty tags. This is because the default value
926
+ # of `x-amz-tagging-directive` is `COPY`.
927
+ #
928
+ # Because only the empty tag-set is supported for directory buckets in a
929
+ # `CopyObject` operation, the following situations are allowed:
930
+ #
931
+ # * When you attempt to `COPY` the tag-set from a directory bucket
932
+ # source object that has no tags to a general purpose bucket. It
933
+ # copies an empty tag-set to the destination object.
934
+ #
935
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
936
+ # source object and set the `x-amz-tagging` value of the directory
937
+ # bucket destination object to empty.
938
+ #
939
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
940
+ # bucket source object that has non-empty tags and set the
941
+ # `x-amz-tagging` value of the directory bucket destination object to
942
+ # empty.
943
+ #
944
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
945
+ # source object and don't set the `x-amz-tagging` value of the
946
+ # directory bucket destination object. This is because the default
947
+ # value of `x-amz-tagging` is the empty value.
948
+ #
949
+ # </note>
542
950
  # @option options [String] :object_lock_mode
543
- # The Object Lock mode that you want to apply to the copied object.
951
+ # The Object Lock mode that you want to apply to the object copy.
952
+ #
953
+ # <note markdown="1"> This functionality is not supported for directory buckets.
954
+ #
955
+ # </note>
544
956
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
545
- # The date and time when you want the copied object's Object Lock to
957
+ # The date and time when you want the Object Lock of the object copy to
546
958
  # expire.
959
+ #
960
+ # <note markdown="1"> This functionality is not supported for directory buckets.
961
+ #
962
+ # </note>
547
963
  # @option options [String] :object_lock_legal_hold_status
548
- # Specifies whether you want to apply a legal hold to the copied object.
964
+ # Specifies whether you want to apply a legal hold to the object copy.
965
+ #
966
+ # <note markdown="1"> This functionality is not supported for directory buckets.
967
+ #
968
+ # </note>
549
969
  # @option options [String] :expected_bucket_owner
550
970
  # The account ID of the expected destination bucket owner. If the
551
- # destination bucket is owned by a different account, the request fails
552
- # with the HTTP status code `403 Forbidden` (access denied).
971
+ # account ID that you provide does not match the actual owner of the
972
+ # destination bucket, the request fails with the HTTP status code `403
973
+ # Forbidden` (access denied).
553
974
  # @option options [String] :expected_source_bucket_owner
554
- # The account ID of the expected source bucket owner. If the source
555
- # bucket is owned by a different account, the request fails with the
556
- # HTTP status code `403 Forbidden` (access denied).
975
+ # The account ID of the expected source bucket owner. If the account ID
976
+ # that you provide does not match the actual owner of the source bucket,
977
+ # the request fails with the HTTP status code `403 Forbidden` (access
978
+ # denied).
557
979
  # @return [Types::CopyObjectOutput]
558
980
  def copy_from(options = {})
559
981
  options = options.merge(
@@ -581,16 +1003,29 @@ module Aws::S3
581
1003
  # space, and the value that is displayed on your authentication device.
582
1004
  # Required to permanently delete a versioned object if versioning is
583
1005
  # configured with MFA delete enabled.
1006
+ #
1007
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1008
+ #
1009
+ # </note>
584
1010
  # @option options [String] :version_id
585
- # VersionId used to reference a specific version of the object.
1011
+ # Version ID used to reference a specific version of the object.
1012
+ #
1013
+ # <note markdown="1"> For directory buckets in this API operation, only the `null` value of
1014
+ # the version ID is supported.
1015
+ #
1016
+ # </note>
586
1017
  # @option options [String] :request_payer
587
1018
  # Confirms that the requester knows that they will be charged for the
588
1019
  # request. Bucket owners need not specify this parameter in their
589
- # requests. If either the source or destination Amazon S3 bucket has
590
- # Requester Pays enabled, the requester will pay for corresponding
591
- # charges to copy the object. For information about downloading objects
592
- # from Requester Pays buckets, see [Downloading Objects in Requester
593
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1020
+ # requests. If either the source or destination S3 bucket has Requester
1021
+ # Pays enabled, the requester will pay for corresponding charges to copy
1022
+ # the object. For information about downloading objects from Requester
1023
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1024
+ # in the *Amazon S3 User Guide*.
1025
+ #
1026
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1027
+ #
1028
+ # </note>
594
1029
  #
595
1030
  #
596
1031
  #
@@ -599,10 +1034,14 @@ module Aws::S3
599
1034
  # Indicates whether S3 Object Lock should bypass Governance-mode
600
1035
  # restrictions to process this operation. To use this header, you must
601
1036
  # have the `s3:BypassGovernanceRetention` permission.
1037
+ #
1038
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1039
+ #
1040
+ # </note>
602
1041
  # @option options [String] :expected_bucket_owner
603
- # The account ID of the expected bucket owner. If the bucket is owned by
604
- # a different account, the request fails with the HTTP status code `403
605
- # Forbidden` (access denied).
1042
+ # The account ID of the expected bucket owner. If the account ID that
1043
+ # you provide does not match the actual owner of the bucket, the request
1044
+ # fails with the HTTP status code `403 Forbidden` (access denied).
606
1045
  # @return [Types::DeleteObjectOutput]
607
1046
  def delete(options = {})
608
1047
  options = options.merge(
@@ -641,18 +1080,64 @@ module Aws::S3
641
1080
  # @param [Hash] options ({})
642
1081
  # @option options [String] :if_match
643
1082
  # Return the object only if its entity tag (ETag) is the same as the one
644
- # specified; otherwise, return a 412 (precondition failed) error.
1083
+ # specified in this header; otherwise, return a `412 Precondition
1084
+ # Failed` error.
1085
+ #
1086
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1087
+ # present in the request as follows: `If-Match` condition evaluates to
1088
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1089
+ # then, S3 returns `200 OK` and the data requested.
1090
+ #
1091
+ # For more information about conditional requests, see [RFC 7232][1].
1092
+ #
1093
+ #
1094
+ #
1095
+ # [1]: https://tools.ietf.org/html/rfc7232
645
1096
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
646
1097
  # Return the object only if it has been modified since the specified
647
- # time; otherwise, return a 304 (not modified) error.
1098
+ # time; otherwise, return a `304 Not Modified` error.
1099
+ #
1100
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1101
+ # present in the request as follows:` If-None-Match` condition evaluates
1102
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1103
+ # then, S3 returns `304 Not Modified` status code.
1104
+ #
1105
+ # For more information about conditional requests, see [RFC 7232][1].
1106
+ #
1107
+ #
1108
+ #
1109
+ # [1]: https://tools.ietf.org/html/rfc7232
648
1110
  # @option options [String] :if_none_match
649
1111
  # Return the object only if its entity tag (ETag) is different from the
650
- # one specified; otherwise, return a 304 (not modified) error.
1112
+ # one specified in this header; otherwise, return a `304 Not Modified`
1113
+ # error.
1114
+ #
1115
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1116
+ # present in the request as follows:` If-None-Match` condition evaluates
1117
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1118
+ # then, S3 returns `304 Not Modified` HTTP status code.
1119
+ #
1120
+ # For more information about conditional requests, see [RFC 7232][1].
1121
+ #
1122
+ #
1123
+ #
1124
+ # [1]: https://tools.ietf.org/html/rfc7232
651
1125
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
652
1126
  # Return the object only if it has not been modified since the specified
653
- # time; otherwise, return a 412 (precondition failed) error.
