aws-sdk-s3 1.147.0 → 1.167.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (70) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +123 -2
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/access_grants_credentials.rb +57 -0
  5. data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +250 -0
  6. data/lib/aws-sdk-s3/bucket.rb +224 -81
  7. data/lib/aws-sdk-s3/bucket_acl.rb +3 -3
  8. data/lib/aws-sdk-s3/bucket_cors.rb +4 -4
  9. data/lib/aws-sdk-s3/bucket_lifecycle.rb +4 -4
  10. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +42 -5
  11. data/lib/aws-sdk-s3/bucket_logging.rb +3 -3
  12. data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
  13. data/lib/aws-sdk-s3/bucket_policy.rb +8 -8
  14. data/lib/aws-sdk-s3/bucket_region_cache.rb +9 -5
  15. data/lib/aws-sdk-s3/bucket_request_payment.rb +3 -3
  16. data/lib/aws-sdk-s3/bucket_tagging.rb +4 -4
  17. data/lib/aws-sdk-s3/bucket_versioning.rb +5 -5
  18. data/lib/aws-sdk-s3/bucket_website.rb +4 -4
  19. data/lib/aws-sdk-s3/client.rb +1744 -695
  20. data/lib/aws-sdk-s3/client_api.rb +44 -4
  21. data/lib/aws-sdk-s3/customizations/bucket.rb +1 -1
  22. data/lib/aws-sdk-s3/customizations/errors.rb +15 -2
  23. data/lib/aws-sdk-s3/customizations/object.rb +11 -5
  24. data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
  25. data/lib/aws-sdk-s3/customizations/object_version.rb +13 -0
  26. data/lib/aws-sdk-s3/customizations.rb +24 -35
  27. data/lib/aws-sdk-s3/encryption/client.rb +2 -2
  28. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +2 -2
  29. data/lib/aws-sdk-s3/encryptionV2/client.rb +2 -2
  30. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +2 -2
  31. data/lib/aws-sdk-s3/endpoint_parameters.rb +8 -0
  32. data/lib/aws-sdk-s3/endpoint_provider.rb +1 -0
  33. data/lib/aws-sdk-s3/endpoints.rb +199 -397
  34. data/lib/aws-sdk-s3/errors.rb +3 -0
  35. data/lib/aws-sdk-s3/express_credentials_provider.rb +27 -4
  36. data/lib/aws-sdk-s3/file_downloader.rb +1 -1
  37. data/lib/aws-sdk-s3/file_uploader.rb +1 -1
  38. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +1 -1
  39. data/lib/aws-sdk-s3/multipart_upload.rb +31 -8
  40. data/lib/aws-sdk-s3/multipart_upload_part.rb +11 -11
  41. data/lib/aws-sdk-s3/object.rb +411 -151
  42. data/lib/aws-sdk-s3/object_acl.rb +3 -3
  43. data/lib/aws-sdk-s3/object_copier.rb +1 -1
  44. data/lib/aws-sdk-s3/object_multipart_copier.rb +10 -8
  45. data/lib/aws-sdk-s3/object_summary.rb +373 -127
  46. data/lib/aws-sdk-s3/object_version.rb +53 -13
  47. data/lib/aws-sdk-s3/plugins/access_grants.rb +178 -0
  48. data/lib/aws-sdk-s3/plugins/endpoints.rb +23 -8
  49. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +8 -2
  50. data/lib/aws-sdk-s3/plugins/http_200_errors.rb +53 -16
  51. data/lib/aws-sdk-s3/plugins/s3_signer.rb +7 -2
  52. data/lib/aws-sdk-s3/presigner.rb +1 -0
  53. data/lib/aws-sdk-s3/resource.rb +12 -10
  54. data/lib/aws-sdk-s3/types.rb +1082 -399
  55. data/lib/aws-sdk-s3.rb +35 -31
  56. data/sig/bucket.rbs +1 -0
  57. data/sig/bucket_lifecycle_configuration.rbs +7 -3
  58. data/sig/client.rbs +48 -5
  59. data/sig/customizations/bucket.rbs +19 -0
  60. data/sig/customizations/object.rbs +38 -0
  61. data/sig/customizations/object_summary.rbs +35 -0
  62. data/sig/multipart_upload.rbs +1 -0
  63. data/sig/object.rbs +7 -0
  64. data/sig/object_summary.rbs +1 -0
  65. data/sig/object_version.rbs +6 -0
  66. data/sig/resource.rbs +7 -1
  67. data/sig/types.rbs +32 -2
  68. data/sig/waiters.rbs +12 -0
  69. metadata +13 -7
  70. data/lib/aws-sdk-s3/express_credentials_cache.rb +0 -30
@@ -132,7 +132,7 @@ module Aws::S3
132
132
  data[:content_length]
133
133
  end
134
134
 
135
- # The base64-encoded, 32-bit CRC32 checksum of the object. This will
135
+ # The base64-encoded, 32-bit CRC-32 checksum of the object. This will
136
136
  # only be present if it was uploaded with the object. When you use an
137
137
  # API operation on an object that was uploaded using multipart uploads,
138
138
  # this value may not be a direct checksum value of the full object.
@@ -149,7 +149,7 @@ module Aws::S3
149
149
  data[:checksum_crc32]
150
150
  end
151
151
 
152
- # The base64-encoded, 32-bit CRC32C checksum of the object. This will
152
+ # The base64-encoded, 32-bit CRC-32C checksum of the object. This will
153
153
  # only be present if it was uploaded with the object. When you use an
154
154
  # API operation on an object that was uploaded using multipart uploads,
155
155
  # this value may not be a direct checksum value of the full object.
@@ -288,11 +288,6 @@ module Aws::S3
288
288
 
289
289
  # The server-side encryption algorithm used when you store this object
290
290
  # in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
291
- #
292
- # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
293
- # managed keys (SSE-S3) (`AES256`) is supported.
