aws-sdk-s3 1.150.0 → 1.169.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +110 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +12 -3
  5. data/lib/aws-sdk-s3/bucket.rb +252 -88
  6. data/lib/aws-sdk-s3/bucket_acl.rb +3 -3
  7. data/lib/aws-sdk-s3/bucket_cors.rb +4 -4
  8. data/lib/aws-sdk-s3/bucket_lifecycle.rb +4 -4
  9. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +42 -5
  10. data/lib/aws-sdk-s3/bucket_logging.rb +3 -3
  11. data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
  12. data/lib/aws-sdk-s3/bucket_policy.rb +8 -8
  13. data/lib/aws-sdk-s3/bucket_request_payment.rb +3 -3
  14. data/lib/aws-sdk-s3/bucket_tagging.rb +4 -4
  15. data/lib/aws-sdk-s3/bucket_versioning.rb +5 -5
  16. data/lib/aws-sdk-s3/bucket_website.rb +4 -4
  17. data/lib/aws-sdk-s3/client.rb +1685 -668
  18. data/lib/aws-sdk-s3/client_api.rb +49 -4
  19. data/lib/aws-sdk-s3/customizations/bucket.rb +1 -1
  20. data/lib/aws-sdk-s3/customizations/object.rb +11 -5
  21. data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
  22. data/lib/aws-sdk-s3/customizations/object_version.rb +13 -0
  23. data/lib/aws-sdk-s3/customizations.rb +24 -38
  24. data/lib/aws-sdk-s3/encryption/client.rb +2 -2
  25. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +2 -2
  26. data/lib/aws-sdk-s3/encryptionV2/client.rb +2 -2
  27. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +2 -2
  28. data/lib/aws-sdk-s3/endpoint_parameters.rb +21 -18
  29. data/lib/aws-sdk-s3/endpoint_provider.rb +1 -0
  30. data/lib/aws-sdk-s3/endpoints.rb +416 -1614
  31. data/lib/aws-sdk-s3/errors.rb +3 -0
  32. data/lib/aws-sdk-s3/file_downloader.rb +1 -1
  33. data/lib/aws-sdk-s3/file_uploader.rb +1 -1
  34. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +1 -1
  35. data/lib/aws-sdk-s3/multipart_upload.rb +31 -8
  36. data/lib/aws-sdk-s3/multipart_upload_part.rb +11 -11
  37. data/lib/aws-sdk-s3/object.rb +441 -158
  38. data/lib/aws-sdk-s3/object_acl.rb +3 -3
  39. data/lib/aws-sdk-s3/object_copier.rb +1 -1
  40. data/lib/aws-sdk-s3/object_summary.rb +403 -134
  41. data/lib/aws-sdk-s3/object_version.rb +53 -13
  42. data/lib/aws-sdk-s3/plugins/access_grants.rb +75 -5
  43. data/lib/aws-sdk-s3/plugins/endpoints.rb +24 -212
  44. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +7 -1
  45. data/lib/aws-sdk-s3/plugins/http_200_errors.rb +53 -16
  46. data/lib/aws-sdk-s3/resource.rb +37 -11
  47. data/lib/aws-sdk-s3/types.rb +1106 -401
  48. data/lib/aws-sdk-s3.rb +35 -31
  49. data/sig/bucket.rbs +4 -0
  50. data/sig/bucket_lifecycle_configuration.rbs +7 -3
  51. data/sig/client.rbs +49 -5
  52. data/sig/multipart_upload.rbs +1 -0
  53. data/sig/object.rbs +7 -0
  54. data/sig/object_summary.rbs +1 -0
  55. data/sig/object_version.rbs +6 -0
  56. data/sig/resource.rbs +7 -1
  57. data/sig/types.rbs +36 -2
  58. data/sig/waiters.rbs +12 -0
  59. metadata +7 -6
@@ -132,7 +132,7 @@ module Aws::S3
132
132
  data[:content_length]
133
133
  end
134
134
 
135
- # The base64-encoded, 32-bit CRC32 checksum of the object. This will
135
+ # The base64-encoded, 32-bit CRC-32 checksum of the object. This will
136
136
  # only be present if it was uploaded with the object. When you use an
137
137
  # API operation on an object that was uploaded using multipart uploads,
138
138
  # this value may not be a direct checksum value of the full object.
@@ -149,7 +149,7 @@ module Aws::S3
149
149
  data[:checksum_crc32]
150
150
  end
151
151
 
