aws-sdk-s3 1.150.0 → 1.169.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +110 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +12 -3
- data/lib/aws-sdk-s3/bucket.rb +252 -88
- data/lib/aws-sdk-s3/bucket_acl.rb +3 -3
- data/lib/aws-sdk-s3/bucket_cors.rb +4 -4
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +4 -4
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +42 -5
- data/lib/aws-sdk-s3/bucket_logging.rb +3 -3
- data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
- data/lib/aws-sdk-s3/bucket_policy.rb +8 -8
- data/lib/aws-sdk-s3/bucket_request_payment.rb +3 -3
- data/lib/aws-sdk-s3/bucket_tagging.rb +4 -4
- data/lib/aws-sdk-s3/bucket_versioning.rb +5 -5
- data/lib/aws-sdk-s3/bucket_website.rb +4 -4
- data/lib/aws-sdk-s3/client.rb +1685 -668
- data/lib/aws-sdk-s3/client_api.rb +49 -4
- data/lib/aws-sdk-s3/customizations/bucket.rb +1 -1
- data/lib/aws-sdk-s3/customizations/object.rb +11 -5
- data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
- data/lib/aws-sdk-s3/customizations/object_version.rb +13 -0
- data/lib/aws-sdk-s3/customizations.rb +24 -38
- data/lib/aws-sdk-s3/encryption/client.rb +2 -2
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +2 -2
- data/lib/aws-sdk-s3/encryptionV2/client.rb +2 -2
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +2 -2
- data/lib/aws-sdk-s3/endpoint_parameters.rb +21 -18
- data/lib/aws-sdk-s3/endpoint_provider.rb +1 -0
- data/lib/aws-sdk-s3/endpoints.rb +416 -1614
- data/lib/aws-sdk-s3/errors.rb +3 -0
- data/lib/aws-sdk-s3/file_downloader.rb +1 -1
- data/lib/aws-sdk-s3/file_uploader.rb +1 -1
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +1 -1
- data/lib/aws-sdk-s3/multipart_upload.rb +31 -8
- data/lib/aws-sdk-s3/multipart_upload_part.rb +11 -11
- data/lib/aws-sdk-s3/object.rb +441 -158
- data/lib/aws-sdk-s3/object_acl.rb +3 -3
- data/lib/aws-sdk-s3/object_copier.rb +1 -1
- data/lib/aws-sdk-s3/object_summary.rb +403 -134
- data/lib/aws-sdk-s3/object_version.rb +53 -13
- data/lib/aws-sdk-s3/plugins/access_grants.rb +75 -5
- data/lib/aws-sdk-s3/plugins/endpoints.rb +24 -212
- data/lib/aws-sdk-s3/plugins/express_session_auth.rb +7 -1
- data/lib/aws-sdk-s3/plugins/http_200_errors.rb +53 -16
- data/lib/aws-sdk-s3/resource.rb +37 -11
- data/lib/aws-sdk-s3/types.rb +1106 -401
- data/lib/aws-sdk-s3.rb +35 -31
- data/sig/bucket.rbs +4 -0
- data/sig/bucket_lifecycle_configuration.rbs +7 -3
- data/sig/client.rbs +49 -5
- data/sig/multipart_upload.rbs +1 -0
- data/sig/object.rbs +7 -0
- data/sig/object_summary.rbs +1 -0
- data/sig/object_version.rbs +6 -0
- data/sig/resource.rbs +7 -1
- data/sig/types.rbs +36 -2
- data/sig/waiters.rbs +12 -0
- metadata +7 -6
data/lib/aws-sdk-s3/types.rb
CHANGED
@@ -344,11 +344,18 @@ module Aws::S3
|
|
344
344
|
# changes to your bucket, such as editing its bucket policy.
|
345
345
|
# @return [Time]
|
346
346
|
#
|
347
|
+
# @!attribute [rw] bucket_region
|
348
|
+
# `BucketRegion` indicates the Amazon Web Services region where the
|
349
|
+
# bucket is located. If the request contains at least one valid
|
350
|
+
# parameter, it is included in the response.
|
351
|
+
# @return [String]
|
352
|
+
#
|
347
353
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Bucket AWS API Documentation
|
348
354
|
#
|
349
355
|
class Bucket < Struct.new(
|
350
356
|
:name,
|
351
|
-
:creation_date
|
357
|
+
:creation_date,
|
358
|
+
:bucket_region)
|
352
359
|
SENSITIVE = []
|
353
360
|
include Aws::Structure
|
354
361
|
end
|
@@ -634,7 +641,7 @@ module Aws::S3
|
|
634
641
|
# Contains all the possible checksum or digest values for an object.
|
635
642
|
#
|
636
643
|
# @!attribute [rw] checksum_crc32
|
637
|
-
# The base64-encoded, 32-bit
|
644
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
638
645
|
# only be present if it was uploaded with the object. When you use an
|
639
646
|
# API operation on an object that was uploaded using multipart
|
640
647
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -649,7 +656,7 @@ module Aws::S3
|
|
649
656
|
# @return [String]
|
650
657
|
#
|
651
658
|
# @!attribute [rw] checksum_crc32c
|
652
|
-
# The base64-encoded, 32-bit
|
659
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
653
660
|
# only be present if it was uploaded with the object. When you use an
|
654
661
|
# API operation on an object that was uploaded using multipart
|
655
662
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -803,7 +810,7 @@ module Aws::S3
|
|
803
810
|
# @return [String]
|
804
811
|
#
|
805
812
|
# @!attribute [rw] checksum_crc32
|
806
|
-
# The base64-encoded, 32-bit
|
813
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
807
814
|
# only be present if it was uploaded with the object. When you use an
|
808
815
|
# API operation on an object that was uploaded using multipart
|
809
816
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -818,7 +825,7 @@ module Aws::S3
|
|
818
825
|
# @return [String]
|
819
826
|
#
|
820
827
|
# @!attribute [rw] checksum_crc32c
|
821
|
-
# The base64-encoded, 32-bit
|
828
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
822
829
|
# only be present if it was uploaded with the object. When you use an
|
823
830
|
# API operation on an object that was uploaded using multipart
|
824
831
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -865,11 +872,6 @@ module Aws::S3
|
|
865
872
|
# @!attribute [rw] server_side_encryption
|
866
873
|
# The server-side encryption algorithm used when storing this object
|
867
874
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
868
|
-
#
|
869
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
870
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
871
|
-
#
|
872
|
-
# </note>
|
873
875
|
# @return [String]
|
874
876
|
#
|
875
877
|
# @!attribute [rw] version_id
|
@@ -882,23 +884,14 @@ module Aws::S3
|
|
882
884
|
# @return [String]
|
883
885
|
#
|
884
886
|
# @!attribute [rw] ssekms_key_id
|
885
|
-
# If present, indicates the ID of the
|
886
|
-
#
|
887
|
-
# object.
|
888
|
-
#
|
889
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
890
|
-
#
|
891
|
-
# </note>
|
887
|
+
# If present, indicates the ID of the KMS key that was used for object
|
888
|
+
# encryption.
|
892
889
|
# @return [String]
|
893
890
|
#
|
894
891
|
# @!attribute [rw] bucket_key_enabled
|
895
892
|
# Indicates whether the multipart upload uses an S3 Bucket Key for
|
896
893
|
# server-side encryption with Key Management Service (KMS) keys
|
897
894
|
# (SSE-KMS).
|
898
|
-
#
|
899
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
900
|
-
#
|
901
|
-
# </note>
|
902
895
|
# @return [Boolean]
|
903
896
|
#
|
904
897
|
# @!attribute [rw] request_charged
|
@@ -991,7 +984,7 @@ module Aws::S3
|
|
991
984
|
# @!attribute [rw] checksum_crc32
|
992
985
|
# This header can be used as a data integrity check to verify that the
|
993
986
|
# data received is the same data that was originally sent. This header
|
994
|
-
# specifies the base64-encoded, 32-bit
|
987
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
995
988
|
# For more information, see [Checking object integrity][1] in the
|
996
989
|
# *Amazon S3 User Guide*.
|
997
990
|
#
|
@@ -1003,7 +996,7 @@ module Aws::S3
|
|
1003
996
|
# @!attribute [rw] checksum_crc32c
|
1004
997
|
# This header can be used as a data integrity check to verify that the
|
1005
998
|
# data received is the same data that was originally sent. This header
|
1006
|
-
# specifies the base64-encoded, 32-bit
|
999
|
+
# specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
|
1007
1000
|
# For more information, see [Checking object integrity][1] in the
|
1008
1001
|
# *Amazon S3 User Guide*.
|
1009
1002
|
#
|
@@ -1061,6 +1054,27 @@ module Aws::S3
|
|
1061
1054
|
# denied).
|
1062
1055
|
# @return [String]
|
1063
1056
|
#
|
1057
|
+
# @!attribute [rw] if_none_match
|
1058
|
+
# Uploads the object only if the object key name does not already
|
1059
|
+
# exist in the bucket specified. Otherwise, Amazon S3 returns a `412
|
1060
|
+
# Precondition Failed` error.
|
1061
|
+
#
|
1062
|
+
# If a conflicting operation occurs during the upload S3 returns a
|
1063
|
+
# `409 ConditionalRequestConflict` response. On a 409 failure you
|
1064
|
+
# should re-initiate the multipart upload with `CreateMultipartUpload`
|
1065
|
+
# and re-upload each part.
|
1066
|
+
#
|
1067
|
+
# Expects the '*' (asterisk) character.
|
1068
|
+
#
|
1069
|
+
# For more information about conditional requests, see [RFC 7232][1],
|
1070
|
+
# or [Conditional requests][2] in the *Amazon S3 User Guide*.
|
1071
|
+
#
|
1072
|
+
#
|
1073
|
+
#
|
1074
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
1075
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
|
1076
|
+
# @return [String]
|
1077
|
+
#
|
1064
1078
|
# @!attribute [rw] sse_customer_algorithm
|
1065
1079
|
# The server-side encryption (SSE) algorithm used to encrypt the
|
1066
1080
|
# object. This parameter is required only when the object was created
|
@@ -1120,6 +1134,7 @@ module Aws::S3
|
|
1120
1134
|
:checksum_sha256,
|
1121
1135
|
:request_payer,
|
1122
1136
|
:expected_bucket_owner,
|
1137
|
+
:if_none_match,
|
1123
1138
|
:sse_customer_algorithm,
|
1124
1139
|
:sse_customer_key,
|
1125
1140
|
:sse_customer_key_md5)
|
@@ -1151,7 +1166,7 @@ module Aws::S3
|
|
1151
1166
|
# @return [String]
|
1152
1167
|
#
|
1153
1168
|
# @!attribute [rw] checksum_crc32
|
1154
|
-
# The base64-encoded, 32-bit
|
1169
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
1155
1170
|
# only be present if it was uploaded with the object. When you use an
|
1156
1171
|
# API operation on an object that was uploaded using multipart
|
1157
1172
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -1166,7 +1181,7 @@ module Aws::S3
|
|
1166
1181
|
# @return [String]
|
1167
1182
|
#
|
1168
1183
|
# @!attribute [rw] checksum_crc32c
|
1169
|
-
# The base64-encoded, 32-bit
|
1184
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
1170
1185
|
# only be present if it was uploaded with the object. When you use an
|
1171
1186
|
# API operation on an object that was uploaded using multipart
|
1172
1187
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -1326,11 +1341,6 @@ module Aws::S3