294
- #
295
- # </note>
296
291
  # @return [String]
297
292
  def server_side_encryption
298
293
  data[:server_side_encryption]
@@ -329,13 +324,8 @@ module Aws::S3
329
324
  data[:sse_customer_key_md5]
330
325
  end
331
326
 
332
- # If present, indicates the ID of the Key Management Service (KMS)
333
- # symmetric encryption customer managed key that was used for the
334
- # object.
335
- #
336
- # <note markdown="1"> This functionality is not supported for directory buckets.
337
- #
338
- # </note>
327
+ # If present, indicates the ID of the KMS key that was used for object
328
+ # encryption.
339
329
  # @return [String]
340
330
  def ssekms_key_id
341
331
  data[:ssekms_key_id]
@@ -343,10 +333,6 @@ module Aws::S3
343
333
 
344
334
  # Indicates whether the object uses an S3 Bucket Key for server-side
345
335
  # encryption with Key Management Service (KMS) keys (SSE-KMS).
346
- #
347
- # <note markdown="1"> This functionality is not supported for directory buckets.
348
- #
349
- # </note>
350
336
  # @return [Boolean]
351
337
  def bucket_key_enabled
352
338
  data[:bucket_key_enabled]
@@ -500,7 +486,7 @@ module Aws::S3
500
486
  #
501
487
  # @return [self]
502
488
  def load
503
- resp = Aws::Plugins::UserAgent.feature('resource') do
489
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
504
490
  @client.head_object(
505
491
  bucket: @bucket_name,
506
492
  key: @key
@@ -550,7 +536,7 @@ module Aws::S3
550
536
  options, params = separate_params_and_options(options)
551
537
  waiter = Waiters::ObjectExists.new(options)
552
538
  yield_waiter_and_warn(waiter, &block) if block_given?
553
- Aws::Plugins::UserAgent.feature('resource') do
539
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
554
540
  waiter.wait(params.merge(bucket: @bucket_name,
555
541
  key: @key))
556
542
  end
@@ -571,7 +557,7 @@ module Aws::S3
571
557
  options, params = separate_params_and_options(options)
572
558
  waiter = Waiters::ObjectNotExists.new(options)
573
559
  yield_waiter_and_warn(waiter, &block) if block_given?
574
- Aws::Plugins::UserAgent.feature('resource') do
560
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
575
561
  waiter.wait(params.merge(bucket: @bucket_name,
576
562
  key: @key))
577
563
  end
@@ -676,7 +662,7 @@ module Aws::S3
676
662
  :retry
677
663
  end
678
664
  end
679
- Aws::Plugins::UserAgent.feature('resource') do
665
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
680
666
  Aws::Waiters::Waiter.new(options).wait({})
681
667
  end
682
668
  end
@@ -1031,9 +1017,8 @@ module Aws::S3
1031
1017
  # </note>
1032
1018
  # @option options [String] :server_side_encryption
1033
1019
  # The server-side encryption algorithm used when storing this object in
1034
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
1035
- # Unrecognized or unsupported values won’t write a destination object
1036
- # and will receive a `400 Bad Request` response.
1020
+ # Amazon S3. Unrecognized or unsupported values won’t write a
1021
+ # destination object and will receive a `400 Bad Request` response.
1037
1022
  #
1038
1023
  # Amazon S3 automatically encrypts all new objects that are copied to an
1039
1024
  # S3 bucket. When copying an object, if you don't specify encryption
@@ -1041,35 +1026,72 @@ module Aws::S3
1041
1026
  # object is set to the default encryption configuration of the
1042
1027
  # destination bucket. By default, all buckets have a base level of
1043
1028
  # encryption configuration that uses server-side encryption with Amazon
1044
- # S3 managed keys (SSE-S3). If the destination bucket has a default
1045
- # encryption configuration that uses server-side encryption with Key
1046
- # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
1047
- # encryption with Amazon Web Services KMS keys (DSSE-KMS), or
1048
- # server-side encryption with customer-provided encryption keys (SSE-C),
1049
- # Amazon S3 uses the corresponding KMS key, or a customer-provided key
1050
- # to encrypt the target object copy.
1051
- #
1052
- # When you perform a `CopyObject` operation, if you want to use a
1053
- # different type of encryption setting for the target object, you can
1054
- # specify appropriate encryption-related headers to encrypt the target
1055
- # object with an Amazon S3 managed key, a KMS key, or a
1056
- # customer-provided key. If the encryption setting in your request is
1057
- # different from the default encryption configuration of the destination
1058
- # bucket, the encryption setting in your request takes precedence.
1029
+ # S3 managed keys (SSE-S3). If the destination bucket has a different
1030
+ # default encryption configuration, Amazon S3 uses the corresponding
1031
+ # encryption key to encrypt the target object copy.
1059
1032
  #
1060
1033
  # With server-side encryption, Amazon S3 encrypts your data as it writes
1061
1034
  # your data to disks in its data centers and decrypts the data when you
1062
1035
  # access it. For more information about server-side encryption, see
1063
1036
  # [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
1064
1037
  #
1065
- # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
1066
- # managed keys (SSE-S3) (`AES256`) is supported.
1067
- #
1068
- # </note>
1038
+ # <b>General purpose buckets </b>
1039
+ #
1040
+ # * For general purpose buckets, there are the following supported
1041
+ # options for server-side encryption: server-side encryption with Key
1042
+ # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
1043
+ # encryption with Amazon Web Services KMS keys (DSSE-KMS), and
1044
+ # server-side encryption with customer-provided encryption keys
1045
+ # (SSE-C). Amazon S3 uses the corresponding KMS key, or a
1046
+ # customer-provided key to encrypt the target object copy.
