aws-sdk-s3 1.139.0 → 1.141.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +15 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/bucket.rb +423 -93
  5. data/lib/aws-sdk-s3/bucket_acl.rb +9 -9
  6. data/lib/aws-sdk-s3/bucket_cors.rb +12 -12
  7. data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -12
  8. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -12
  9. data/lib/aws-sdk-s3/bucket_logging.rb +9 -9
  10. data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
  11. data/lib/aws-sdk-s3/bucket_policy.rb +58 -14
  12. data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -9
  13. data/lib/aws-sdk-s3/bucket_tagging.rb +12 -12
  14. data/lib/aws-sdk-s3/bucket_versioning.rb +27 -27
  15. data/lib/aws-sdk-s3/bucket_website.rb +12 -12
  16. data/lib/aws-sdk-s3/client.rb +5639 -2553
  17. data/lib/aws-sdk-s3/client_api.rb +97 -16
  18. data/lib/aws-sdk-s3/customizations.rb +5 -0
  19. data/lib/aws-sdk-s3/endpoint_parameters.rb +32 -0
  20. data/lib/aws-sdk-s3/endpoint_provider.rb +82 -0
  21. data/lib/aws-sdk-s3/endpoints.rb +440 -0
  22. data/lib/aws-sdk-s3/express_credentials.rb +55 -0
  23. data/lib/aws-sdk-s3/express_credentials_cache.rb +30 -0
  24. data/lib/aws-sdk-s3/express_credentials_provider.rb +36 -0
  25. data/lib/aws-sdk-s3/file_downloader.rb +0 -1
  26. data/lib/aws-sdk-s3/multipart_file_uploader.rb +0 -1
  27. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +0 -1
  28. data/lib/aws-sdk-s3/multipart_upload.rb +70 -24
  29. data/lib/aws-sdk-s3/multipart_upload_part.rb +164 -43
  30. data/lib/aws-sdk-s3/object.rb +1496 -248
  31. data/lib/aws-sdk-s3/object_acl.rb +31 -19
  32. data/lib/aws-sdk-s3/object_summary.rb +1366 -272
  33. data/lib/aws-sdk-s3/object_version.rb +304 -57
  34. data/lib/aws-sdk-s3/plugins/endpoints.rb +13 -2
  35. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +90 -0
  36. data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
  37. data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
  38. data/lib/aws-sdk-s3/presigner.rb +2 -2
  39. data/lib/aws-sdk-s3/resource.rb +83 -11
  40. data/lib/aws-sdk-s3/types.rb +4261 -1238
  41. data/lib/aws-sdk-s3.rb +1 -1
  42. metadata +10 -6
@@ -45,6 +45,10 @@ module Aws::S3
45
45
  # Specifies whether the object retrieved was (true) or was not (false) a
46
46
  # Delete Marker. If false, this response header does not appear in the
47
47
  # response.
48
+ #
49
+ # <note markdown="1"> This functionality is not supported for directory buckets.
50
+ #
51
+ # </note>
48
52
  # @return [Boolean]
49
53
  def delete_marker
50
54
  data[:delete_marker]
@@ -56,10 +60,19 @@ module Aws::S3
56
60
  data[:accept_ranges]
57
61
  end
58
62
 
59
- # If the object expiration is configured (see PUT Bucket lifecycle), the
60
- # response includes this header. It includes the `expiry-date` and
61
- # `rule-id` key-value pairs providing object expiration information. The
62
- # value of the `rule-id` is URL-encoded.
63
+ # If the object expiration is configured (see [
64
+ # `PutBucketLifecycleConfiguration` ][1]), the response includes this
65
+ # header. It includes the `expiry-date` and `rule-id` key-value pairs
66
+ # providing object expiration information. The value of the `rule-id` is
67
+ # URL-encoded.
68
+ #
69
+ # <note markdown="1"> This functionality is not supported for directory buckets.
70
+ #
71
+ # </note>
72
+ #
73
+ #
74
+ #
75
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
63
76
  # @return [String]
64
77
  def expiration
65
78
  data[:expiration]
@@ -82,6 +95,12 @@ module Aws::S3
82
95
  # For more information about archiving objects, see [Transitioning
83
96
  # Objects: General Considerations][2].
84
97
  #
98
+ # <note markdown="1"> This functionality is not supported for directory buckets. Only the S3
99
+ # Express One Zone storage class is supported by directory buckets to
100
+ # store objects.
101
+ #
102
+ # </note>
103
+ #
85
104
  #
86
105
  #
87
106
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
@@ -92,6 +111,10 @@ module Aws::S3
92
111
  end
93
112
 
94
113
  # The archive state of the head object.
114
+ #
115
+ # <note markdown="1"> This functionality is not supported for directory buckets.
116
+ #
117
+ # </note>
95
118
  # @return [String]
96
119
  def archive_status
97
120
  data[:archive_status]
@@ -110,10 +133,13 @@ module Aws::S3
110
133
  end
111
134
 
112
135
  # The base64-encoded, 32-bit CRC32 checksum of the object. This will
113
- # only be present if it was uploaded with the object. With multipart
114
- # uploads, this may not be a checksum value of the object. For more
115
- # information about how checksums are calculated with multipart uploads,
116
- # see [ Checking object integrity][1] in the *Amazon S3 User Guide*.
136
+ # only be present if it was uploaded with the object. When you use an
137
+ # API operation on an object that was uploaded using multipart uploads,
138
+ # this value may not be a direct checksum value of the full object.
139
+ # Instead, it's a calculation based on the checksum values of each
140
+ # individual part. For more information about how checksums are
141
+ # calculated with multipart uploads, see [ Checking object integrity][1]
142
+ # in the *Amazon S3 User Guide*.
117
143
  #
118
144
  #
119
145
  #
@@ -124,10 +150,13 @@ module Aws::S3
124
150
  end
125
151
 
126
152
  # The base64-encoded, 32-bit CRC32C checksum of the object. This will
127
- # only be present if it was uploaded with the object. With multipart
128
- # uploads, this may not be a checksum value of the object. For more
129
- # information about how checksums are calculated with multipart uploads,
130
- # see [ Checking object integrity][1] in the *Amazon S3 User Guide*.
153
+ # only be present if it was uploaded with the object. When you use an
154
+ # API operation on an object that was uploaded using multipart uploads,
155
+ # this value may not be a direct checksum value of the full object.
156
+ # Instead, it's a calculation based on the checksum values of each
157
+ # individual part. For more information about how checksums are
158
+ # calculated with multipart uploads, see [ Checking object integrity][1]
159
+ # in the *Amazon S3 User Guide*.
131
160
  #
132
161
  #
133
162
  #
@@ -138,10 +167,13 @@ module Aws::S3
138
167
  end
139
168
 
140
169
  # The base64-encoded, 160-bit SHA-1 digest of the object. This will only
141
- # be present if it was uploaded with the object. With multipart uploads,
142
- # this may not be a checksum value of the object. For more information
143
- # about how checksums are calculated with multipart uploads, see [
144
- # Checking object integrity][1] in the *Amazon S3 User Guide*.
170
+ # be present if it was uploaded with the object. When you use the API
171
+ # operation on an object that was uploaded using multipart uploads, this
172
+ # value may not be a direct checksum value of the full object. Instead,
173
+ # it's a calculation based on the checksum values of each individual
174
+ # part. For more information about how checksums are calculated with
175
+ # multipart uploads, see [ Checking object integrity][1] in the *Amazon
176
+ # S3 User Guide*.
145
177
  #
146
178
  #
147
179
  #
@@ -152,10 +184,13 @@ module Aws::S3
152
184
  end
153
185
 
154
186
  # The base64-encoded, 256-bit SHA-256 digest of the object. This will
155
- # only be present if it was uploaded with the object. With multipart
156
- # uploads, this may not be a checksum value of the object. For more
157
- # information about how checksums are calculated with multipart uploads,
158
- # see [ Checking object integrity][1] in the *Amazon S3 User Guide*.
187
+ # only be present if it was uploaded with the object. When you use an
188
+ # API operation on an object that was uploaded using multipart uploads,
189
+ # this value may not be a direct checksum value of the full object.
190
+ # Instead, it's a calculation based on the checksum values of each
191
+ # individual part. For more information about how checksums are
192
+ # calculated with multipart uploads, see [ Checking object integrity][1]
193
+ # in the *Amazon S3 User Guide*.
159
194
  #
160
195
  #
161
196
  #
@@ -177,12 +212,20 @@ module Aws::S3
177
212
  # API like SOAP that supports more flexible metadata than the REST API.
178
213
  # For example, using SOAP, you can create metadata whose values are not
179
214
  # legal HTTP headers.
215
+ #
216
+ # <note markdown="1"> This functionality is not supported for directory buckets.
217
+ #
218
+ # </note>
180
219
  # @return [Integer]
181
220
  def missing_meta
182
221
  data[:missing_meta]
183
222
  end
184
223
 
185
- # Version of the object.
224
+ # Version ID of the object.
225
+ #
226
+ # <note markdown="1"> This functionality is not supported for directory buckets.
227
+ #
228
+ # </note>
186
229
  # @return [String]
187
230
  def version_id
188
231
  data[:version_id]
@@ -200,7 +243,7 @@ module Aws::S3
200
243
  data[:content_disposition]
201
244
  end
202
245
 
203
- # Specifies what content encodings have been applied to the object and
246
+ # Indicates what content encodings have been applied to the object and
204
247
  # thus what decoding mechanisms must be applied to obtain the media-type
205
248
  # referenced by the Content-Type header field.
206
249
  # @return [String]
@@ -234,13 +277,22 @@ module Aws::S3
234
277
  # If the bucket is configured as a website, redirects requests for this
235
278
  # object to another object in the same bucket or to an external URL.
236
279
  # Amazon S3 stores the value of this header in the object metadata.
280
+ #
281
+ # <note markdown="1"> This functionality is not supported for directory buckets.
282
+ #
283
+ # </note>
237
284
  # @return [String]
238
285
  def website_redirect_location
239
286
  data[:website_redirect_location]
240
287
  end
241
288
 
242
- # The server-side encryption algorithm used when storing this object in
243
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
289
+ # The server-side encryption algorithm used when you store this object
290
+ # in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
291
+ #
292
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
293
+ # managed keys (SSE-S3) (`AES256`) is supported.
294
+ #
295
+ # </note>
244
296
  # @return [String]
245
297
  def server_side_encryption
246
298
  data[:server_side_encryption]
@@ -253,25 +305,37 @@ module Aws::S3
253
305
  end
254
306
 
255
307
  # If server-side encryption with a customer-provided encryption key was
256
- # requested, the response will include this header confirming the
257
- # encryption algorithm used.
308
+ # requested, the response will include this header to confirm the
309
+ # encryption algorithm that's used.
310
+ #
311
+ # <note markdown="1"> This functionality is not supported for directory buckets.
312
+ #
313
+ # </note>
258
314
  # @return [String]
259
315
  def sse_customer_algorithm
260
316
  data[:sse_customer_algorithm]
261
317
  end
262
318
 
263
319
  # If server-side encryption with a customer-provided encryption key was
264
- # requested, the response will include this header to provide round-trip
265
- # message integrity verification of the customer-provided encryption
266
- # key.
320
+ # requested, the response will include this header to provide the
321
+ # round-trip message integrity verification of the customer-provided
322
+ # encryption key.
323
+ #
324
+ # <note markdown="1"> This functionality is not supported for directory buckets.
325
+ #
326
+ # </note>
267
327
  # @return [String]
268
328
  def sse_customer_key_md5
269
329
  data[:sse_customer_key_md5]
270
330
  end
271
331
 
272
- # If present, specifies the ID of the Key Management Service (KMS)
332
+ # If present, indicates the ID of the Key Management Service (KMS)
273
333
  # symmetric encryption customer managed key that was used for the
274
334
  # object.
335
+ #
336
+ # <note markdown="1"> This functionality is not supported for directory buckets.
337
+ #
338
+ # </note>
275
339
  # @return [String]
276
340
  def ssekms_key_id
277
341
  data[:ssekms_key_id]
@@ -279,6 +343,10 @@ module Aws::S3
279
343
 
280
344
  # Indicates whether the object uses an S3 Bucket Key for server-side
281
345
  # encryption with Key Management Service (KMS) keys (SSE-KMS).
346
+ #
347
+ # <note markdown="1"> This functionality is not supported for directory buckets.
348
+ #
349
+ # </note>
282
350
  # @return [Boolean]
283
351
  def bucket_key_enabled
284
352
  data[:bucket_key_enabled]
@@ -290,6 +358,11 @@ module Aws::S3
290
358
  #
291
359
  # For more information, see [Storage Classes][1].
292
360
  #
361
+ # <note markdown="1"> <b>Directory buckets </b> - Only the S3 Express One Zone storage class
362
+ # is supported by directory buckets to store objects.