|
|
1326
1341
|
# @!attribute [rw] server_side_encryption
|
1327
1342
|
# The server-side encryption algorithm used when you store this object
|
1328
1343
|
# in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
|
1329
|
-
#
|
1330
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
1331
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
1332
|
-
#
|
1333
|
-
# </note>
|
1334
1344
|
# @return [String]
|
1335
1345
|
#
|
1336
1346
|
# @!attribute [rw] sse_customer_algorithm
|
@@ -1355,13 +1365,8 @@ module Aws::S3
|
|
1355
1365
|
# @return [String]
|
1356
1366
|
#
|
1357
1367
|
# @!attribute [rw] ssekms_key_id
|
1358
|
-
# If present, indicates the ID of the
|
1359
|
-
#
|
1360
|
-
# object.
|
1361
|
-
#
|
1362
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
1363
|
-
#
|
1364
|
-
# </note>
|
1368
|
+
# If present, indicates the ID of the KMS key that was used for object
|
1369
|
+
# encryption.
|
1365
1370
|
# @return [String]
|
1366
1371
|
#
|
1367
1372
|
# @!attribute [rw] ssekms_encryption_context
|
@@ -1369,20 +1374,12 @@ module Aws::S3
|
|
1369
1374
|
# to use for object encryption. The value of this header is a
|
1370
1375
|
# base64-encoded UTF-8 string holding JSON with the encryption context
|
1371
1376
|
# key-value pairs.
|
1372
|
-
#
|
1373
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
1374
|
-
#
|
1375
|
-
# </note>
|
1376
1377
|
# @return [String]
|
1377
1378
|
#
|
1378
1379
|
# @!attribute [rw] bucket_key_enabled
|
1379
1380
|
# Indicates whether the copied object uses an S3 Bucket Key for
|
1380
1381
|
# server-side encryption with Key Management Service (KMS) keys
|
1381
1382
|
# (SSE-KMS).
|
1382
|
-
#
|
1383
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
1384
|
-
#
|
1385
|
-
# </note>
|
1386
1383
|
# @return [Boolean]
|
1387
1384
|
#
|
1388
1385
|
# @!attribute [rw] request_charged
|
@@ -1810,9 +1807,8 @@ module Aws::S3
|
|
1810
1807
|
#
|
1811
1808
|
# @!attribute [rw] server_side_encryption
|
1812
1809
|
# The server-side encryption algorithm used when storing this object
|
1813
|
-
# in Amazon S3
|
1814
|
-
#
|
1815
|
-
# and will receive a `400 Bad Request` response.
|
1810
|
+
# in Amazon S3. Unrecognized or unsupported values won’t write a
|
1811
|
+
# destination object and will receive a `400 Bad Request` response.
|
1816
1812
|
#
|
1817
1813
|
# Amazon S3 automatically encrypts all new objects that are copied to
|
1818
1814
|
# an S3 bucket. When copying an object, if you don't specify
|
@@ -1821,21 +1817,8 @@ module Aws::S3
|
|
1821
1817
|
# of the destination bucket. By default, all buckets have a base level
|
1822
1818
|
# of encryption configuration that uses server-side encryption with
|
1823
1819
|
# Amazon S3 managed keys (SSE-S3). If the destination bucket has a
|
1824
|
-
# default encryption configuration
|
1825
|
-
#
|
1826
|
-
# server-side encryption with Amazon Web Services KMS keys (DSSE-KMS),
|
1827
|
-
# or server-side encryption with customer-provided encryption keys
|
1828
|
-
# (SSE-C), Amazon S3 uses the corresponding KMS key, or a
|
1829
|
-
# customer-provided key to encrypt the target object copy.
|
1830
|
-
#
|
1831
|
-
# When you perform a `CopyObject` operation, if you want to use a
|
1832
|
-
# different type of encryption setting for the target object, you can
|
1833
|
-
# specify appropriate encryption-related headers to encrypt the target
|
1834
|
-
# object with an Amazon S3 managed key, a KMS key, or a
|
1835
|
-
# customer-provided key. If the encryption setting in your request is
|
1836
|
-
# different from the default encryption configuration of the
|
1837
|
-
# destination bucket, the encryption setting in your request takes
|
1838
|
-
# precedence.
|
1820
|
+
# different default encryption configuration, Amazon S3 uses the
|
1821
|
+
# corresponding encryption key to encrypt the target object copy.
|
1839
1822
|
#
|
1840
1823
|
# With server-side encryption, Amazon S3 encrypts your data as it
|
1841
1824
|
# writes your data to disks in its data centers and decrypts the data
|
@@ -1843,14 +1826,63 @@ module Aws::S3
|
|
1843
1826
|
# encryption, see [Using Server-Side Encryption][1] in the *Amazon S3
|
1844
1827
|
# User Guide*.
|
1845
1828
|
#
|
1846
|
-
# <
|
1847
|
-
#
|
1848
|
-
#
|
1849
|
-
#
|
1829
|
+
# <b>General purpose buckets </b>
|
1830
|
+
#
|
1831
|
+
# * For general purpose buckets, there are the following supported
|
1832
|
+
# options for server-side encryption: server-side encryption with
|
1833
|
+
# Key Management Service (KMS) keys (SSE-KMS), dual-layer
|
1834
|
+
# server-side encryption with Amazon Web Services KMS keys
|
1835
|
+
# (DSSE-KMS), and server-side encryption with customer-provided
|
1836
|
+
# encryption keys (SSE-C). Amazon S3 uses the corresponding KMS key,
|
1837
|
+
# or a customer-provided key to encrypt the target object copy.
|
1838
|
+
#
|
1839
|
+
# * When you perform a `CopyObject` operation, if you want to use a
|
1840
|
+
# different type of encryption setting for the target object, you
|
1841
|
+
# can specify appropriate encryption-related headers to encrypt the
|
1842
|
+
# target object with an Amazon S3 managed key, a KMS key, or a
|
1843
|
+
# customer-provided key. If the encryption setting in your request
|
1844
|
+
# is different from the default encryption configuration of the
|
1845
|
+
# destination bucket, the encryption setting in your request takes
|
1846
|
+
# precedence.
|
1847
|
+
#
|
1848
|
+
# <b>Directory buckets </b>
|
1849
|
+
#
|
1850
|
+
# * For directory buckets, there are only two supported options for
|
1851
|
+
# server-side encryption: server-side encryption with Amazon S3
|
1852
|
+
# managed keys (SSE-S3) (`AES256`) and server-side encryption with
|
1853
|
+
# KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's
|
1854
|
+
# default encryption uses the desired encryption configuration and
|
1855
|
+
# you don't override the bucket default encryption in your
|
1856
|
+
# `CreateSession` requests or `PUT` object requests. Then, new
|
1857
|
+
# objects are automatically encrypted with the desired encryption
|
1858
|
+
# settings. For more information, see [Protecting data with
|
1859
|
+
# server-side encryption][2] in the *Amazon S3 User Guide*. For more
|
1860
|
+
# information about the encryption overriding behaviors in directory
|
1861
|
+
# buckets, see [Specifying server-side encryption with KMS for new
|
1862
|
+
# object uploads][3].
|
1863
|
+
#
|
1864
|
+
# * To encrypt new object copies to a directory bucket with SSE-KMS,
|
1865
|
+
# we recommend you specify SSE-KMS as the directory bucket's
|
1866
|
+
# default encryption configuration with a KMS key (specifically, a
|
1867
|
+
# [customer managed key][4]). The [Amazon Web Services managed
|
1868
|
+
# key][5] (`aws/s3`) isn't supported. Your SSE-KMS configuration
|
1869
|
+
# can only support 1 [customer managed key][4] per directory bucket
|
1870
|
+
# for the lifetime of the bucket. After you specify a customer
|
1871
|
+
# managed key for SSE-KMS, you can't override the customer managed
|
1872
|
+
# key for the bucket's SSE-KMS configuration. Then, when you
|
1873
|
+
# perform a `CopyObject` operation and want to specify server-side
|
1874
|
+
# encryption settings for new object copies with SSE-KMS in the
|
1875
|
+
# encryption-related request headers, you must ensure the encryption
|
1876
|
+
# key is the same customer managed key that you specified for the
|
1877
|
+
# directory bucket's default encryption configuration.
|
1850
1878
|
#
|
1851
1879
|
#
|
1852
1880
|
#
|
1853
1881
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
|
1882
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
1883
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
1884
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
1885
|
+
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
1854
1886
|
# @return [String]
|
1855
1887
|
#
|
1856
1888
|
# @!attribute [rw] storage_class
|
@@ -1956,7 +1988,7 @@ module Aws::S3
|
|
1956
1988
|
# @return [String]
|
1957
1989
|
#
|
1958
1990
|
# @!attribute [rw] ssekms_key_id
|
1959
|
-
# Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for
|
1991
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
1960
1992
|
# object encryption. All GET and PUT requests for an object protected
|
1961
1993
|
# by KMS will fail if they're not made via SSL or using SigV4. For
|
1962
1994
|
# information about configuring any of the officially supported Amazon
|
@@ -1964,27 +1996,50 @@ module Aws::S3
|
|
1964
1996
|
# Signature Version in Request Authentication][1] in the *Amazon S3
|
1965
1997
|
# User Guide*.
|
1966
1998
|
#
|
1967
|
-
#
|
1968
|
-
#
|
1969
|
-
#
|
1970
|
-
#
|
1999
|
+
# **Directory buckets** - If you specify
|
2000
|
+
# `x-amz-server-side-encryption` with `aws:kms`, the `
|
2001
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header is implicitly
|
2002
|
+
# assigned the ID of the KMS symmetric encryption customer managed key
|
2003
|
+
# that's configured for your directory bucket's default encryption
|
2004
|
+
# setting. If you want to specify the `
|
2005
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
|
2006
|
+
# can only specify it with the ID (Key ID or Key ARN) of the KMS
|
2007
|
+
# customer managed key that's configured for your directory bucket's
|
2008
|
+
# default encryption setting. Otherwise, you get an HTTP `400 Bad
|
2009
|
+
# Request` error. Only use the key ID or key ARN. The key alias format
|
2010
|
+
# of the KMS key isn't supported. Your SSE-KMS configuration can only
|
2011
|
+
# support 1 [customer managed key][2] per directory bucket for the
|
2012
|
+
# lifetime of the bucket. The [Amazon Web Services managed key][3]
|
2013
|
+
# (`aws/s3`) isn't supported.
|
1971
2014
|
#
|
1972
2015
|
#
|
1973
2016
|
#
|
1974
2017
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
2018
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
2019
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
1975
2020
|
# @return [String]
|
1976
2021
|
#
|
1977
2022
|
# @!attribute [rw] ssekms_encryption_context
|
1978
|
-
# Specifies the Amazon Web Services KMS Encryption Context
|
1979
|
-
#
|
1980
|
-
#
|
1981
|
-
#
|
1982
|
-
# context for `CopyObject` requests.
|
2023
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
2024
|
+
# additional encryption context to use for the destination object
|
2025
|
+
# encryption. The value of this header is a base64-encoded UTF-8
|
2026
|
+
# string holding JSON with the encryption context key-value pairs.
|
1983
2027
|
#
|
1984
|
-
#
|
1985
|
-
#
|
2028
|
+
# **General purpose buckets** - This value must be explicitly added to
|
2029
|
+
# specify encryption context for `CopyObject` requests if you want an
|
2030
|
+
# additional encryption context for your destination object. The
|
2031
|
+
# additional encryption context of the source object won't be copied
|
2032
|
+
# to the destination object. For more information, see [Encryption
|
2033
|
+
# context][1] in the *Amazon S3 User Guide*.
|
1986
2034
|
#
|
1987
|
-
#
|
2035
|
+
# **Directory buckets** - You can optionally provide an explicit
|
2036
|
+
# encryption context value. The value must match the default
|
2037
|
+
# encryption context - the bucket Amazon Resource Name (ARN). An
|
2038
|
+
# additional encryption context value is not supported.
|
2039
|
+
#
|
2040
|
+
#
|
2041
|
+
#
|
2042
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
1988
2043
|
# @return [String]
|
1989
2044
|
#
|
1990
2045
|
# @!attribute [rw] bucket_key_enabled
|
@@ -2001,14 +2056,19 @@ module Aws::S3
|
|
2001
2056
|
# For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon
|
2002
2057
|
# S3 User Guide*.
|
2003
2058
|
#
|
2004
|
-
# <note markdown="1">
|
2005
|
-
#
|
2059
|
+
# <note markdown="1"> **Directory buckets** - S3 Bucket Keys aren't supported, when you
|
2060
|
+
# copy SSE-KMS encrypted objects from general purpose buckets to
|
2061
|
+
# directory buckets, from directory buckets to general purpose
|
2062
|
+
# buckets, or between directory buckets, through [CopyObject][2]. In
|
2063
|
+
# this case, Amazon S3 makes a call to KMS every time a copy request
|
2064
|
+
# is made for a KMS-encrypted object.
|
2006
2065
|
#
|
2007
2066
|
# </note>
|
2008
2067
|
#
|
2009
2068
|
#
|
2010
2069
|
#
|
2011
2070
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
|
2071
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
2012
2072
|
# @return [Boolean]
|
2013
2073
|
#
|
2014
2074
|
# @!attribute [rw] copy_source_sse_customer_algorithm
|
@@ -2225,7 +2285,7 @@ module Aws::S3
|
|
2225
2285
|
# @return [Time]
|
2226
2286
|
#
|
2227
2287
|
# @!attribute [rw] checksum_crc32
|
2228
|
-
# The base64-encoded, 32-bit
|
2288
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
2229
2289
|
# only be present if it was uploaded with the object. For more
|
2230
2290
|
# information, see [ Checking object integrity][1] in the *Amazon S3
|
2231
2291
|
# User Guide*.
|
@@ -2236,7 +2296,7 @@ module Aws::S3
|
|
2236
2296
|
# @return [String]
|
2237
2297
|
#
|
2238
2298
|
# @!attribute [rw] checksum_crc32c
|
2239
|
-
# The base64-encoded, 32-bit
|
2299
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
2240
2300
|
# only be present if it was uploaded with the object. For more
|
2241
2301
|
# information, see [ Checking object integrity][1] in the *Amazon S3
|
2242
2302
|
# User Guide*.
|
@@ -2292,7 +2352,7 @@ module Aws::S3
|
|
2292
2352
|
# @return [Time]
|
2293
2353
|
#
|
2294
2354
|
# @!attribute [rw] checksum_crc32
|
2295
|
-
# The base64-encoded, 32-bit
|
2355
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
2296
2356
|
# only be present if it was uploaded with the object. When you use an
|
2297
2357
|
# API operation on an object that was uploaded using multipart
|
2298
2358
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -2307,7 +2367,7 @@ module Aws::S3
|
|
2307
2367
|
# @return [String]
|
2308
2368
|
#
|
2309
2369
|
# @!attribute [rw] checksum_crc32c
|
2310
|
-
# The base64-encoded, 32-bit
|
2370
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
2311
2371
|
# only be present if it was uploaded with the object. When you use an
|
2312
2372
|
# API operation on an object that was uploaded using multipart
|
2313
2373
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -2620,11 +2680,6 @@ module Aws::S3