1127
+ # time; otherwise, return a `412 Precondition Failed` error.
1128
+ #
1129
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1130
+ # present in the request as follows: `If-Match` condition evaluates to
1131
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1132
+ # then, S3 returns `200 OK` and the data requested.
1133
+ #
1134
+ # For more information about conditional requests, see [RFC 7232][1].
1135
+ #
1136
+ #
1137
+ #
1138
+ # [1]: https://tools.ietf.org/html/rfc7232
654
1139
  # @option options [String] :range
655
- # Downloads the specified range bytes of an object. For more information
1140
+ # Downloads the specified byte range of an object. For more information
656
1141
  # about the HTTP Range header, see
657
1142
  # [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
658
1143
  #
@@ -667,7 +1152,7 @@ module Aws::S3
667
1152
  # @option options [String] :response_cache_control
668
1153
  # Sets the `Cache-Control` header of the response.
669
1154
  # @option options [String] :response_content_disposition
670
- # Sets the `Content-Disposition` header of the response
1155
+ # Sets the `Content-Disposition` header of the response.
671
1156
  # @option options [String] :response_content_encoding
672
1157
  # Sets the `Content-Encoding` header of the response.
673
1158
  # @option options [String] :response_content_language
@@ -677,137 +1162,507 @@ module Aws::S3
677
1162
  # @option options [Time,DateTime,Date,Integer,String] :response_expires
678
1163
  # Sets the `Expires` header of the response.
679
1164
  # @option options [String] :version_id
680
- # VersionId used to reference a specific version of the object.
1165
+ # Version ID used to reference a specific version of the object.
1166
+ #
1167
+ # By default, the `GetObject` operation returns the current version of
1168
+ # an object. To return a different version, use the `versionId`
1169
+ # subresource.
1170
+ #
1171
+ # <note markdown="1"> * If you include a `versionId` in your request header, you must have
1172
+ # the `s3:GetObjectVersion` permission to access a specific version of
1173
+ # an object. The `s3:GetObject` permission is not required in this
1174
+ # scenario.
1175
+ #
1176
+ # * If you request the current version of an object without a specific
1177
+ # `versionId` in the request header, only the `s3:GetObject`
1178
+ # permission is required. The `s3:GetObjectVersion` permission is not
1179
+ # required in this scenario.
1180
+ #
1181
+ # * **Directory buckets** - S3 Versioning isn't enabled and supported
1182
+ # for directory buckets. For this API operation, only the `null` value
1183
+ # of the version ID is supported by directory buckets. You can only
1184
+ # specify `null` to the `versionId` query parameter in the request.
1185
+ #
1186
+ # </note>
1187
+ #
1188
+ # For more information about versioning, see [PutBucketVersioning][1].
1189
+ #
1190
+ #
1191
+ #
1192
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html
681
1193
  # @option options [String] :sse_customer_algorithm
682
- # Specifies the algorithm to use to when decrypting the object (for
683
- # example, AES256).
1194
+ # Specifies the algorithm to use when decrypting the object (for
1195
+ # example, `AES256`).
1196
+ #
1197
+ # If you encrypt an object by using server-side encryption with
1198
+ # customer-provided encryption keys (SSE-C) when you store the object in
1199
+ # Amazon S3, then when you GET the object, you must use the following
1200
+ # headers:
1201
+ #
1202
+ # * `x-amz-server-side-encryption-customer-algorithm`
1203
+ #
1204
+ # * `x-amz-server-side-encryption-customer-key`
1205
+ #
1206
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1207
+ #
1208
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1209
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1210
+ #
1211
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1212
+ #
1213
+ # </note>
1214
+ #
1215
+ #
1216
+ #
1217
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
684
1218
  # @option options [String] :sse_customer_key
685
- # Specifies the customer-provided encryption key for Amazon S3 used to
686
- # encrypt the data. This value is used to decrypt the object when
687
- # recovering it and must match the one used when storing the data. The
688
- # key must be appropriate for use with the algorithm specified in the
1219
+ # Specifies the customer-provided encryption key that you originally
1220
+ # provided for Amazon S3 to encrypt the data before storing it. This
1221
+ # value is used to decrypt the object when recovering it and must match
1222
+ # the one used when storing the data. The key must be appropriate for
1223
+ # use with the algorithm specified in the
689
1224
  # `x-amz-server-side-encryption-customer-algorithm` header.
1225
+ #
1226
+ # If you encrypt an object by using server-side encryption with
1227
+ # customer-provided encryption keys (SSE-C) when you store the object in
1228
+ # Amazon S3, then when you GET the object, you must use the following
1229
+ # headers:
1230
+ #
1231
+ # * `x-amz-server-side-encryption-customer-algorithm`
1232
+ #
1233
+ # * `x-amz-server-side-encryption-customer-key`
1234
+ #
1235
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1236
+ #
1237
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1238
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1239
+ #
1240
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1241
+ #
1242
+ # </note>
1243
+ #
1244
+ #
1245
+ #
1246
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
690
1247
  # @option options [String] :sse_customer_key_md5
691
- # Specifies the 128-bit MD5 digest of the encryption key according to
692
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
693
- # ensure that the encryption key was transmitted without error.
1248
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
1249
+ # key according to RFC 1321. Amazon S3 uses this header for a message
1250
+ # integrity check to ensure that the encryption key was transmitted
1251
+ # without error.
1252
+ #
1253
+ # If you encrypt an object by using server-side encryption with
1254
+ # customer-provided encryption keys (SSE-C) when you store the object in
1255
+ # Amazon S3, then when you GET the object, you must use the following
1256
+ # headers:
1257
+ #
1258
+ # * `x-amz-server-side-encryption-customer-algorithm`
1259
+ #
1260
+ # * `x-amz-server-side-encryption-customer-key`
1261
+ #
1262
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1263
+ #
1264
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1265
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1266
+ #
1267
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1268
+ #
1269
+ # </note>
1270
+ #
1271
+ #
1272
+ #
1273
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
694
1274
  # @option options [String] :request_payer
695
1275
  # Confirms that the requester knows that they will be charged for the
696
1276
  # request. Bucket owners need not specify this parameter in their
697
- # requests. If either the source or destination Amazon S3 bucket has
698
- # Requester Pays enabled, the requester will pay for corresponding
699
- # charges to copy the object. For information about downloading objects
700
- # from Requester Pays buckets, see [Downloading Objects in Requester
701
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1277
+ # requests. If either the source or destination S3 bucket has Requester
1278
+ # Pays enabled, the requester will pay for corresponding charges to copy
1279
+ # the object. For information about downloading objects from Requester
1280
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1281
+ # in the *Amazon S3 User Guide*.
1282
+ #
1283
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1284
+ #
1285
+ # </note>
1286
+ #
1287
+ #
1288
+ #
1289
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1290
+ # @option options [Integer] :part_number
1291
+ # Part number of the object being read. This is a positive integer
1292
+ # between 1 and 10,000. Effectively performs a 'ranged' GET request
1293
+ # for the part specified. Useful for downloading just a part of an
1294
+ # object.
1295
+ # @option options [String] :expected_bucket_owner
1296
+ # The account ID of the expected bucket owner. If the account ID that
1297
+ # you provide does not match the actual owner of the bucket, the request
1298
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1299
+ # @option options [String] :checksum_mode
1300
+ # To retrieve the checksum, this mode must be enabled.