363
+ #
364
+ # </note>
365
+ #
293
366
  #
294
367
  #
295
368
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
@@ -300,6 +373,10 @@ module Aws::S3
300
373
 
301
374
  # If present, indicates that the requester was successfully charged for
302
375
  # the request.
376
+ #
377
+ # <note markdown="1"> This functionality is not supported for directory buckets.
378
+ #
379
+ # </note>
303
380
  # @return [String]
304
381
  def request_charged
305
382
  data[:request_charged]
@@ -342,6 +419,10 @@ module Aws::S3
342
419
  #
343
420
  # For more information, see [Replication][1].
344
421
  #
422
+ # <note markdown="1"> This functionality is not supported for directory buckets.
423
+ #
424
+ # </note>
425
+ #
345
426
  #
346
427
  #
347
428
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
@@ -363,6 +444,10 @@ module Aws::S3
363
444
  # `s3:GetObjectRetention` permission. For more information about S3
364
445
  # Object Lock, see [Object Lock][1].
365
446
  #
447
+ # <note markdown="1"> This functionality is not supported for directory buckets.
448
+ #
449
+ # </note>
450
+ #
366
451
  #
367
452
  #
368
453
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
@@ -374,6 +459,10 @@ module Aws::S3
374
459
  # The date and time when the Object Lock retention period expires. This
375
460
  # header is only returned if the requester has the
376
461
  # `s3:GetObjectRetention` permission.
462
+ #
463
+ # <note markdown="1"> This functionality is not supported for directory buckets.
464
+ #
465
+ # </note>
377
466
  # @return [Time]
378
467
  def object_lock_retain_until_date
379
468
  data[:object_lock_retain_until_date]
@@ -385,6 +474,10 @@ module Aws::S3
385
474
  # specified version of this object has never had a legal hold applied.
386
475
  # For more information about S3 Object Lock, see [Object Lock][1].
387
476
  #
477
+ # <note markdown="1"> This functionality is not supported for directory buckets.
478
+ #
479
+ # </note>
480
+ #
388
481
  #
389
482
  #
390
483
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
@@ -616,7 +709,7 @@ module Aws::S3
616
709
  # metadata_directive: "COPY", # accepts COPY, REPLACE
617
710
  # tagging_directive: "COPY", # accepts COPY, REPLACE
618
711
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
619
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
712
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
620
713
  # website_redirect_location: "WebsiteRedirectLocation",
621
714
  # sse_customer_algorithm: "SSECustomerAlgorithm",
622
715
  # sse_customer_key: "SSECustomerKey",
@@ -637,40 +730,98 @@ module Aws::S3
637
730
  # })
638
731
  # @param [Hash] options ({})
639
732
  # @option options [String] :acl
640
- # The canned ACL to apply to the object.
733
+ # The canned access control list (ACL) to apply to the object.
734
+ #
735
+ # When you copy an object, the ACL metadata is not preserved and is set
736
+ # to `private` by default. Only the owner has full access control. To
737
+ # override the default ACL setting, specify a new ACL when you generate
738
+ # a copy request. For more information, see [Using ACLs][1].
739
+ #
740
+ # If the destination bucket that you're copying objects to uses the
741
+ # bucket owner enforced setting for S3 Object Ownership, ACLs are
742
+ # disabled and no longer affect permissions. Buckets that use this
743
+ # setting only accept `PUT` requests that don't specify an ACL or `PUT`
744
+ # requests that specify bucket owner full control ACLs, such as the
745
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
746
+ # ACL expressed in the XML format. For more information, see
747
+ # [Controlling ownership of objects and disabling ACLs][2] in the
748
+ # *Amazon S3 User Guide*.
641
749
  #
642
- # This action is not supported by Amazon S3 on Outposts.
750
+ # <note markdown="1"> * If your destination bucket uses the bucket owner enforced setting
751
+ # for Object Ownership, all objects written to the bucket by any
752
+ # account will be owned by the bucket owner.
753
+ #
754
+ # * This functionality is not supported for directory buckets.
755
+ #
756
+ # * This functionality is not supported for Amazon S3 on Outposts.
757
+ #
758
+ # </note>
759
+ #
760
+ #
761
+ #
762
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
763
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
643
764
  # @option options [String] :cache_control
644
- # Specifies caching behavior along the request/reply chain.
765
+ # Specifies the caching behavior along the request/reply chain.
645
766
  # @option options [String] :checksum_algorithm
646
- # Indicates the algorithm you want Amazon S3 to use to create the
767
+ # Indicates the algorithm that you want Amazon S3 to use to create the
647
768
  # checksum for the object. For more information, see [Checking object
648
769
  # integrity][1] in the *Amazon S3 User Guide*.
649
770
  #
771
+ # When you copy an object, if the source object has a checksum, that
772
+ # checksum value will be copied to the new object by default. If the
773
+ # `CopyObject` request does not include this `x-amz-checksum-algorithm`
774
+ # header, the checksum algorithm will be copied from the source object
775
+ # to the destination object (if it's present on the source object). You
776
+ # can optionally specify a different checksum algorithm to use with the
777
+ # `x-amz-checksum-algorithm` header. Unrecognized or unsupported values
778
+ # will respond with the HTTP status code `400 Bad Request`.
779
+ #
780
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
781
+ # is the default checksum algorithm that's used for performance.
782
+ #
783
+ # </note>
784
+ #
650
785
  #
651
786
  #
652
787
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
653
788
  # @option options [String] :content_disposition
654
- # Specifies presentational information for the object.
789
+ # Specifies presentational information for the object. Indicates whether
790
+ # an object should be displayed in a web browser or downloaded as a
791
+ # file. It allows specifying the desired filename for the downloaded
792
+ # file.
655
793
  # @option options [String] :content_encoding
656
794
  # Specifies what content encodings have been applied to the object and
657
795
  # thus what decoding mechanisms must be applied to obtain the media-type
658
796
  # referenced by the Content-Type header field.
797
+ #
798
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
799
+ # this header field.
800
+ #
801
+ # </note>
659
802
  # @option options [String] :content_language
660
803
  # The language the content is in.
661
804
  # @option options [String] :content_type
662
- # A standard MIME type describing the format of the object data.
805
+ # A standard MIME type that describes the format of the object data.
663
806
  # @option options [required, String] :copy_source
664
- # Specifies the source object for the copy operation. You specify the
665
- # value in one of two formats, depending on whether you want to access
666
- # the source object through an [access point][1]:
807
+ # Specifies the source object for the copy operation. The source object
808
+ # can be up to 5 GB. If the source object is an object that was uploaded
809
+ # by using a multipart upload, the object copy will be a single part
810
+ # object after the source object is copied to the destination bucket.
811
+ #
812
+ # You specify the value of the copy source in one of two formats,
813
+ # depending on whether you want to access the source object through an
814
+ # [access point][1]:
667
815
  #
668
816
  # * For objects not accessed through an access point, specify the name
669
817
  # of the source bucket and the key of the source object, separated by
670
818
  # a slash (/). For example, to copy the object `reports/january.pdf`
671
- # from the bucket `awsexamplebucket`, use
819
+ # from the general purpose bucket `awsexamplebucket`, use
672
820
  # `awsexamplebucket/reports/january.pdf`. The value must be
673
- # URL-encoded.
821
+ # URL-encoded. To copy the object `reports/january.pdf` from the
822
+ # directory bucket `awsexamplebucket--use1-az5--x-s3`, use
823
+ # `awsexamplebucket--use1-az5--x-s3/reports/january.pdf`. The value
824
+ # must be URL-encoded.
674
825
  #
675
826
  # * For objects accessed through access points, specify the Amazon
676
827
  # Resource Name (ARN) of the object as accessed through the access
@@ -682,9 +833,11 @@ module Aws::S3
682
833
  # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
683
834
  # The value must be URL encoded.
684
835
  #
685
- # <note markdown="1"> Amazon S3 supports copy operations using access points only when the
686
- # source and destination buckets are in the same Amazon Web Services
687
- # Region.
836
+ # <note markdown="1"> * Amazon S3 supports copy operations using Access points only when
837
+ # the source and destination buckets are in the same Amazon Web
838
+ # Services Region.
839
+ #
840
+ # * Access points are not supported by directory buckets.
688
841
  #
689
842
  # </note>
690
843
  #
@@ -697,87 +850,315 @@ module Aws::S3
697
850
  # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
698
851
  # The value must be URL-encoded.
699
852
  #
700
- # To copy a specific version of an object, append
701
- # `?versionId=<version-id>` to the value (for example,
853
+ # If your source bucket versioning is enabled, the `x-amz-copy-source`
854
+ # header by default identifies the current version of an object to copy.
855
+ # If the current version is a delete marker, Amazon S3 behaves as if the
856
+ # object was deleted. To copy a different version, use the `versionId`
857
+ # query parameter. Specifically, append `?versionId=<version-id>` to the
858
+ # value (for example,
702
859
  # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
703
860
  # If you don't specify a version ID, Amazon S3 copies the latest
704
861
  # version of the source object.
705
862
  #
863
+ # If you enable versioning on the destination bucket, Amazon S3
864
+ # generates a unique version ID for the copied object. This version ID
865
+ # is different from the version ID of the source object. Amazon S3
866
+ # returns the version ID of the copied object in the `x-amz-version-id`
867
+ # response header in the response.
868
+ #
869
+ # If you do not enable versioning or suspend it on the destination
870
+ # bucket, the version ID that Amazon S3 generates in the
871
+ # `x-amz-version-id` response header is always null.
872
+ #
873
+ # <note markdown="1"> **Directory buckets** - S3 Versioning isn't enabled and supported for
874
+ # directory buckets.
875
+ #
876
+ # </note>
877
+ #
706
878
  #
707
879
  #
708
880
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
709
881
  # @option options [String] :copy_source_if_match
710
882
  # Copies the object if its entity tag (ETag) matches the specified tag.
883
+ #
884
+ # If both the `x-amz-copy-source-if-match` and
885
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
886
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
887
+ # the data:
888
+ #
889
+ # * `x-amz-copy-source-if-match` condition evaluates to true
890
+ #
891
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
711
892
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
712
893
  # Copies the object if it has been modified since the specified time.
894
+ #
895
+ # If both the `x-amz-copy-source-if-none-match` and
896
+ # `x-amz-copy-source-if-modified-since` headers are present in the
897
+ # request and evaluate as follows, Amazon S3 returns the `412
898
+ # Precondition Failed` response code:
899
+ #
900
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
901
+ #
902
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
713
903
  # @option options [String] :copy_source_if_none_match
714
904
  # Copies the object if its entity tag (ETag) is different than the
715
905
  # specified ETag.
906
+ #
907
+ # If both the `x-amz-copy-source-if-none-match` and
908
+ # `x-amz-copy-source-if-modified-since` headers are present in the
909
+ # request and evaluate as follows, Amazon S3 returns the `412
910
+ # Precondition Failed` response code:
911
+ #
912
+ # * `x-amz-copy-source-if-none-match` condition evaluates to false
913
+ #
914
+ # * `x-amz-copy-source-if-modified-since` condition evaluates to true
716
915
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_unmodified_since
717
916
  # Copies the object if it hasn't been modified since the specified
718
917
  # time.
918
+ #
919
+ # If both the `x-amz-copy-source-if-match` and
920
+ # `x-amz-copy-source-if-unmodified-since` headers are present in the
921
+ # request and evaluate as follows, Amazon S3 returns `200 OK` and copies
922
+ # the data:
923
+ #
924
+ # * `x-amz-copy-source-if-match` condition evaluates to true
925
+ #
926
+ # * `x-amz-copy-source-if-unmodified-since` condition evaluates to false
719
927
  # @option options [Time,DateTime,Date,Integer,String] :expires
720
928
  # The date and time at which the object is no longer cacheable.
721
929
  # @option options [String] :grant_full_control
722
930
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
723
931
  # object.
724
932
  #
725
- # This action is not supported by Amazon S3 on Outposts.
933
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
934
+ #
935
+ # * This functionality is not supported for Amazon S3 on Outposts.
936
+ #
937
+ # </note>
726
938
  # @option options [String] :grant_read
727
939
  # Allows grantee to read the object data and its metadata.
728
940
  #
729
- # This action is not supported by Amazon S3 on Outposts.
941
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
942
+ #
943
+ # * This functionality is not supported for Amazon S3 on Outposts.
944
+ #
945
+ # </note>
730
946
  # @option options [String] :grant_read_acp
731
947
  # Allows grantee to read the object ACL.
732
948
  #
733
- # This action is not supported by Amazon S3 on Outposts.
949
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
950
+ #
951
+ # * This functionality is not supported for Amazon S3 on Outposts.
952
+ #
953
+ # </note>
734
954
  # @option options [String] :grant_write_acp
735
955
  # Allows grantee to write the ACL for the applicable object.
736
956
  #
737
- # This action is not supported by Amazon S3 on Outposts.
957
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
958
+ #
959
+ # * This functionality is not supported for Amazon S3 on Outposts.