|
|
2620
2680
|
# @!attribute [rw] server_side_encryption
|
2621
2681
|
# The server-side encryption algorithm used when you store this object
|
2622
2682
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
2623
|
-
#
|
2624
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
2625
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
2626
|
-
#
|
2627
|
-
# </note>
|
2628
2683
|
# @return [String]
|
2629
2684
|
#
|
2630
2685
|
# @!attribute [rw] sse_customer_algorithm
|
@@ -2649,34 +2704,21 @@ module Aws::S3
|
|
2649
2704
|
# @return [String]
|
2650
2705
|
#
|
2651
2706
|
# @!attribute [rw] ssekms_key_id
|
2652
|
-
# If present, indicates the ID of the
|
2653
|
-
#
|
2654
|
-
# object.
|
2655
|
-
#
|
2656
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
2657
|
-
#
|
2658
|
-
# </note>
|
2707
|
+
# If present, indicates the ID of the KMS key that was used for object
|
2708
|
+
# encryption.
|
2659
2709
|
# @return [String]
|
2660
2710
|
#
|
2661
2711
|
# @!attribute [rw] ssekms_encryption_context
|
2662
2712
|
# If present, indicates the Amazon Web Services KMS Encryption Context
|
2663
2713
|
# to use for object encryption. The value of this header is a
|
2664
|
-
#
|
2665
|
-
# key-value pairs.
|
2666
|
-
#
|
2667
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
2668
|
-
#
|
2669
|
-
# </note>
|
2714
|
+
# Base64-encoded string of a UTF-8 encoded JSON, which contains the
|
2715
|
+
# encryption context as key-value pairs.
|
2670
2716
|
# @return [String]
|
2671
2717
|
#
|
2672
2718
|
# @!attribute [rw] bucket_key_enabled
|
2673
2719
|
# Indicates whether the multipart upload uses an S3 Bucket Key for
|
2674
2720
|
# server-side encryption with Key Management Service (KMS) keys
|
2675
2721
|
# (SSE-KMS).
|
2676
|
-
#
|
2677
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
2678
|
-
#
|
2679
|
-
# </note>
|
2680
2722
|
# @return [Boolean]
|
2681
2723
|
#
|
2682
2724
|
# @!attribute [rw] request_charged
|
@@ -3088,10 +3130,53 @@ module Aws::S3
|
|
3088
3130
|
# The server-side encryption algorithm used when you store this object
|
3089
3131
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
3090
3132
|
#
|
3091
|
-
# <
|
3092
|
-
#
|
3133
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
3134
|
+
# two supported options for server-side encryption: server-side
|
3135
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
3136
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
3137
|
+
# recommend that the bucket's default encryption uses the desired
|
3138
|
+
# encryption configuration and you don't override the bucket
|
3139
|
+
# default encryption in your `CreateSession` requests or `PUT`
|
3140
|
+
# object requests. Then, new objects are automatically encrypted
|
3141
|
+
# with the desired encryption settings. For more information, see
|
3142
|
+
# [Protecting data with server-side encryption][1] in the *Amazon S3
|
3143
|
+
# User Guide*. For more information about the encryption overriding
|
3144
|
+
# behaviors in directory buckets, see [Specifying server-side
|
3145
|
+
# encryption with KMS for new object uploads][2].
|
3146
|
+
#
|
3147
|
+
# In the Zonal endpoint API calls (except [CopyObject][3] and
|
3148
|
+
# [UploadPartCopy][4]) using the REST API, the encryption request
|
3149
|
+
# headers must match the encryption settings that are specified in
|
3150
|
+
# the `CreateSession` request. You can't override the values of the
|
3151
|
+
# encryption settings (`x-amz-server-side-encryption`,
|
3152
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
3153
|
+
# `x-amz-server-side-encryption-context`, and
|
3154
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) that are
|
3155
|
+
# specified in the `CreateSession` request. You don't need to
|
3156
|
+
# explicitly specify these encryption settings values in Zonal
|
3157
|
+
# endpoint API calls, and Amazon S3 will use the encryption settings
|
3158
|
+
# values from the `CreateSession` request to protect new objects in
|
3159
|
+
# the directory bucket.
|
3160
|
+
#
|
3161
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
3162
|
+
# `CreateSession`, the session token refreshes automatically to
|
3163
|
+
# avoid service interruptions when a session expires. The CLI or the
|
3164
|
+
# Amazon Web Services SDKs use the bucket's default encryption
|
3165
|
+
# configuration for the `CreateSession` request. It's not supported
|
3166
|
+
# to override the encryption settings values in the `CreateSession`
|
3167
|
+
# request. So in the Zonal endpoint API calls (except
|
3168
|
+
# [CopyObject][3] and [UploadPartCopy][4]), the encryption request
|
3169
|
+
# headers must match the default encryption configuration of the
|
3170
|
+
# directory bucket.
|
3093
3171
|
#
|
3094
|
-
#
|
3172
|
+
# </note>
|
3173
|
+
#
|
3174
|
+
#
|
3175
|
+
#
|
3176
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
3177
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
3178
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
3179
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3095
3180
|
# @return [String]
|
3096
3181
|
#
|
3097
3182
|
# @!attribute [rw] storage_class
|
@@ -3157,37 +3242,80 @@ module Aws::S3
|
|
3157
3242
|
# @return [String]
|
3158
3243
|
#
|
3159
3244
|
# @!attribute [rw] ssekms_key_id
|
3160
|
-
# Specifies the ID (Key ID, Key ARN, or Key Alias)
|
3161
|
-
# encryption
|
3245
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
3246
|
+
# object encryption. If the KMS key doesn't exist in the same account
|
3247
|
+
# that's issuing the command, you must use the full Key ARN not the
|
3248
|
+
# Key ID.
|
3249
|
+
#
|
3250
|
+
# **General purpose buckets** - If you specify
|
3251
|
+
# `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`,
|
3252
|
+
# this header specifies the ID (Key ID, Key ARN, or Key Alias) of the
|
3253
|
+
# KMS key to use. If you specify
|
3254
|
+
# `x-amz-server-side-encryption:aws:kms` or
|
3255
|
+
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
3256
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
3257
|
+
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
3162
3258
|
#
|
3163
|
-
#
|
3259
|
+
# **Directory buckets** - If you specify
|
3260
|
+
# `x-amz-server-side-encryption` with `aws:kms`, the `
|
3261
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header is implicitly
|
3262
|
+
# assigned the ID of the KMS symmetric encryption customer managed key
|
3263
|
+
# that's configured for your directory bucket's default encryption
|
3264
|
+
# setting. If you want to specify the `
|
3265
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
|
3266
|
+
# can only specify it with the ID (Key ID or Key ARN) of the KMS
|
3267
|
+
# customer managed key that's configured for your directory bucket's
|
3268
|
+
# default encryption setting. Otherwise, you get an HTTP `400 Bad
|
3269
|
+
# Request` error. Only use the key ID or key ARN. The key alias format
|
3270
|
+
# of the KMS key isn't supported. Your SSE-KMS configuration can only
|
3271
|
+
# support 1 [customer managed key][1] per directory bucket for the
|
3272
|
+
# lifetime of the bucket. The [Amazon Web Services managed key][2]
|
3273
|
+
# (`aws/s3`) isn't supported.
|
3164
3274
|
#
|
3165
|
-
#
|
3275
|
+
#
|
3276
|
+
#
|
3277
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
3278
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
3166
3279
|
# @return [String]
|
3167
3280
|
#
|
3168
3281
|
# @!attribute [rw] ssekms_encryption_context
|
3169
3282
|
# Specifies the Amazon Web Services KMS Encryption Context to use for
|
3170
|
-
# object encryption. The value of this header is a
|
3171
|
-
# UTF-8
|
3172
|
-
# pairs.
|
3173
|
-
#
|
3174
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
3283
|
+
# object encryption. The value of this header is a Base64-encoded
|
3284
|
+
# string of a UTF-8 encoded JSON, which contains the encryption
|
3285
|
+
# context as key-value pairs.
|
3175
3286
|
#
|
3176
|
-
#
|
3287
|
+
# **Directory buckets** - You can optionally provide an explicit
|
3288
|
+
# encryption context value. The value must match the default
|
3289
|
+
# encryption context - the bucket Amazon Resource Name (ARN). An
|
3290
|
+
# additional encryption context value is not supported.
|
3177
3291
|
# @return [String]
|
3178
3292
|
#
|
3179
3293
|
# @!attribute [rw] bucket_key_enabled
|
3180
3294
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
3181
3295
|
# encryption with server-side encryption using Key Management Service
|
3182
|
-
# (KMS) keys (SSE-KMS).
|
3183
|
-
# to use an S3 Bucket Key for object encryption with SSE-KMS.
|
3296
|
+
# (KMS) keys (SSE-KMS).
|
3184
3297
|
#
|
3185
|
-
#
|
3186
|
-
#
|
3298
|
+
# **General purpose buckets** - Setting this header to `true` causes
|
3299
|
+
# Amazon S3 to use an S3 Bucket Key for object encryption with
|
3300
|
+
# SSE-KMS. Also, specifying this header with a PUT action doesn't
|
3301
|
+
# affect bucket-level settings for S3 Bucket Key.
|
3187
3302
|
#
|
3188
|
-
#
|
3303
|
+
# **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
|
3304
|
+
# and `PUT` operations in a directory bucket and can’t be disabled. S3
|
3305
|
+
# Bucket Keys aren't supported, when you copy SSE-KMS encrypted
|
3306
|
+
# objects from general purpose buckets to directory buckets, from
|
3307
|
+
# directory buckets to general purpose buckets, or between directory
|
3308
|
+
# buckets, through [CopyObject][1], [UploadPartCopy][2], [the Copy
|
3309
|
+
# operation in Batch Operations][3], or [the import jobs][4]. In this
|
3310
|
+
# case, Amazon S3 makes a call to KMS every time a copy request is
|
3311
|
+
# made for a KMS-encrypted object.
|
3189
3312
|
#
|
3190
|
-
#
|
3313
|
+
#
|
3314
|
+
#
|
3315
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
3316
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3317
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
3318
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
3191
3319
|
# @return [Boolean]
|
3192
3320
|
#
|
3193
3321
|
# @!attribute [rw] request_payer
|
@@ -3297,16 +3425,45 @@ module Aws::S3
|
|
3297
3425
|
include Aws::Structure
|
3298
3426
|
end
|
3299
3427
|
|
3428
|
+
# @!attribute [rw] server_side_encryption
|
3429
|
+
# The server-side encryption algorithm used when you store objects in
|
3430
|
+
# the directory bucket.
|
3431
|
+
# @return [String]
|
3432
|
+
#
|
3433
|
+
# @!attribute [rw] ssekms_key_id
|
3434
|
+
# If you specify `x-amz-server-side-encryption` with `aws:kms`, this
|
3435
|
+
# header indicates the ID of the KMS symmetric encryption customer
|
3436
|
+
# managed key that was used for object encryption.
|
3437
|
+
# @return [String]
|
3438
|
+
#
|
3439
|
+
# @!attribute [rw] ssekms_encryption_context
|
3440
|
+
# If present, indicates the Amazon Web Services KMS Encryption Context
|
3441
|
+
# to use for object encryption. The value of this header is a
|
3442
|
+
# Base64-encoded string of a UTF-8 encoded JSON, which contains the
|
3443
|
+
# encryption context as key-value pairs. This value is stored as
|
3444
|
+
# object metadata and automatically gets passed on to Amazon Web
|
3445
|
+
# Services KMS for future `GetObject` operations on this object.
|
3446
|
+
# @return [String]
|
3447
|
+
#
|
3448
|
+
# @!attribute [rw] bucket_key_enabled
|
3449
|
+
# Indicates whether to use an S3 Bucket Key for server-side encryption
|
3450
|
+
# with KMS keys (SSE-KMS).
|
3451
|
+
# @return [Boolean]
|
3452
|
+
#
|
3300
3453
|
# @!attribute [rw] credentials
|
3301
3454
|
# The established temporary security credentials for the created
|
3302
|
-
# session
|
3455
|
+
# session.
|
3303
3456
|
# @return [Types::SessionCredentials]
|
3304
3457
|
#
|
3305
3458
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSessionOutput AWS API Documentation
|
3306
3459
|
#
|
3307
3460
|
class CreateSessionOutput < Struct.new(
|
3461
|
+
:server_side_encryption,
|
3462
|
+
:ssekms_key_id,
|
3463
|
+
:ssekms_encryption_context,
|
3464
|
+
:bucket_key_enabled,
|
3308
3465
|
:credentials)
|
3309
|
-
SENSITIVE = []
|
3466
|
+
SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
|
3310
3467
|
include Aws::Structure
|
3311
3468
|
end
|
3312
3469
|
|
@@ -3314,27 +3471,114 @@ module Aws::S3
|
|
3314
3471
|
# Specifies the mode of the session that will be created, either
|
3315
3472
|
# `ReadWrite` or `ReadOnly`. By default, a `ReadWrite` session is
|
3316
3473
|
# created. A `ReadWrite` session is capable of executing all the Zonal
|
3317
|
-
# endpoint
|
3318
|
-
# constrained to execute the following Zonal endpoint
|
3319
|
-
# `GetObject`, `HeadObject`, `ListObjectsV2`,
|
3320
|
-
# `ListParts`, and `ListMultipartUploads`.
|
3474
|
+
# endpoint API operations on a directory bucket. A `ReadOnly` session
|
3475
|
+
# is constrained to execute the following Zonal endpoint API
|
3476
|
+
# operations: `GetObject`, `HeadObject`, `ListObjectsV2`,
|
3477
|
+
# `GetObjectAttributes`, `ListParts`, and `ListMultipartUploads`.
|
3321
3478
|
# @return [String]
|
3322
3479
|
#
|
3323
3480
|
# @!attribute [rw] bucket
|
3324
3481
|
# The name of the bucket that you create a session for.
|
3325
3482
|
# @return [String]
|
3326
3483
|
#
|
3484
|
+
# @!attribute [rw] server_side_encryption
|
3485
|
+
# The server-side encryption algorithm to use when you store objects
|
3486
|
+
# in the directory bucket.
|
3487
|
+
#
|
3488
|
+
# For directory buckets, there are only two supported options for
|
3489
|
+
# server-side encryption: server-side encryption with Amazon S3
|
3490
|
+
# managed keys (SSE-S3) (`AES256`) and server-side encryption with KMS
|
3491
|
+
# keys (SSE-KMS) (`aws:kms`). By default, Amazon S3 encrypts data with
|
3492
|
+
# SSE-S3. For more information, see [Protecting data with server-side
|
3493
|
+
# encryption][1] in the *Amazon S3 User Guide*.
|
3494
|
+
#
|
3495
|
+
#
|
3496
|
+
#
|
3497
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
3498
|
+
# @return [String]
|
3499
|
+
#
|
3500
|
+
# @!attribute [rw] ssekms_key_id
|
3501
|
+
# If you specify `x-amz-server-side-encryption` with `aws:kms`, you
|
3502
|
+
# must specify the ` x-amz-server-side-encryption-aws-kms-key-id`
|
3503
|
+
# header with the ID (Key ID or Key ARN) of the KMS symmetric
|
3504
|
+
# encryption customer managed key to use. Otherwise, you get an HTTP
|
3505
|
+
# `400 Bad Request` error. Only use the key ID or key ARN. The key
|
3506
|
+
# alias format of the KMS key isn't supported. Also, if the KMS key
|
3507
|
+
# doesn't exist in the same account that't issuing the command, you
|
3508
|
+
# must use the full Key ARN not the Key ID.
|
3509
|
+
#
|
3510
|
+
# Your SSE-KMS configuration can only support 1 [customer managed
|
3511
|
+
# key][1] per directory bucket for the lifetime of the bucket. The
|
3512
|
+
# [Amazon Web Services managed key][2] (`aws/s3`) isn't supported.
|
3513
|
+
#
|
3514
|
+
#
|
3515
|
+
#
|
3516
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
3517
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
3518
|
+
# @return [String]
|
3519
|
+
#
|
3520
|
+
# @!attribute [rw] ssekms_encryption_context
|
3521
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
3522
|
+
# additional encryption context to use for object encryption. The
|
3523
|
+
# value of this header is a Base64-encoded string of a UTF-8 encoded
|
3524
|
+
# JSON, which contains the encryption context as key-value pairs. This
|
3525
|
+
# value is stored as object metadata and automatically gets passed on
|
3526
|
+
# to Amazon Web Services KMS for future `GetObject` operations on this
|
3527
|
+
# object.
|
3528
|
+
#
|
3529
|
+
# **General purpose buckets** - This value must be explicitly added
|
3530
|
+
# during `CopyObject` operations if you want an additional encryption
|
3531
|
+
# context for your object. For more information, see [Encryption
|
3532
|
+
# context][1] in the *Amazon S3 User Guide*.
|
3533
|
+
#
|
3534
|
+
# **Directory buckets** - You can optionally provide an explicit
|
3535
|
+
# encryption context value. The value must match the default
|
3536
|
+
# encryption context - the bucket Amazon Resource Name (ARN). An
|
3537
|
+
# additional encryption context value is not supported.
|
3538
|
+
#
|
3539
|
+
#
|
3540
|
+
#
|
3541
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
3542
|
+
# @return [String]
|
3543
|
+
#
|
3544
|
+
# @!attribute [rw] bucket_key_enabled
|
3545
|
+
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
3546
|
+
# encryption with server-side encryption using KMS keys (SSE-KMS).
|
3547
|
+
#
|
3548
|
+
# S3 Bucket Keys are always enabled for `GET` and `PUT` operations in
|
3549
|
+
# a directory bucket and can’t be disabled. S3 Bucket Keys aren't
|
3550
|
+
# supported, when you copy SSE-KMS encrypted objects from general
|
3551
|
+
# purpose buckets to directory buckets, from directory buckets to
|
3552
|
+
# general purpose buckets, or between directory buckets, through
|
3553
|
+
# [CopyObject][1], [UploadPartCopy][2], [the Copy operation in Batch
|
3554
|
+
# Operations][3], or [the import jobs][4]. In this case, Amazon S3
|
3555
|
+
# makes a call to KMS every time a copy request is made for a
|
3556
|
+
# KMS-encrypted object.
|
3557
|
+
#
|
3558
|
+
#
|
3559
|
+
#
|
3560
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
3561
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3562
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
3563
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
3564
|
+
# @return [Boolean]
|
3565
|
+
#
|
3327
3566
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSessionRequest AWS API Documentation
|
3328
3567
|
#
|
3329
3568
|
class CreateSessionRequest < Struct.new(
|
3330
3569
|
:session_mode,
|
3331
|
-
:bucket
|
3332
|
-
|
3570
|
+
:bucket,
|
3571
|
+
:server_side_encryption,
|
3572
|
+
:ssekms_key_id,
|
3573
|
+
:ssekms_encryption_context,
|
3574
|
+
:bucket_key_enabled)
|
3575
|
+
SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
|
3333
3576
|
include Aws::Structure
|
3334
3577
|
end
|
3335
3578
|
|
3336
|
-
# The container element for specifying the default Object
|
3337
|
-
# settings for new objects placed in the specified
|
3579
|
+
# The container element for optionally specifying the default Object
|
3580
|
+
# Lock retention settings for new objects placed in the specified
|
3581
|
+
# bucket.
|
3338
3582
|
#
|
3339
3583
|
# <note markdown="1"> * The `DefaultRetention` settings require both a mode and a period.
|
3340
3584
|
#
|
@@ -3447,6 +3691,20 @@ module Aws::S3
|
|
3447
3691
|
# @!attribute [rw] bucket
|
3448
3692
|
# The name of the bucket containing the server-side encryption
|
3449
3693
|
# configuration to delete.
|
3694
|
+
#
|
3695
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
3696
|
+
# directory bucket, you must use path-style requests in the format
|
3697
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
3698
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
3699
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
3700
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
3701
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information
|
3702
|
+
# about bucket naming restrictions, see [Directory bucket naming
|
3703
|
+
# rules][1] in the *Amazon S3 User Guide*
|
3704
|
+
#
|
3705
|
+
#
|
3706
|
+
#
|
3707
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
3450
3708
|
# @return [String]
|
3451
3709
|
#
|
3452
3710
|
# @!attribute [rw] expected_bucket_owner
|
@@ -3454,6 +3712,12 @@ module Aws::S3
|
|
3454
3712
|
# you provide does not match the actual owner of the bucket, the
|
3455
3713
|
# request fails with the HTTP status code `403 Forbidden` (access
|
3456
3714
|
# denied).
|
3715
|
+
#
|
3716
|
+
# <note markdown="1"> For directory buckets, this header is not supported in this API
|
3717
|
+
# operation. If you specify this header, the request fails with the
|
3718
|
+
# HTTP status code `501 Not Implemented`.
|
3719
|
+
#
|
3720
|
+
# </note>
|
3457
3721
|
# @return [String]
|
3458
3722
|
#
|
3459
3723
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryptionRequest AWS API Documentation