1301
+ # @return [Types::GetObjectOutput]
1302
+ def get(options = {}, &block)
1303
+ options = options.merge(
1304
+ bucket: @bucket_name,
1305
+ key: @key
1306
+ )
1307
+ resp = Aws::Plugins::UserAgent.feature('resource') do
1308
+ @client.get_object(options, &block)
1309
+ end
1310
+ resp.data
1311
+ end
1312
+
1313
+ # @example Request syntax with placeholder values
1314
+ #
1315
+ # multipartupload = object_summary.initiate_multipart_upload({
1316
+ # acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
1317
+ # cache_control: "CacheControl",
1318
+ # content_disposition: "ContentDisposition",
1319
+ # content_encoding: "ContentEncoding",
1320
+ # content_language: "ContentLanguage",
1321
+ # content_type: "ContentType",
1322
+ # expires: Time.now,
1323
+ # grant_full_control: "GrantFullControl",
1324
+ # grant_read: "GrantRead",
1325
+ # grant_read_acp: "GrantReadACP",
1326
+ # grant_write_acp: "GrantWriteACP",
1327
+ # metadata: {
1328
+ # "MetadataKey" => "MetadataValue",
1329
+ # },
1330
+ # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1331
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1332
+ # website_redirect_location: "WebsiteRedirectLocation",
1333
+ # sse_customer_algorithm: "SSECustomerAlgorithm",
1334
+ # sse_customer_key: "SSECustomerKey",
1335
+ # sse_customer_key_md5: "SSECustomerKeyMD5",
1336
+ # ssekms_key_id: "SSEKMSKeyId",
1337
+ # ssekms_encryption_context: "SSEKMSEncryptionContext",
1338
+ # bucket_key_enabled: false,
1339
+ # request_payer: "requester", # accepts requester
1340
+ # tagging: "TaggingHeader",
1341
+ # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
1342
+ # object_lock_retain_until_date: Time.now,
1343
+ # object_lock_legal_hold_status: "ON", # accepts ON, OFF
1344
+ # expected_bucket_owner: "AccountId",
1345
+ # checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
1346
+ # })
1347
+ # @param [Hash] options ({})
1348
+ # @option options [String] :acl
1349
+ # The canned ACL to apply to the object. Amazon S3 supports a set of
1350
+ # predefined ACLs, known as *canned ACLs*. Each canned ACL has a
1351
+ # predefined set of grantees and permissions. For more information, see
1352
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
1353
+ #
1354
+ # By default, all objects are private. Only the owner has full access
1355
+ # control. When uploading an object, you can grant access permissions to
1356
+ # individual Amazon Web Services accounts or to predefined groups
1357
+ # defined by Amazon S3. These permissions are then added to the access
1358
+ # control list (ACL) on the new object. For more information, see [Using
1359
+ # ACLs][2]. One way to grant the permissions using the request headers
1360
+ # is to specify a canned ACL with the `x-amz-acl` request header.
1361
+ #
1362
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1363
+ #
1364
+ # * This functionality is not supported for Amazon S3 on Outposts.
1365
+ #
1366
+ # </note>
1367
+ #
1368
+ #
1369
+ #
1370
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
1371
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
1372
+ # @option options [String] :cache_control
1373
+ # Specifies caching behavior along the request/reply chain.
1374
+ # @option options [String] :content_disposition
1375
+ # Specifies presentational information for the object.
1376
+ # @option options [String] :content_encoding
1377
+ # Specifies what content encodings have been applied to the object and
1378
+ # thus what decoding mechanisms must be applied to obtain the media-type
1379
+ # referenced by the Content-Type header field.
1380
+ #
1381
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
1382
+ # this header field.
1383
+ #
1384
+ # </note>
1385
+ # @option options [String] :content_language
1386
+ # The language that the content is in.
1387
+ # @option options [String] :content_type
1388
+ # A standard MIME type describing the format of the object data.
1389
+ # @option options [Time,DateTime,Date,Integer,String] :expires
1390
+ # The date and time at which the object is no longer cacheable.
1391
+ # @option options [String] :grant_full_control
1392
+ # Specify access permissions explicitly to give the grantee READ,
1393
+ # READ\_ACP, and WRITE\_ACP permissions on the object.
1394
+ #
1395
+ # By default, all objects are private. Only the owner has full access
1396
+ # control. When uploading an object, you can use this header to
1397
+ # explicitly grant access permissions to specific Amazon Web Services
1398
+ # accounts or groups. This header maps to specific permissions that
1399
+ # Amazon S3 supports in an ACL. For more information, see [Access
1400
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1401
+ #
1402
+ # You specify each grantee as a type=value pair, where the type is one
1403
+ # of the following:
1404
+ #
1405
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1406
+ # Web Services account
1407
+ #
1408
+ # * `uri` – if you are granting permissions to a predefined group
1409
+ #
1410
+ # * `emailAddress` – if the value specified is the email address of an
1411
+ # Amazon Web Services account
1412
+ #
1413
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1414
+ # following Amazon Web Services Regions:
1415
+ #
1416
+ # * US East (N. Virginia)
1417
+ #
1418
+ # * US West (N. California)
1419
+ #
1420
+ # * US West (Oregon)
1421
+ #
1422
+ # * Asia Pacific (Singapore)
1423
+ #
1424
+ # * Asia Pacific (Sydney)
1425
+ #
1426
+ # * Asia Pacific (Tokyo)
1427
+ #
1428
+ # * Europe (Ireland)
1429
+ #
1430
+ # * South America (São Paulo)
1431
+ #
1432
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1433
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1434
+ # Reference.
1435
+ #
1436
+ # </note>
1437
+ #
1438
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1439
+ # Web Services accounts identified by account IDs permissions to read
1440
+ # object data and its metadata:
1441
+ #
1442
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1443
+ #
1444
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1445
+ #
1446
+ # * This functionality is not supported for Amazon S3 on Outposts.
1447
+ #
1448
+ # </note>
1449
+ #
1450
+ #
1451
+ #
1452
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1453
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1454
+ # @option options [String] :grant_read
1455
+ # Specify access permissions explicitly to allow grantee to read the
1456
+ # object data and its metadata.
1457
+ #
1458
+ # By default, all objects are private. Only the owner has full access
1459
+ # control. When uploading an object, you can use this header to
1460
+ # explicitly grant access permissions to specific Amazon Web Services
1461
+ # accounts or groups. This header maps to specific permissions that
1462
+ # Amazon S3 supports in an ACL. For more information, see [Access
1463
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1464
+ #
1465
+ # You specify each grantee as a type=value pair, where the type is one
1466
+ # of the following:
1467
+ #
1468
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1469
+ # Web Services account
1470
+ #
1471
+ # * `uri` – if you are granting permissions to a predefined group
1472
+ #
1473
+ # * `emailAddress` – if the value specified is the email address of an
1474
+ # Amazon Web Services account
1475
+ #
1476
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1477
+ # following Amazon Web Services Regions:
1478
+ #
1479
+ # * US East (N. Virginia)
1480
+ #
1481
+ # * US West (N. California)
1482
+ #
1483
+ # * US West (Oregon)
1484
+ #
1485
+ # * Asia Pacific (Singapore)
1486
+ #
1487
+ # * Asia Pacific (Sydney)
1488
+ #
1489
+ # * Asia Pacific (Tokyo)
1490
+ #
1491
+ # * Europe (Ireland)
1492
+ #
1493
+ # * South America (São Paulo)
1494
+ #
1495
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1496
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1497
+ # Reference.