960
+ #
961
+ # </note>
738
962
  # @option options [Hash<String,String>] :metadata
739
963
  # A map of metadata to store with the object in S3.
740
964
  # @option options [String] :metadata_directive
741
965
  # Specifies whether the metadata is copied from the source object or
742
- # replaced with metadata provided in the request.
966
+ # replaced with metadata that's provided in the request. When copying
967
+ # an object, you can preserve all metadata (the default) or specify new
968
+ # metadata. If this header isn’t specified, `COPY` is the default
969
+ # behavior.
970
+ #
971
+ # **General purpose bucket** - For general purpose buckets, when you
972
+ # grant permissions, you can use the `s3:x-amz-metadata-directive`
973
+ # condition key to enforce certain metadata behavior when objects are
974
+ # uploaded. For more information, see [Amazon S3 condition key
975
+ # examples][1] in the *Amazon S3 User Guide*.
976
+ #
977
+ # <note markdown="1"> `x-amz-website-redirect-location` is unique to each object and is not
978
+ # copied when using the `x-amz-metadata-directive` header. To copy the
979
+ # value, you must specify `x-amz-website-redirect-location` in the
980
+ # request header.
981
+ #
982
+ # </note>
983
+ #
984
+ #
985
+ #
986
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
743
987
  # @option options [String] :tagging_directive
744
- # Specifies whether the object tag-set are copied from the source object
745
- # or replaced with tag-set provided in the request.
988
+ # Specifies whether the object tag-set is copied from the source object
989
+ # or replaced with the tag-set that's provided in the request.
990
+ #
991
+ # The default value is `COPY`.
992
+ #
993
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
994
+ # operation, only the empty tag-set is supported. Any requests that
995
+ # attempt to write non-empty tags into directory buckets will receive a
996
+ # `501 Not Implemented` status code. When the destination bucket is a
997
+ # directory bucket, you will receive a `501 Not Implemented` response in
998
+ # any of the following situations:
999
+ #
1000
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
1001
+ # has non-empty tags.
1002
+ #
1003
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
1004
+ # a non-empty value to `x-amz-tagging`.
1005
+ #
1006
+ # * When you don't set the `x-amz-tagging-directive` header and the
1007
+ # source object has non-empty tags. This is because the default value
1008
+ # of `x-amz-tagging-directive` is `COPY`.
1009
+ #
1010
+ # Because only the empty tag-set is supported for directory buckets in a
1011
+ # `CopyObject` operation, the following situations are allowed:
1012
+ #
1013
+ # * When you attempt to `COPY` the tag-set from a directory bucket
1014
+ # source object that has no tags to a general purpose bucket. It
1015
+ # copies an empty tag-set to the destination object.
1016
+ #
1017
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1018
+ # source object and set the `x-amz-tagging` value of the directory
1019
+ # bucket destination object to empty.
1020
+ #
1021
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
1022
+ # bucket source object that has non-empty tags and set the
1023
+ # `x-amz-tagging` value of the directory bucket destination object to
1024
+ # empty.
1025
+ #
1026
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1027
+ # source object and don't set the `x-amz-tagging` value of the
1028
+ # directory bucket destination object. This is because the default
1029
+ # value of `x-amz-tagging` is the empty value.
1030
+ #
1031
+ # </note>
746
1032
  # @option options [String] :server_side_encryption
747
1033
  # The server-side encryption algorithm used when storing this object in
748
1034
  # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
1035
+ # Unrecognized or unsupported values won’t write a destination object
1036
+ # and will receive a `400 Bad Request` response.
1037
+ #
1038
+ # Amazon S3 automatically encrypts all new objects that are copied to an
1039
+ # S3 bucket. When copying an object, if you don't specify encryption
1040
+ # information in your copy request, the encryption setting of the target
1041
+ # object is set to the default encryption configuration of the
1042
+ # destination bucket. By default, all buckets have a base level of
1043
+ # encryption configuration that uses server-side encryption with Amazon
1044
+ # S3 managed keys (SSE-S3). If the destination bucket has a default
1045
+ # encryption configuration that uses server-side encryption with Key
1046
+ # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
1047
+ # encryption with Amazon Web Services KMS keys (DSSE-KMS), or
1048
+ # server-side encryption with customer-provided encryption keys (SSE-C),
1049
+ # Amazon S3 uses the corresponding KMS key, or a customer-provided key
1050
+ # to encrypt the target object copy.
1051
+ #
1052
+ # When you perform a `CopyObject` operation, if you want to use a
1053
+ # different type of encryption setting for the target object, you can
1054
+ # specify appropriate encryption-related headers to encrypt the target
1055
+ # object with an Amazon S3 managed key, a KMS key, or a
1056
+ # customer-provided key. If the encryption setting in your request is
1057
+ # different from the default encryption configuration of the destination
1058
+ # bucket, the encryption setting in your request takes precedence.
1059
+ #
1060
+ # With server-side encryption, Amazon S3 encrypts your data as it writes
1061
+ # your data to disks in its data centers and decrypts the data when you
1062
+ # access it. For more information about server-side encryption, see
1063
+ # [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
1064
+ #
1065
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
1066
+ # managed keys (SSE-S3) (`AES256`) is supported.
1067
+ #
1068
+ # </note>
1069
+ #
1070
+ #
1071
+ #
1072
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
749
1073
  # @option options [String] :storage_class
750
1074
  # If the `x-amz-storage-class` header is not used, the copied object
751
- # will be stored in the STANDARD Storage Class by default. The STANDARD
752
- # storage class provides high durability and high availability.
753
- # Depending on performance needs, you can specify a different Storage
754
- # Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
755
- # more information, see [Storage Classes][1] in the *Amazon S3 User
756
- # Guide*.
1075
+ # will be stored in the `STANDARD` Storage Class by default. The
1076
+ # `STANDARD` storage class provides high durability and high
1077
+ # availability. Depending on performance needs, you can specify a
1078
+ # different Storage Class.
1079
+ #
1080
+ # <note markdown="1"> * <b>Directory buckets </b> - For directory buckets, only the S3
1081
+ # Express One Zone storage class is supported to store newly created
1082
+ # objects. Unsupported storage class values won't write a destination
1083
+ # object and will respond with the HTTP status code `400 Bad Request`.
1084
+ #
1085
+ # * <b>Amazon S3 on Outposts </b> - S3 on Outposts only uses the
1086
+ # `OUTPOSTS` Storage Class.
1087
+ #
1088
+ # </note>
1089
+ #
1090
+ # You can use the `CopyObject` action to change the storage class of an
1091
+ # object that is already stored in Amazon S3 by using the
1092
+ # `x-amz-storage-class` header. For more information, see [Storage
1093
+ # Classes][1] in the *Amazon S3 User Guide*.
1094
+ #
1095
+ # Before using an object as a source object for the copy operation, you
1096
+ # must restore a copy of it if it meets any of the following conditions:
1097
+ #
1098
+ # * The storage class of the source object is `GLACIER` or
1099
+ # `DEEP_ARCHIVE`.
1100
+ #
1101
+ # * The storage class of the source object is `INTELLIGENT_TIERING` and
1102
+ # it's [S3 Intelligent-Tiering access tier][2] is `Archive Access` or
1103
+ # `Deep Archive Access`.
1104
+ #
1105
+ # For more information, see [RestoreObject][3] and [Copying Objects][4]
1106
+ # in the *Amazon S3 User Guide*.
757
1107
  #
758
1108
  #
759
1109
  #
760
1110
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
1111
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition
1112
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
1113
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
761
1114
  # @option options [String] :website_redirect_location
762
- # If the bucket is configured as a website, redirects requests for this
763
- # object to another object in the same bucket or to an external URL.
764
- # Amazon S3 stores the value of this header in the object metadata. This
765
- # value is unique to each object and is not copied when using the
766
- # `x-amz-metadata-directive` header. Instead, you may opt to provide
767
- # this header in combination with the directive.
1115
+ # If the destination bucket is configured as a website, redirects
1116
+ # requests for this object copy to another object in the same bucket or
1117
+ # to an external URL. Amazon S3 stores the value of this header in the
1118
+ # object metadata. This value is unique to each object and is not copied
1119
+ # when using the `x-amz-metadata-directive` header. Instead, you may opt
1120
+ # to provide this header in combination with the
1121
+ # `x-amz-metadata-directive` header.
1122
+ #
1123
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1124
+ #
1125
+ # </note>
768
1126
  # @option options [String] :sse_customer_algorithm
769
- # Specifies the algorithm to use to when encrypting the object (for
770
- # example, AES256).
1127
+ # Specifies the algorithm to use when encrypting the object (for
1128
+ # example, `AES256`).
1129
+ #
1130
+ # When you perform a `CopyObject` operation, if you want to use a
1131
+ # different type of encryption setting for the target object, you can
1132
+ # specify appropriate encryption-related headers to encrypt the target
1133
+ # object with an Amazon S3 managed key, a KMS key, or a
1134
+ # customer-provided key. If the encryption setting in your request is
1135
+ # different from the default encryption configuration of the destination
1136
+ # bucket, the encryption setting in your request takes precedence.
1137
+ #
1138
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1139
+ # directory bucket.
1140
+ #
1141
+ # </note>
771
1142
  # @option options [String] :sse_customer_key
772
1143
  # Specifies the customer-provided encryption key for Amazon S3 to use in
773
1144
  # encrypting data. This value is used to store the object and then it is
774
- # discarded; Amazon S3 does not store the encryption key. The key must
1145
+ # discarded. Amazon S3 does not store the encryption key. The key must
775
1146
  # be appropriate for use with the algorithm specified in the
776
1147
  # `x-amz-server-side-encryption-customer-algorithm` header.
1148
+ #
1149
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1150
+ # directory bucket.
1151
+ #
1152
+ # </note>
777
1153
  # @option options [String] :sse_customer_key_md5
778
1154
  # Specifies the 128-bit MD5 digest of the encryption key according to
779
1155
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
780
1156
  # ensure that the encryption key was transmitted without error.
1157
+ #
1158
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1159
+ # directory bucket.
1160
+ #
1161
+ # </note>
781
1162
  # @option options [String] :ssekms_key_id
782
1163
  # Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object
783
1164
  # encryption. All GET and PUT requests for an object protected by KMS
@@ -786,6 +1167,11 @@ module Aws::S3
786
1167
  # SDKs and Amazon Web Services CLI, see [Specifying the Signature
787
1168
  # Version in Request Authentication][1] in the *Amazon S3 User Guide*.
788
1169
  #
1170
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1171
+ # directory bucket.
1172
+ #
1173
+ # </note>
1174
+ #
789
1175
  #
790
1176
  #
791
1177
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
@@ -794,57 +1180,166 @@ module Aws::S3
794
1180
  # object encryption. The value of this header is a base64-encoded UTF-8
795
1181
  # string holding JSON with the encryption context key-value pairs. This
796
1182
  # value must be explicitly added to specify encryption context for
797
- # CopyObject requests.
1183
+ # `CopyObject` requests.
1184
+ #
1185
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1186
+ # directory bucket.
1187
+ #
1188
+ # </note>
798
1189
  # @option options [Boolean] :bucket_key_enabled
799
1190
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
800
1191
  # encryption with server-side encryption using Key Management Service
801
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
802
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
1192
+ # (KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable
1193
+ # an S3 Bucket Key for the object.
803
1194
  #
804
- # Specifying this header with a COPY action doesn’t affect bucket-level
805
- # settings for S3 Bucket Key.
1195
+ # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
1196
+ # for object encryption with SSE-KMS. Specifying this header with a COPY
1197
+ # action doesn’t affect bucket-level settings for S3 Bucket Key.
1198
+ #
1199
+ # For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
1200
+ # User Guide*.
1201
+ #
1202
+ # <note markdown="1"> This functionality is not supported when the destination bucket is a
1203
+ # directory bucket.
1204
+ #
1205
+ # </note>
1206
+ #
1207
+ #
1208
+ #
1209
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
806
1210
  # @option options [String] :copy_source_sse_customer_algorithm
807
1211
  # Specifies the algorithm to use when decrypting the source object (for
808
- # example, AES256).
1212
+ # example, `AES256`).
1213
+ #
1214
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
1215
+ # you must provide the necessary encryption information in your request
1216
+ # so that Amazon S3 can decrypt the object for copying.
1217
+ #
1218
+ # <note markdown="1"> This functionality is not supported when the source object is in a
1219
+ # directory bucket.
1220
+ #
1221
+ # </note>
809
1222
  # @option options [String] :copy_source_sse_customer_key
810
1223
  # Specifies the customer-provided encryption key for Amazon S3 to use to
811
1224
  # decrypt the source object. The encryption key provided in this header
812
- # must be one that was used when the source object was created.
1225
+ # must be the same one that was used when the source object was created.
1226
+ #
1227
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
1228
+ # you must provide the necessary encryption information in your request
1229
+ # so that Amazon S3 can decrypt the object for copying.
1230
+ #
1231
+ # <note markdown="1"> This functionality is not supported when the source object is in a
1232
+ # directory bucket.