1047
+ #
1048
+ # * When you perform a `CopyObject` operation, if you want to use a
1049
+ # different type of encryption setting for the target object, you can
1050
+ # specify appropriate encryption-related headers to encrypt the target
1051
+ # object with an Amazon S3 managed key, a KMS key, or a
1052
+ # customer-provided key. If the encryption setting in your request is
1053
+ # different from the default encryption configuration of the
1054
+ # destination bucket, the encryption setting in your request takes
1055
+ # precedence.
1056
+ #
1057
+ # <b>Directory buckets </b>
1058
+ #
1059
+ # * For directory buckets, there are only two supported options for
1060
+ # server-side encryption: server-side encryption with Amazon S3
1061
+ # managed keys (SSE-S3) (`AES256`) and server-side encryption with KMS
1062
+ # keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default
1063
+ # encryption uses the desired encryption configuration and you don't
1064
+ # override the bucket default encryption in your `CreateSession`
1065
+ # requests or `PUT` object requests. Then, new objects are
1066
+ # automatically encrypted with the desired encryption settings. For
1067
+ # more information, see [Protecting data with server-side
1068
+ # encryption][2] in the *Amazon S3 User Guide*. For more information
1069
+ # about the encryption overriding behaviors in directory buckets, see
1070
+ # [Specifying server-side encryption with KMS for new object
1071
+ # uploads][3].
1072
+ #
1073
+ # * To encrypt new object copies to a directory bucket with SSE-KMS, we
1074
+ # recommend you specify SSE-KMS as the directory bucket's default
1075
+ # encryption configuration with a KMS key (specifically, a [customer
1076
+ # managed key][4]). [Amazon Web Services managed key][5] (`aws/s3`)
1077
+ # isn't supported. Your SSE-KMS configuration can only support 1
1078
+ # [customer managed key][4] per directory bucket for the lifetime of
1079
+ # the bucket. After you specify a customer managed key for SSE-KMS,
1080
+ # you can't override the customer managed key for the bucket's
1081
+ # SSE-KMS configuration. Then, when you perform a `CopyObject`
1082
+ # operation and want to specify server-side encryption settings for
1083
+ # new object copies with SSE-KMS in the encryption-related request
1084
+ # headers, you must ensure the encryption key is the same customer
1085
+ # managed key that you specified for the directory bucket's default
1086
+ # encryption configuration.
1069
1087
  #
1070
1088
  #
1071
1089
  #
1072
1090
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
1091
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
1092
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
1093
+ # [4]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
1094
+ # [5]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
1073
1095
  # @option options [String] :storage_class
1074
1096
  # If the `x-amz-storage-class` header is not used, the copied object
1075
1097
  # will be stored in the `STANDARD` Storage Class by default. The
@@ -1160,32 +1182,50 @@ module Aws::S3
1160
1182
  #
1161
1183
  # </note>
1162
1184
  # @option options [String] :ssekms_key_id
1163
- # Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object
1164
- # encryption. All GET and PUT requests for an object protected by KMS
1165
- # will fail if they're not made via SSL or using SigV4. For information
1166
- # about configuring any of the officially supported Amazon Web Services
1167
- # SDKs and Amazon Web Services CLI, see [Specifying the Signature
1168
- # Version in Request Authentication][1] in the *Amazon S3 User Guide*.
1169
- #
1170
- # <note markdown="1"> This functionality is not supported when the destination bucket is a
1171
- # directory bucket.
1172
- #
1173
- # </note>
1185
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
1186
+ # object encryption. All GET and PUT requests for an object protected by
1187
+ # KMS will fail if they're not made via SSL or using SigV4. For
1188
+ # information about configuring any of the officially supported Amazon
1189
+ # Web Services SDKs and Amazon Web Services CLI, see [Specifying the
1190
+ # Signature Version in Request Authentication][1] in the *Amazon S3 User
1191
+ # Guide*.
1192
+ #
1193
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
1194
+ # with `aws:kms`, you must specify the `
1195
+ # x-amz-server-side-encryption-aws-kms-key-id` header with the ID (Key
1196
+ # ID or Key ARN) of the KMS symmetric encryption customer managed key to
1197
+ # use. Otherwise, you get an HTTP `400 Bad Request` error. Only use the
1198
+ # key ID or key ARN. The key alias format of the KMS key isn't
1199
+ # supported. Your SSE-KMS configuration can only support 1 [customer
1200
+ # managed key][2] per directory bucket for the lifetime of the bucket.
1201
+ # [Amazon Web Services managed key][3] (`aws/s3`) isn't supported.
1174
1202
  #
1175
1203
  #
1176
1204
  #
1177
1205
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
1206
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
1207
+ # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
1178
1208
  # @option options [String] :ssekms_encryption_context
1179
- # Specifies the Amazon Web Services KMS Encryption Context to use for
1180
- # object encryption. The value of this header is a base64-encoded UTF-8
1181
- # string holding JSON with the encryption context key-value pairs. This
1182
- # value must be explicitly added to specify encryption context for
1183
- # `CopyObject` requests.
1209
+ # Specifies the Amazon Web Services KMS Encryption Context as an
1210
+ # additional encryption context to use for the destination object
1211
+ # encryption. The value of this header is a base64-encoded UTF-8 string
1212
+ # holding JSON with the encryption context key-value pairs.
1184
1213
  #
1185
- # <note markdown="1"> This functionality is not supported when the destination bucket is a
1186
- # directory bucket.