1498
+ #
1499
+ # </note>
1500
+ #
1501
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1502
+ # Web Services accounts identified by account IDs permissions to read
1503
+ # object data and its metadata:
1504
+ #
1505
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1506
+ #
1507
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1508
+ #
1509
+ # * This functionality is not supported for Amazon S3 on Outposts.
1510
+ #
1511
+ # </note>
1512
+ #
1513
+ #
1514
+ #
1515
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1516
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1517
+ # @option options [String] :grant_read_acp
1518
+ # Specify access permissions explicitly to allows grantee to read the
1519
+ # object ACL.
1520
+ #
1521
+ # By default, all objects are private. Only the owner has full access
1522
+ # control. When uploading an object, you can use this header to
1523
+ # explicitly grant access permissions to specific Amazon Web Services
1524
+ # accounts or groups. This header maps to specific permissions that
1525
+ # Amazon S3 supports in an ACL. For more information, see [Access
1526
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1527
+ #
1528
+ # You specify each grantee as a type=value pair, where the type is one
1529
+ # of the following:
1530
+ #
1531
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1532
+ # Web Services account
1533
+ #
1534
+ # * `uri` – if you are granting permissions to a predefined group
1535
+ #
1536
+ # * `emailAddress` – if the value specified is the email address of an
1537
+ # Amazon Web Services account
1538
+ #
1539
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1540
+ # following Amazon Web Services Regions:
1541
+ #
1542
+ # * US East (N. Virginia)
1543
+ #
1544
+ # * US West (N. California)
1545
+ #
1546
+ # * US West (Oregon)
1547
+ #
1548
+ # * Asia Pacific (Singapore)
1549
+ #
1550
+ # * Asia Pacific (Sydney)
1551
+ #
1552
+ # * Asia Pacific (Tokyo)
1553
+ #
1554
+ # * Europe (Ireland)
1555
+ #
1556
+ # * South America (São Paulo)
1557
+ #
1558
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1559
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1560
+ # Reference.
1561
+ #
1562
+ # </note>
1563
+ #
1564
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1565
+ # Web Services accounts identified by account IDs permissions to read
1566
+ # object data and its metadata:
1567
+ #
1568
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1569
+ #
1570
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1571
+ #
1572
+ # * This functionality is not supported for Amazon S3 on Outposts.
1573
+ #
1574
+ # </note>
1575
+ #
1576
+ #
1577
+ #
1578
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1579
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1580
+ # @option options [String] :grant_write_acp
1581
+ # Specify access permissions explicitly to allows grantee to allow
1582
+ # grantee to write the ACL for the applicable object.
702
1583
  #
1584
+ # By default, all objects are private. Only the owner has full access
1585
+ # control. When uploading an object, you can use this header to
1586
+ # explicitly grant access permissions to specific Amazon Web Services
1587
+ # accounts or groups. This header maps to specific permissions that
1588
+ # Amazon S3 supports in an ACL. For more information, see [Access
1589
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
703
1590
  #
1591
+ # You specify each grantee as a type=value pair, where the type is one
1592
+ # of the following:
704
1593
  #
705
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
706
- # @option options [Integer] :part_number
707
- # Part number of the object being read. This is a positive integer
708
- # between 1 and 10,000. Effectively performs a 'ranged' GET request
709
- # for the part specified. Useful for downloading just a part of an
710
- # object.
711
- # @option options [String] :expected_bucket_owner
712
- # The account ID of the expected bucket owner. If the bucket is owned by
713
- # a different account, the request fails with the HTTP status code `403
714
- # Forbidden` (access denied).
715
- # @option options [String] :checksum_mode
716
- # To retrieve the checksum, this mode must be enabled.
717
- # @return [Types::GetObjectOutput]
718
- def get(options = {}, &block)
719
- options = options.merge(
720
- bucket: @bucket_name,
721
- key: @key
722
- )
723
- resp = Aws::Plugins::UserAgent.feature('resource') do
724
- @client.get_object(options, &block)
725
- end
726
- resp.data
727
- end
728
-
729
- # @example Request syntax with placeholder values
1594
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1595
+ # Web Services account
730
1596
  #
731
- # multipartupload = object_summary.initiate_multipart_upload({
732
- # acl: "private", # accepts private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control
733
- # cache_control: "CacheControl",
734
- # content_disposition: "ContentDisposition",
735
- # content_encoding: "ContentEncoding",
736
- # content_language: "ContentLanguage",
737
- # content_type: "ContentType",
738
- # expires: Time.now,
739
- # grant_full_control: "GrantFullControl",
740
- # grant_read: "GrantRead",
741
- # grant_read_acp: "GrantReadACP",
742
- # grant_write_acp: "GrantWriteACP",
743
- # metadata: {
744
- # "MetadataKey" => "MetadataValue",
745
- # },
746
- # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
747
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
748
- # website_redirect_location: "WebsiteRedirectLocation",
749
- # sse_customer_algorithm: "SSECustomerAlgorithm",
750
- # sse_customer_key: "SSECustomerKey",
751
- # sse_customer_key_md5: "SSECustomerKeyMD5",
752
- # ssekms_key_id: "SSEKMSKeyId",
753
- # ssekms_encryption_context: "SSEKMSEncryptionContext",
754
- # bucket_key_enabled: false,
755
- # request_payer: "requester", # accepts requester
756
- # tagging: "TaggingHeader",
757
- # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
758
- # object_lock_retain_until_date: Time.now,
759
- # object_lock_legal_hold_status: "ON", # accepts ON, OFF
760
- # expected_bucket_owner: "AccountId",
761
- # checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
762
- # })
763
- # @param [Hash] options ({})
764
- # @option options [String] :acl
765
- # The canned ACL to apply to the object.
1597
+ # * `uri` – if you are granting permissions to a predefined group
766
1598
  #
767
- # This action is not supported by Amazon S3 on Outposts.
768
- # @option options [String] :cache_control
769
- # Specifies caching behavior along the request/reply chain.
770
- # @option options [String] :content_disposition
771
- # Specifies presentational information for the object.
772
- # @option options [String] :content_encoding
773
- # Specifies what content encodings have been applied to the object and
774
- # thus what decoding mechanisms must be applied to obtain the media-type
775
- # referenced by the Content-Type header field.
776
- # @option options [String] :content_language
777
- # The language the content is in.
778
- # @option options [String] :content_type
779
- # A standard MIME type describing the format of the object data.
780
- # @option options [Time,DateTime,Date,Integer,String] :expires
781
- # The date and time at which the object is no longer cacheable.
782
- # @option options [String] :grant_full_control
783
- # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
784
- # object.
1599
+ # * `emailAddress` if the value specified is the email address of an
1600
+ # Amazon Web Services account
785
1601
  #
786
- # This action is not supported by Amazon S3 on Outposts.
787
- # @option options [String] :grant_read
788
- # Allows grantee to read the object data and its metadata.
1602
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1603
+ # following Amazon Web Services Regions:
789
1604
  #
790
- # This action is not supported by Amazon S3 on Outposts.
791
- # @option options [String] :grant_read_acp
792
- # Allows grantee to read the object ACL.