1233
+ #
1234
+ # </note>
813
1235
  # @option options [String] :copy_source_sse_customer_key_md5
814
1236
  # Specifies the 128-bit MD5 digest of the encryption key according to
815
1237
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
816
1238
  # ensure that the encryption key was transmitted without error.
1239
+ #
1240
+ # If the source object for the copy is stored in Amazon S3 using SSE-C,
1241
+ # you must provide the necessary encryption information in your request
1242
+ # so that Amazon S3 can decrypt the object for copying.
1243
+ #
1244
+ # <note markdown="1"> This functionality is not supported when the source object is in a
1245
+ # directory bucket.
1246
+ #
1247
+ # </note>
817
1248
  # @option options [String] :request_payer
818
1249
  # Confirms that the requester knows that they will be charged for the
819
1250
  # request. Bucket owners need not specify this parameter in their
820
- # requests. If either the source or destination Amazon S3 bucket has
821
- # Requester Pays enabled, the requester will pay for corresponding
822
- # charges to copy the object. For information about downloading objects
823
- # from Requester Pays buckets, see [Downloading Objects in Requester
824
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1251
+ # requests. If either the source or destination S3 bucket has Requester
1252
+ # Pays enabled, the requester will pay for corresponding charges to copy
1253
+ # the object. For information about downloading objects from Requester
1254
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1255
+ # in the *Amazon S3 User Guide*.
1256
+ #
1257
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1258
+ #
1259
+ # </note>
825
1260
  #
826
1261
  #
827
1262
  #
828
1263
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
829
1264
  # @option options [String] :tagging
830
- # The tag-set for the object destination object this value must be used
831
- # in conjunction with the `TaggingDirective`. The tag-set must be
832
- # encoded as URL Query parameters.
1265
+ # The tag-set for the object copy in the destination bucket. This value
1266
+ # must be used in conjunction with the `x-amz-tagging-directive` if you
1267
+ # choose `REPLACE` for the `x-amz-tagging-directive`. If you choose
1268
+ # `COPY` for the `x-amz-tagging-directive`, you don't need to set the
1269
+ # `x-amz-tagging` header, because the tag-set will be copied from the
1270
+ # source object directly. The tag-set must be encoded as URL Query
1271
+ # parameters.
1272
+ #
1273
+ # The default value is the empty value.
1274
+ #
1275
+ # <note markdown="1"> **Directory buckets** - For directory buckets in a `CopyObject`
1276
+ # operation, only the empty tag-set is supported. Any requests that
1277
+ # attempt to write non-empty tags into directory buckets will receive a
1278
+ # `501 Not Implemented` status code. When the destination bucket is a
1279
+ # directory bucket, you will receive a `501 Not Implemented` response in
1280
+ # any of the following situations:
1281
+ #
1282
+ # * When you attempt to `COPY` the tag-set from an S3 source object that
1283
+ # has non-empty tags.
1284
+ #
1285
+ # * When you attempt to `REPLACE` the tag-set of a source object and set
1286
+ # a non-empty value to `x-amz-tagging`.
1287
+ #
1288
+ # * When you don't set the `x-amz-tagging-directive` header and the
1289
+ # source object has non-empty tags. This is because the default value
1290
+ # of `x-amz-tagging-directive` is `COPY`.
1291
+ #
1292
+ # Because only the empty tag-set is supported for directory buckets in a
1293
+ # `CopyObject` operation, the following situations are allowed:
1294
+ #
1295
+ # * When you attempt to `COPY` the tag-set from a directory bucket
1296
+ # source object that has no tags to a general purpose bucket. It
1297
+ # copies an empty tag-set to the destination object.
1298
+ #
1299
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1300
+ # source object and set the `x-amz-tagging` value of the directory
1301
+ # bucket destination object to empty.
1302
+ #
1303
+ # * When you attempt to `REPLACE` the tag-set of a general purpose
1304
+ # bucket source object that has non-empty tags and set the
1305
+ # `x-amz-tagging` value of the directory bucket destination object to
1306
+ # empty.
1307
+ #
1308
+ # * When you attempt to `REPLACE` the tag-set of a directory bucket
1309
+ # source object and don't set the `x-amz-tagging` value of the
1310
+ # directory bucket destination object. This is because the default
1311
+ # value of `x-amz-tagging` is the empty value.
1312
+ #
1313
+ # </note>
833
1314
  # @option options [String] :object_lock_mode
834
- # The Object Lock mode that you want to apply to the copied object.
1315
+ # The Object Lock mode that you want to apply to the object copy.
1316
+ #
1317
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1318
+ #
1319
+ # </note>
835
1320
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
836
- # The date and time when you want the copied object's Object Lock to
1321
+ # The date and time when you want the Object Lock of the object copy to
837
1322
  # expire.
1323
+ #
1324
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1325
+ #
1326
+ # </note>
838
1327
  # @option options [String] :object_lock_legal_hold_status
839
- # Specifies whether you want to apply a legal hold to the copied object.
1328
+ # Specifies whether you want to apply a legal hold to the object copy.
1329
+ #
1330
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1331
+ #
1332
+ # </note>
840
1333
  # @option options [String] :expected_bucket_owner
841
1334
  # The account ID of the expected destination bucket owner. If the
842
- # destination bucket is owned by a different account, the request fails
843
- # with the HTTP status code `403 Forbidden` (access denied).
1335
+ # account ID that you provide does not match the actual owner of the
1336
+ # destination bucket, the request fails with the HTTP status code `403
1337
+ # Forbidden` (access denied).
844
1338
  # @option options [String] :expected_source_bucket_owner
845
- # The account ID of the expected source bucket owner. If the source
846
- # bucket is owned by a different account, the request fails with the
847
- # HTTP status code `403 Forbidden` (access denied).
1339
+ # The account ID of the expected source bucket owner. If the account ID
1340
+ # that you provide does not match the actual owner of the source bucket,
1341
+ # the request fails with the HTTP status code `403 Forbidden` (access
1342
+ # denied).
848
1343
  # @return [Types::CopyObjectOutput]
849
1344
  def copy_from(options = {})
850
1345
  options = options.merge(
@@ -872,16 +1367,29 @@ module Aws::S3
872
1367
  # space, and the value that is displayed on your authentication device.
873
1368
  # Required to permanently delete a versioned object if versioning is
874
1369
  # configured with MFA delete enabled.
1370
+ #
1371
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1372
+ #
1373
+ # </note>
875
1374
  # @option options [String] :version_id
876
- # VersionId used to reference a specific version of the object.
1375
+ # Version ID used to reference a specific version of the object.
1376
+ #
1377
+ # <note markdown="1"> For directory buckets in this API operation, only the `null` value of
1378
+ # the version ID is supported.
1379
+ #
1380
+ # </note>
877
1381
  # @option options [String] :request_payer
878
1382
  # Confirms that the requester knows that they will be charged for the
879
1383
  # request. Bucket owners need not specify this parameter in their
880
- # requests. If either the source or destination Amazon S3 bucket has
881
- # Requester Pays enabled, the requester will pay for corresponding
882
- # charges to copy the object. For information about downloading objects
883
- # from Requester Pays buckets, see [Downloading Objects in Requester
884
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1384
+ # requests. If either the source or destination S3 bucket has Requester
1385
+ # Pays enabled, the requester will pay for corresponding charges to copy
1386
+ # the object. For information about downloading objects from Requester
1387
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1388
+ # in the *Amazon S3 User Guide*.
1389
+ #
1390
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1391
+ #
1392
+ # </note>
885
1393
  #
886
1394
  #
887
1395
  #
@@ -890,10 +1398,14 @@ module Aws::S3
890
1398
  # Indicates whether S3 Object Lock should bypass Governance-mode
891
1399
  # restrictions to process this operation. To use this header, you must
892
1400
  # have the `s3:BypassGovernanceRetention` permission.
1401
+ #
1402
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1403
+ #
1404
+ # </note>
893
1405
  # @option options [String] :expected_bucket_owner
894
- # The account ID of the expected bucket owner. If the bucket is owned by
895
- # a different account, the request fails with the HTTP status code `403
896
- # Forbidden` (access denied).
1406
+ # The account ID of the expected bucket owner. If the account ID that
1407
+ # you provide does not match the actual owner of the bucket, the request
1408
+ # fails with the HTTP status code `403 Forbidden` (access denied).
897
1409
  # @return [Types::DeleteObjectOutput]
898
1410
  def delete(options = {})
899
1411
  options = options.merge(
@@ -932,18 +1444,64 @@ module Aws::S3
932
1444
  # @param [Hash] options ({})
933
1445
  # @option options [String] :if_match
934
1446
  # Return the object only if its entity tag (ETag) is the same as the one
935
- # specified; otherwise, return a 412 (precondition failed) error.
1447
+ # specified in this header; otherwise, return a `412 Precondition
1448
+ # Failed` error.
1449
+ #
1450
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1451
+ # present in the request as follows: `If-Match` condition evaluates to
1452
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1453
+ # then, S3 returns `200 OK` and the data requested.
1454
+ #
1455
+ # For more information about conditional requests, see [RFC 7232][1].
1456
+ #
1457
+ #
1458
+ #
1459
+ # [1]: https://tools.ietf.org/html/rfc7232
936
1460
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
937
1461
  # Return the object only if it has been modified since the specified
938
- # time; otherwise, return a 304 (not modified) error.
1462
+ # time; otherwise, return a `304 Not Modified` error.
1463
+ #
1464
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1465
+ # present in the request as follows:` If-None-Match` condition evaluates
1466
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1467
+ # then, S3 returns `304 Not Modified` status code.
1468
+ #
1469
+ # For more information about conditional requests, see [RFC 7232][1].
1470
+ #
1471
+ #
1472
+ #
1473
+ # [1]: https://tools.ietf.org/html/rfc7232
939
1474
  # @option options [String] :if_none_match
940
1475
  # Return the object only if its entity tag (ETag) is different from the
941
- # one specified; otherwise, return a 304 (not modified) error.
1476
+ # one specified in this header; otherwise, return a `304 Not Modified`
1477
+ # error.
1478
+ #
1479
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
1480
+ # present in the request as follows:` If-None-Match` condition evaluates
1481
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
1482
+ # then, S3 returns `304 Not Modified` HTTP status code.
1483
+ #
1484
+ # For more information about conditional requests, see [RFC 7232][1].
1485
+ #
1486
+ #
1487
+ #
1488
+ # [1]: https://tools.ietf.org/html/rfc7232
942
1489
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
943
1490
  # Return the object only if it has not been modified since the specified
944
- # time; otherwise, return a 412 (precondition failed) error.
1491
+ # time; otherwise, return a `412 Precondition Failed` error.
1492
+ #
1493
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
1494
+ # present in the request as follows: `If-Match` condition evaluates to
1495
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
1496
+ # then, S3 returns `200 OK` and the data requested.
1497
+ #
1498
+ # For more information about conditional requests, see [RFC 7232][1].
1499
+ #
1500
+ #
1501
+ #
1502
+ # [1]: https://tools.ietf.org/html/rfc7232
945
1503
  # @option options [String] :range
946
- # Downloads the specified range bytes of an object. For more information
1504
+ # Downloads the specified byte range of an object. For more information
947
1505
  # about the HTTP Range header, see
948
1506
  # [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
949
1507
  #
@@ -958,7 +1516,7 @@ module Aws::S3
958
1516
  # @option options [String] :response_cache_control
959
1517
  # Sets the `Cache-Control` header of the response.
960
1518
  # @option options [String] :response_content_disposition
961
- # Sets the `Content-Disposition` header of the response
1519
+ # Sets the `Content-Disposition` header of the response.
962
1520
  # @option options [String] :response_content_encoding
963
1521
  # Sets the `Content-Encoding` header of the response.
964
1522
  # @option options [String] :response_content_language
@@ -968,41 +1526,140 @@ module Aws::S3
968
1526
  # @option options [Time,DateTime,Date,Integer,String] :response_expires
969
1527
  # Sets the `Expires` header of the response.
970
1528
  # @option options [String] :version_id
971
- # VersionId used to reference a specific version of the object.
1529
+ # Version ID used to reference a specific version of the object.
1530
+ #
1531
+ # By default, the `GetObject` operation returns the current version of
1532
+ # an object. To return a different version, use the `versionId`
1533
+ # subresource.
1534
+ #
1535
+ # <note markdown="1"> * If you include a `versionId` in your request header, you must have
1536
+ # the `s3:GetObjectVersion` permission to access a specific version of
1537
+ # an object. The `s3:GetObject` permission is not required in this
1538
+ # scenario.
1539
+ #
1540
+ # * If you request the current version of an object without a specific
1541
+ # `versionId` in the request header, only the `s3:GetObject`
1542
+ # permission is required. The `s3:GetObjectVersion` permission is not
1543
+ # required in this scenario.
1544
+ #
1545
+ # * **Directory buckets** - S3 Versioning isn't enabled and supported
1546
+ # for directory buckets. For this API operation, only the `null` value
1547
+ # of the version ID is supported by directory buckets. You can only
1548
+ # specify `null` to the `versionId` query parameter in the request.