1214
+ # **General purpose buckets** - This value must be explicitly added to
1215
+ # specify encryption context for `CopyObject` requests if you want an
1216
+ # additional encryption context for your destination object. The
1217
+ # additional encryption context of the source object won't be copied to
1218
+ # the destination object. For more information, see [Encryption
1219
+ # context][1] in the *Amazon S3 User Guide*.
1187
1220
  #
1188
- # </note>
1221
+ # **Directory buckets** - You can optionally provide an explicit
1222
+ # encryption context value. The value must match the default encryption
1223
+ # context - the bucket Amazon Resource Name (ARN). An additional
1224
+ # encryption context value is not supported.
1225
+ #
1226
+ #
1227
+ #
1228
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
1189
1229
  # @option options [Boolean] :bucket_key_enabled
1190
1230
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1191
1231
  # encryption with server-side encryption using Key Management Service
@@ -1199,14 +1239,19 @@ module Aws::S3
1199
1239
  # For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
1200
1240
  # User Guide*.
1201
1241
  #
1202
- # <note markdown="1"> This functionality is not supported when the destination bucket is a
1203
- # directory bucket.
1242
+ # <note markdown="1"> **Directory buckets** - S3 Bucket Keys aren't supported, when you
1243
+ # copy SSE-KMS encrypted objects from general purpose buckets to
1244
+ # directory buckets, from directory buckets to general purpose buckets,
1245
+ # or between directory buckets, through [CopyObject][2]. In this case,
1246
+ # Amazon S3 makes a call to KMS every time a copy request is made for a
1247
+ # KMS-encrypted object.
1204
1248
  #
1205
1249
  # </note>
1206
1250
  #
1207
1251
  #
1208
1252
  #
1209
1253
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
1254
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
1210
1255
  # @option options [String] :copy_source_sse_customer_algorithm
1211
1256
  # Specifies the algorithm to use when decrypting the source object (for
1212
1257
  # example, `AES256`).
@@ -1346,7 +1391,7 @@ module Aws::S3
1346
1391
  bucket: @bucket_name,
1347
1392
  key: @key
1348
1393
  )
1349
- resp = Aws::Plugins::UserAgent.feature('resource') do
1394
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1350
1395
  @client.copy_object(options)
1351
1396
  end
1352
1397
  resp.data
@@ -1412,7 +1457,7 @@ module Aws::S3
1412
1457
  bucket: @bucket_name,
1413
1458
  key: @key
1414
1459
  )
1415
- resp = Aws::Plugins::UserAgent.feature('resource') do
1460
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1416
1461
  @client.delete_object(options)
1417
1462
  end
1418
1463
  resp.data
@@ -1662,13 +1707,22 @@ module Aws::S3
1662
1707
  # fails with the HTTP status code `403 Forbidden` (access denied).
1663
1708
  # @option options [String] :checksum_mode
1664
1709
  # To retrieve the checksum, this mode must be enabled.
1710
+ #
1711
+ # **General purpose buckets** - In addition, if you enable checksum mode
1712
+ # and the object is uploaded with a [checksum][1] and encrypted with an
1713
+ # Key Management Service (KMS) key, you must have permission to use the
1714
+ # `kms:Decrypt` action to retrieve the checksum.
1715
+ #
1716
+ #
1717
+ #
1718
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
1665
1719
  # @return [Types::GetObjectOutput]
1666
1720
  def get(options = {}, &block)
1667
1721
  options = options.merge(
1668
1722
  bucket: @bucket_name,
1669
1723
  key: @key
1670
1724
  )
1671
- resp = Aws::Plugins::UserAgent.feature('resource') do
1725
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1672
1726
  @client.get_object(options, &block)
1673
1727
  end
1674
1728
  resp.data
@@ -2010,10 +2064,52 @@ module Aws::S3
2010
2064
  # The server-side encryption algorithm used when you store this object
2011
2065
  # in Amazon S3 (for example, `AES256`, `aws:kms`).
2012
2066
  #
2013
- # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
2014
- # managed keys (SSE-S3) (`AES256`) is supported.
2067
+ # * <b>Directory buckets </b> - For directory buckets, there are only
2068
+ # two supported options for server-side encryption: server-side
2069
+ # encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
2070
+ # server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
2071
+ # recommend that the bucket's default encryption uses the desired
2072
+ # encryption configuration and you don't override the bucket default
2073
+ # encryption in your `CreateSession` requests or `PUT` object
2074
+ # requests. Then, new objects are automatically encrypted with the
2075
+ # desired encryption settings. For more information, see [Protecting
2076
+ # data with server-side encryption][1] in the *Amazon S3 User Guide*.
2077
+ # For more information about the encryption overriding behaviors in
2078
+ # directory buckets, see [Specifying server-side encryption with KMS
2079
+ # for new object uploads][2].
2080
+ #
2081
+ # In the Zonal endpoint API calls (except [CopyObject][3] and
2082
+ # [UploadPartCopy][4]) using the REST API, the encryption request
2083
+ # headers must match the encryption settings that are specified in the
2084
+ # `CreateSession` request. You can't override the values of the
2085
+ # encryption settings (`x-amz-server-side-encryption`,
2086
+ # `x-amz-server-side-encryption-aws-kms-key-id`,
2087
+ # `x-amz-server-side-encryption-context`, and
2088
+ # `x-amz-server-side-encryption-bucket-key-enabled`) that are
2089
+ # specified in the `CreateSession` request. You don't need to
2090
+ # explicitly specify these encryption settings values in Zonal
2091
+ # endpoint API calls, and Amazon S3 will use the encryption settings
2092
+ # values from the `CreateSession` request to protect new objects in
2093
+ # the directory bucket.