|
@@ -4167,13 +4431,13 @@ module Aws::S3
|
|
4167
4431
|
# For the `x-amz-checksum-algorithm ` header, replace ` algorithm `
|
4168
4432
|
# with the supported algorithm from the following list:
|
4169
4433
|
#
|
4170
|
-
# * CRC32
|
4434
|
+
# * `CRC32`
|
4171
4435
|
#
|
4172
|
-
# * CRC32C
|
4436
|
+
# * `CRC32C`
|
4173
4437
|
#
|
4174
|
-
# * SHA1
|
4438
|
+
# * `SHA1`
|
4175
4439
|
#
|
4176
|
-
# * SHA256
|
4440
|
+
# * `SHA256`
|
4177
4441
|
#
|
4178
4442
|
# For more information, see [Checking object integrity][1] in the
|
4179
4443
|
# *Amazon S3 User Guide*.
|
@@ -4390,6 +4654,14 @@ module Aws::S3
|
|
4390
4654
|
# Specifies encryption-related information for an Amazon S3 bucket that
|
4391
4655
|
# is a destination for replicated objects.
|
4392
4656
|
#
|
4657
|
+
# <note markdown="1"> If you're specifying a customer managed KMS key, we recommend using a
|
4658
|
+
# fully qualified KMS key ARN. If you use a KMS key alias instead, then
|
4659
|
+
# KMS resolves the key within the requester’s account. This behavior can
|
4660
|
+
# result in data that's encrypted with a KMS key that belongs to the
|
4661
|
+
# requester, and not the bucket owner.
|
4662
|
+
#
|
4663
|
+
# </note>
|
4664
|
+
#
|
4393
4665
|
# @!attribute [rw] replica_kms_key_id
|
4394
4666
|
# Specifies the ID (Key ARN or Alias ARN) of the customer managed
|
4395
4667
|
# Amazon Web Services KMS key stored in Amazon Web Services Key
|
@@ -5295,12 +5567,16 @@ module Aws::S3
|
|
5295
5567
|
class EventBridgeConfiguration < Aws::EmptyStructure; end
|
5296
5568
|
|
5297
5569
|
# Optional configuration to replicate existing source bucket objects.
|
5298
|
-
#
|
5570
|
+
#
|
5571
|
+
# <note markdown="1"> This parameter is no longer supported. To replicate existing objects,
|
5572
|
+
# see [Replicating existing objects with S3 Batch Replication][1] in the
|
5299
5573
|
# *Amazon S3 User Guide*.
|
5300
5574
|
#
|
5575
|
+
# </note>
|
5576
|
+
#
|
5301
5577
|
#
|
5302
5578
|
#
|
5303
|
-
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/
|
5579
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-batch-replication-batch.html
|
5304
5580
|
#
|
5305
5581
|
# @!attribute [rw] status
|
5306
5582
|
# Specifies whether Amazon S3 replicates existing source bucket
|
@@ -5564,6 +5840,20 @@ module Aws::S3
|
|
5564
5840
|
# @!attribute [rw] bucket
|
5565
5841
|
# The name of the bucket from which the server-side encryption
|
5566
5842
|
# configuration is retrieved.
|
5843
|
+
#
|
5844
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
5845
|
+
# directory bucket, you must use path-style requests in the format
|
5846
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
5847
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
5848
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
5849
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
5850
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information
|
5851
|
+
# about bucket naming restrictions, see [Directory bucket naming
|
5852
|
+
# rules][1] in the *Amazon S3 User Guide*
|
5853
|
+
#
|
5854
|
+
#
|
5855
|
+
#
|
5856
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
5567
5857
|
# @return [String]
|
5568
5858
|
#
|
5569
5859
|
# @!attribute [rw] expected_bucket_owner
|
@@ -5571,6 +5861,12 @@ module Aws::S3
|
|
5571
5861
|
# you provide does not match the actual owner of the bucket, the
|
5572
5862
|
# request fails with the HTTP status code `403 Forbidden` (access
|
5573
5863
|
# denied).
|
5864
|
+
#
|
5865
|
+
# <note markdown="1"> For directory buckets, this header is not supported in this API
|
5866
|
+
# operation. If you specify this header, the request fails with the
|
5867
|
+
# HTTP status code `501 Not Implemented`.
|
5868
|
+
#
|
5869
|
+
# </note>
|
5574
5870
|
# @return [String]
|
5575
5871
|
#
|
5576
5872
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryptionRequest AWS API Documentation
|
@@ -5654,10 +5950,29 @@ module Aws::S3
|
|
5654
5950
|
# Container for a lifecycle rule.
|
5655
5951
|
# @return [Array<Types::LifecycleRule>]
|
5656
5952
|
#
|
5953
|
+
# @!attribute [rw] transition_default_minimum_object_size
|
5954
|
+
# Indicates which default minimum object size behavior is applied to
|
5955
|
+
# the lifecycle configuration.
|
5956
|
+
#
|
5957
|
+
# * `all_storage_classes_128K` - Objects smaller than 128 KB will not
|
5958
|
+
# transition to any storage class by default.
|
5959
|
+
#
|
5960
|
+
# * `varies_by_storage_class` - Objects smaller than 128 KB will
|
5961
|
+
# transition to Glacier Flexible Retrieval or Glacier Deep Archive
|
5962
|
+
# storage classes. By default, all other storage classes will
|
5963
|
+
# prevent transitions smaller than 128 KB.
|
5964
|
+
#
|
5965
|
+
# To customize the minimum object size for any transition you can add
|
5966
|
+
# a filter that specifies a custom `ObjectSizeGreaterThan` or
|
5967
|
+
# `ObjectSizeLessThan` in the body of your transition rule. Custom
|
5968
|
+
# filters always take precedence over the default transition behavior.
|
5969
|
+
# @return [String]
|
5970
|
+
#
|
5657
5971
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfigurationOutput AWS API Documentation
|
5658
5972
|
#
|
5659
5973
|
class GetBucketLifecycleConfigurationOutput < Struct.new(
|
5660
|
-
:rules
|
5974
|
+
:rules,
|
5975
|
+
:transition_default_minimum_object_size)
|
5661
5976
|
SENSITIVE = []
|
5662
5977
|
include Aws::Structure
|
5663
5978
|
end
|
@@ -6783,7 +7098,7 @@ module Aws::S3
|
|
6783
7098
|
# @return [String]
|
6784
7099
|
#
|
6785
7100
|
# @!attribute [rw] checksum_crc32
|
6786
|
-
# The base64-encoded, 32-bit
|
7101
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
6787
7102
|
# only be present if it was uploaded with the object. For more
|
6788
7103
|
# information, see [ Checking object integrity][1] in the *Amazon S3
|
6789
7104
|
# User Guide*.
|
@@ -6794,7 +7109,7 @@ module Aws::S3
|
|
6794
7109
|
# @return [String]
|
6795
7110
|
#
|
6796
7111
|
# @!attribute [rw] checksum_crc32c
|
6797
|
-
# The base64-encoded, 32-bit
|
7112
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
6798
7113
|
# only be present if it was uploaded with the object. For more
|
6799
7114
|
# information, see [ Checking object integrity][1] in the *Amazon S3
|
6800
7115
|
# User Guide*.
|
@@ -6892,12 +7207,7 @@ module Aws::S3
|
|
6892
7207
|
#
|
6893
7208
|
# @!attribute [rw] server_side_encryption
|
6894
7209
|
# The server-side encryption algorithm used when you store this object
|
6895
|
-
# in Amazon S3
|
6896
|
-
#
|
6897
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
6898
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
6899
|
-
#
|
6900
|
-
# </note>
|
7210
|
+
# in Amazon S3.
|
6901
7211
|
# @return [String]
|
6902
7212
|
#
|
6903
7213
|
# @!attribute [rw] metadata
|
@@ -6926,22 +7236,13 @@ module Aws::S3
|
|
6926
7236
|
# @return [String]
|
6927
7237
|
#
|
6928
7238
|
# @!attribute [rw] ssekms_key_id
|
6929
|
-
# If present, indicates the ID of the
|
6930
|
-
#
|
6931
|
-
# object.
|
6932
|
-
#
|
6933
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
6934
|
-
#
|
6935
|
-
# </note>
|
7239
|
+
# If present, indicates the ID of the KMS key that was used for object
|
7240
|
+
# encryption.
|
6936
7241
|
# @return [String]
|
6937
7242
|
#
|
6938
7243
|
# @!attribute [rw] bucket_key_enabled
|
6939
7244
|
# Indicates whether the object uses an S3 Bucket Key for server-side
|
6940
7245
|
# encryption with Key Management Service (KMS) keys (SSE-KMS).
|
6941
|
-
#
|
6942
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
6943
|
-
#
|
6944
|
-
# </note>
|
6945
7246
|
# @return [Boolean]
|
6946
7247
|
#
|
6947
7248
|
# @!attribute [rw] storage_class
|
@@ -7381,6 +7682,15 @@ module Aws::S3
|
|
7381
7682
|
#
|
7382
7683
|
# @!attribute [rw] checksum_mode
|
7383
7684
|
# To retrieve the checksum, this mode must be enabled.
|
7685
|
+
#
|
7686
|
+
# **General purpose buckets** - In addition, if you enable checksum
|
7687
|
+
# mode and the object is uploaded with a [checksum][1] and encrypted
|
7688
|
+
# with an Key Management Service (KMS) key, you must have permission
|
7689
|
+
# to use the `kms:Decrypt` action to retrieve the checksum.
|
7690
|
+
#
|
7691
|
+
#
|
7692
|
+
#
|
7693
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
|
7384
7694
|
# @return [String]
|
7385
7695
|
#
|
7386
7696
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRequest AWS API Documentation
|
@@ -7802,17 +8112,13 @@ module Aws::S3
|
|
7802
8112
|
#
|
7803
8113
|
# @!attribute [rw] bucket_region
|
7804
8114
|
# The Region that the bucket is located.
|
7805
|
-
#
|
7806
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
7807
|
-
#
|
7808
|
-
# </note>
|
7809
8115
|
# @return [String]
|
7810
8116
|
#
|
7811
8117
|
# @!attribute [rw] access_point_alias
|
7812
8118
|
# Indicates whether the bucket name used in the request is an access
|
7813
8119
|
# point alias.
|
7814
8120
|
#
|
7815
|
-
# <note markdown="1">
|
8121
|
+
# <note markdown="1"> For directory buckets, the value of this field is `false`.
|
7816
8122
|
#
|
7817
8123
|
# </note>
|
7818
8124
|
# @return [Boolean]
|
@@ -7974,7 +8280,7 @@ module Aws::S3
|
|
7974
8280
|
# @return [Integer]
|
7975
8281
|
#
|
7976
8282
|
# @!attribute [rw] checksum_crc32
|
7977
|
-
# The base64-encoded, 32-bit
|
8283
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
7978
8284
|
# only be present if it was uploaded with the object. When you use an
|
7979
8285
|
# API operation on an object that was uploaded using multipart
|
7980
8286
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -7989,7 +8295,7 @@ module Aws::S3
|
|
7989
8295
|
# @return [String]
|
7990
8296
|
#
|
7991
8297
|
# @!attribute [rw] checksum_crc32c
|
7992
|
-
# The base64-encoded, 32-bit
|
8298
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
7993
8299
|
# only be present if it was uploaded with the object. When you use an
|
7994
8300
|
# API operation on an object that was uploaded using multipart
|
7995
8301
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -8101,11 +8407,6 @@ module Aws::S3
|
|
8101
8407
|
# @!attribute [rw] server_side_encryption
|
8102
8408
|
# The server-side encryption algorithm used when you store this object
|
8103
8409
|
# in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
|
8104
|
-
#
|
8105
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
8106
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
8107
|
-
#
|
8108
|
-
# </note>
|
8109
8410
|
# @return [String]
|
8110
8411
|
#
|
8111
8412
|
# @!attribute [rw] metadata
|
@@ -8134,22 +8435,13 @@ module Aws::S3
|
|
8134
8435
|
# @return [String]
|
8135
8436
|
#
|
8136
8437
|
# @!attribute [rw] ssekms_key_id
|
8137
|
-
# If present, indicates the ID of the
|
8138
|
-
#
|
8139
|
-
# object.
|
8140
|
-
#
|
8141
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
8142
|
-
#
|
8143
|
-
# </note>
|
8438
|
+
# If present, indicates the ID of the KMS key that was used for object
|
8439
|
+
# encryption.
|
8144
8440
|
# @return [String]
|
8145
8441
|
#
|
8146
8442
|
# @!attribute [rw] bucket_key_enabled
|
8147
8443
|
# Indicates whether the object uses an S3 Bucket Key for server-side
|
8148
8444
|
# encryption with Key Management Service (KMS) keys (SSE-KMS).
|
8149
|
-
#
|
8150
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
8151
|
-
#
|
8152
|
-
# </note>
|
8153
8445
|
# @return [Boolean]
|
8154
8446
|
#
|
8155
8447
|
# @!attribute [rw] storage_class
|
@@ -8452,6 +8744,30 @@ module Aws::S3
|
|
8452
8744
|
# Not Satisfiable` error.
|
8453
8745
|
# @return [String]
|
8454
8746
|
#
|
8747
|
+
# @!attribute [rw] response_cache_control
|
8748
|
+
# Sets the `Cache-Control` header of the response.
|
8749
|
+
# @return [String]
|
8750
|
+
#
|
8751
|
+
# @!attribute [rw] response_content_disposition
|
8752
|
+
# Sets the `Content-Disposition` header of the response.
|
8753
|
+
# @return [String]
|
8754
|
+
#
|
8755
|
+
# @!attribute [rw] response_content_encoding
|
8756
|
+
# Sets the `Content-Encoding` header of the response.
|
8757
|
+
# @return [String]
|
8758
|
+
#
|
8759
|
+
# @!attribute [rw] response_content_language
|
8760
|
+
# Sets the `Content-Language` header of the response.
|
8761
|
+
# @return [String]
|
8762
|
+
#
|
8763
|
+
# @!attribute [rw] response_content_type
|
8764
|
+
# Sets the `Content-Type` header of the response.
|
8765
|
+
# @return [String]
|
8766
|
+
#
|
8767
|
+
# @!attribute [rw] response_expires
|
8768
|
+
# Sets the `Expires` header of the response.
|
8769
|
+
# @return [Time]
|
8770
|
+
#
|
8455
8771
|
# @!attribute [rw] version_id
|
8456
8772
|
# Version ID used to reference a specific version of the object.
|
8457
8773
|
#
|
@@ -8527,10 +8843,20 @@ module Aws::S3
|
|
8527
8843
|
# @!attribute [rw] checksum_mode
|
8528
8844
|
# To retrieve the checksum, this parameter must be enabled.
|
8529
8845
|
#
|
8530
|
-
#
|
8531
|
-
#
|
8532
|
-
#
|
8533
|
-
# action
|
8846
|
+
# **General purpose buckets** - If you enable checksum mode and the
|
8847
|
+
# object is uploaded with a [checksum][1] and encrypted with an Key
|
8848
|
+
# Management Service (KMS) key, you must have permission to use the
|
8849
|
+
# `kms:Decrypt` action to retrieve the checksum.
|
8850
|
+
#
|
8851
|
+
# **Directory buckets** - If you enable `ChecksumMode` and the object
|
8852
|
+
# is encrypted with Amazon Web Services Key Management Service (Amazon
|
8853
|
+
# Web Services KMS), you must also have the `kms:GenerateDataKey` and
|
8854
|
+
# `kms:Decrypt` permissions in IAM identity-based policies and KMS key
|
8855
|
+
# policies for the KMS key to retrieve the checksum of the object.
|
8856
|
+
#
|
8857
|
+
#
|
8858
|
+
#
|
8859
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
|
8534
8860
|
# @return [String]
|
8535
8861
|
#
|
8536
8862
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObjectRequest AWS API Documentation