1605
+ # * US East (N. Virginia)
1606
+ #
1607
+ # * US West (N. California)
1608
+ #
1609
+ # * US West (Oregon)
1610
+ #
1611
+ # * Asia Pacific (Singapore)
1612
+ #
1613
+ # * Asia Pacific (Sydney)
1614
+ #
1615
+ # * Asia Pacific (Tokyo)
1616
+ #
1617
+ # * Europe (Ireland)
1618
+ #
1619
+ # * South America (São Paulo)
1620
+ #
1621
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1622
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1623
+ # Reference.
1624
+ #
1625
+ # </note>
1626
+ #
1627
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1628
+ # Web Services accounts identified by account IDs permissions to read
1629
+ # object data and its metadata:
1630
+ #
1631
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1632
+ #
1633
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1634
+ #
1635
+ # * This functionality is not supported for Amazon S3 on Outposts.
1636
+ #
1637
+ # </note>
793
1638
  #
794
- # This action is not supported by Amazon S3 on Outposts.
795
- # @option options [String] :grant_write_acp
796
- # Allows grantee to write the ACL for the applicable object.
797
1639
  #
798
- # This action is not supported by Amazon S3 on Outposts.
1640
+ #
1641
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1642
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
799
1643
  # @option options [Hash<String,String>] :metadata
800
1644
  # A map of metadata to store with the object in S3.
801
1645
  # @option options [String] :server_side_encryption
802
- # The server-side encryption algorithm used when storing this object in
803
- # Amazon S3 (for example, `AES256`, `aws:kms`).
1646
+ # The server-side encryption algorithm used when you store this object
1647
+ # in Amazon S3 (for example, `AES256`, `aws:kms`).
1648
+ #
1649
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
1650
+ # managed keys (SSE-S3) (`AES256`) is supported.
1651
+ #
1652
+ # </note>
804
1653
  # @option options [String] :storage_class
805
1654
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
806
1655
  # created objects. The STANDARD storage class provides high durability
807
1656
  # and high availability. Depending on performance needs, you can specify
808
- # a different Storage Class. Amazon S3 on Outposts only uses the
809
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
810
- # in the *Amazon S3 User Guide*.
1657
+ # a different Storage Class. For more information, see [Storage
1658
+ # Classes][1] in the *Amazon S3 User Guide*.
1659
+ #
1660
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
1661
+ # supported to store newly created objects.
1662
+ #
1663
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
1664
+ #
1665
+ # </note>
811
1666
  #
812
1667
  #
813
1668
  #
@@ -816,35 +1671,51 @@ module Aws::S3
816
1671
  # If the bucket is configured as a website, redirects requests for this
817
1672
  # object to another object in the same bucket or to an external URL.
818
1673
  # Amazon S3 stores the value of this header in the object metadata.
1674
+ #
1675
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1676
+ #
1677
+ # </note>
819
1678
  # @option options [String] :sse_customer_algorithm
820
- # Specifies the algorithm to use to when encrypting the object (for
1679
+ # Specifies the algorithm to use when encrypting the object (for
821
1680
  # example, AES256).
1681
+ #
1682
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1683
+ #
1684
+ # </note>
822
1685
  # @option options [String] :sse_customer_key
823
1686
  # Specifies the customer-provided encryption key for Amazon S3 to use in
824
1687
  # encrypting data. This value is used to store the object and then it is
825
1688
  # discarded; Amazon S3 does not store the encryption key. The key must
826
1689
  # be appropriate for use with the algorithm specified in the
827
1690
  # `x-amz-server-side-encryption-customer-algorithm` header.
1691
+ #
1692
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1693
+ #
1694
+ # </note>
828
1695
  # @option options [String] :sse_customer_key_md5
829
- # Specifies the 128-bit MD5 digest of the encryption key according to
830
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
831
- # ensure that the encryption key was transmitted without error.
1696
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
1697
+ # key according to RFC 1321. Amazon S3 uses this header for a message
1698
+ # integrity check to ensure that the encryption key was transmitted
1699
+ # without error.
1700
+ #
1701
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1702
+ #
1703
+ # </note>
832
1704
  # @option options [String] :ssekms_key_id
833
1705
  # Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric
834
- # encryption customer managed key to use for object encryption. All GET
835
- # and PUT requests for an object protected by KMS will fail if they're
836
- # not made via SSL or using SigV4. For information about configuring any
837
- # of the officially supported Amazon Web Services SDKs and Amazon Web
838
- # Services CLI, see [Specifying the Signature Version in Request
839
- # Authentication][1] in the *Amazon S3 User Guide*.
840
- #
1706
+ # encryption customer managed key to use for object encryption.
841
1707
  #
1708
+ # <note markdown="1"> This functionality is not supported for directory buckets.
842
1709
  #
843
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
1710
+ # </note>
844
1711
  # @option options [String] :ssekms_encryption_context
845
1712
  # Specifies the Amazon Web Services KMS Encryption Context to use for
846
1713
  # object encryption. The value of this header is a base64-encoded UTF-8
847
1714
  # string holding JSON with the encryption context key-value pairs.
1715
+ #
1716
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1717
+ #
1718
+ # </note>
848
1719
  # @option options [Boolean] :bucket_key_enabled
849
1720
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
850
1721
  # encryption with server-side encryption using Key Management Service
@@ -853,14 +1724,22 @@ module Aws::S3
853
1724
  #
854
1725
  # Specifying this header with an object action doesn’t affect
855
1726
  # bucket-level settings for S3 Bucket Key.
1727
+ #
1728
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1729
+ #
1730
+ # </note>
856
1731
  # @option options [String] :request_payer
857
1732
  # Confirms that the requester knows that they will be charged for the
858
1733
  # request. Bucket owners need not specify this parameter in their
859
- # requests. If either the source or destination Amazon S3 bucket has
860
- # Requester Pays enabled, the requester will pay for corresponding
861
- # charges to copy the object. For information about downloading objects
862
- # from Requester Pays buckets, see [Downloading Objects in Requester
863
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1734
+ # requests. If either the source or destination S3 bucket has Requester
1735
+ # Pays enabled, the requester will pay for corresponding charges to copy
1736
+ # the object. For information about downloading objects from Requester
1737
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1738
+ # in the *Amazon S3 User Guide*.
1739
+ #
1740
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1741
+ #
1742
+ # </note>
864
1743
  #
865
1744
  #
866
1745
  #
@@ -868,20 +1747,36 @@ module Aws::S3
868
1747
  # @option options [String] :tagging
869
1748
  # The tag-set for the object. The tag-set must be encoded as URL Query
870
1749
  # parameters.
1750
+ #
1751
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1752
+ #
1753
+ # </note>
871
1754
  # @option options [String] :object_lock_mode
872
1755
  # Specifies the Object Lock mode that you want to apply to the uploaded
873
1756
  # object.
1757
+ #
1758
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1759
+ #
1760
+ # </note>
874
1761
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
875
1762
  # Specifies the date and time when you want the Object Lock to expire.
1763
+ #
1764
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1765
+ #
1766
+ # </note>
876
1767
  # @option options [String] :object_lock_legal_hold_status
877
1768
  # Specifies whether you want to apply a legal hold to the uploaded
878
1769
  # object.
1770
+ #
1771
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1772
+ #
1773
+ # </note>
879
1774
  # @option options [String] :expected_bucket_owner
880
- # The account ID of the expected bucket owner. If the bucket is owned by
881
- # a different account, the request fails with the HTTP status code `403
882
- # Forbidden` (access denied).