1549
+ #
1550
+ # </note>
1551
+ #
1552
+ # For more information about versioning, see [PutBucketVersioning][1].
1553
+ #
1554
+ #
1555
+ #
1556
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html
972
1557
  # @option options [String] :sse_customer_algorithm
973
- # Specifies the algorithm to use to when decrypting the object (for
974
- # example, AES256).
975
- # @option options [String] :sse_customer_key
976
- # Specifies the customer-provided encryption key for Amazon S3 used to
977
- # encrypt the data. This value is used to decrypt the object when
978
- # recovering it and must match the one used when storing the data. The
979
- # key must be appropriate for use with the algorithm specified in the
980
- # `x-amz-server-side-encryption-customer-algorithm` header.
981
- # @option options [String] :sse_customer_key_md5
982
- # Specifies the 128-bit MD5 digest of the encryption key according to
983
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
984
- # ensure that the encryption key was transmitted without error.
985
- # @option options [String] :request_payer
986
- # Confirms that the requester knows that they will be charged for the
987
- # request. Bucket owners need not specify this parameter in their
988
- # requests. If either the source or destination Amazon S3 bucket has
989
- # Requester Pays enabled, the requester will pay for corresponding
990
- # charges to copy the object. For information about downloading objects
991
- # from Requester Pays buckets, see [Downloading Objects in Requester
992
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
1558
+ # Specifies the algorithm to use when decrypting the object (for
1559
+ # example, `AES256`).
993
1560
  #
1561
+ # If you encrypt an object by using server-side encryption with
1562
+ # customer-provided encryption keys (SSE-C) when you store the object in
1563
+ # Amazon S3, then when you GET the object, you must use the following
1564
+ # headers:
994
1565
  #
1566
+ # * `x-amz-server-side-encryption-customer-algorithm`
995
1567
  #
996
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
997
- # @option options [Integer] :part_number
1568
+ # * `x-amz-server-side-encryption-customer-key`
1569
+ #
1570
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1571
+ #
1572
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1573
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1574
+ #
1575
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1576
+ #
1577
+ # </note>
1578
+ #
1579
+ #
1580
+ #
1581
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
1582
+ # @option options [String] :sse_customer_key
1583
+ # Specifies the customer-provided encryption key that you originally
1584
+ # provided for Amazon S3 to encrypt the data before storing it. This
1585
+ # value is used to decrypt the object when recovering it and must match
1586
+ # the one used when storing the data. The key must be appropriate for
1587
+ # use with the algorithm specified in the
1588
+ # `x-amz-server-side-encryption-customer-algorithm` header.
1589
+ #
1590
+ # If you encrypt an object by using server-side encryption with
1591
+ # customer-provided encryption keys (SSE-C) when you store the object in
1592
+ # Amazon S3, then when you GET the object, you must use the following
1593
+ # headers:
1594
+ #
1595
+ # * `x-amz-server-side-encryption-customer-algorithm`
1596
+ #
1597
+ # * `x-amz-server-side-encryption-customer-key`
1598
+ #
1599
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1600
+ #
1601
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1602
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1603
+ #
1604
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1605
+ #
1606
+ # </note>
1607
+ #
1608
+ #
1609
+ #
1610
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
1611
+ # @option options [String] :sse_customer_key_md5
1612
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
1613
+ # key according to RFC 1321. Amazon S3 uses this header for a message
1614
+ # integrity check to ensure that the encryption key was transmitted
1615
+ # without error.
1616
+ #
1617
+ # If you encrypt an object by using server-side encryption with
1618
+ # customer-provided encryption keys (SSE-C) when you store the object in
1619
+ # Amazon S3, then when you GET the object, you must use the following
1620
+ # headers:
1621
+ #
1622
+ # * `x-amz-server-side-encryption-customer-algorithm`
1623
+ #
1624
+ # * `x-amz-server-side-encryption-customer-key`
1625
+ #
1626
+ # * `x-amz-server-side-encryption-customer-key-MD5`
1627
+ #
1628
+ # For more information about SSE-C, see [Server-Side Encryption (Using
1629
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
1630
+ #
1631
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1632
+ #
1633
+ # </note>
1634
+ #
1635
+ #
1636
+ #
1637
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
1638
+ # @option options [String] :request_payer
1639
+ # Confirms that the requester knows that they will be charged for the
1640
+ # request. Bucket owners need not specify this parameter in their
1641
+ # requests. If either the source or destination S3 bucket has Requester
1642
+ # Pays enabled, the requester will pay for corresponding charges to copy
1643
+ # the object. For information about downloading objects from Requester
1644
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
1645
+ # in the *Amazon S3 User Guide*.
1646
+ #
1647
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1648
+ #
1649
+ # </note>
1650
+ #
1651
+ #
1652
+ #
1653
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1654
+ # @option options [Integer] :part_number
998
1655
  # Part number of the object being read. This is a positive integer
999
1656
  # between 1 and 10,000. Effectively performs a 'ranged' GET request
1000
1657
  # for the part specified. Useful for downloading just a part of an
1001
1658
  # object.
1002
1659
  # @option options [String] :expected_bucket_owner
1003
- # The account ID of the expected bucket owner. If the bucket is owned by
1004
- # a different account, the request fails with the HTTP status code `403
1005
- # Forbidden` (access denied).
1660
+ # The account ID of the expected bucket owner. If the account ID that
1661
+ # you provide does not match the actual owner of the bucket, the request
1662
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1006
1663
  # @option options [String] :checksum_mode
1007
1664
  # To retrieve the checksum, this mode must be enabled.
1008
1665
  # @return [Types::GetObjectOutput]
@@ -1035,7 +1692,7 @@ module Aws::S3
1035
1692
  # "MetadataKey" => "MetadataValue",
1036
1693
  # },
1037
1694
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1038
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
1695
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1039
1696
  # website_redirect_location: "WebsiteRedirectLocation",
1040
1697
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1041
1698
  # sse_customer_key: "SSECustomerKey",
@@ -1053,9 +1710,29 @@ module Aws::S3
1053
1710
  # })
1054
1711
  # @param [Hash] options ({})
1055
1712
  # @option options [String] :acl
1056
- # The canned ACL to apply to the object.
1713
+ # The canned ACL to apply to the object. Amazon S3 supports a set of
1714
+ # predefined ACLs, known as *canned ACLs*. Each canned ACL has a
1715
+ # predefined set of grantees and permissions. For more information, see
1716
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
1717
+ #
1718
+ # By default, all objects are private. Only the owner has full access
1719
+ # control. When uploading an object, you can grant access permissions to
1720
+ # individual Amazon Web Services accounts or to predefined groups
1721
+ # defined by Amazon S3. These permissions are then added to the access
1722
+ # control list (ACL) on the new object. For more information, see [Using
1723
+ # ACLs][2]. One way to grant the permissions using the request headers
1724
+ # is to specify a canned ACL with the `x-amz-acl` request header.
1057
1725
  #
1058
- # This action is not supported by Amazon S3 on Outposts.
1726
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1727
+ #
1728
+ # * This functionality is not supported for Amazon S3 on Outposts.
1729
+ #
1730
+ # </note>
1731
+ #
1732
+ #
1733
+ #
1734
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
1735
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
1059
1736
  # @option options [String] :cache_control
1060
1737
  # Specifies caching behavior along the request/reply chain.
1061
1738
  # @option options [String] :content_disposition
@@ -1064,41 +1741,292 @@ module Aws::S3
1064
1741
  # Specifies what content encodings have been applied to the object and
1065
1742
  # thus what decoding mechanisms must be applied to obtain the media-type
1066
1743
  # referenced by the Content-Type header field.
1744
+ #
1745
+ # <note markdown="1"> For directory buckets, only the `aws-chunked` value is supported in
1746
+ # this header field.
1747
+ #
1748
+ # </note>
1067
1749
  # @option options [String] :content_language
1068
- # The language the content is in.
1750
+ # The language that the content is in.
1069
1751
  # @option options [String] :content_type
1070
1752
  # A standard MIME type describing the format of the object data.
1071
1753
  # @option options [Time,DateTime,Date,Integer,String] :expires
1072
1754
  # The date and time at which the object is no longer cacheable.
1073
1755
  # @option options [String] :grant_full_control
1074
- # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1075
- # object.
1756
+ # Specify access permissions explicitly to give the grantee READ,
1757
+ # READ\_ACP, and WRITE\_ACP permissions on the object.
1758
+ #
1759
+ # By default, all objects are private. Only the owner has full access
1760
+ # control. When uploading an object, you can use this header to
1761
+ # explicitly grant access permissions to specific Amazon Web Services
1762
+ # accounts or groups. This header maps to specific permissions that
1763
+ # Amazon S3 supports in an ACL. For more information, see [Access
1764
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1765
+ #
1766
+ # You specify each grantee as a type=value pair, where the type is one
1767
+ # of the following:
1768
+ #
1769
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1770
+ # Web Services account
1771
+ #
1772
+ # * `uri` – if you are granting permissions to a predefined group
1773
+ #
1774
+ # * `emailAddress` – if the value specified is the email address of an
1775
+ # Amazon Web Services account
1776
+ #
1777
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1778
+ # following Amazon Web Services Regions:
1779
+ #
1780
+ # * US East (N. Virginia)
1781
+ #
1782
+ # * US West (N. California)
1783
+ #
1784
+ # * US West (Oregon)
1785
+ #
1786
+ # * Asia Pacific (Singapore)
1076
1787
  #
1077
- # This action is not supported by Amazon S3 on Outposts.
1788
+ # * Asia Pacific (Sydney)
1789
+ #
1790
+ # * Asia Pacific (Tokyo)
1791
+ #
1792
+ # * Europe (Ireland)
1793
+ #
1794
+ # * South America (São Paulo)
1795
+ #
1796
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1797
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1798
+ # Reference.
1799
+ #
1800
+ # </note>
1801
+ #
1802
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1803
+ # Web Services accounts identified by account IDs permissions to read
1804
+ # object data and its metadata:
1805
+ #
1806
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1807
+ #
1808
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1809
+ #
1810
+ # * This functionality is not supported for Amazon S3 on Outposts.
1811
+ #
1812
+ # </note>
1813
+ #
1814
+ #
1815
+ #
1816
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1817
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1078
1818
  # @option options [String] :grant_read
1079
- # Allows grantee to read the object data and its metadata.
1819
+ # Specify access permissions explicitly to allow grantee to read the
1820
+ # object data and its metadata.
1821
+ #
1822
+ # By default, all objects are private. Only the owner has full access
1823
+ # control. When uploading an object, you can use this header to
1824
+ # explicitly grant access permissions to specific Amazon Web Services
1825
+ # accounts or groups. This header maps to specific permissions that
1826
+ # Amazon S3 supports in an ACL. For more information, see [Access
1827
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1828
+ #
1829
+ # You specify each grantee as a type=value pair, where the type is one
1830
+ # of the following:
1831
+ #
1832
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1833
+ # Web Services account
1834
+ #
1835
+ # * `uri` – if you are granting permissions to a predefined group
1836
+ #
1837
+ # * `emailAddress` – if the value specified is the email address of an
1838
+ # Amazon Web Services account
1839
+ #
1840
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1841
+ # following Amazon Web Services Regions:
1842
+ #
1843
+ # * US East (N. Virginia)
1080
1844
  #
1081
- # This action is not supported by Amazon S3 on Outposts.
1845
+ # * US West (N. California)
1846
+ #
1847
+ # * US West (Oregon)
1848
+ #
1849
+ # * Asia Pacific (Singapore)
1850
+ #
1851
+ # * Asia Pacific (Sydney)
1852
+ #
1853
+ # * Asia Pacific (Tokyo)
1854
+ #
1855
+ # * Europe (Ireland)
1856
+ #
1857
+ # * South America (São Paulo)
1858
+ #
1859
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1860
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1861
+ # Reference.
1862
+ #
1863
+ # </note>
1864
+ #
1865
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1866
+ # Web Services accounts identified by account IDs permissions to read
1867
+ # object data and its metadata:
1868
+ #
1869
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1870
+ #
1871
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1872
+ #
1873
+ # * This functionality is not supported for Amazon S3 on Outposts.
1874
+ #
1875
+ # </note>
1876
+ #
1877
+ #
1878
+ #
1879
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1880
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1082
1881
  # @option options [String] :grant_read_acp
1083
- # Allows grantee to read the object ACL.
1882
+ # Specify access permissions explicitly to allows grantee to read the
1883
+ # object ACL.
1884
+ #
1885
+ # By default, all objects are private. Only the owner has full access
1886
+ # control. When uploading an object, you can use this header to
1887
+ # explicitly grant access permissions to specific Amazon Web Services
1888
+ # accounts or groups. This header maps to specific permissions that
1889
+ # Amazon S3 supports in an ACL. For more information, see [Access
1890
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1891
+ #
1892
+ # You specify each grantee as a type=value pair, where the type is one
1893
+ # of the following:
1894
+ #
1895
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1896
+ # Web Services account
1897
+ #
1898
+ # * `uri` – if you are granting permissions to a predefined group
1899
+ #
1900
+ # * `emailAddress` – if the value specified is the email address of an
1901
+ # Amazon Web Services account
1084
1902
  #
1085
- # This action is not supported by Amazon S3 on Outposts.