|
@@ -8543,6 +8869,12 @@ module Aws::S3
|
|
8543
8869
|
:if_unmodified_since,
|
8544
8870
|
:key,
|
8545
8871
|
:range,
|
8872
|
+
:response_cache_control,
|
8873
|
+
:response_content_disposition,
|
8874
|
+
:response_content_encoding,
|
8875
|
+
:response_content_language,
|
8876
|
+
:response_content_type,
|
8877
|
+
:response_expires,
|
8546
8878
|
:version_id,
|
8547
8879
|
:sse_customer_algorithm,
|
8548
8880
|
:sse_customer_key,
|
@@ -8559,10 +8891,11 @@ module Aws::S3
|
|
8559
8891
|
#
|
8560
8892
|
# @!attribute [rw] suffix
|
8561
8893
|
# A suffix that is appended to a request that is for a directory on
|
8562
|
-
# the website endpoint (
|
8563
|
-
# you make a request to samplebucket/images
|
8564
|
-
# will be for the object with the key name
|
8565
|
-
# suffix must not be empty and must not
|
8894
|
+
# the website endpoint. (For example, if the suffix is `index.html`
|
8895
|
+
# and you make a request to `samplebucket/images/`, the data that is
|
8896
|
+
# returned will be for the object with the key name
|
8897
|
+
# `images/index.html`.) The suffix must not be empty and must not
|
8898
|
+
# include a slash character.
|
8566
8899
|
#
|
8567
8900
|
# Replacement must be made for object keys containing special
|
8568
8901
|
# characters (such as carriage returns) when using XML requests. For
|
@@ -9495,11 +9828,81 @@ module Aws::S3
|
|
9495
9828
|
# The owner of the buckets listed.
|
9496
9829
|
# @return [Types::Owner]
|
9497
9830
|
#
|
9831
|
+
# @!attribute [rw] continuation_token
|
9832
|
+
# `ContinuationToken` is included in the response when there are more
|
9833
|
+
# buckets that can be listed with pagination. The next `ListBuckets`
|
9834
|
+
# request to Amazon S3 can be continued with this `ContinuationToken`.
|
9835
|
+
# `ContinuationToken` is obfuscated and is not a real bucket.
|
9836
|
+
# @return [String]
|
9837
|
+
#
|
9838
|
+
# @!attribute [rw] prefix
|
9839
|
+
# If `Prefix` was sent with the request, it is included in the
|
9840
|
+
# response.
|
9841
|
+
#
|
9842
|
+
# All bucket names in the response begin with the specified bucket
|
9843
|
+
# name prefix.
|
9844
|
+
# @return [String]
|
9845
|
+
#
|
9498
9846
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketsOutput AWS API Documentation
|
9499
9847
|
#
|
9500
9848
|
class ListBucketsOutput < Struct.new(
|
9501
9849
|
:buckets,
|
9502
|
-
:owner
|
9850
|
+
:owner,
|
9851
|
+
:continuation_token,
|
9852
|
+
:prefix)
|
9853
|
+
SENSITIVE = []
|
9854
|
+
include Aws::Structure
|
9855
|
+
end
|
9856
|
+
|
9857
|
+
# @!attribute [rw] max_buckets
|
9858
|
+
# Maximum number of buckets to be returned in response. When the
|
9859
|
+
# number is more than the count of buckets that are owned by an Amazon
|
9860
|
+
# Web Services account, return all the buckets in response.
|
9861
|
+
# @return [Integer]
|
9862
|
+
#
|
9863
|
+
# @!attribute [rw] continuation_token
|
9864
|
+
# `ContinuationToken` indicates to Amazon S3 that the list is being
|
9865
|
+
# continued on this bucket with a token. `ContinuationToken` is
|
9866
|
+
# obfuscated and is not a real key. You can use this
|
9867
|
+
# `ContinuationToken` for pagination of the list results.
|
9868
|
+
#
|
9869
|
+
# Length Constraints: Minimum length of 0. Maximum length of 1024.
|
9870
|
+
#
|
9871
|
+
# Required: No.
|
9872
|
+
# @return [String]
|
9873
|
+
#
|
9874
|
+
# @!attribute [rw] prefix
|
9875
|
+
# Limits the response to bucket names that begin with the specified
|
9876
|
+
# bucket name prefix.
|
9877
|
+
# @return [String]
|
9878
|
+
#
|
9879
|
+
# @!attribute [rw] bucket_region
|
9880
|
+
# Limits the response to buckets that are located in the specified
|
9881
|
+
# Amazon Web Services Region. The Amazon Web Services Region must be
|
9882
|
+
# expressed according to the Amazon Web Services Region code, such as
|
9883
|
+
# `us-west-2` for the US West (Oregon) Region. For a list of the valid
|
9884
|
+
# values for all of the Amazon Web Services Regions, see [Regions and
|
9885
|
+
# Endpoints][1].
|
9886
|
+
#
|
9887
|
+
# <note markdown="1"> Requests made to a Regional endpoint that is different from the
|
9888
|
+
# `bucket-region` parameter are not supported. For example, if you
|
9889
|
+
# want to limit the response to your buckets in Region `us-west-2`,
|
9890
|
+
# the request must be made to an endpoint in Region `us-west-2`.
|
9891
|
+
#
|
9892
|
+
# </note>
|
9893
|
+
#
|
9894
|
+
#
|
9895
|
+
#
|
9896
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
|
9897
|
+
# @return [String]
|
9898
|
+
#
|
9899
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketsRequest AWS API Documentation
|
9900
|
+
#
|
9901
|
+
class ListBucketsRequest < Struct.new(
|
9902
|
+
:max_buckets,
|
9903
|
+
:continuation_token,
|
9904
|
+
:prefix,
|
9905
|
+
:bucket_region)
|
9503
9906
|
SENSITIVE = []