1775
+ # The account ID of the expected bucket owner. If the account ID that
1776
+ # you provide does not match the actual owner of the bucket, the request
1777
+ # fails with the HTTP status code `403 Forbidden` (access denied).
883
1778
  # @option options [String] :checksum_algorithm
884
- # Indicates the algorithm you want Amazon S3 to use to create the
1779
+ # Indicates the algorithm that you want Amazon S3 to use to create the
885
1780
  # checksum for the object. For more information, see [Checking object
886
1781
  # integrity][1] in the *Amazon S3 User Guide*.
887
1782
  #
@@ -931,7 +1826,7 @@ module Aws::S3
931
1826
  # "MetadataKey" => "MetadataValue",
932
1827
  # },
933
1828
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
934
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
1829
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
935
1830
  # website_redirect_location: "WebsiteRedirectLocation",
936
1831
  # sse_customer_algorithm: "SSECustomerAlgorithm",
937
1832
  # sse_customer_key: "SSECustomerKey",
@@ -949,13 +1844,41 @@ module Aws::S3
949
1844
  # @param [Hash] options ({})
950
1845
  # @option options [String] :acl
951
1846
  # The canned ACL to apply to the object. For more information, see
952
- # [Canned ACL][1].
1847
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
1848
+ #
1849
+ # When adding a new object, you can use headers to grant ACL-based
1850
+ # permissions to individual Amazon Web Services accounts or to
1851
+ # predefined groups defined by Amazon S3. These permissions are then
1852
+ # added to the ACL on the object. By default, all objects are private.
1853
+ # Only the owner has full access control. For more information, see
1854
+ # [Access Control List (ACL) Overview][2] and [Managing ACLs Using the
1855
+ # REST API][3] in the *Amazon S3 User Guide*.
1856
+ #
1857
+ # If the bucket that you're uploading objects to uses the bucket owner
1858
+ # enforced setting for S3 Object Ownership, ACLs are disabled and no
1859
+ # longer affect permissions. Buckets that use this setting only accept
1860
+ # PUT requests that don't specify an ACL or PUT requests that specify
1861
+ # bucket owner full control ACLs, such as the
1862
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
1863
+ # ACL expressed in the XML format. PUT requests that contain other ACLs
1864
+ # (for example, custom grants to certain Amazon Web Services accounts)
1865
+ # fail and return a `400` error with the error code
1866
+ # `AccessControlListNotSupported`. For more information, see [
1867
+ # Controlling ownership of objects and disabling ACLs][4] in the *Amazon
1868
+ # S3 User Guide*.
1869
+ #
1870
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1871
+ #
1872
+ # * This functionality is not supported for Amazon S3 on Outposts.
953
1873
  #
954
- # This action is not supported by Amazon S3 on Outposts.
1874
+ # </note>
955
1875
  #
956
1876
  #
957
1877
  #
958
1878
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
1879
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1880
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
1881
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
959
1882
  # @option options [String, StringIO, File] :body
960
1883
  # Object data.
961
1884
  # @option options [String] :cache_control
@@ -1002,9 +1925,21 @@ module Aws::S3
1002
1925
  # information about REST request authentication, see [REST
1003
1926
  # Authentication][1].
1004
1927
  #
1928
+ # <note markdown="1"> The `Content-MD5` header is required for any request to upload an
1929
+ # object with a retention period configured using Amazon S3 Object Lock.
1930
+ # For more information about Amazon S3 Object Lock, see [Amazon S3
1931
+ # Object Lock Overview][2] in the *Amazon S3 User Guide*.
1932
+ #
1933
+ # </note>
1934
+ #
1935
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1936
+ #
1937
+ # </note>
1938
+ #
1005
1939
  #
1006
1940
  #
1007
1941
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
1942
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
1008
1943
  # @option options [String] :content_type
1009
1944
  # A standard MIME type describing the format of the contents. For more
1010
1945
  # information, see
@@ -1015,15 +1950,36 @@ module Aws::S3
1015
1950
  # [1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type
1016
1951
  # @option options [String] :checksum_algorithm
1017
1952
  # Indicates the algorithm used to create the checksum for the object
1018
- # when using the SDK. This header will not provide any additional
1019
- # functionality if not using the SDK. When sending this header, there
1020
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1021
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1022
- # `400 Bad Request`. For more information, see [Checking object
1023
- # integrity][1] in the *Amazon S3 User Guide*.
1953
+ # when you use the SDK. This header will not provide any additional
1954
+ # functionality if you don't use the SDK. When you send this header,
1955
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
1956
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
1957
+ # with the HTTP status code `400 Bad Request`.
1024
1958
  #
1025
- # If you provide an individual checksum, Amazon S3 ignores any provided
1026
- # `ChecksumAlgorithm` parameter.
1959
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
1960
+ # the supported algorithm from the following list:
1961
+ #
1962
+ # * CRC32
1963
+ #
1964
+ # * CRC32C
1965
+ #
1966
+ # * SHA1
1967
+ #
1968
+ # * SHA256
1969
+ #
1970
+ # For more information, see [Checking object integrity][1] in the
1971
+ # *Amazon S3 User Guide*.
1972
+ #
1973
+ # If the individual checksum value you provide through
1974
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
1975
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
1976
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
1977
+ # that matches the provided value in `x-amz-checksum-algorithm `.
1978
+ #
1979
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
1980
+ # is the default checksum algorithm that's used for performance.
1981
+ #
1982
+ # </note>
1027
1983
  #
1028
1984
  #
1029
1985
  #
@@ -1080,31 +2036,74 @@ module Aws::S3
1080
2036
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1081
2037
  # object.
1082
2038
  #
1083
- # This action is not supported by Amazon S3 on Outposts.
2039
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2040
+ #
2041
+ # * This functionality is not supported for Amazon S3 on Outposts.
2042
+ #
2043
+ # </note>
1084
2044
  # @option options [String] :grant_read
1085
2045
  # Allows grantee to read the object data and its metadata.
1086
2046
  #
1087
- # This action is not supported by Amazon S3 on Outposts.
2047
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2048
+ #
2049
+ # * This functionality is not supported for Amazon S3 on Outposts.
2050
+ #
2051
+ # </note>
1088
2052
  # @option options [String] :grant_read_acp
1089
2053
  # Allows grantee to read the object ACL.
1090
2054
  #
1091
- # This action is not supported by Amazon S3 on Outposts.
2055
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2056
+ #
2057
+ # * This functionality is not supported for Amazon S3 on Outposts.
2058
+ #
2059
+ # </note>
1092
2060
  # @option options [String] :grant_write_acp
1093
2061
  # Allows grantee to write the ACL for the applicable object.
1094
2062
  #
1095
- # This action is not supported by Amazon S3 on Outposts.
2063
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2064
+ #
2065
+ # * This functionality is not supported for Amazon S3 on Outposts.
2066
+ #
2067
+ # </note>
1096
2068
  # @option options [Hash<String,String>] :metadata
1097
2069
  # A map of metadata to store with the object in S3.
1098
2070
  # @option options [String] :server_side_encryption
1099
- # The server-side encryption algorithm used when storing this object in
1100
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
2071
+ # The server-side encryption algorithm that was used when you store this
2072
+ # object in Amazon S3 (for example, `AES256`, `aws:kms`,
2073
+ # `aws:kms:dsse`).