2094
+ #
2095
+ # <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
2096
+ # `CreateSession`, the session token refreshes automatically to avoid
2097
+ # service interruptions when a session expires. The CLI or the Amazon
2098
+ # Web Services SDKs use the bucket's default encryption configuration
2099
+ # for the `CreateSession` request. It's not supported to override the
2100
+ # encryption settings values in the `CreateSession` request. So in the
2101
+ # Zonal endpoint API calls (except [CopyObject][3] and
2102
+ # [UploadPartCopy][4]), the encryption request headers must match the
2103
+ # default encryption configuration of the directory bucket.
2015
2104
  #
2016
- # </note>
2105
+ # </note>
2106
+ #
2107
+ #
2108
+ #
2109
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
2110
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
2111
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2112
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2017
2113
  # @option options [String] :storage_class
2018
2114
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
2019
2115
  # created objects. The STANDARD storage class provides high durability
@@ -2066,32 +2162,69 @@ module Aws::S3
2066
2162
  #
2067
2163
  # </note>
2068
2164
  # @option options [String] :ssekms_key_id
2069
- # Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric
2070
- # encryption customer managed key to use for object encryption.
2071
- #
2072
- # <note markdown="1"> This functionality is not supported for directory buckets.
2073
- #
2074
- # </note>
2165
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
2166
+ # object encryption. If the KMS key doesn't exist in the same account
2167
+ # that's issuing the command, you must use the full Key ARN not the Key
2168
+ # ID.
2169
+ #
2170
+ # **General purpose buckets** - If you specify
2171
+ # `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
2172
+ # header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
2173
+ # to use. If you specify `x-amz-server-side-encryption:aws:kms` or
2174
+ # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
2175
+ # `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
2176
+ # Amazon Web Services managed key (`aws/s3`) to protect the data.
2177
+ #
2178
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
2179
+ # with `aws:kms`, you must specify the `
2180
+ # x-amz-server-side-encryption-aws-kms-key-id` header with the ID (Key
2181
+ # ID or Key ARN) of the KMS symmetric encryption customer managed key to
2182
+ # use. Otherwise, you get an HTTP `400 Bad Request` error. Only use the
2183
+ # key ID or key ARN. The key alias format of the KMS key isn't
2184
+ # supported. Your SSE-KMS configuration can only support 1 [customer
2185
+ # managed key][1] per directory bucket for the lifetime of the bucket.
2186
+ # [Amazon Web Services managed key][2] (`aws/s3`) isn't supported.
2187
+ #
2188
+ #
2189
+ #
2190
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
2191
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
2075
2192
  # @option options [String] :ssekms_encryption_context
2076
2193
  # Specifies the Amazon Web Services KMS Encryption Context to use for
2077
- # object encryption. The value of this header is a base64-encoded UTF-8
2078
- # string holding JSON with the encryption context key-value pairs.
2079
- #
2080
- # <note markdown="1"> This functionality is not supported for directory buckets.
2081
- #
2082
- # </note>
2194
+ # object encryption. The value of this header is a Base64-encoded string
2195
+ # of a UTF-8 encoded JSON, which contains the encryption context as
2196
+ # key-value pairs.
2197
+ #
2198
+ # **Directory buckets** - You can optionally provide an explicit
2199
+ # encryption context value. The value must match the default encryption
2200
+ # context - the bucket Amazon Resource Name (ARN). An additional
2201
+ # encryption context value is not supported.
2083
2202
  # @option options [Boolean] :bucket_key_enabled
2084
2203
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
2085
2204
  # encryption with server-side encryption using Key Management Service
2086
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
2087
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
2205
+ # (KMS) keys (SSE-KMS).
2088
2206
  #
2089
- # Specifying this header with an object action doesn’t affect
2207
+ # **General purpose buckets** - Setting this header to `true` causes
2208
+ # Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
2209
+ # Also, specifying this header with a PUT action doesn't affect
2090
2210
  # bucket-level settings for S3 Bucket Key.
2091
2211
  #
2092
- # <note markdown="1"> This functionality is not supported for directory buckets.
2212
+ # **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
2213
+ # and `PUT` operations in a directory bucket and can’t be disabled. S3
2214
+ # Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
2215
+ # from general purpose buckets to directory buckets, from directory
2216
+ # buckets to general purpose buckets, or between directory buckets,
2217
+ # through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
2218
+ # Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
2219
+ # makes a call to KMS every time a copy request is made for a
2220
+ # KMS-encrypted object.
2093
2221
  #
2094
- # </note>
2222
+ #
2223
+ #
2224
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2225
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2226
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
2227
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
2095
2228
  # @option options [String] :request_payer
2096
2229
  # Confirms that the requester knows that they will be charged for the
2097
2230
  # request. Bucket owners need not specify this parameter in their
@@ -2153,7 +2286,7 @@ module Aws::S3
2153
2286
  bucket: @bucket_name,
2154
2287
  key: @key
2155
2288
  )
2156
- resp = Aws::Plugins::UserAgent.feature('resource') do
2289
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
2157
2290
  @client.create_multipart_upload(options)
2158
2291
  end
2159
2292
  MultipartUpload.new(
@@ -2182,6 +2315,7 @@ module Aws::S3
2182
2315
  # checksum_sha1: "ChecksumSHA1",
2183
2316
  # checksum_sha256: "ChecksumSHA256",
2184
2317
  # expires: Time.now,
2318
+ # if_none_match: "IfNoneMatch",
2185
2319
  # grant_full_control: "GrantFullControl",
2186
2320
  # grant_read: "GrantRead",
2187
2321
  # grant_read_acp: "GrantReadACP",
@@ -2323,13 +2457,13 @@ module Aws::S3
2323
2457
  # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
2324
2458
  # the supported algorithm from the following list:
2325
2459
  #
2326
- # * CRC32
2460
+ # * `CRC32`
2327
2461
  #
2328
- # * CRC32C
2462
+ # * `CRC32C`
2329
2463
  #
2330
- # * SHA1
2464
+ # * `SHA1`
2331
2465
  #
2332
- # * SHA256
2466
+ # * `SHA256`
2333
2467
  #
2334
2468
  # For more information, see [Checking object integrity][1] in the
2335
2469
  # *Amazon S3 User Guide*.
@@ -2351,9 +2485,9 @@ module Aws::S3
2351
2485
  # @option options [String] :checksum_crc32
2352
2486
  # This header can be used as a data integrity check to verify that the
2353
2487
  # data received is the same data that was originally sent. This header
2354
- # specifies the base64-encoded, 32-bit CRC32 checksum of the object. For
2355
- # more information, see [Checking object integrity][1] in the *Amazon S3
2356
- # User Guide*.