|
9504
9907
|
include Aws::Structure
|
9505
9908
|
end
|
@@ -9525,9 +9928,10 @@ module Aws::S3
|
|
9525
9928
|
|
9526
9929
|
# @!attribute [rw] continuation_token
|
9527
9930
|
# `ContinuationToken` indicates to Amazon S3 that the list is being
|
9528
|
-
# continued on this
|
9529
|
-
# obfuscated and is not a real
|
9530
|
-
# `ContinuationToken` for pagination of the list
|
9931
|
+
# continued on buckets in this account with a token.
|
9932
|
+
# `ContinuationToken` is obfuscated and is not a real bucket name. You
|
9933
|
+
# can use this `ContinuationToken` for the pagination of the list
|
9934
|
+
# results.
|
9531
9935
|
# @return [String]
|
9532
9936
|
#
|
9533
9937
|
# @!attribute [rw] max_directory_buckets
|
@@ -9737,12 +10141,26 @@ module Aws::S3
|
|
9737
10141
|
# @return [String]
|
9738
10142
|
#
|
9739
10143
|
# @!attribute [rw] encoding_type
|
9740
|
-
#
|
9741
|
-
#
|
9742
|
-
# Unicode character
|
9743
|
-
# characters, such as characters with an ASCII value
|
9744
|
-
# characters that
|
9745
|
-
# parameter to request that Amazon S3 encode the keys in
|
10144
|
+
# Encoding type used by Amazon S3 to encode the [object keys][1] in
|
10145
|
+
# the response. Responses are encoded only in UTF-8. An object key can
|
10146
|
+
# contain any Unicode character. However, the XML 1.0 parser can't
|
10147
|
+
# parse certain characters, such as characters with an ASCII value
|
10148
|
+
# from 0 to 10. For characters that aren't supported in XML 1.0, you
|
10149
|
+
# can add this parameter to request that Amazon S3 encode the keys in
|
10150
|
+
# the response. For more information about characters to avoid in
|
10151
|
+
# object key names, see [Object key naming guidelines][2].
|
10152
|
+
#
|
10153
|
+
# <note markdown="1"> When using the URL encoding type, non-ASCII characters that are used
|
10154
|
+
# in an object's key name will be percent-encoded according to UTF-8
|
10155
|
+
# code values. For example, the object `test_file(3).png` will appear
|
10156
|
+
# as `test_file%283%29.png`.
|
10157
|
+
#
|
10158
|
+
# </note>
|
10159
|
+
#
|
10160
|
+
#
|
10161
|
+
#
|
10162
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html
|
10163
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines
|
9746
10164
|
# @return [String]
|
9747
10165
|
#
|
9748
10166
|
# @!attribute [rw] key_marker
|
@@ -9967,12 +10385,26 @@ module Aws::S3
|
|
9967
10385
|
# @return [String]
|
9968
10386
|
#
|
9969
10387
|
# @!attribute [rw] encoding_type
|
9970
|
-
#
|
9971
|
-
#
|
9972
|
-
# Unicode character
|
9973
|
-
# characters, such as characters with an ASCII value
|
9974
|
-
# characters that
|
9975
|
-
# parameter to request that Amazon S3 encode the keys in
|
10388
|
+
# Encoding type used by Amazon S3 to encode the [object keys][1] in
|
10389
|
+
# the response. Responses are encoded only in UTF-8. An object key can
|
10390
|
+
# contain any Unicode character. However, the XML 1.0 parser can't
|
10391
|
+
# parse certain characters, such as characters with an ASCII value
|
10392
|
+
# from 0 to 10. For characters that aren't supported in XML 1.0, you
|
10393
|
+
# can add this parameter to request that Amazon S3 encode the keys in
|
10394
|
+
# the response. For more information about characters to avoid in
|
10395
|
+
# object key names, see [Object key naming guidelines][2].
|
10396
|
+
#
|
10397
|
+
# <note markdown="1"> When using the URL encoding type, non-ASCII characters that are used
|
10398
|
+
# in an object's key name will be percent-encoded according to UTF-8
|
10399
|
+
# code values. For example, the object `test_file(3).png` will appear
|
10400
|
+
# as `test_file%283%29.png`.
|
10401
|
+
#
|
10402
|
+
# </note>
|
10403
|
+
#
|
10404
|
+
#
|
10405
|
+
#
|
10406
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html
|
10407
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines
|
9976
10408
|
# @return [String]
|
9977
10409
|
#
|
9978
10410
|
# @!attribute [rw] key_marker
|
@@ -10119,10 +10551,26 @@ module Aws::S3
|
|
10119
10551
|
# @return [Array<Types::CommonPrefix>]
|
10120
10552
|
#
|
10121
10553
|
# @!attribute [rw] encoding_type
|
10122
|
-
# Encoding type used by Amazon S3 to encode object keys in
|
10123
|
-
# response.
|
10124
|
-
#
|
10125
|
-
#
|
10554
|
+
# Encoding type used by Amazon S3 to encode the [object keys][1] in
|
10555
|
+
# the response. Responses are encoded only in UTF-8. An object key can
|
10556
|
+
# contain any Unicode character. However, the XML 1.0 parser can't
|
10557
|
+
# parse certain characters, such as characters with an ASCII value
|
10558
|
+
# from 0 to 10. For characters that aren't supported in XML 1.0, you
|
10559
|
+
# can add this parameter to request that Amazon S3 encode the keys in
|
10560
|
+
# the response. For more information about characters to avoid in
|
10561
|
+
# object key names, see [Object key naming guidelines][2].
|
10562
|
+
#
|
10563
|
+
# <note markdown="1"> When using the URL encoding type, non-ASCII characters that are used
|
10564
|
+
# in an object's key name will be percent-encoded according to UTF-8
|
10565
|
+
# code values. For example, the object `test_file(3).png` will appear
|
10566
|
+
# as `test_file%283%29.png`.
|
10567
|
+
#
|
10568
|
+
# </note>
|
10569
|
+
#
|
10570
|
+
#
|
10571
|
+
#
|
10572
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html
|
10573
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines
|
10126
10574
|
# @return [String]
|
10127
10575
|
#
|
10128
10576
|
# @!attribute [rw] request_charged
|
@@ -10202,12 +10650,26 @@ module Aws::S3
|
|
10202
10650
|
# @return [String]
|
10203
10651
|
#
|
10204
10652
|
# @!attribute [rw] encoding_type
|
10205
|
-
#
|
10206
|
-
#
|
10207
|
-
# Unicode character
|
10208
|
-
# characters, such as characters with an ASCII value
|
10209
|
-
# characters that
|
10210
|
-
# parameter to request that Amazon S3 encode the keys in
|
10653
|
+
# Encoding type used by Amazon S3 to encode the [object keys][1] in
|
10654
|
+
# the response. Responses are encoded only in UTF-8. An object key can
|
10655
|
+
# contain any Unicode character. However, the XML 1.0 parser can't
|
10656
|
+
# parse certain characters, such as characters with an ASCII value
|
10657
|
+
# from 0 to 10. For characters that aren't supported in XML 1.0, you
|
10658
|
+
# can add this parameter to request that Amazon S3 encode the keys in
|
10659
|
+
# the response. For more information about characters to avoid in
|
10660
|
+
# object key names, see [Object key naming guidelines][2].
|
10661
|
+
#
|
10662
|
+
# <note markdown="1"> When using the URL encoding type, non-ASCII characters that are used
|
10663
|
+
# in an object's key name will be percent-encoded according to UTF-8
|
10664
|
+
# code values. For example, the object `test_file(3).png` will appear
|
10665
|
+
# as `test_file%283%29.png`.
|
10666
|
+
#
|
10667
|
+
# </note>
|
10668
|
+
#
|
10669
|
+
#
|
10670
|
+
#
|
10671
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html
|
10672
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines
|
10211
10673
|
# @return [String]
|
10212
10674
|
#
|
10213
10675
|
# @!attribute [rw] marker
|
@@ -10475,10 +10937,26 @@ module Aws::S3
|
|
10475
10937
|
# @return [String]
|
10476
10938
|
#
|
10477
10939
|
# @!attribute [rw] encoding_type
|
10478
|
-
# Encoding type used by Amazon S3 to encode object keys in
|
10479
|
-
# response.
|
10480
|
-
#
|
10481
|
-
#
|
10940
|
+
# Encoding type used by Amazon S3 to encode the [object keys][1] in
|
10941
|
+
# the response. Responses are encoded only in UTF-8. An object key can
|
10942
|
+
# contain any Unicode character. However, the XML 1.0 parser can't
|
10943
|
+
# parse certain characters, such as characters with an ASCII value
|
10944
|
+
# from 0 to 10. For characters that aren't supported in XML 1.0, you
|
10945
|
+
# can add this parameter to request that Amazon S3 encode the keys in
|
10946
|
+
# the response. For more information about characters to avoid in
|
10947
|
+
# object key names, see [Object key naming guidelines][2].
|
10948
|
+
#
|
10949
|
+
# <note markdown="1"> When using the URL encoding type, non-ASCII characters that are used
|
10950
|
+
# in an object's key name will be percent-encoded according to UTF-8
|
10951
|
+
# code values. For example, the object `test_file(3).png` will appear
|
10952
|
+
# as `test_file%283%29.png`.
|
10953
|
+
#
|
10954
|
+
# </note>
|
10955
|
+
#
|
10956
|
+
#
|
10957
|
+
#
|
10958
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html
|
10959
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines
|
10482
10960
|
# @return [String]
|
10483
10961
|
#
|
10484
10962
|
# @!attribute [rw] max_keys
|
@@ -11173,10 +11651,10 @@ module Aws::S3
|
|
11173
11651
|
# @return [Integer]
|
11174
11652
|
#
|
11175
11653
|
# @!attribute [rw] newer_noncurrent_versions
|
11176
|
-
# Specifies how many
|
11177
|
-
#
|
11178
|
-
#
|
11179
|
-
#
|
11654
|
+
# Specifies how many noncurrent versions Amazon S3 will retain. You
|
11655
|
+
# can specify up to 100 noncurrent versions to retain. Amazon S3 will
|
11656
|
+
# permanently delete any additional noncurrent versions beyond the
|
11657
|
+
# specified number to retain. For more information about noncurrent
|
11180
11658
|
# versions, see [Lifecycle configuration elements][1] in the *Amazon
|
11181
11659
|
# S3 User Guide*.
|
11182
11660
|
#
|
@@ -11220,12 +11698,12 @@ module Aws::S3
|
|
11220
11698
|
# @return [String]
|
11221
11699
|
#
|
11222
11700
|
# @!attribute [rw] newer_noncurrent_versions
|
11223
|
-
# Specifies how many
|
11224
|
-
#
|
11225
|
-
#
|
11226
|
-
#
|
11227
|
-
#
|
11228
|
-
# S3 User Guide*.
|
11701
|
+
# Specifies how many noncurrent versions Amazon S3 will retain in the
|
11702
|
+
# same storage class before transitioning objects. You can specify up
|
11703
|
+
# to 100 noncurrent versions to retain. Amazon S3 will transition any
|
11704
|
+
# additional noncurrent versions beyond the specified number to
|
11705
|
+
# retain. For more information about noncurrent versions, see
|
11706
|
+
# [Lifecycle configuration elements][1] in the *Amazon S3 User Guide*.
|
11229
11707
|
#
|
11230
11708
|
#
|
11231
11709
|
#
|
@@ -11556,7 +12034,7 @@ module Aws::S3
|
|
11556
12034
|
# @!attribute [rw] checksum_crc32
|
11557
12035
|
# This header can be used as a data integrity check to verify that the
|
11558
12036
|
# data received is the same data that was originally sent. This header
|
11559
|
-
# specifies the base64-encoded, 32-bit
|
12037
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
11560
12038
|
# For more information, see [Checking object integrity][1] in the
|
11561
12039
|
# *Amazon S3 User Guide*.
|
11562
12040
|
#
|
@@ -11566,7 +12044,7 @@ module Aws::S3
|
|
11566
12044
|
# @return [String]
|
11567
12045
|
#
|
11568
12046
|
# @!attribute [rw] checksum_crc32c
|
11569
|
-
# The base64-encoded, 32-bit
|
12047
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
11570
12048
|
# only be present if it was uploaded with the object. When you use an
|
11571
12049
|
# API operation on an object that was uploaded using multipart
|
11572
12050
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -11856,7 +12334,7 @@ module Aws::S3
|
|
11856
12334
|
# @!attribute [rw] checksum_crc32
|
11857
12335
|
# This header can be used as a data integrity check to verify that the
|
11858
12336
|
# data received is the same data that was originally sent. This header
|
11859
|
-
# specifies the base64-encoded, 32-bit
|
12337
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
11860
12338
|
# For more information, see [Checking object integrity][1] in the
|
11861
12339
|
# *Amazon S3 User Guide*.
|
11862
12340
|
#
|
@@ -11866,7 +12344,7 @@ module Aws::S3
|
|
11866
12344
|
# @return [String]
|
11867
12345
|
#
|
11868
12346
|
# @!attribute [rw] checksum_crc32c
|
11869
|
-
# The base64-encoded, 32-bit
|
12347
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
11870
12348
|
# only be present if it was uploaded with the object. When you use an
|
11871
12349
|
# API operation on an object that was uploaded using multipart
|
11872
12350
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -11932,7 +12410,15 @@ module Aws::S3
|
|
11932
12410
|
#
|
11933
12411
|
# @!attribute [rw] partition_date_source
|
11934
12412
|
# Specifies the partition date source for the partitioned prefix.
|
11935
|
-
# PartitionDateSource can be EventTime or DeliveryTime
|
12413
|
+
# `PartitionDateSource` can be `EventTime` or `DeliveryTime`.
|
12414
|
+
#
|
12415
|
+
# For `DeliveryTime`, the time in the log file names corresponds to
|
12416
|
+
# the delivery time for the log files.
|
12417
|
+
#
|
12418
|
+
# For `EventTime`, The logs delivered are for a specific day only. The
|
12419
|
+
# year, month, and day correspond to the day on which the event
|
12420
|
+
# occurred, and the hour, minutes and seconds are set to 00 in the
|
12421
|
+
# key.
|
11936
12422
|
# @return [String]
|
11937
12423
|
#
|
11938
12424
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PartitionedPrefix AWS API Documentation
|
@@ -12045,8 +12531,9 @@ module Aws::S3
|
|
12045
12531
|
# @!attribute [rw] restrict_public_buckets
|
12046
12532
|
# Specifies whether Amazon S3 should restrict public bucket policies
|
12047
12533
|
# for this bucket. Setting this element to `TRUE` restricts access to
|
12048
|
-
# this bucket to only Amazon Web
|
12049
|
-
# users within this account if the bucket has a public
|
12534
|
+
# this bucket to only Amazon Web Services service principals and
|
12535
|
+
# authorized users within this account if the bucket has a public
|
12536
|
+
# policy.
|
12050
12537
|
#
|
12051
12538
|
# Enabling this setting doesn't affect previously stored bucket
|
12052
12539
|
# policies, except that public and cross-account access within any
|
@@ -12301,18 +12788,21 @@ module Aws::S3
|
|
12301
12788
|
|
12302
12789
|
# @!attribute [rw] bucket
|
12303
12790
|
# Specifies default encryption for a bucket using server-side
|
12304
|
-
# encryption with different key options.
|
12305
|
-
#
|
12306
|
-
#
|
12307
|
-
#
|
12308
|
-
#
|
12309
|
-
#
|
12310
|
-
#
|
12311
|
-
#
|
12791
|
+
# encryption with different key options.
|
12792
|
+
#
|
12793
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
12794
|
+
# directory bucket, you must use path-style requests in the format
|
12795
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
12796
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
12797
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
12798
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
12799
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information
|
12800
|
+
# about bucket naming restrictions, see [Directory bucket naming
|
12801
|
+
# rules][1] in the *Amazon S3 User Guide*
|
12312
12802
|
#
|
12313
12803
|
#
|
12314
12804
|
#
|
12315
|
-
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/
|
12805
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
12316
12806
|
# @return [String]
|
12317
12807
|
#
|
12318
12808
|
# @!attribute [rw] content_md5
|
@@ -12322,6 +12812,10 @@ module Aws::S3
|
|
12322
12812
|
# For requests made using the Amazon Web Services Command Line
|
12323
12813
|
# Interface (CLI) or Amazon Web Services SDKs, this field is
|
12324
12814
|
# calculated automatically.
|
12815
|
+
#
|
12816
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
12817
|
+
#
|
12818
|
+
# </note>
|
12325
12819
|
# @return [String]
|
12326
12820
|
#
|
12327
12821
|
# @!attribute [rw] checksum_algorithm
|
@@ -12336,6 +12830,12 @@ module Aws::S3
|
|
12336
12830
|
# If you provide an individual checksum, Amazon S3 ignores any
|
12337
12831
|
# provided `ChecksumAlgorithm` parameter.
|
12338
12832
|
#
|
12833
|
+
# <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs,
|
12834
|
+
# `CRC32` is the default checksum algorithm that's used for
|
12835
|
+
# performance.
|
12836
|
+
#
|
12837
|
+
# </note>
|
12838
|
+
#
|
12339
12839
|
#
|
12340
12840
|
#
|
12341
12841
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
|
@@ -12350,6 +12850,12 @@ module Aws::S3
|
|
12350
12850
|
# you provide does not match the actual owner of the bucket, the
|
12351
12851
|
# request fails with the HTTP status code `403 Forbidden` (access
|
12352
12852
|
# denied).
|
12853
|
+
#
|
12854
|
+
# <note markdown="1"> For directory buckets, this header is not supported in this API
|
12855
|
+
# operation. If you specify this header, the request fails with the
|
12856
|
+
# HTTP status code `501 Not Implemented`.
|
12857
|
+
#
|
12858
|
+
# </note>
|
12353
12859
|
# @return [String]
|
12354
12860
|
#
|
12355
12861
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryptionRequest AWS API Documentation
|
@@ -12418,6 +12924,32 @@ module Aws::S3
|
|
12418
12924
|
include Aws::Structure
|
12419
12925
|
end
|
12420
12926
|
|
12927
|
+
# @!attribute [rw] transition_default_minimum_object_size
|
12928
|
+
# Indicates which default minimum object size behavior is applied to
|
12929
|
+
# the lifecycle configuration.
|
12930
|
+
#
|
12931
|
+
# * `all_storage_classes_128K` - Objects smaller than 128 KB will not
|
12932
|
+
# transition to any storage class by default.
|
12933
|
+
#
|
12934
|
+
# * `varies_by_storage_class` - Objects smaller than 128 KB will
|
12935
|
+
# transition to Glacier Flexible Retrieval or Glacier Deep Archive
|
12936
|
+
# storage classes. By default, all other storage classes will
|
12937
|
+
# prevent transitions smaller than 128 KB.
|
12938
|
+
#
|
12939
|
+
# To customize the minimum object size for any transition you can add
|
12940
|
+
# a filter that specifies a custom `ObjectSizeGreaterThan` or
|
12941
|
+
# `ObjectSizeLessThan` in the body of your transition rule. Custom
|
12942
|
+
# filters always take precedence over the default transition behavior.
|
12943
|
+
# @return [String]
|
12944
|
+
#
|
12945
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationOutput AWS API Documentation
|
12946
|
+
#
|
12947
|
+
class PutBucketLifecycleConfigurationOutput < Struct.new(
|
12948
|
+
:transition_default_minimum_object_size)
|
12949
|
+
SENSITIVE = []
|
12950
|
+
include Aws::Structure
|
12951
|
+
end
|
12952
|
+
|
12421
12953
|
# @!attribute [rw] bucket
|
12422
12954
|
# The name of the bucket for which to set the configuration.
|
12423
12955
|
# @return [String]
|
@@ -12450,13 +12982,32 @@ module Aws::S3
|
|
12450
12982
|
# denied).
|
12451
12983
|
# @return [String]
|
12452
12984
|
#
|
12985
|
+
# @!attribute [rw] transition_default_minimum_object_size
|
12986
|
+
# Indicates which default minimum object size behavior is applied to
|
12987
|
+
# the lifecycle configuration.
|
12988
|
+
#
|
12989
|
+
# * `all_storage_classes_128K` - Objects smaller than 128 KB will not
|
12990
|
+
# transition to any storage class by default.
|
12991
|
+
#
|
12992
|
+
# * `varies_by_storage_class` - Objects smaller than 128 KB will
|
12993
|
+
# transition to Glacier Flexible Retrieval or Glacier Deep Archive
|
12994
|
+
# storage classes. By default, all other storage classes will
|
12995
|
+
# prevent transitions smaller than 128 KB.
|
12996
|
+
#
|
12997
|
+
# To customize the minimum object size for any transition you can add
|
12998
|
+
# a filter that specifies a custom `ObjectSizeGreaterThan` or
|
12999
|
+
# `ObjectSizeLessThan` in the body of your transition rule. Custom
|
13000
|
+
# filters always take precedence over the default transition behavior.
|
13001
|
+
# @return [String]
|
13002
|
+
#
|
12453
13003
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationRequest AWS API Documentation
|
12454
13004
|
#
|
12455
13005
|
class PutBucketLifecycleConfigurationRequest < Struct.new(
|
12456
13006
|
:bucket,
|
12457
13007
|
:checksum_algorithm,
|
12458
13008
|
:lifecycle_configuration,
|
12459
|
-
:expected_bucket_owner
|
13009
|
+
:expected_bucket_owner,
|
13010
|
+
:transition_default_minimum_object_size)
|
12460
13011
|
SENSITIVE = []
|
12461
13012
|
include Aws::Structure
|
12462
13013
|
end
|
@@ -12755,13 +13306,13 @@ module Aws::S3
|
|
12755
13306
|
# For the `x-amz-checksum-algorithm ` header, replace ` algorithm `
|
12756
13307
|
# with the supported algorithm from the following list:
|
12757
13308
|
#
|
12758
|
-
# * CRC32
|
13309
|
+
# * `CRC32`
|
12759
13310
|
#
|
12760
|
-
# * CRC32C
|
13311
|
+
# * `CRC32C`
|
12761
13312
|
#
|
12762
|
-
# * SHA1
|
13313
|
+
# * `SHA1`
|
12763
13314
|
#
|
12764
|
-
# * SHA256
|
13315
|
+
# * `SHA256`
|
12765
13316
|
#
|
12766
13317
|
# For more information, see [Checking object integrity][1] in the
|
12767
13318
|
# *Amazon S3 User Guide*.
|
@@ -13557,7 +14108,7 @@ module Aws::S3
|
|
13557
14108
|
# @return [String]
|
13558
14109
|
#
|
13559
14110
|
# @!attribute [rw] checksum_crc32
|
13560
|
-
# The base64-encoded, 32-bit
|
14111
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
13561
14112
|
# only be present if it was uploaded with the object. When you use an
|
13562
14113
|
# API operation on an object that was uploaded using multipart
|
13563
14114
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -13572,7 +14123,7 @@ module Aws::S3
|
|
13572
14123
|
# @return [String]
|
13573
14124
|
#
|
13574
14125
|
# @!attribute [rw] checksum_crc32c
|
13575
|
-
# The base64-encoded, 32-bit
|
14126
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
13576
14127
|
# only be present if it was uploaded with the object. When you use an
|
13577
14128
|
# API operation on an object that was uploaded using multipart
|
13578
14129
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -13618,12 +14169,7 @@ module Aws::S3