2074
+ #
2075
+ # <b>General purpose buckets </b> - You have four mutually exclusive
2076
+ # options to protect data using server-side encryption in Amazon S3,
2077
+ # depending on how you choose to manage the encryption keys.
2078
+ # Specifically, the encryption key options are Amazon S3 managed keys
2079
+ # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2080
+ # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2081
+ # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2082
+ # default. You can optionally tell Amazon S3 to encrypt data at rest by
2083
+ # using server-side encryption with other key options. For more
2084
+ # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2085
+ # User Guide*.
2086
+ #
2087
+ # <b>Directory buckets </b> - For directory buckets, only the
2088
+ # server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`)
2089
+ # value is supported.
2090
+ #
2091
+ #
2092
+ #
2093
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
1101
2094
  # @option options [String] :storage_class
1102
2095
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1103
2096
  # created objects. The STANDARD storage class provides high durability
1104
2097
  # and high availability. Depending on performance needs, you can specify
1105
- # a different Storage Class. Amazon S3 on Outposts only uses the
1106
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1107
- # in the *Amazon S3 User Guide*.
2098
+ # a different Storage Class. For more information, see [Storage
2099
+ # Classes][1] in the *Amazon S3 User Guide*.
2100
+ #
2101
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
2102
+ # supported to store newly created objects.
2103
+ #
2104
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
2105
+ #
2106
+ # </note>
1108
2107
  #
1109
2108
  #
1110
2109
  #
@@ -1113,7 +2112,8 @@ module Aws::S3
1113
2112
  # If the bucket is configured as a website, redirects requests for this
1114
2113
  # object to another object in the same bucket or to an external URL.
1115
2114
  # Amazon S3 stores the value of this header in the object metadata. For
1116
- # information about object metadata, see [Object Key and Metadata][1].
2115
+ # information about object metadata, see [Object Key and Metadata][1] in
2116
+ # the *Amazon S3 User Guide*.
1117
2117
  #
1118
2118
  # In the following example, the request header sets the redirect to an
1119
2119
  # object (anotherPage.html) in the same bucket:
@@ -1127,7 +2127,11 @@ module Aws::S3
1127
2127
  #
1128
2128
  # For more information about website hosting in Amazon S3, see [Hosting
1129
2129
  # Websites on Amazon S3][2] and [How to Configure Website Page
1130
- # Redirects][3].
2130
+ # Redirects][3] in the *Amazon S3 User Guide*.
2131
+ #
2132
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2133
+ #
2134
+ # </note>
1131
2135
  #
1132
2136
  #
1133
2137
  #
@@ -1135,18 +2139,30 @@ module Aws::S3
1135
2139
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
1136
2140
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
1137
2141
  # @option options [String] :sse_customer_algorithm
1138
- # Specifies the algorithm to use to when encrypting the object (for
1139
- # example, AES256).
2142
+ # Specifies the algorithm to use when encrypting the object (for
2143
+ # example, `AES256`).
2144
+ #
2145
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2146
+ #
2147
+ # </note>
1140
2148
  # @option options [String] :sse_customer_key
1141
2149
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1142
2150
  # encrypting data. This value is used to store the object and then it is
1143
2151
  # discarded; Amazon S3 does not store the encryption key. The key must
1144
2152
  # be appropriate for use with the algorithm specified in the
1145
2153
  # `x-amz-server-side-encryption-customer-algorithm` header.
2154
+ #
2155
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2156
+ #
2157
+ # </note>
1146
2158
  # @option options [String] :sse_customer_key_md5
1147
2159
  # Specifies the 128-bit MD5 digest of the encryption key according to
1148
2160
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1149
2161
  # ensure that the encryption key was transmitted without error.
2162
+ #
2163
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2164
+ #
2165
+ # </note>
1150
2166
  # @option options [String] :ssekms_key_id
1151
2167
  # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
1152
2168
  # `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key
@@ -1158,6 +2174,10 @@ module Aws::S3
1158
2174
  # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
1159
2175
  # KMS key does not exist in the same account that's issuing the
1160
2176
  # command, you must use the full ARN and not just the ID.
2177
+ #
2178
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2179
+ #
2180
+ # </note>
1161
2181
  # @option options [String] :ssekms_encryption_context
1162
2182
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1163
2183
  # object encryption. The value of this header is a base64-encoded UTF-8
@@ -1165,7 +2185,11 @@ module Aws::S3
1165
2185
  # value is stored as object metadata and automatically gets passed on to
1166
2186
  # Amazon Web Services KMS for future `GetObject` or `CopyObject`
1167
2187
  # operations on this object. This value must be explicitly added during
1168
- # CopyObject operations.
2188
+ # `CopyObject` operations.
2189
+ #
2190
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2191
+ #
2192
+ # </note>
1169
2193
  # @option options [Boolean] :bucket_key_enabled
1170
2194
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1171
2195
  # encryption with server-side encryption using Key Management Service
@@ -1174,14 +2198,22 @@ module Aws::S3
1174
2198
  #
1175
2199
  # Specifying this header with a PUT action doesn’t affect bucket-level
1176
2200
  # settings for S3 Bucket Key.
2201
+ #
2202
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2203
+ #
2204
+ # </note>
1177
2205
  # @option options [String] :request_payer
1178
2206
  # Confirms that the requester knows that they will be charged for the
1179
2207
  # request. Bucket owners need not specify this parameter in their
1180
- # requests. If either the source or destination Amazon S3 bucket has
1181
- # Requester Pays enabled, the requester will pay for corresponding
1182
- # charges to copy the object. For information about downloading objects
1183
- # from Requester Pays buckets, see [Downloading Objects in Requester
1184
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2208
+ # requests. If either the source or destination S3 bucket has Requester
2209
+ # Pays enabled, the requester will pay for corresponding charges to copy
2210
+ # the object. For information about downloading objects from Requester
2211
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2212
+ # in the *Amazon S3 User Guide*.
2213
+ #
2214
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2215
+ #
2216
+ # </note>
1185
2217
  #
1186
2218
  #
1187
2219
  #
@@ -1189,22 +2221,39 @@ module Aws::S3
1189
2221
  # @option options [String] :tagging
1190
2222
  # The tag-set for the object. The tag-set must be encoded as URL Query
1191
2223
  # parameters. (For example, "Key1=Value1")
2224
+ #
2225
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2226
+ #
2227
+ # </note>
1192
2228
  # @option options [String] :object_lock_mode
1193
2229
  # The Object Lock mode that you want to apply to this object.
2230
+ #
2231
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2232
+ #
2233
+ # </note>
1194
2234
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1195
2235
  # The date and time when you want this object's Object Lock to expire.
1196
2236
  # Must be formatted as a timestamp parameter.
2237
+ #
2238
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2239
+ #
2240
+ # </note>
1197
2241
  # @option options [String] :object_lock_legal_hold_status
1198
2242
  # Specifies whether a legal hold will be applied to this object. For
1199
- # more information about S3 Object Lock, see [Object Lock][1].
2243
+ # more information about S3 Object Lock, see [Object Lock][1] in the
2244
+ # *Amazon S3 User Guide*.
2245
+ #
2246
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2247
+ #
2248
+ # </note>
1200
2249
  #
1201
2250
  #
1202
2251
  #
1203
2252
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
1204
2253
  # @option options [String] :expected_bucket_owner
1205
- # The account ID of the expected bucket owner. If the bucket is owned by
1206
- # a different account, the request fails with the HTTP status code `403
1207
- # Forbidden` (access denied).