1903
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1904
+ # following Amazon Web Services Regions:
1905
+ #
1906
+ # * US East (N. Virginia)
1907
+ #
1908
+ # * US West (N. California)
1909
+ #
1910
+ # * US West (Oregon)
1911
+ #
1912
+ # * Asia Pacific (Singapore)
1913
+ #
1914
+ # * Asia Pacific (Sydney)
1915
+ #
1916
+ # * Asia Pacific (Tokyo)
1917
+ #
1918
+ # * Europe (Ireland)
1919
+ #
1920
+ # * South America (São Paulo)
1921
+ #
1922
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1923
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1924
+ # Reference.
1925
+ #
1926
+ # </note>
1927
+ #
1928
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1929
+ # Web Services accounts identified by account IDs permissions to read
1930
+ # object data and its metadata:
1931
+ #
1932
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1933
+ #
1934
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1935
+ #
1936
+ # * This functionality is not supported for Amazon S3 on Outposts.
1937
+ #
1938
+ # </note>
1939
+ #
1940
+ #
1941
+ #
1942
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
1943
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1086
1944
  # @option options [String] :grant_write_acp
1087
- # Allows grantee to write the ACL for the applicable object.
1945
+ # Specify access permissions explicitly to allows grantee to allow
1946
+ # grantee to write the ACL for the applicable object.
1947
+ #
1948
+ # By default, all objects are private. Only the owner has full access
1949
+ # control. When uploading an object, you can use this header to
1950
+ # explicitly grant access permissions to specific Amazon Web Services
1951
+ # accounts or groups. This header maps to specific permissions that
1952
+ # Amazon S3 supports in an ACL. For more information, see [Access
1953
+ # Control List (ACL) Overview][1] in the *Amazon S3 User Guide*.
1954
+ #
1955
+ # You specify each grantee as a type=value pair, where the type is one
1956
+ # of the following:
1088
1957
  #
1089
- # This action is not supported by Amazon S3 on Outposts.
1958
+ # * `id` – if the value specified is the canonical user ID of an Amazon
1959
+ # Web Services account
1960
+ #
1961
+ # * `uri` – if you are granting permissions to a predefined group
1962
+ #
1963
+ # * `emailAddress` – if the value specified is the email address of an
1964
+ # Amazon Web Services account
1965
+ #
1966
+ # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
1967
+ # following Amazon Web Services Regions:
1968
+ #
1969
+ # * US East (N. Virginia)
1970
+ #
1971
+ # * US West (N. California)
1972
+ #
1973
+ # * US West (Oregon)
1974
+ #
1975
+ # * Asia Pacific (Singapore)
1976
+ #
1977
+ # * Asia Pacific (Sydney)
1978
+ #
1979
+ # * Asia Pacific (Tokyo)
1980
+ #
1981
+ # * Europe (Ireland)
1982
+ #
1983
+ # * South America (São Paulo)
1984
+ #
1985
+ # For a list of all the Amazon S3 supported Regions and endpoints, see
1986
+ # [Regions and Endpoints][2] in the Amazon Web Services General
1987
+ # Reference.
1988
+ #
1989
+ # </note>
1990
+ #
1991
+ # For example, the following `x-amz-grant-read` header grants the Amazon
1992
+ # Web Services accounts identified by account IDs permissions to read
1993
+ # object data and its metadata:
1994
+ #
1995
+ # `x-amz-grant-read: id="11112222333", id="444455556666" `
1996
+ #
1997
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
1998
+ #
1999
+ # * This functionality is not supported for Amazon S3 on Outposts.
2000
+ #
2001
+ # </note>
2002
+ #
2003
+ #
2004
+ #
2005
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
2006
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
1090
2007
  # @option options [Hash<String,String>] :metadata
1091
2008
  # A map of metadata to store with the object in S3.
1092
2009
  # @option options [String] :server_side_encryption
1093
- # The server-side encryption algorithm used when storing this object in
1094
- # Amazon S3 (for example, `AES256`, `aws:kms`).
2010
+ # The server-side encryption algorithm used when you store this object
2011
+ # in Amazon S3 (for example, `AES256`, `aws:kms`).
2012
+ #
2013
+ # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
2014
+ # managed keys (SSE-S3) (`AES256`) is supported.
2015
+ #
2016
+ # </note>
1095
2017
  # @option options [String] :storage_class
1096
2018
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1097
2019
  # created objects. The STANDARD storage class provides high durability
1098
2020
  # and high availability. Depending on performance needs, you can specify
1099
- # a different Storage Class. Amazon S3 on Outposts only uses the
1100
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1101
- # in the *Amazon S3 User Guide*.
2021
+ # a different Storage Class. For more information, see [Storage
2022
+ # Classes][1] in the *Amazon S3 User Guide*.
2023
+ #
2024
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
2025
+ # supported to store newly created objects.
2026
+ #
2027
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
2028
+ #
2029
+ # </note>
1102
2030
  #
1103
2031
  #
1104
2032
  #
@@ -1107,35 +2035,51 @@ module Aws::S3
1107
2035
  # If the bucket is configured as a website, redirects requests for this
1108
2036
  # object to another object in the same bucket or to an external URL.
1109
2037
  # Amazon S3 stores the value of this header in the object metadata.
2038
+ #
2039
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2040
+ #
2041
+ # </note>
1110
2042
  # @option options [String] :sse_customer_algorithm
1111
- # Specifies the algorithm to use to when encrypting the object (for
2043
+ # Specifies the algorithm to use when encrypting the object (for
1112
2044
  # example, AES256).
2045
+ #
2046
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2047
+ #
2048
+ # </note>
1113
2049
  # @option options [String] :sse_customer_key
1114
2050
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1115
2051
  # encrypting data. This value is used to store the object and then it is
1116
2052
  # discarded; Amazon S3 does not store the encryption key. The key must
1117
2053
  # be appropriate for use with the algorithm specified in the
1118
2054
  # `x-amz-server-side-encryption-customer-algorithm` header.
2055
+ #
2056
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2057
+ #
2058
+ # </note>
1119
2059
  # @option options [String] :sse_customer_key_md5
1120
- # Specifies the 128-bit MD5 digest of the encryption key according to
1121
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
1122
- # ensure that the encryption key was transmitted without error.
2060
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
2061
+ # key according to RFC 1321. Amazon S3 uses this header for a message
2062
+ # integrity check to ensure that the encryption key was transmitted
2063
+ # without error.
2064
+ #
2065
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2066
+ #
2067
+ # </note>
1123
2068
  # @option options [String] :ssekms_key_id
1124
2069
  # Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric
1125
- # encryption customer managed key to use for object encryption. All GET
1126
- # and PUT requests for an object protected by KMS will fail if they're
1127
- # not made via SSL or using SigV4. For information about configuring any
1128
- # of the officially supported Amazon Web Services SDKs and Amazon Web
1129
- # Services CLI, see [Specifying the Signature Version in Request
1130
- # Authentication][1] in the *Amazon S3 User Guide*.
1131
- #
2070
+ # encryption customer managed key to use for object encryption.
1132
2071
  #
2072
+ # <note markdown="1"> This functionality is not supported for directory buckets.
1133
2073
  #
1134
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
2074
+ # </note>
1135
2075
  # @option options [String] :ssekms_encryption_context
1136
2076
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1137
2077
  # object encryption. The value of this header is a base64-encoded UTF-8
1138
2078
  # string holding JSON with the encryption context key-value pairs.
2079
+ #
2080
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2081
+ #
2082
+ # </note>
1139
2083
  # @option options [Boolean] :bucket_key_enabled
1140
2084
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1141
2085
  # encryption with server-side encryption using Key Management Service
@@ -1144,14 +2088,22 @@ module Aws::S3
1144
2088
  #
1145
2089
  # Specifying this header with an object action doesn’t affect
1146
2090
  # bucket-level settings for S3 Bucket Key.
2091
+ #
2092
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2093
+ #
2094
+ # </note>
1147
2095
  # @option options [String] :request_payer
1148
2096
  # Confirms that the requester knows that they will be charged for the
1149
2097
  # request. Bucket owners need not specify this parameter in their
1150
- # requests. If either the source or destination Amazon S3 bucket has
1151
- # Requester Pays enabled, the requester will pay for corresponding
1152
- # charges to copy the object. For information about downloading objects
1153
- # from Requester Pays buckets, see [Downloading Objects in Requester
1154
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2098
+ # requests. If either the source or destination S3 bucket has Requester
2099
+ # Pays enabled, the requester will pay for corresponding charges to copy
2100
+ # the object. For information about downloading objects from Requester
2101
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2102
+ # in the *Amazon S3 User Guide*.
2103
+ #
2104
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2105
+ #
2106
+ # </note>
1155
2107
  #
1156
2108
  #
1157
2109
  #
@@ -1159,20 +2111,36 @@ module Aws::S3
1159
2111
  # @option options [String] :tagging
1160
2112
  # The tag-set for the object. The tag-set must be encoded as URL Query
1161
2113
  # parameters.
2114
+ #
2115
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2116
+ #
2117
+ # </note>
1162
2118
  # @option options [String] :object_lock_mode
1163
2119
  # Specifies the Object Lock mode that you want to apply to the uploaded
1164
2120
  # object.
2121
+ #
2122
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2123
+ #
2124
+ # </note>
1165
2125
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1166
2126
  # Specifies the date and time when you want the Object Lock to expire.
2127
+ #
2128
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2129
+ #
2130
+ # </note>
1167
2131
  # @option options [String] :object_lock_legal_hold_status
1168
2132
  # Specifies whether you want to apply a legal hold to the uploaded
1169
2133
  # object.
2134
+ #
2135
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2136
+ #
2137
+ # </note>
1170
2138
  # @option options [String] :expected_bucket_owner
1171
- # The account ID of the expected bucket owner. If the bucket is owned by
1172
- # a different account, the request fails with the HTTP status code `403
1173
- # Forbidden` (access denied).
2139
+ # The account ID of the expected bucket owner. If the account ID that
2140
+ # you provide does not match the actual owner of the bucket, the request
2141
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1174
2142
  # @option options [String] :checksum_algorithm
1175
- # Indicates the algorithm you want Amazon S3 to use to create the
2143
+ # Indicates the algorithm that you want Amazon S3 to use to create the
1176
2144
  # checksum for the object. For more information, see [Checking object
1177
2145
  # integrity][1] in the *Amazon S3 User Guide*.
1178
2146
  #
@@ -1222,7 +2190,7 @@ module Aws::S3
1222
2190
  # "MetadataKey" => "MetadataValue",
1223
2191
  # },
1224
2192
  # server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
1225
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
2193
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1226
2194
  # website_redirect_location: "WebsiteRedirectLocation",
1227
2195
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1228
2196
  # sse_customer_key: "SSECustomerKey",
@@ -1240,13 +2208,41 @@ module Aws::S3
1240
2208
  # @param [Hash] options ({})
1241
2209
  # @option options [String] :acl
1242
2210
  # The canned ACL to apply to the object. For more information, see
1243
- # [Canned ACL][1].
2211
+ # [Canned ACL][1] in the *Amazon S3 User Guide*.
2212
+ #
2213
+ # When adding a new object, you can use headers to grant ACL-based
2214
+ # permissions to individual Amazon Web Services accounts or to
2215
+ # predefined groups defined by Amazon S3. These permissions are then
2216
+ # added to the ACL on the object. By default, all objects are private.
2217
+ # Only the owner has full access control. For more information, see
2218
+ # [Access Control List (ACL) Overview][2] and [Managing ACLs Using the
2219
+ # REST API][3] in the *Amazon S3 User Guide*.
2220
+ #
2221
+ # If the bucket that you're uploading objects to uses the bucket owner
2222
+ # enforced setting for S3 Object Ownership, ACLs are disabled and no
2223
+ # longer affect permissions. Buckets that use this setting only accept
2224
+ # PUT requests that don't specify an ACL or PUT requests that specify
2225
+ # bucket owner full control ACLs, such as the
2226
+ # `bucket-owner-full-control` canned ACL or an equivalent form of this
2227
+ # ACL expressed in the XML format. PUT requests that contain other ACLs
2228
+ # (for example, custom grants to certain Amazon Web Services accounts)
2229
+ # fail and return a `400` error with the error code
2230
+ # `AccessControlListNotSupported`. For more information, see [
2231
+ # Controlling ownership of objects and disabling ACLs][4] in the *Amazon
2232
+ # S3 User Guide*.
2233
+ #
2234
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2235
+ #
2236
+ # * This functionality is not supported for Amazon S3 on Outposts.
1244
2237
  #
1245
- # This action is not supported by Amazon S3 on Outposts.