|
|
13618
14169
|
#
|
13619
14170
|
# @!attribute [rw] server_side_encryption
|
13620
14171
|
# The server-side encryption algorithm used when you store this object
|
13621
|
-
# in Amazon S3
|
13622
|
-
#
|
13623
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
13624
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
13625
|
-
#
|
13626
|
-
# </note>
|
14172
|
+
# in Amazon S3.
|
13627
14173
|
# @return [String]
|
13628
14174
|
#
|
13629
14175
|
# @!attribute [rw] version_id
|
@@ -13671,37 +14217,23 @@ module Aws::S3
|
|
13671
14217
|
# @return [String]
|
13672
14218
|
#
|
13673
14219
|
# @!attribute [rw] ssekms_key_id
|
13674
|
-
# If
|
13675
|
-
#
|
13676
|
-
# Service (KMS) symmetric encryption customer managed key that was
|
13677
|
-
# used for the object.
|
13678
|
-
#
|
13679
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
13680
|
-
#
|
13681
|
-
# </note>
|
14220
|
+
# If present, indicates the ID of the KMS key that was used for object
|
14221
|
+
# encryption.
|
13682
14222
|
# @return [String]
|
13683
14223
|
#
|
13684
14224
|
# @!attribute [rw] ssekms_encryption_context
|
13685
14225
|
# If present, indicates the Amazon Web Services KMS Encryption Context
|
13686
14226
|
# to use for object encryption. The value of this header is a
|
13687
|
-
#
|
13688
|
-
# key-value pairs. This value is stored as
|
13689
|
-
# automatically gets passed on to Amazon Web
|
13690
|
-
#
|
13691
|
-
#
|
13692
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
13693
|
-
#
|
13694
|
-
# </note>
|
14227
|
+
# Base64-encoded string of a UTF-8 encoded JSON, which contains the
|
14228
|
+
# encryption context as key-value pairs. This value is stored as
|
14229
|
+
# object metadata and automatically gets passed on to Amazon Web
|
14230
|
+
# Services KMS for future `GetObject` operations on this object.
|
13695
14231
|
# @return [String]
|
13696
14232
|
#
|
13697
14233
|
# @!attribute [rw] bucket_key_enabled
|
13698
14234
|
# Indicates whether the uploaded object uses an S3 Bucket Key for
|
13699
14235
|
# server-side encryption with Key Management Service (KMS) keys
|
13700
14236
|
# (SSE-KMS).
|
13701
|
-
#
|
13702
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
13703
|
-
#
|
13704
|
-
# </note>
|
13705
14237
|
# @return [Boolean]
|
13706
14238
|
#
|
13707
14239
|
# @!attribute [rw] request_charged
|
@@ -13878,10 +14410,11 @@ module Aws::S3
|
|
13878
14410
|
# information about REST request authentication, see [REST
|
13879
14411
|
# Authentication][1].
|
13880
14412
|
#
|
13881
|
-
# <note markdown="1"> The `Content-MD5` header is
|
13882
|
-
# object with a retention period
|
13883
|
-
#
|
13884
|
-
#
|
14413
|
+
# <note markdown="1"> The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is
|
14414
|
+
# required for any request to upload an object with a retention period
|
14415
|
+
# configured using Amazon S3 Object Lock. For more information, see
|
14416
|
+
# [Uploading objects to an Object Lock enabled bucket ][2] in the
|
14417
|
+
# *Amazon S3 User Guide*.
|
13885
14418
|
#
|
13886
14419
|
# </note>
|
13887
14420
|
#
|
@@ -13892,7 +14425,7 @@ module Aws::S3
|
|
13892
14425
|
#
|
13893
14426
|
#
|
13894
14427
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
|
13895
|
-
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/
|
14428
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
|
13896
14429
|
# @return [String]
|
13897
14430
|
#
|
13898
14431
|
# @!attribute [rw] content_type
|
@@ -13916,13 +14449,13 @@ module Aws::S3
|
|
13916
14449
|
# For the `x-amz-checksum-algorithm ` header, replace ` algorithm `
|
13917
14450
|
# with the supported algorithm from the following list:
|
13918
14451
|
#
|
13919
|
-
# * CRC32
|
14452
|
+
# * `CRC32`
|
13920
14453
|
#
|
13921
|
-
# * CRC32C
|
14454
|
+
# * `CRC32C`
|
13922
14455
|
#
|
13923
|
-
# * SHA1
|
14456
|
+
# * `SHA1`
|
13924
14457
|
#
|
13925
|
-
# * SHA256
|
14458
|
+
# * `SHA256`
|
13926
14459
|
#
|
13927
14460
|
# For more information, see [Checking object integrity][1] in the
|
13928
14461
|
# *Amazon S3 User Guide*.
|
@@ -13934,21 +14467,28 @@ module Aws::S3
|
|
13934
14467
|
# algorithm that matches the provided value in
|
13935
14468
|
# `x-amz-checksum-algorithm `.
|
13936
14469
|
#
|
13937
|
-
# <note markdown="1">
|
13938
|
-
#
|
13939
|
-
#
|
14470
|
+
# <note markdown="1"> The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is
|
14471
|
+
# required for any request to upload an object with a retention period
|
14472
|
+
# configured using Amazon S3 Object Lock. For more information, see
|
14473
|
+
# [Uploading objects to an Object Lock enabled bucket ][2] in the
|
14474
|
+
# *Amazon S3 User Guide*.
|
13940
14475
|
#
|
13941
14476
|
# </note>
|
13942
14477
|
#
|
14478
|
+
# For directory buckets, when you use Amazon Web Services SDKs,
|
14479
|
+
# `CRC32` is the default checksum algorithm that's used for
|
14480
|
+
# performance.
|
14481
|
+
#
|
13943
14482
|
#
|
13944
14483
|
#
|
13945
14484
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
|
14485
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
|
13946
14486
|
# @return [String]
|
13947
14487
|
#
|
13948
14488
|
# @!attribute [rw] checksum_crc32
|
13949
14489
|
# This header can be used as a data integrity check to verify that the
|
13950
14490
|
# data received is the same data that was originally sent. This header
|
13951
|
-
# specifies the base64-encoded, 32-bit
|
14491
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
13952
14492
|
# For more information, see [Checking object integrity][1] in the
|
13953
14493
|
# *Amazon S3 User Guide*.
|
13954
14494
|
#
|
@@ -13960,7 +14500,7 @@ module Aws::S3
|
|
13960
14500
|
# @!attribute [rw] checksum_crc32c
|
13961
14501
|
# This header can be used as a data integrity check to verify that the
|
13962
14502
|
# data received is the same data that was originally sent. This header
|
13963
|
-
# specifies the base64-encoded, 32-bit
|
14503
|
+
# specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
|
13964
14504
|
# For more information, see [Checking object integrity][1] in the
|
13965
14505
|
# *Amazon S3 User Guide*.
|
13966
14506
|
#
|
@@ -14003,6 +14543,26 @@ module Aws::S3
|
|
14003
14543
|
# [1]: https://www.rfc-editor.org/rfc/rfc7234#section-5.3
|
14004
14544
|
# @return [Time]
|
14005
14545
|
#
|
14546
|
+
# @!attribute [rw] if_none_match
|
14547
|
+
# Uploads the object only if the object key name does not already
|
14548
|
+
# exist in the bucket specified. Otherwise, Amazon S3 returns a `412
|
14549
|
+
# Precondition Failed` error.
|
14550
|
+
#
|
14551
|
+
# If a conflicting operation occurs during the upload S3 returns a
|
14552
|
+
# `409 ConditionalRequestConflict` response. On a 409 failure you
|
14553
|
+
# should retry the upload.
|
14554
|
+
#
|
14555
|
+
# Expects the '*' (asterisk) character.
|
14556
|
+
#
|
14557
|
+
# For more information about conditional requests, see [RFC 7232][1],
|
14558
|
+
# or [Conditional requests][2] in the *Amazon S3 User Guide*.
|
14559
|
+
#
|
14560
|
+
#
|
14561
|
+
#
|
14562
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
14563
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
|
14564
|
+
# @return [String]
|
14565
|
+
#
|
14006
14566
|
# @!attribute [rw] grant_full_control
|
14007
14567
|
# Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
|
14008
14568
|
# object.
|
@@ -14057,25 +14617,66 @@ module Aws::S3
|
|
14057
14617
|
# this object in Amazon S3 (for example, `AES256`, `aws:kms`,
|
14058
14618
|
# `aws:kms:dsse`).
|
14059
14619
|
#
|
14060
|
-
# <b>General purpose buckets </b> - You have four mutually exclusive
|
14061
|
-
#
|
14062
|
-
#
|
14063
|
-
#
|
14064
|
-
#
|
14065
|
-
#
|
14066
|
-
#
|
14067
|
-
#
|
14068
|
-
#
|
14069
|
-
#
|
14070
|
-
#
|
14620
|
+
# * <b>General purpose buckets </b> - You have four mutually exclusive
|
14621
|
+
# options to protect data using server-side encryption in Amazon S3,
|
14622
|
+
# depending on how you choose to manage the encryption keys.
|
14623
|
+
# Specifically, the encryption key options are Amazon S3 managed
|
14624
|
+
# keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS),
|
14625
|
+
# and customer-provided keys (SSE-C). Amazon S3 encrypts data with
|
14626
|
+
# server-side encryption by using Amazon S3 managed keys (SSE-S3) by
|
14627
|
+
# default. You can optionally tell Amazon S3 to encrypt data at rest
|
14628
|
+
# by using server-side encryption with other key options. For more
|
14629
|
+
# information, see [Using Server-Side Encryption][1] in the *Amazon
|
14630
|
+
# S3 User Guide*.
|
14631
|
+
#
|
14632
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
14633
|
+
# two supported options for server-side encryption: server-side
|
14634
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
14635
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
14636
|
+
# recommend that the bucket's default encryption uses the desired
|
14637
|
+
# encryption configuration and you don't override the bucket
|
14638
|
+
# default encryption in your `CreateSession` requests or `PUT`
|
14639
|
+
# object requests. Then, new objects are automatically encrypted
|
14640
|
+
# with the desired encryption settings. For more information, see
|
14641
|
+
# [Protecting data with server-side encryption][2] in the *Amazon S3
|
14642
|
+
# User Guide*. For more information about the encryption overriding
|
14643
|
+
# behaviors in directory buckets, see [Specifying server-side
|
14644
|
+
# encryption with KMS for new object uploads][3].
|
14645
|
+
#
|
14646
|
+
# In the Zonal endpoint API calls (except [CopyObject][4] and
|
14647
|
+
# [UploadPartCopy][5]) using the REST API, the encryption request
|
14648
|
+
# headers must match the encryption settings that are specified in
|
14649
|
+
# the `CreateSession` request. You can't override the values of the
|
14650
|
+
# encryption settings (`x-amz-server-side-encryption`,
|
14651
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
14652
|
+
# `x-amz-server-side-encryption-context`, and
|
14653
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) that are
|
14654
|
+
# specified in the `CreateSession` request. You don't need to
|
14655
|
+
# explicitly specify these encryption settings values in Zonal
|
14656
|
+
# endpoint API calls, and Amazon S3 will use the encryption settings
|
14657
|
+
# values from the `CreateSession` request to protect new objects in
|
14658
|
+
# the directory bucket.
|
14659
|
+
#
|
14660
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
14661
|
+
# `CreateSession`, the session token refreshes automatically to
|
14662
|
+
# avoid service interruptions when a session expires. The CLI or the
|
14663
|
+
# Amazon Web Services SDKs use the bucket's default encryption
|
14664
|
+
# configuration for the `CreateSession` request. It's not supported
|
14665
|
+
# to override the encryption settings values in the `CreateSession`
|
14666
|
+
# request. So in the Zonal endpoint API calls (except
|
14667
|
+
# [CopyObject][4] and [UploadPartCopy][5]), the encryption request
|
14668
|
+
# headers must match the default encryption configuration of the
|
14669
|
+
# directory bucket.
|
14071
14670
|
#
|
14072
|
-
#
|
14073
|
-
# server-side encryption with Amazon S3 managed keys (SSE-S3)
|
14074
|
-
# (`AES256`) value is supported.
|
14671
|
+
# </note>
|
14075
14672
|
#
|
14076
14673
|
#
|
14077
14674
|
#
|
14078
14675
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
|
14676
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
14677
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
14678
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
14679
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
14079
14680
|
# @return [String]
|
14080
14681
|
#
|
14081
14682
|
# @!attribute [rw] storage_class
|
@@ -14161,48 +14762,92 @@ module Aws::S3
|
|
14161
14762
|
# @return [String]
|
14162
14763
|
#
|
14163
14764
|
# @!attribute [rw] ssekms_key_id
|
14164
|
-
#
|
14165
|
-
#
|
14166
|
-
#
|
14167
|
-
#
|
14765
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
14766
|
+
# object encryption. If the KMS key doesn't exist in the same account
|
14767
|
+
# that's issuing the command, you must use the full Key ARN not the
|
14768
|
+
# Key ID.
|
14769
|
+
#
|
14770
|
+
# **General purpose buckets** - If you specify
|
14771
|
+
# `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`,
|
14772
|
+
# this header specifies the ID (Key ID, Key ARN, or Key Alias) of the
|
14773
|
+
# KMS key to use. If you specify
|
14168
14774
|
# `x-amz-server-side-encryption:aws:kms` or
|
14169
|
-
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
14170
|
-
# x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
14171
|
-
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
14172
|
-
# the KMS key does not exist in the same account that's issuing the
|
14173
|
-
# command, you must use the full ARN and not just the ID.
|
14775
|
+
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
14776
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
14777
|
+
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
14174
14778
|
#
|
14175
|
-
#
|
14779
|
+
# **Directory buckets** - If you specify
|
14780
|
+
# `x-amz-server-side-encryption` with `aws:kms`, the `
|
14781
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header is implicitly
|
14782
|
+
# assigned the ID of the KMS symmetric encryption customer managed key
|
14783
|
+
# that's configured for your directory bucket's default encryption
|
14784
|
+
# setting. If you want to specify the `
|
14785
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
|
14786
|
+
# can only specify it with the ID (Key ID or Key ARN) of the KMS
|
14787
|
+
# customer managed key that's configured for your directory bucket's
|
14788
|
+
# default encryption setting. Otherwise, you get an HTTP `400 Bad
|
14789
|
+
# Request` error. Only use the key ID or key ARN. The key alias format
|
14790
|
+
# of the KMS key isn't supported. Your SSE-KMS configuration can only
|
14791
|
+
# support 1 [customer managed key][1] per directory bucket for the
|
14792
|
+
# lifetime of the bucket. The [Amazon Web Services managed key][2]
|
14793
|
+
# (`aws/s3`) isn't supported.
|
14176
14794
|
#
|
14177
|
-
#
|
14795
|
+
#
|
14796
|
+
#
|
14797
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
14798
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
14178
14799
|
# @return [String]
|
14179
14800
|
#
|
14180
14801
|
# @!attribute [rw] ssekms_encryption_context
|
14181
|
-
# Specifies the Amazon Web Services KMS Encryption Context
|
14182
|
-
#
|
14183
|
-
#
|
14184
|
-
#
|
14185
|
-
#
|
14186
|
-
# `
|
14187
|
-
#
|
14802
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
14803
|
+
# additional encryption context to use for object encryption. The
|
14804
|
+
# value of this header is a Base64-encoded string of a UTF-8 encoded
|
14805
|
+
# JSON, which contains the encryption context as key-value pairs. This
|
14806
|
+
# value is stored as object metadata and automatically gets passed on
|
14807
|
+
# to Amazon Web Services KMS for future `GetObject` operations on this
|
14808
|
+
# object.
|
14188
14809
|
#
|
14189
|
-
#
|
14810
|
+
# **General purpose buckets** - This value must be explicitly added
|
14811
|
+
# during `CopyObject` operations if you want an additional encryption
|
14812
|
+
# context for your object. For more information, see [Encryption
|
14813
|
+
# context][1] in the *Amazon S3 User Guide*.
|
14190
14814
|
#
|
14191
|
-
#
|
14815
|
+
# **Directory buckets** - You can optionally provide an explicit
|
14816
|
+
# encryption context value. The value must match the default
|
14817
|
+
# encryption context - the bucket Amazon Resource Name (ARN). An
|
14818
|
+
# additional encryption context value is not supported.
|
14819
|
+
#
|
14820
|
+
#
|
14821
|
+
#
|
14822
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
14192
14823
|
# @return [String]
|
14193
14824
|
#
|
14194
14825
|
# @!attribute [rw] bucket_key_enabled
|
14195
14826
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
14196
14827
|
# encryption with server-side encryption using Key Management Service
|
14197
|
-
# (KMS) keys (SSE-KMS).
|
14198
|
-
# to use an S3 Bucket Key for object encryption with SSE-KMS.
|
14828
|
+
# (KMS) keys (SSE-KMS).
|
14199
14829
|
#
|
14200
|
-
#
|
14201
|
-
#
|
14830
|
+
# **General purpose buckets** - Setting this header to `true` causes
|
14831
|
+
# Amazon S3 to use an S3 Bucket Key for object encryption with
|
14832
|
+
# SSE-KMS. Also, specifying this header with a PUT action doesn't
|
14833
|
+
# affect bucket-level settings for S3 Bucket Key.
|
14202
14834
|
#
|
14203
|
-
#
|
14835
|
+
# **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
|
14836
|
+
# and `PUT` operations in a directory bucket and can’t be disabled. S3
|
14837
|
+
# Bucket Keys aren't supported, when you copy SSE-KMS encrypted
|
14838
|
+
# objects from general purpose buckets to directory buckets, from
|
14839
|
+
# directory buckets to general purpose buckets, or between directory
|
14840
|
+
# buckets, through [CopyObject][1], [UploadPartCopy][2], [the Copy
|
14841
|
+
# operation in Batch Operations][3], or [the import jobs][4]. In this
|
14842
|
+
# case, Amazon S3 makes a call to KMS every time a copy request is
|
14843
|
+
# made for a KMS-encrypted object.
|
14204
14844
|
#
|
14205
|
-
#
|
14845
|
+
#
|
14846
|
+
#
|
14847
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
14848
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
14849
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
14850
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
14206
14851
|
# @return [Boolean]
|
14207
14852
|
#
|
14208
14853
|
# @!attribute [rw] request_payer
|
@@ -14289,6 +14934,7 @@ module Aws::S3
|
|
14289
14934
|
:checksum_sha1,
|
14290
14935
|
:checksum_sha256,
|
14291
14936
|
:expires,
|
14937
|
+
:if_none_match,
|
14292
14938
|
:grant_full_control,
|
14293
14939
|
:grant_read,
|
14294
14940
|
:grant_read_acp,
|
@@ -14699,7 +15345,15 @@ module Aws::S3
|
|
14699
15345
|
# The container for the records event.
|
14700
15346
|
#
|
14701
15347
|
# @!attribute [rw] payload
|
14702
|
-
# The byte array of partial, one or more result records.
|
15348
|
+
# The byte array of partial, one or more result records. S3 Select
|
15349
|
+
# doesn't guarantee that a record will be self-contained in one
|
15350
|
+
# record frame. To ensure continuous streaming of data, S3 Select
|
15351
|
+
# might split the same record across multiple record frames instead of
|
15352
|
+
# aggregating the results in memory. Some S3 clients (for example, the
|
15353
|
+
# SDK for Java) handle this behavior by creating a `ByteStream` out of
|
15354
|
+
# the response by default. Other clients might not handle this
|
15355
|
+
# behavior by default. In those cases, you must aggregate the results
|
15356
|
+
# on the client side and parse the response.
|
14703
15357
|
# @return [String]
|
14704
15358
|
#
|
14705
15359
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RecordsEvent AWS API Documentation
|
@@ -14907,12 +15561,16 @@ module Aws::S3
|
|
14907
15561
|
#
|
14908
15562
|
# @!attribute [rw] existing_object_replication
|
14909
15563
|
# Optional configuration to replicate existing source bucket objects.
|
14910
|
-
#
|
14911
|
-
#
|
15564
|
+
#
|
15565
|
+
# <note markdown="1"> This parameter is no longer supported. To replicate existing
|
15566
|
+
# objects, see [Replicating existing objects with S3 Batch
|
15567
|
+
# Replication][1] in the *Amazon S3 User Guide*.
|
15568
|
+
#
|
15569
|
+
# </note>
|
14912
15570
|
#
|
14913
15571
|
#
|
14914
15572
|
#
|
14915
|
-
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/
|
15573
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-batch-replication-batch.html