2254
+ # The account ID of the expected bucket owner. If the account ID that
2255
+ # you provide does not match the actual owner of the bucket, the request
2256
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1208
2257
  # @return [Types::PutObjectOutput]
1209
2258
  def put(options = {})
1210
2259
  options = options.merge(
@@ -1298,7 +2347,7 @@ module Aws::S3
1298
2347
  # value: "MetadataValue",
1299
2348
  # },
1300
2349
  # ],
1301
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
2350
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1302
2351
  # },
1303
2352
  # },
1304
2353
  # },
@@ -1314,23 +2363,27 @@ module Aws::S3
1314
2363
  # @option options [String] :request_payer
1315
2364
  # Confirms that the requester knows that they will be charged for the
1316
2365
  # request. Bucket owners need not specify this parameter in their
1317
- # requests. If either the source or destination Amazon S3 bucket has
1318
- # Requester Pays enabled, the requester will pay for corresponding
1319
- # charges to copy the object. For information about downloading objects
1320
- # from Requester Pays buckets, see [Downloading Objects in Requester
1321
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2366
+ # requests. If either the source or destination S3 bucket has Requester
2367
+ # Pays enabled, the requester will pay for corresponding charges to copy
2368
+ # the object. For information about downloading objects from Requester
2369
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2370
+ # in the *Amazon S3 User Guide*.
2371
+ #
2372
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2373
+ #
2374
+ # </note>
1322
2375
  #
1323
2376
  #
1324
2377
  #
1325
2378
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1326
2379
  # @option options [String] :checksum_algorithm
1327
2380
  # Indicates the algorithm used to create the checksum for the object
1328
- # when using the SDK. This header will not provide any additional
1329
- # functionality if not using the SDK. When sending this header, there
1330
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1331
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1332
- # `400 Bad Request`. For more information, see [Checking object
1333
- # integrity][1] in the *Amazon S3 User Guide*.
2381
+ # when you use the SDK. This header will not provide any additional
2382
+ # functionality if you don't use the SDK. When you send this header,
2383
+ # there must be a corresponding `x-amz-checksum` or `x-amz-trailer`
2384
+ # header sent. Otherwise, Amazon S3 fails the request with the HTTP
2385
+ # status code `400 Bad Request`. For more information, see [Checking
2386
+ # object integrity][1] in the *Amazon S3 User Guide*.
1334
2387
  #
1335
2388
  # If you provide an individual checksum, Amazon S3 ignores any provided
1336
2389
  # `ChecksumAlgorithm` parameter.
@@ -1339,9 +2392,9 @@ module Aws::S3
1339
2392
  #
1340
2393
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
1341
2394
  # @option options [String] :expected_bucket_owner
1342
- # The account ID of the expected bucket owner. If the bucket is owned by
1343
- # a different account, the request fails with the HTTP status code `403
1344
- # Forbidden` (access denied).
2395
+ # The account ID of the expected bucket owner. If the account ID that
2396
+ # you provide does not match the actual owner of the bucket, the request
2397
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1345
2398
  # @return [Types::RestoreObjectOutput]
1346
2399
  def restore_object(options = {})
1347
2400
  options = options.merge(
@@ -1484,14 +2537,35 @@ module Aws::S3
1484
2537
  # space, and the value that is displayed on your authentication device.
1485
2538
  # Required to permanently delete a versioned object if versioning is
1486
2539
  # configured with MFA delete enabled.
2540
+ #
2541
+ # When performing the `DeleteObjects` operation on an MFA delete enabled
2542
+ # bucket, which attempts to delete the specified versioned objects, you
2543
+ # must include an MFA token. If you don't provide an MFA token, the
2544
+ # entire request will fail, even if there are non-versioned objects that
2545
+ # you are trying to delete. If you provide an invalid token, whether
2546
+ # there are versioned object keys in the request or not, the entire
2547
+ # Multi-Object Delete request will fail. For information about MFA
2548
+ # Delete, see [ MFA Delete][1] in the *Amazon S3 User Guide*.
2549
+ #
2550
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2551
+ #
2552
+ # </note>
2553
+ #
2554
+ #
2555
+ #
2556
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete
1487
2557
  # @option options [String] :request_payer
1488
2558
  # Confirms that the requester knows that they will be charged for the
1489
2559
  # request. Bucket owners need not specify this parameter in their
1490
- # requests. If either the source or destination Amazon S3 bucket has
1491
- # Requester Pays enabled, the requester will pay for corresponding
1492
- # charges to copy the object. For information about downloading objects
1493
- # from Requester Pays buckets, see [Downloading Objects in Requester
1494
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2560
+ # requests. If either the source or destination S3 bucket has Requester
2561
+ # Pays enabled, the requester will pay for corresponding charges to copy
2562
+ # the object. For information about downloading objects from Requester
2563
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2564
+ # in the *Amazon S3 User Guide*.
2565
+ #
2566
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2567
+ #
2568
+ # </note>
1495
2569
  #
1496
2570
  #
1497
2571
  #
@@ -1500,25 +2574,45 @@ module Aws::S3
1500
2574
  # Specifies whether you want to delete this object even if it has a
1501
2575
  # Governance-type Object Lock in place. To use this header, you must
1502
2576
  # have the `s3:BypassGovernanceRetention` permission.
2577
+ #
2578
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2579
+ #
2580
+ # </note>
1503
2581
  # @option options [String] :expected_bucket_owner
1504
- # The account ID of the expected bucket owner. If the bucket is owned by
1505
- # a different account, the request fails with the HTTP status code `403
1506
- # Forbidden` (access denied).
2582
+ # The account ID of the expected bucket owner. If the account ID that
2583
+ # you provide does not match the actual owner of the bucket, the request
2584
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1507
2585
  # @option options [String] :checksum_algorithm
1508
2586
  # Indicates the algorithm used to create the checksum for the object
1509
- # when using the SDK. This header will not provide any additional
1510
- # functionality if not using the SDK. When sending this header, there
1511
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1512
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1513
- # `400 Bad Request`. For more information, see [Checking object
1514
- # integrity][1] in the *Amazon S3 User Guide*.
2587
+ # when you use the SDK. This header will not provide any additional
2588
+ # functionality if you don't use the SDK. When you send this header,
2589
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
2590
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
2591
+ # with the HTTP status code `400 Bad Request`.
2592
+ #
2593
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
2594
+ # the supported algorithm from the following list:
2595
+ #
2596
+ # * CRC32
2597
+ #
2598
+ # * CRC32C
2599
+ #
2600
+ # * SHA1
2601
+ #
2602
+ # * SHA256
2603
+ #
2604
+ # For more information, see [Checking object integrity][1] in the
2605
+ # *Amazon S3 User Guide*.
2606
+ #
2607
+ # If the individual checksum value you provide through
2608
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
2609
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
2610
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
2611
+ # that matches the provided value in `x-amz-checksum-algorithm `.
1515
2612
  #
1516
2613
  # If you provide an individual checksum, Amazon S3 ignores any provided
1517
2614
  # `ChecksumAlgorithm` parameter.
1518
2615
  #
1519
- # This checksum algorithm must be the same for all parts and it match
1520
- # the checksum value supplied in the `CreateMultipartUpload` request.
1521
- #
1522
2616
  #
1523
2617
  #
1524
2618
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html