2238
+ # </note>
1246
2239
  #
1247
2240
  #
1248
2241
  #
1249
2242
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
2243
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
2244
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
2245
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
1250
2246
  # @option options [String, StringIO, File] :body
1251
2247
  # Object data.
1252
2248
  # @option options [String] :cache_control
@@ -1293,9 +2289,21 @@ module Aws::S3
1293
2289
  # information about REST request authentication, see [REST
1294
2290
  # Authentication][1].
1295
2291
  #
2292
+ # <note markdown="1"> The `Content-MD5` header is required for any request to upload an
2293
+ # object with a retention period configured using Amazon S3 Object Lock.
2294
+ # For more information about Amazon S3 Object Lock, see [Amazon S3
2295
+ # Object Lock Overview][2] in the *Amazon S3 User Guide*.
2296
+ #
2297
+ # </note>
2298
+ #
2299
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2300
+ #
2301
+ # </note>
2302
+ #
1296
2303
  #
1297
2304
  #
1298
2305
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
2306
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
1299
2307
  # @option options [String] :content_type
1300
2308
  # A standard MIME type describing the format of the contents. For more
1301
2309
  # information, see
@@ -1306,15 +2314,36 @@ module Aws::S3
1306
2314
  # [1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type
1307
2315
  # @option options [String] :checksum_algorithm
1308
2316
  # Indicates the algorithm used to create the checksum for the object
1309
- # when using the SDK. This header will not provide any additional
1310
- # functionality if not using the SDK. When sending this header, there
1311
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1312
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1313
- # `400 Bad Request`. For more information, see [Checking object
1314
- # integrity][1] in the *Amazon S3 User Guide*.
2317
+ # when you use the SDK. This header will not provide any additional
2318
+ # functionality if you don't use the SDK. When you send this header,
2319
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
2320
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
2321
+ # with the HTTP status code `400 Bad Request`.
1315
2322
  #
1316
- # If you provide an individual checksum, Amazon S3 ignores any provided
1317
- # `ChecksumAlgorithm` parameter.
2323
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
2324
+ # the supported algorithm from the following list:
2325
+ #
2326
+ # * CRC32
2327
+ #
2328
+ # * CRC32C
2329
+ #
2330
+ # * SHA1
2331
+ #
2332
+ # * SHA256
2333
+ #
2334
+ # For more information, see [Checking object integrity][1] in the
2335
+ # *Amazon S3 User Guide*.
2336
+ #
2337
+ # If the individual checksum value you provide through
2338
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
2339
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
2340
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
2341
+ # that matches the provided value in `x-amz-checksum-algorithm `.
2342
+ #
2343
+ # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
2344
+ # is the default checksum algorithm that's used for performance.
2345
+ #
2346
+ # </note>
1318
2347
  #
1319
2348
  #
1320
2349
  #
@@ -1371,31 +2400,74 @@ module Aws::S3
1371
2400
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1372
2401
  # object.
1373
2402
  #
1374
- # This action is not supported by Amazon S3 on Outposts.
2403
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2404
+ #
2405
+ # * This functionality is not supported for Amazon S3 on Outposts.
2406
+ #
2407
+ # </note>
1375
2408
  # @option options [String] :grant_read
1376
2409
  # Allows grantee to read the object data and its metadata.
1377
2410
  #
1378
- # This action is not supported by Amazon S3 on Outposts.
2411
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2412
+ #
2413
+ # * This functionality is not supported for Amazon S3 on Outposts.
2414
+ #
2415
+ # </note>
1379
2416
  # @option options [String] :grant_read_acp
1380
2417
  # Allows grantee to read the object ACL.
1381
2418
  #
1382
- # This action is not supported by Amazon S3 on Outposts.
2419
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2420
+ #
2421
+ # * This functionality is not supported for Amazon S3 on Outposts.
2422
+ #
2423
+ # </note>
1383
2424
  # @option options [String] :grant_write_acp
1384
2425
  # Allows grantee to write the ACL for the applicable object.
1385
2426
  #
1386
- # This action is not supported by Amazon S3 on Outposts.
2427
+ # <note markdown="1"> * This functionality is not supported for directory buckets.
2428
+ #
2429
+ # * This functionality is not supported for Amazon S3 on Outposts.
2430
+ #
2431
+ # </note>
1387
2432
  # @option options [Hash<String,String>] :metadata
1388
2433
  # A map of metadata to store with the object in S3.
1389
2434
  # @option options [String] :server_side_encryption
1390
- # The server-side encryption algorithm used when storing this object in
1391
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
2435
+ # The server-side encryption algorithm that was used when you store this
2436
+ # object in Amazon S3 (for example, `AES256`, `aws:kms`,
2437
+ # `aws:kms:dsse`).
2438
+ #
2439
+ # <b>General purpose buckets </b> - You have four mutually exclusive
2440
+ # options to protect data using server-side encryption in Amazon S3,
2441
+ # depending on how you choose to manage the encryption keys.
2442
+ # Specifically, the encryption key options are Amazon S3 managed keys
2443
+ # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2444
+ # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2445
+ # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2446
+ # default. You can optionally tell Amazon S3 to encrypt data at rest by
2447
+ # using server-side encryption with other key options. For more
2448
+ # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2449
+ # User Guide*.
2450
+ #
2451
+ # <b>Directory buckets </b> - For directory buckets, only the
2452
+ # server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`)
2453
+ # value is supported.
2454
+ #
2455
+ #
2456
+ #
2457
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
1392
2458
  # @option options [String] :storage_class
1393
2459
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1394
2460
  # created objects. The STANDARD storage class provides high durability
1395
2461
  # and high availability. Depending on performance needs, you can specify
1396
- # a different Storage Class. Amazon S3 on Outposts only uses the
1397
- # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
1398
- # in the *Amazon S3 User Guide*.
2462
+ # a different Storage Class. For more information, see [Storage
2463
+ # Classes][1] in the *Amazon S3 User Guide*.
2464
+ #
2465
+ # <note markdown="1"> * For directory buckets, only the S3 Express One Zone storage class is
2466
+ # supported to store newly created objects.
2467
+ #
2468
+ # * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.
2469
+ #
2470
+ # </note>
1399
2471
  #
1400
2472
  #
1401
2473
  #
@@ -1404,7 +2476,8 @@ module Aws::S3
1404
2476
  # If the bucket is configured as a website, redirects requests for this
1405
2477
  # object to another object in the same bucket or to an external URL.
1406
2478
  # Amazon S3 stores the value of this header in the object metadata. For
1407
- # information about object metadata, see [Object Key and Metadata][1].
2479
+ # information about object metadata, see [Object Key and Metadata][1] in
2480
+ # the *Amazon S3 User Guide*.
1408
2481
  #
1409
2482
  # In the following example, the request header sets the redirect to an
1410
2483
  # object (anotherPage.html) in the same bucket:
@@ -1418,7 +2491,11 @@ module Aws::S3
1418
2491
  #
1419
2492
  # For more information about website hosting in Amazon S3, see [Hosting
1420
2493
  # Websites on Amazon S3][2] and [How to Configure Website Page
1421
- # Redirects][3].
2494
+ # Redirects][3] in the *Amazon S3 User Guide*.
2495
+ #
2496
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2497
+ #
2498
+ # </note>
1422
2499
  #
1423
2500
  #
1424
2501
  #
@@ -1426,18 +2503,30 @@ module Aws::S3
1426
2503
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
1427
2504
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
1428
2505
  # @option options [String] :sse_customer_algorithm
1429
- # Specifies the algorithm to use to when encrypting the object (for
1430
- # example, AES256).
2506
+ # Specifies the algorithm to use when encrypting the object (for
2507
+ # example, `AES256`).
2508
+ #
2509
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2510
+ #
2511
+ # </note>
1431
2512
  # @option options [String] :sse_customer_key
1432
2513
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1433
2514
  # encrypting data. This value is used to store the object and then it is
1434
2515
  # discarded; Amazon S3 does not store the encryption key. The key must
1435
2516
  # be appropriate for use with the algorithm specified in the
1436
2517
  # `x-amz-server-side-encryption-customer-algorithm` header.
2518
+ #
2519
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2520
+ #
2521
+ # </note>
1437
2522
  # @option options [String] :sse_customer_key_md5
1438
2523
  # Specifies the 128-bit MD5 digest of the encryption key according to
1439
2524
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1440
2525
  # ensure that the encryption key was transmitted without error.
2526
+ #
2527
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2528
+ #
2529
+ # </note>
1441
2530
  # @option options [String] :ssekms_key_id
1442
2531
  # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
1443
2532
  # `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key
@@ -1449,6 +2538,10 @@ module Aws::S3
1449
2538
  # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
1450
2539
  # KMS key does not exist in the same account that's issuing the
1451
2540
  # command, you must use the full ARN and not just the ID.
2541
+ #
2542
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2543
+ #
2544
+ # </note>
1452
2545
  # @option options [String] :ssekms_encryption_context
1453
2546
  # Specifies the Amazon Web Services KMS Encryption Context to use for
1454
2547
  # object encryption. The value of this header is a base64-encoded UTF-8
@@ -1456,7 +2549,11 @@ module Aws::S3
1456
2549
  # value is stored as object metadata and automatically gets passed on to
1457
2550
  # Amazon Web Services KMS for future `GetObject` or `CopyObject`
1458
2551
  # operations on this object. This value must be explicitly added during
1459
- # CopyObject operations.
2552
+ # `CopyObject` operations.
2553
+ #
2554
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2555
+ #
2556
+ # </note>
1460
2557
  # @option options [Boolean] :bucket_key_enabled
1461
2558
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1462
2559
  # encryption with server-side encryption using Key Management Service
@@ -1465,14 +2562,22 @@ module Aws::S3
1465
2562
  #
1466
2563
  # Specifying this header with a PUT action doesn’t affect bucket-level
1467
2564
  # settings for S3 Bucket Key.
2565
+ #
2566
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2567
+ #
2568
+ # </note>
1468
2569
  # @option options [String] :request_payer
1469
2570
  # Confirms that the requester knows that they will be charged for the
1470
2571
  # request. Bucket owners need not specify this parameter in their
1471
- # requests. If either the source or destination Amazon S3 bucket has
1472
- # Requester Pays enabled, the requester will pay for corresponding
1473
- # charges to copy the object. For information about downloading objects
1474
- # from Requester Pays buckets, see [Downloading Objects in Requester
1475
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2572
+ # requests. If either the source or destination S3 bucket has Requester
2573
+ # Pays enabled, the requester will pay for corresponding charges to copy
2574
+ # the object. For information about downloading objects from Requester
2575
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2576
+ # in the *Amazon S3 User Guide*.
2577
+ #
2578
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2579
+ #
2580
+ # </note>
1476
2581
  #
1477
2582
  #
1478
2583
  #
@@ -1480,22 +2585,39 @@ module Aws::S3
1480
2585
  # @option options [String] :tagging
1481
2586
  # The tag-set for the object. The tag-set must be encoded as URL Query
1482
2587
  # parameters. (For example, "Key1=Value1")
2588
+ #
2589
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2590
+ #
2591
+ # </note>
1483
2592
  # @option options [String] :object_lock_mode
1484
2593
  # The Object Lock mode that you want to apply to this object.
2594
+ #
2595
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2596
+ #
2597
+ # </note>
1485
2598
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1486
2599
  # The date and time when you want this object's Object Lock to expire.
1487
2600
  # Must be formatted as a timestamp parameter.
2601
+ #
2602
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2603
+ #
2604
+ # </note>
1488
2605
  # @option options [String] :object_lock_legal_hold_status
1489
2606
  # Specifies whether a legal hold will be applied to this object. For
1490
- # more information about S3 Object Lock, see [Object Lock][1].
2607
+ # more information about S3 Object Lock, see [Object Lock][1] in the
2608
+ # *Amazon S3 User Guide*.
2609
+ #
2610
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2611
+ #
2612
+ # </note>
1491
2613
  #
1492
2614
  #
1493
2615
  #
1494
2616
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
1495
2617
  # @option options [String] :expected_bucket_owner
1496
- # The account ID of the expected bucket owner. If the bucket is owned by
1497
- # a different account, the request fails with the HTTP status code `403
1498
- # Forbidden` (access denied).
2618
+ # The account ID of the expected bucket owner. If the account ID that
2619
+ # you provide does not match the actual owner of the bucket, the request
2620
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1499
2621
  # @return [Types::PutObjectOutput]
1500
2622
  def put(options = {})
1501
2623
  options = options.merge(
@@ -1589,7 +2711,7 @@ module Aws::S3
1589
2711
  # value: "MetadataValue",
1590
2712
  # },
1591
2713
  # ],
1592
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW
2714
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
1593
2715
  # },
1594
2716
  # },
1595
2717
  # },
@@ -1605,23 +2727,27 @@ module Aws::S3
1605
2727
  # @option options [String] :request_payer
1606
2728
  # Confirms that the requester knows that they will be charged for the
1607
2729
  # request. Bucket owners need not specify this parameter in their
1608
- # requests. If either the source or destination Amazon S3 bucket has
1609
- # Requester Pays enabled, the requester will pay for corresponding
1610
- # charges to copy the object. For information about downloading objects
1611
- # from Requester Pays buckets, see [Downloading Objects in Requester
1612
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2730
+ # requests. If either the source or destination S3 bucket has Requester
2731
+ # Pays enabled, the requester will pay for corresponding charges to copy
2732
+ # the object. For information about downloading objects from Requester
2733
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2734
+ # in the *Amazon S3 User Guide*.