|
14916
15574
|
# @return [Types::ExistingObjectReplication]
|
14917
15575
|
#
|
14918
15576
|
# @!attribute [rw] destination
|
@@ -15740,27 +16398,51 @@ module Aws::S3
|
|
15740
16398
|
|
15741
16399
|
# Describes the default server-side encryption to apply to new objects
|
15742
16400
|
# in the bucket. If a PUT Object request doesn't specify any
|
15743
|
-
# server-side encryption, this default encryption will be applied.
|
15744
|
-
#
|
15745
|
-
#
|
15746
|
-
#
|
15747
|
-
#
|
15748
|
-
#
|
15749
|
-
#
|
16401
|
+
# server-side encryption, this default encryption will be applied. For
|
16402
|
+
# more information, see [PutBucketEncryption][1].
|
16403
|
+
#
|
16404
|
+
# <note markdown="1"> * **General purpose buckets** - If you don't specify a customer
|
16405
|
+
# managed key at configuration, Amazon S3 automatically creates an
|
16406
|
+
# Amazon Web Services KMS key (`aws/s3`) in your Amazon Web Services
|
16407
|
+
# account the first time that you add an object encrypted with SSE-KMS
|
16408
|
+
# to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.
|
16409
|
+
#
|
16410
|
+
# * **Directory buckets** - Your SSE-KMS configuration can only support
|
16411
|
+
# 1 [customer managed key][2] per directory bucket for the lifetime of
|
16412
|
+
# the bucket. The [Amazon Web Services managed key][3] (`aws/s3`)
|
16413
|
+
# isn't supported.
|
16414
|
+
#
|
16415
|
+
# * **Directory buckets** - For directory buckets, there are only two
|
16416
|
+
# supported options for server-side encryption: SSE-S3 and SSE-KMS.
|
16417
|
+
#
|
16418
|
+
# </note>
|
15750
16419
|
#
|
15751
16420
|
#
|
15752
16421
|
#
|
15753
16422
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html
|
16423
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
16424
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
15754
16425
|
#
|
15755
16426
|
# @!attribute [rw] sse_algorithm
|
15756
16427
|
# Server-side encryption algorithm to use for the default encryption.
|
16428
|
+
#
|
16429
|
+
# <note markdown="1"> For directory buckets, there are only two supported values for
|
16430
|
+
# server-side encryption: `AES256` and `aws:kms`.
|
16431
|
+
#
|
16432
|
+
# </note>
|
15757
16433
|
# @return [String]
|
15758
16434
|
#
|
15759
16435
|
# @!attribute [rw] kms_master_key_id
|
15760
|
-
# Amazon Web Services Key Management Service (KMS) customer
|
15761
|
-
#
|
15762
|
-
#
|
15763
|
-
#
|
16436
|
+
# Amazon Web Services Key Management Service (KMS) customer managed
|
16437
|
+
# key ID to use for the default encryption.
|
16438
|
+
#
|
16439
|
+
# <note markdown="1"> * **General purpose buckets** - This parameter is allowed if and
|
16440
|
+
# only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse`.
|
16441
|
+
#
|
16442
|
+
# * **Directory buckets** - This parameter is allowed if and only if
|
16443
|
+
# `SSEAlgorithm` is set to `aws:kms`.
|
16444
|
+
#
|
16445
|
+
# </note>
|
15764
16446
|
#
|
15765
16447
|
# You can specify the key ID, key alias, or the Amazon Resource Name
|
15766
16448
|
# (ARN) of the KMS key.
|
@@ -15772,22 +16454,36 @@ module Aws::S3
|
|
15772
16454
|
#
|
15773
16455
|
# * Key Alias: `alias/alias-name`
|
15774
16456
|
#
|
15775
|
-
# If you use a key ID, you can run into a LogDestination undeliverable
|
15776
|
-
# error when creating a VPC flow log.
|
15777
|
-
#
|
15778
16457
|
# If you are using encryption with cross-account or Amazon Web
|
15779
|
-
# Services service operations you must use a fully qualified KMS key
|
16458
|
+
# Services service operations, you must use a fully qualified KMS key
|
15780
16459
|
# ARN. For more information, see [Using encryption for cross-account
|
15781
16460
|
# operations][1].
|
15782
16461
|
#
|
16462
|
+
# <note markdown="1"> * **General purpose buckets** - If you're specifying a customer
|
16463
|
+
# managed KMS key, we recommend using a fully qualified KMS key ARN.
|
16464
|
+
# If you use a KMS key alias instead, then KMS resolves the key
|
16465
|
+
# within the requester’s account. This behavior can result in data
|
16466
|
+
# that's encrypted with a KMS key that belongs to the requester,
|
16467
|
+
# and not the bucket owner. Also, if you use a key ID, you can run
|
16468
|
+
# into a LogDestination undeliverable error when creating a VPC flow
|
16469
|
+
# log.
|
16470
|
+
#
|
16471
|
+
# * **Directory buckets** - When you specify an [KMS customer managed
|
16472
|
+
# key][2] for encryption in your directory bucket, only use the key
|
16473
|
+
# ID or key ARN. The key alias format of the KMS key isn't
|
16474
|
+
# supported.
|
16475
|
+
#
|
16476
|
+
# </note>
|
16477
|
+
#
|
15783
16478
|
# Amazon S3 only supports symmetric encryption KMS keys. For more
|
15784
|
-
# information, see [Asymmetric keys in Amazon Web Services KMS][
|
16479
|
+
# information, see [Asymmetric keys in Amazon Web Services KMS][3] in
|
15785
16480
|
# the *Amazon Web Services Key Management Service Developer Guide*.
|
15786
16481
|
#
|
15787
16482
|
#
|
15788
16483
|
#
|
15789
16484
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy
|
15790
|
-
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/
|
16485
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
16486
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
|
15791
16487
|
# @return [String]
|
15792
16488
|
#
|
15793
16489
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionByDefault AWS API Documentation
|
@@ -15816,6 +16512,23 @@ module Aws::S3
|
|
15816
16512
|
|
15817
16513
|
# Specifies the default server-side encryption configuration.
|
15818
16514
|
#
|
16515
|
+
# <note markdown="1"> * **General purpose buckets** - If you're specifying a customer
|
16516
|
+
# managed KMS key, we recommend using a fully qualified KMS key ARN.
|
16517
|
+
# If you use a KMS key alias instead, then KMS resolves the key within
|
16518
|
+
# the requester’s account. This behavior can result in data that's
|
16519
|
+
# encrypted with a KMS key that belongs to the requester, and not the
|
16520
|
+
# bucket owner.
|
16521
|
+
#
|
16522
|
+
# * **Directory buckets** - When you specify an [KMS customer managed
|
16523
|
+
# key][1] for encryption in your directory bucket, only use the key ID
|
16524
|
+
# or key ARN. The key alias format of the KMS key isn't supported.
|
16525
|
+
#
|
16526
|
+
# </note>
|
16527
|
+
#
|
16528
|
+
#
|
16529
|
+
#
|
16530
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
16531
|
+
#
|
15819
16532
|
# @!attribute [rw] apply_server_side_encryption_by_default
|
15820
16533
|
# Specifies the default server-side encryption to apply to new objects
|
15821
16534
|
# in the bucket. If a PUT Object request doesn't specify any
|
@@ -15827,14 +16540,31 @@ module Aws::S3
|
|
15827
16540
|
# server-side encryption using KMS (SSE-KMS) for new objects in the
|
15828
16541
|
# bucket. Existing objects are not affected. Setting the
|
15829
16542
|
# `BucketKeyEnabled` element to `true` causes Amazon S3 to use an S3
|
15830
|
-
# Bucket Key.
|
16543
|
+
# Bucket Key.
|
15831
16544
|
#
|
15832
|
-
#
|
15833
|
-
#
|
16545
|
+
# <note markdown="1"> * **General purpose buckets** - By default, S3 Bucket Key is not
|
16546
|
+
# enabled. For more information, see [Amazon S3 Bucket Keys][1] in
|
16547
|
+
# the *Amazon S3 User Guide*.
|
16548
|
+
#
|
16549
|
+
# * **Directory buckets** - S3 Bucket Keys are always enabled for
|
16550
|
+
# `GET` and `PUT` operations in a directory bucket and can’t be
|
16551
|
+
# disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS
|
16552
|
+
# encrypted objects from general purpose buckets to directory
|
16553
|
+
# buckets, from directory buckets to general purpose buckets, or
|
16554
|
+
# between directory buckets, through [CopyObject][2],
|
16555
|
+
# [UploadPartCopy][3], [the Copy operation in Batch Operations][4],
|
16556
|
+
# or [the import jobs][5]. In this case, Amazon S3 makes a call to
|
16557
|
+
# KMS every time a copy request is made for a KMS-encrypted object.
|
16558
|
+
#
|
16559
|
+
# </note>
|
15834
16560
|
#
|
15835
16561
|
#
|
15836
16562
|
#
|
15837
16563
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
|
16564
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
16565
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
16566
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
16567
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
15838
16568
|
# @return [Boolean]
|
15839
16569
|
#
|
15840
16570
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionRule AWS API Documentation
|
@@ -15849,8 +16579,8 @@ module Aws::S3
|
|
15849
16579
|
# The established temporary security credentials of the session.
|
15850
16580
|
#
|
15851
16581
|
# <note markdown="1"> **Directory buckets** - These session credentials are only supported
|
15852
|
-
# for the authentication and authorization of Zonal endpoint
|
15853
|
-
# directory buckets.
|
16582
|
+
# for the authentication and authorization of Zonal endpoint API
|
16583
|
+
# operations on directory buckets.
|
15854
16584
|
#
|
15855
16585
|
# </note>
|
15856
16586
|
#
|
@@ -16284,11 +17014,6 @@ module Aws::S3
|
|
16284
17014
|
# @!attribute [rw] server_side_encryption
|
16285
17015
|
# The server-side encryption algorithm used when you store this object
|
16286
17016
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
16287
|
-
#
|
16288
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
16289
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
16290
|
-
#
|
16291
|
-
# </note>
|
16292
17017
|
# @return [String]
|
16293
17018
|
#
|
16294
17019
|
# @!attribute [rw] sse_customer_algorithm
|
@@ -16313,23 +17038,14 @@ module Aws::S3
|
|
16313
17038
|
# @return [String]
|
16314
17039
|
#
|
16315
17040
|
# @!attribute [rw] ssekms_key_id
|
16316
|
-
# If present, indicates the ID of the
|
16317
|
-
#
|
16318
|
-
# object.
|
16319
|
-
#
|
16320
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
16321
|
-
#
|
16322
|
-
# </note>
|
17041
|
+
# If present, indicates the ID of the KMS key that was used for object
|
17042
|
+
# encryption.
|
16323
17043
|
# @return [String]
|
16324
17044
|
#
|
16325
17045
|
# @!attribute [rw] bucket_key_enabled
|
16326
17046
|
# Indicates whether the multipart upload uses an S3 Bucket Key for
|
16327
17047
|
# server-side encryption with Key Management Service (KMS) keys
|
16328
17048
|
# (SSE-KMS).
|
16329
|
-
#
|
16330
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
16331
|
-
#
|
16332
|
-
# </note>
|
16333
17049
|
# @return [Boolean]
|
16334
17050
|
#
|
16335
17051
|
# @!attribute [rw] request_charged
|
@@ -16680,11 +17396,6 @@ module Aws::S3
|
|
16680
17396
|
# @!attribute [rw] server_side_encryption
|
16681
17397
|
# The server-side encryption algorithm used when you store this object
|
16682
17398
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
16683
|
-
#
|
16684
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
16685
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
16686
|
-
#
|
16687
|
-
# </note>
|
16688
17399
|
# @return [String]
|
16689
17400
|
#
|
16690
17401
|
# @!attribute [rw] etag
|
@@ -16692,7 +17403,7 @@ module Aws::S3
|
|
16692
17403
|
# @return [String]
|
16693
17404
|
#
|
16694
17405
|
# @!attribute [rw] checksum_crc32
|
16695
|
-
# The base64-encoded, 32-bit
|
17406
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
16696
17407
|
# only be present if it was uploaded with the object. When you use an
|
16697
17408
|
# API operation on an object that was uploaded using multipart
|
16698
17409
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -16707,7 +17418,7 @@ module Aws::S3
|
|
16707
17418
|
# @return [String]
|
16708
17419
|
#
|
16709
17420
|
# @!attribute [rw] checksum_crc32c
|
16710
|
-
# The base64-encoded, 32-bit
|
17421
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
16711
17422
|
# only be present if it was uploaded with the object. When you use an
|
16712
17423
|
# API operation on an object that was uploaded using multipart
|
16713
17424
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -16773,23 +17484,14 @@ module Aws::S3
|
|
16773
17484
|
# @return [String]
|
16774
17485
|
#
|
16775
17486
|
# @!attribute [rw] ssekms_key_id
|
16776
|
-
# If present, indicates the ID of the
|
16777
|
-
#
|
16778
|
-
# object.
|
16779
|
-
#
|
16780
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
16781
|
-
#
|
16782
|
-
# </note>
|
17487
|
+
# If present, indicates the ID of the KMS key that was used for object
|
17488
|
+
# encryption.
|
16783
17489
|
# @return [String]
|
16784
17490
|
#
|
16785
17491
|
# @!attribute [rw] bucket_key_enabled
|
16786
17492
|
# Indicates whether the multipart upload uses an S3 Bucket Key for
|
16787
17493
|
# server-side encryption with Key Management Service (KMS) keys
|
16788
17494
|
# (SSE-KMS).
|
16789
|
-
#
|
16790
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
16791
|
-
#
|
16792
|
-
# </note>
|
16793
17495
|
# @return [Boolean]
|
16794
17496
|
#
|
16795
17497
|
# @!attribute [rw] request_charged
|
@@ -16906,7 +17608,7 @@ module Aws::S3
|
|
16906
17608
|
# @!attribute [rw] checksum_crc32
|
16907
17609
|
# This header can be used as a data integrity check to verify that the
|
16908
17610
|
# data received is the same data that was originally sent. This header
|
16909
|
-
# specifies the base64-encoded, 32-bit
|
17611
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
16910
17612
|
# For more information, see [Checking object integrity][1] in the
|
16911
17613
|
# *Amazon S3 User Guide*.
|
16912
17614
|
#
|
@@ -16918,7 +17620,7 @@ module Aws::S3
|
|
16918
17620
|
# @!attribute [rw] checksum_crc32c
|
16919
17621
|
# This header can be used as a data integrity check to verify that the
|
16920
17622
|
# data received is the same data that was originally sent. This header
|
16921
|
-
# specifies the base64-encoded, 32-bit
|
17623
|
+
# specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
|
16922
17624
|
# For more information, see [Checking object integrity][1] in the
|
16923
17625
|
# *Amazon S3 User Guide*.
|
16924
17626
|
#
|
@@ -17208,7 +17910,7 @@ module Aws::S3
|
|
17208
17910
|
# @!attribute [rw] checksum_crc32
|
17209
17911
|
# This header can be used as a data integrity check to verify that the
|
17210
17912
|
# data received is the same data that was originally sent. This
|
17211
|
-
# specifies the base64-encoded, 32-bit
|
17913
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object
|
17212
17914
|
# returned by the Object Lambda function. This may not match the
|
17213
17915
|
# checksum for the object stored in Amazon S3. Amazon S3 will perform
|
17214
17916
|
# validation of the checksum values only when the original `GetObject`
|
@@ -17229,7 +17931,7 @@ module Aws::S3
|
|
17229
17931
|
# @!attribute [rw] checksum_crc32c
|
17230
17932
|
# This header can be used as a data integrity check to verify that the
|
17231
17933
|
# data received is the same data that was originally sent. This
|
17232
|
-
# specifies the base64-encoded, 32-bit
|
17934
|
+
# specifies the base64-encoded, 32-bit CRC-32C checksum of the object
|
17233
17935
|
# returned by the Object Lambda function. This may not match the
|
17234
17936
|
# checksum for the object stored in Amazon S3. Amazon S3 will perform
|
17235
17937
|
# validation of the checksum values only when the original `GetObject`
|
@@ -17492,3 +18194,6 @@ module Aws::S3
|
|
17492
18194
|
|
17493
18195
|
end
|
17494
18196
|
end
|
18197
|
+
|
18198
|
+
require "aws-sdk-s3/customizations/types/list_object_versions_output"
|
18199
|
+
require "aws-sdk-s3/customizations/types/permanent_redirect"
|