2488
+ # specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
2489
+ # For more information, see [Checking object integrity][1] in the
2490
+ # *Amazon S3 User Guide*.
2357
2491
  #
2358
2492
  #
2359
2493
  #
@@ -2361,7 +2495,7 @@ module Aws::S3
2361
2495
  # @option options [String] :checksum_crc32c
2362
2496
  # This header can be used as a data integrity check to verify that the
2363
2497
  # data received is the same data that was originally sent. This header
2364
- # specifies the base64-encoded, 32-bit CRC32C checksum of the object.
2498
+ # specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
2365
2499
  # For more information, see [Checking object integrity][1] in the
2366
2500
  # *Amazon S3 User Guide*.
2367
2501
  #
@@ -2396,6 +2530,24 @@ module Aws::S3
2396
2530
  #
2397
2531
  #
2398
2532
  # [1]: https://www.rfc-editor.org/rfc/rfc7234#section-5.3
2533
+ # @option options [String] :if_none_match
2534
+ # Uploads the object only if the object key name does not already exist
2535
+ # in the bucket specified. Otherwise, Amazon S3 returns a `412
2536
+ # Precondition Failed` error.
2537
+ #
2538
+ # If a conflicting operation occurs during the upload S3 returns a `409
2539
+ # ConditionalRequestConflict` response. On a 409 failure you should
2540
+ # retry the upload.
2541
+ #
2542
+ # Expects the '*' (asterisk) character.
2543
+ #
2544
+ # For more information about conditional requests, see [RFC 7232][1], or
2545
+ # [Conditional requests][2] in the *Amazon S3 User Guide*.
2546
+ #
2547
+ #
2548
+ #
2549
+ # [1]: https://tools.ietf.org/html/rfc7232
2550
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
2399
2551
  # @option options [String] :grant_full_control
2400
2552
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
2401
2553
  # object.
@@ -2436,25 +2588,65 @@ module Aws::S3
2436
2588
  # object in Amazon S3 (for example, `AES256`, `aws:kms`,
2437
2589
  # `aws:kms:dsse`).
2438
2590
  #
2439
- # <b>General purpose buckets </b> - You have four mutually exclusive
2440
- # options to protect data using server-side encryption in Amazon S3,
2441
- # depending on how you choose to manage the encryption keys.
2442
- # Specifically, the encryption key options are Amazon S3 managed keys
2443
- # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2444
- # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2445
- # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2446
- # default. You can optionally tell Amazon S3 to encrypt data at rest by
2447
- # using server-side encryption with other key options. For more
2448
- # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2449
- # User Guide*.
2591
+ # * <b>General purpose buckets </b> - You have four mutually exclusive
2592
+ # options to protect data using server-side encryption in Amazon S3,
2593
+ # depending on how you choose to manage the encryption keys.
2594
+ # Specifically, the encryption key options are Amazon S3 managed keys
2595
+ # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2596
+ # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2597
+ # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2598
+ # default. You can optionally tell Amazon S3 to encrypt data at rest
2599
+ # by using server-side encryption with other key options. For more
2600
+ # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2601
+ # User Guide*.
2602
+ #
2603
+ # * <b>Directory buckets </b> - For directory buckets, there are only
2604
+ # two supported options for server-side encryption: server-side
2605
+ # encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
2606
+ # server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
2607
+ # recommend that the bucket's default encryption uses the desired
2608
+ # encryption configuration and you don't override the bucket default
2609
+ # encryption in your `CreateSession` requests or `PUT` object
2610
+ # requests. Then, new objects are automatically encrypted with the
2611
+ # desired encryption settings. For more information, see [Protecting
2612
+ # data with server-side encryption][2] in the *Amazon S3 User Guide*.
2613
+ # For more information about the encryption overriding behaviors in
2614
+ # directory buckets, see [Specifying server-side encryption with KMS
2615
+ # for new object uploads][3].
2616
+ #
2617
+ # In the Zonal endpoint API calls (except [CopyObject][4] and
2618
+ # [UploadPartCopy][5]) using the REST API, the encryption request
2619
+ # headers must match the encryption settings that are specified in the
2620
+ # `CreateSession` request. You can't override the values of the
2621
+ # encryption settings (`x-amz-server-side-encryption`,
2622
+ # `x-amz-server-side-encryption-aws-kms-key-id`,
2623
+ # `x-amz-server-side-encryption-context`, and
2624
+ # `x-amz-server-side-encryption-bucket-key-enabled`) that are
2625
+ # specified in the `CreateSession` request. You don't need to
2626
+ # explicitly specify these encryption settings values in Zonal
2627
+ # endpoint API calls, and Amazon S3 will use the encryption settings
2628
+ # values from the `CreateSession` request to protect new objects in
2629
+ # the directory bucket.