2735
+ #
2736
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2737
+ #
2738
+ # </note>
1613
2739
  #
1614
2740
  #
1615
2741
  #
1616
2742
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1617
2743
  # @option options [String] :checksum_algorithm
1618
2744
  # Indicates the algorithm used to create the checksum for the object
1619
- # when using the SDK. This header will not provide any additional
1620
- # functionality if not using the SDK. When sending this header, there
1621
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1622
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1623
- # `400 Bad Request`. For more information, see [Checking object
1624
- # integrity][1] in the *Amazon S3 User Guide*.
2745
+ # when you use the SDK. This header will not provide any additional
2746
+ # functionality if you don't use the SDK. When you send this header,
2747
+ # there must be a corresponding `x-amz-checksum` or `x-amz-trailer`
2748
+ # header sent. Otherwise, Amazon S3 fails the request with the HTTP
2749
+ # status code `400 Bad Request`. For more information, see [Checking
2750
+ # object integrity][1] in the *Amazon S3 User Guide*.
1625
2751
  #
1626
2752
  # If you provide an individual checksum, Amazon S3 ignores any provided
1627
2753
  # `ChecksumAlgorithm` parameter.
@@ -1630,9 +2756,9 @@ module Aws::S3
1630
2756
  #
1631
2757
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
1632
2758
  # @option options [String] :expected_bucket_owner
1633
- # The account ID of the expected bucket owner. If the bucket is owned by
1634
- # a different account, the request fails with the HTTP status code `403
1635
- # Forbidden` (access denied).
2759
+ # The account ID of the expected bucket owner. If the account ID that
2760
+ # you provide does not match the actual owner of the bucket, the request
2761
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1636
2762
  # @return [Types::RestoreObjectOutput]
1637
2763
  def restore_object(options = {})
1638
2764
  options = options.merge(
@@ -1666,43 +2792,124 @@ module Aws::S3
1666
2792
  # @option options [String] :if_match
1667
2793
  # Return the object only if its entity tag (ETag) is the same as the one
1668
2794
  # specified; otherwise, return a 412 (precondition failed) error.
2795
+ #
2796
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
2797
+ # present in the request as follows:
2798
+ #
2799
+ # * `If-Match` condition evaluates to `true`, and;
2800
+ #
2801
+ # * `If-Unmodified-Since` condition evaluates to `false`;
2802
+ #
2803
+ # Then Amazon S3 returns `200 OK` and the data requested.
2804
+ #
2805
+ # For more information about conditional requests, see [RFC 7232][1].
2806
+ #
2807
+ #
2808
+ #
2809
+ # [1]: https://tools.ietf.org/html/rfc7232
1669
2810
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
1670
2811
  # Return the object only if it has been modified since the specified
1671
2812
  # time; otherwise, return a 304 (not modified) error.
2813
+ #
2814
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
2815
+ # present in the request as follows:
2816
+ #
2817
+ # * `If-None-Match` condition evaluates to `false`, and;
2818
+ #
2819
+ # * `If-Modified-Since` condition evaluates to `true`;
2820
+ #
2821
+ # Then Amazon S3 returns the `304 Not Modified` response code.
2822
+ #
2823
+ # For more information about conditional requests, see [RFC 7232][1].
2824
+ #
2825
+ #
2826
+ #
2827
+ # [1]: https://tools.ietf.org/html/rfc7232
1672
2828
  # @option options [String] :if_none_match
1673
2829
  # Return the object only if its entity tag (ETag) is different from the
1674
2830
  # one specified; otherwise, return a 304 (not modified) error.
2831
+ #
2832
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
2833
+ # present in the request as follows:
2834
+ #
2835
+ # * `If-None-Match` condition evaluates to `false`, and;
2836
+ #
2837
+ # * `If-Modified-Since` condition evaluates to `true`;
2838
+ #
2839
+ # Then Amazon S3 returns the `304 Not Modified` response code.
2840
+ #
2841
+ # For more information about conditional requests, see [RFC 7232][1].
2842
+ #
2843
+ #
2844
+ #
2845
+ # [1]: https://tools.ietf.org/html/rfc7232
1675
2846
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
1676
2847
  # Return the object only if it has not been modified since the specified
1677
2848
  # time; otherwise, return a 412 (precondition failed) error.
2849
+ #
2850
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
2851
+ # present in the request as follows:
2852
+ #
2853
+ # * `If-Match` condition evaluates to `true`, and;
2854
+ #
2855
+ # * `If-Unmodified-Since` condition evaluates to `false`;
2856
+ #
2857
+ # Then Amazon S3 returns `200 OK` and the data requested.
2858
+ #
2859
+ # For more information about conditional requests, see [RFC 7232][1].
2860
+ #
2861
+ #
2862
+ #
2863
+ # [1]: https://tools.ietf.org/html/rfc7232
1678
2864
  # @option options [String] :range
1679
2865
  # HeadObject returns only the metadata for an object. If the Range is
1680
2866
  # satisfiable, only the `ContentLength` is affected in the response. If
1681
2867
  # the Range is not satisfiable, S3 returns a `416 - Requested Range Not
1682
2868
  # Satisfiable` error.
1683
2869
  # @option options [String] :version_id
1684
- # VersionId used to reference a specific version of the object.
2870
+ # Version ID used to reference a specific version of the object.
2871
+ #
2872
+ # <note markdown="1"> For directory buckets in this API operation, only the `null` value of
2873
+ # the version ID is supported.
2874
+ #
2875
+ # </note>
1685
2876
  # @option options [String] :sse_customer_algorithm
1686
- # Specifies the algorithm to use to when encrypting the object (for
2877
+ # Specifies the algorithm to use when encrypting the object (for
1687
2878
  # example, AES256).
2879
+ #
2880
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2881
+ #
2882
+ # </note>
1688
2883
  # @option options [String] :sse_customer_key
1689
2884
  # Specifies the customer-provided encryption key for Amazon S3 to use in
1690
2885
  # encrypting data. This value is used to store the object and then it is
1691
2886
  # discarded; Amazon S3 does not store the encryption key. The key must
1692
2887
  # be appropriate for use with the algorithm specified in the
1693
2888
  # `x-amz-server-side-encryption-customer-algorithm` header.
2889
+ #
2890
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2891
+ #
2892
+ # </note>
1694
2893
  # @option options [String] :sse_customer_key_md5
1695
2894
  # Specifies the 128-bit MD5 digest of the encryption key according to
1696
2895
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
1697
2896
  # ensure that the encryption key was transmitted without error.
2897
+ #
2898
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2899
+ #
2900
+ # </note>
1698
2901
  # @option options [String] :request_payer
1699
2902
  # Confirms that the requester knows that they will be charged for the
1700
2903
  # request. Bucket owners need not specify this parameter in their
1701
- # requests. If either the source or destination Amazon S3 bucket has
1702
- # Requester Pays enabled, the requester will pay for corresponding
1703
- # charges to copy the object. For information about downloading objects
1704
- # from Requester Pays buckets, see [Downloading Objects in Requester
1705
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
2904
+ # requests. If either the source or destination S3 bucket has Requester
2905
+ # Pays enabled, the requester will pay for corresponding charges to copy
2906
+ # the object. For information about downloading objects from Requester
2907
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
2908
+ # in the *Amazon S3 User Guide*.
2909
+ #
2910
+ # <note markdown="1"> This functionality is not supported for directory buckets.
2911
+ #
2912
+ # </note>
1706
2913
  #
1707
2914
  #
1708
2915
  #
@@ -1713,9 +2920,9 @@ module Aws::S3
1713
2920
  # for the part specified. Useful querying about the size of the part and
1714
2921
  # the number of parts in this object.
1715
2922
  # @option options [String] :expected_bucket_owner
1716
- # The account ID of the expected bucket owner. If the bucket is owned by
1717
- # a different account, the request fails with the HTTP status code `403
1718
- # Forbidden` (access denied).
2923
+ # The account ID of the expected bucket owner. If the account ID that
2924
+ # you provide does not match the actual owner of the bucket, the request
2925
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1719
2926
  # @option options [String] :checksum_mode
1720
2927
  # To retrieve the checksum, this parameter must be enabled.
1721
2928
  #
@@ -1856,14 +3063,35 @@ module Aws::S3
1856
3063
  # space, and the value that is displayed on your authentication device.
1857
3064
  # Required to permanently delete a versioned object if versioning is
1858
3065
  # configured with MFA delete enabled.
3066
+ #
3067
+ # When performing the `DeleteObjects` operation on an MFA delete enabled
3068
+ # bucket, which attempts to delete the specified versioned objects, you
3069
+ # must include an MFA token. If you don't provide an MFA token, the
3070
+ # entire request will fail, even if there are non-versioned objects that
3071
+ # you are trying to delete. If you provide an invalid token, whether
3072
+ # there are versioned object keys in the request or not, the entire
3073
+ # Multi-Object Delete request will fail. For information about MFA
3074
+ # Delete, see [ MFA Delete][1] in the *Amazon S3 User Guide*.
3075
+ #
3076
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3077
+ #
3078
+ # </note>
3079
+ #
3080
+ #
3081
+ #
3082
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete
1859
3083
  # @option options [String] :request_payer
1860
3084
  # Confirms that the requester knows that they will be charged for the
1861
3085
  # request. Bucket owners need not specify this parameter in their
1862
- # requests. If either the source or destination Amazon S3 bucket has
1863
- # Requester Pays enabled, the requester will pay for corresponding
1864
- # charges to copy the object. For information about downloading objects
1865
- # from Requester Pays buckets, see [Downloading Objects in Requester
1866
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
3086
+ # requests. If either the source or destination S3 bucket has Requester
3087
+ # Pays enabled, the requester will pay for corresponding charges to copy
3088
+ # the object. For information about downloading objects from Requester
3089
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
3090
+ # in the *Amazon S3 User Guide*.
3091
+ #
3092
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3093
+ #
3094
+ # </note>
1867
3095
  #
1868
3096
  #
1869
3097
  #
@@ -1872,25 +3100,45 @@ module Aws::S3
1872
3100
  # Specifies whether you want to delete this object even if it has a
1873
3101
  # Governance-type Object Lock in place. To use this header, you must
1874
3102
  # have the `s3:BypassGovernanceRetention` permission.
3103
+ #
3104
+ # <note markdown="1"> This functionality is not supported for directory buckets.
3105
+ #
3106
+ # </note>
1875
3107
  # @option options [String] :expected_bucket_owner
1876
- # The account ID of the expected bucket owner. If the bucket is owned by
1877
- # a different account, the request fails with the HTTP status code `403
1878
- # Forbidden` (access denied).
3108
+ # The account ID of the expected bucket owner. If the account ID that
3109
+ # you provide does not match the actual owner of the bucket, the request
3110
+ # fails with the HTTP status code `403 Forbidden` (access denied).
1879
3111
  # @option options [String] :checksum_algorithm
1880
3112
  # Indicates the algorithm used to create the checksum for the object
1881
- # when using the SDK. This header will not provide any additional
1882
- # functionality if not using the SDK. When sending this header, there
1883
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
1884
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
1885
- # `400 Bad Request`. For more information, see [Checking object
1886
- # integrity][1] in the *Amazon S3 User Guide*.
3113
+ # when you use the SDK. This header will not provide any additional
3114
+ # functionality if you don't use the SDK. When you send this header,
3115
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
3116
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
3117
+ # with the HTTP status code `400 Bad Request`.
3118
+ #
3119
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
3120
+ # the supported algorithm from the following list:
3121
+ #
3122
+ # * CRC32
3123
+ #
3124
+ # * CRC32C
3125
+ #
3126
+ # * SHA1
3127
+ #
3128
+ # * SHA256
3129
+ #
3130
+ # For more information, see [Checking object integrity][1] in the
3131
+ # *Amazon S3 User Guide*.
3132
+ #
3133
+ # If the individual checksum value you provide through
3134
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
3135
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
3136
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
3137
+ # that matches the provided value in `x-amz-checksum-algorithm `.
1887
3138
  #
1888
3139
  # If you provide an individual checksum, Amazon S3 ignores any provided
1889
3140
  # `ChecksumAlgorithm` parameter.
1890
3141
  #
1891
- # This checksum algorithm must be the same for all parts and it match
1892
- # the checksum value supplied in the `CreateMultipartUpload` request.
1893
- #
1894
3142
  #
1895
3143
  #
1896
3144
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html