2630
+ #
2631
+ # <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
2632
+ # `CreateSession`, the session token refreshes automatically to avoid
2633
+ # service interruptions when a session expires. The CLI or the Amazon
2634
+ # Web Services SDKs use the bucket's default encryption configuration
2635
+ # for the `CreateSession` request. It's not supported to override the
2636
+ # encryption settings values in the `CreateSession` request. So in the
2637
+ # Zonal endpoint API calls (except [CopyObject][4] and
2638
+ # [UploadPartCopy][5]), the encryption request headers must match the
2639
+ # default encryption configuration of the directory bucket.
2450
2640
  #
2451
- # <b>Directory buckets </b> - For directory buckets, only the
2452
- # server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`)
2453
- # value is supported.
2641
+ # </note>
2454
2642
  #
2455
2643
  #
2456
2644
  #
2457
2645
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
2646
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
2647
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
2648
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2649
+ # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2458
2650
  # @option options [String] :storage_class
2459
2651
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
2460
2652
  # created objects. The STANDARD storage class provides high durability
@@ -2528,44 +2720,81 @@ module Aws::S3
2528
2720
  #
2529
2721
  # </note>
2530
2722
  # @option options [String] :ssekms_key_id
2531
- # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
2532
- # `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key
2533
- # Alias) of the Key Management Service (KMS) symmetric encryption
2534
- # customer managed key that was used for the object. If you specify
2535
- # `x-amz-server-side-encryption:aws:kms` or
2536
- # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
2537
- # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
2538
- # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
2539
- # KMS key does not exist in the same account that's issuing the
2540
- # command, you must use the full ARN and not just the ID.
2723
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
2724
+ # object encryption. If the KMS key doesn't exist in the same account
2725
+ # that's issuing the command, you must use the full Key ARN not the Key
2726
+ # ID.
2727
+ #
2728
+ # **General purpose buckets** - If you specify
2729
+ # `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
2730
+ # header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
2731
+ # to use. If you specify `x-amz-server-side-encryption:aws:kms` or
2732
+ # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
2733
+ # `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
2734
+ # Amazon Web Services managed key (`aws/s3`) to protect the data.
2735
+ #
2736
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
2737
+ # with `aws:kms`, you must specify the `
2738
+ # x-amz-server-side-encryption-aws-kms-key-id` header with the ID (Key
2739
+ # ID or Key ARN) of the KMS symmetric encryption customer managed key to
2740
+ # use. Otherwise, you get an HTTP `400 Bad Request` error. Only use the
2741
+ # key ID or key ARN. The key alias format of the KMS key isn't
2742
+ # supported. Your SSE-KMS configuration can only support 1 [customer
2743
+ # managed key][1] per directory bucket for the lifetime of the bucket.
2744
+ # [Amazon Web Services managed key][2] (`aws/s3`) isn't supported.
2745
+ #
2746
+ #
2747
+ #
2748
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
2749
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
2750
+ # @option options [String] :ssekms_encryption_context
2751
+ # Specifies the Amazon Web Services KMS Encryption Context as an
2752
+ # additional encryption context to use for object encryption. The value
2753
+ # of this header is a Base64-encoded string of a UTF-8 encoded JSON,
2754
+ # which contains the encryption context as key-value pairs. This value
2755
+ # is stored as object metadata and automatically gets passed on to
2756
+ # Amazon Web Services KMS for future `GetObject` operations on this
2757
+ # object.
2541
2758
  #
2542
- # <note markdown="1"> This functionality is not supported for directory buckets.
2759
+ # **General purpose buckets** - This value must be explicitly added
2760
+ # during `CopyObject` operations if you want an additional encryption
2761
+ # context for your object. For more information, see [Encryption
2762
+ # context][1] in the *Amazon S3 User Guide*.
2543
2763
  #
2544
- # </note>
2545
- # @option options [String] :ssekms_encryption_context
2546
- # Specifies the Amazon Web Services KMS Encryption Context to use for
2547
- # object encryption. The value of this header is a base64-encoded UTF-8
2548
- # string holding JSON with the encryption context key-value pairs. This
2549
- # value is stored as object metadata and automatically gets passed on to
2550
- # Amazon Web Services KMS for future `GetObject` or `CopyObject`
2551
- # operations on this object. This value must be explicitly added during
2552
- # `CopyObject` operations.
2764
+ # **Directory buckets** - You can optionally provide an explicit
2765
+ # encryption context value. The value must match the default encryption
2766
+ # context - the bucket Amazon Resource Name (ARN). An additional
2767
+ # encryption context value is not supported.
2553
2768
  #
2554
- # <note markdown="1"> This functionality is not supported for directory buckets.
2555
2769
  #
2556
- # </note>
2770
+ #
2771
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
2557
2772
  # @option options [Boolean] :bucket_key_enabled
2558
2773
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
2559
2774
  # encryption with server-side encryption using Key Management Service
2560
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
2561
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
2775
+ # (KMS) keys (SSE-KMS).
2776
+ #
2777
+ # **General purpose buckets** - Setting this header to `true` causes
2778
+ # Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
2779
+ # Also, specifying this header with a PUT action doesn't affect
2780
+ # bucket-level settings for S3 Bucket Key.
2562
2781
  #
2563
- # Specifying this header with a PUT action doesn’t affect bucket-level
2564
- # settings for S3 Bucket Key.
2782
+ # **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
2783
+ # and `PUT` operations in a directory bucket and can’t be disabled. S3
2784
+ # Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
2785
+ # from general purpose buckets to directory buckets, from directory
2786
+ # buckets to general purpose buckets, or between directory buckets,
2787
+ # through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
2788
+ # Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
2789
+ # makes a call to KMS every time a copy request is made for a
2790
+ # KMS-encrypted object.
2565
2791
  #
2566
- # <note markdown="1"> This functionality is not supported for directory buckets.
2567
2792
  #
2568
- # </note>
2793
+ #
2794
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2795
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2796
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
2797
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
2569
2798
  # @option options [String] :request_payer
2570
2799
  # Confirms that the requester knows that they will be charged for the
2571
2800
  # request. Bucket owners need not specify this parameter in their
@@ -2624,7 +2853,7 @@ module Aws::S3
2624
2853
  bucket: @bucket_name,
2625
2854
  key: @key
2626
2855
  )
2627
- resp = Aws::Plugins::UserAgent.feature('resource') do
2856
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
2628
2857
  @client.put_object(options)
2629
2858
  end
2630
2859
  resp.data
@@ -2765,7 +2994,7 @@ module Aws::S3
2765
2994
  bucket: @bucket_name,
2766
2995
  key: @key
2767
2996
  )
2768
- resp = Aws::Plugins::UserAgent.feature('resource') do
2997
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
2769
2998
  @client.restore_object(options)
2770
2999
  end
2771
3000
  resp.data
@@ -2779,6 +3008,12 @@ module Aws::S3
2779
3008
  # if_none_match: "IfNoneMatch",
2780
3009
  # if_unmodified_since: Time.now,
2781
3010
  # range: "Range",
3011
+ # response_cache_control: "ResponseCacheControl",
3012
+ # response_content_disposition: "ResponseContentDisposition",
3013
+ # response_content_encoding: "ResponseContentEncoding",
3014
+ # response_content_language: "ResponseContentLanguage",
3015
+ # response_content_type: "ResponseContentType",
3016
+ # response_expires: Time.now,
2782
3017
  # version_id: "ObjectVersionId",
2783
3018
  # sse_customer_algorithm: "SSECustomerAlgorithm",
2784
3019
  # sse_customer_key: "SSECustomerKey",
@@ -2866,6 +3101,18 @@ module Aws::S3
2866
3101
  # satisfiable, only the `ContentLength` is affected in the response. If
2867
3102
  # the Range is not satisfiable, S3 returns a `416 - Requested Range Not
2868
3103
  # Satisfiable` error.
3104
+ # @option options [String] :response_cache_control
3105
+ # Sets the `Cache-Control` header of the response.
3106
+ # @option options [String] :response_content_disposition
3107
+ # Sets the `Content-Disposition` header of the response.
3108
+ # @option options [String] :response_content_encoding
3109
+ # Sets the `Content-Encoding` header of the response.
3110
+ # @option options [String] :response_content_language
3111
+ # Sets the `Content-Language` header of the response.
3112
+ # @option options [String] :response_content_type
3113
+ # Sets the `Content-Type` header of the response.
3114
+ # @option options [Time,DateTime,Date,Integer,String] :response_expires
3115
+ # Sets the `Expires` header of the response.
2869
3116
  # @option options [String] :version_id
2870
3117
  # Version ID used to reference a specific version of the object.
2871
3118
  #
@@ -2926,17 +3173,27 @@ module Aws::S3
2926
3173
  # @option options [String] :checksum_mode
2927
3174
  # To retrieve the checksum, this parameter must be enabled.
2928
3175
  #
2929
- # In addition, if you enable `ChecksumMode` and the object is encrypted
2930
- # with Amazon Web Services Key Management Service (Amazon Web Services
2931
- # KMS), you must have permission to use the `kms:Decrypt` action for the
2932
- # request to succeed.
3176
+ # **General purpose buckets** - If you enable checksum mode and the
3177
+ # object is uploaded with a [checksum][1] and encrypted with an Key
3178
+ # Management Service (KMS) key, you must have permission to use the
3179
+ # `kms:Decrypt` action to retrieve the checksum.
3180
+ #
3181
+ # **Directory buckets** - If you enable `ChecksumMode` and the object is
3182
+ # encrypted with Amazon Web Services Key Management Service (Amazon Web
3183
+ # Services KMS), you must also have the `kms:GenerateDataKey` and
3184
+ # `kms:Decrypt` permissions in IAM identity-based policies and KMS key
3185
+ # policies for the KMS key to retrieve the checksum of the object.
3186
+ #
3187
+ #
3188
+ #
3189
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
2933
3190
  # @return [Types::HeadObjectOutput]
2934
3191
  def head(options = {})
2935
3192
  options = options.merge(
2936
3193
  bucket: @bucket_name,
2937
3194
  key: @key
2938
3195
  )
2939
- resp = Aws::Plugins::UserAgent.feature('resource') do
3196
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
2940
3197
  @client.head_object(options)
2941
3198
  end
2942
3199
  resp.data
@@ -3119,13 +3376,13 @@ module Aws::S3
3119
3376
  # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
3120
3377
  # the supported algorithm from the following list:
3121
3378
  #
3122
- # * CRC32
3379
+ # * `CRC32`
3123
3380
  #
3124
- # * CRC32C
3381
+ # * `CRC32C`
3125
3382
  #
3126
- # * SHA1
3383
+ # * `SHA1`
3127
3384
  #
3128
- # * SHA256
3385
+ # * `SHA256`
3129
3386
  #
3130
3387
  # For more information, see [Checking object integrity][1] in the
3131
3388
  # *Amazon S3 User Guide*.
@@ -3154,7 +3411,7 @@ module Aws::S3
3154
3411
  key: item.key
3155
3412
  }
3156
3413
  end
3157
- Aws::Plugins::UserAgent.feature('resource') do
3414
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
3158
3415
  batch[0].client.delete_objects(params)
3159
3416
  end
3160
3417
  end
@@ -3166,3 +3423,6 @@ module Aws::S3
3166
3423
  end
3167
3424
  end
3168
3425
  end
3426
+
3427
+ # Load customizations if they exist
3428
+ require 'aws-sdk-s3/customizations/object'