152
- # The base64-encoded, 32-bit CRC32C checksum of the object. This will
152
+ # The base64-encoded, 32-bit CRC-32C checksum of the object. This will
153
153
  # only be present if it was uploaded with the object. When you use an
154
154
  # API operation on an object that was uploaded using multipart uploads,
155
155
  # this value may not be a direct checksum value of the full object.
@@ -288,11 +288,6 @@ module Aws::S3
288
288
 
289
289
  # The server-side encryption algorithm used when you store this object
290
290
  # in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
291
- #
292
- # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
293
- # managed keys (SSE-S3) (`AES256`) is supported.
294
- #
295
- # </note>
296
291
  # @return [String]
297
292
  def server_side_encryption
298
293
  data[:server_side_encryption]
@@ -329,13 +324,8 @@ module Aws::S3
329
324
  data[:sse_customer_key_md5]
330
325
  end
331
326
 
332
- # If present, indicates the ID of the Key Management Service (KMS)
333
- # symmetric encryption customer managed key that was used for the
334
- # object.
335
- #
336
- # <note markdown="1"> This functionality is not supported for directory buckets.
337
- #
338
- # </note>
327
+ # If present, indicates the ID of the KMS key that was used for object
328
+ # encryption.
339
329
  # @return [String]
340
330
  def ssekms_key_id
341
331
  data[:ssekms_key_id]
@@ -343,10 +333,6 @@ module Aws::S3
343
333
 
344
334
  # Indicates whether the object uses an S3 Bucket Key for server-side
345
335
  # encryption with Key Management Service (KMS) keys (SSE-KMS).
346
- #
347
- # <note markdown="1"> This functionality is not supported for directory buckets.
348
- #
349
- # </note>
350
336
  # @return [Boolean]
351
337
  def bucket_key_enabled
352
338
  data[:bucket_key_enabled]
@@ -500,7 +486,7 @@ module Aws::S3
500
486
  #
501
487
  # @return [self]
502
488
  def load
503
- resp = Aws::Plugins::UserAgent.feature('resource') do
489
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
504
490
  @client.head_object(
505
491
  bucket: @bucket_name,
506
492
  key: @key
@@ -550,7 +536,7 @@ module Aws::S3
550
536
  options, params = separate_params_and_options(options)
551
537
  waiter = Waiters::ObjectExists.new(options)
552
538
  yield_waiter_and_warn(waiter, &block) if block_given?
553
- Aws::Plugins::UserAgent.feature('resource') do
539
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
554
540
  waiter.wait(params.merge(bucket: @bucket_name,
555
541
  key: @key))
556
542
  end
@@ -571,7 +557,7 @@ module Aws::S3
571
557
  options, params = separate_params_and_options(options)
572
558
  waiter = Waiters::ObjectNotExists.new(options)
573
559
  yield_waiter_and_warn(waiter, &block) if block_given?
574
- Aws::Plugins::UserAgent.feature('resource') do
560
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
575
561
  waiter.wait(params.merge(bucket: @bucket_name,
576
562
  key: @key))
577
563
  end
@@ -676,7 +662,7 @@ module Aws::S3
676
662
  :retry
677
663
  end
678
664
  end
679
- Aws::Plugins::UserAgent.feature('resource') do
665
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
680
666
  Aws::Waiters::Waiter.new(options).wait({})
681
667
  end
682
668
  end
@@ -1031,9 +1017,8 @@ module Aws::S3
1031
1017
  # </note>
1032
1018
  # @option options [String] :server_side_encryption
1033
1019
  # The server-side encryption algorithm used when storing this object in
1034
- # Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
1035
- # Unrecognized or unsupported values won’t write a destination object
1036
- # and will receive a `400 Bad Request` response.
1020
+ # Amazon S3. Unrecognized or unsupported values won’t write a
1021
+ # destination object and will receive a `400 Bad Request` response.
1037
1022
  #
1038
1023
  # Amazon S3 automatically encrypts all new objects that are copied to an
1039
1024
  # S3 bucket. When copying an object, if you don't specify encryption
@@ -1041,35 +1026,72 @@ module Aws::S3
1041
1026
  # object is set to the default encryption configuration of the
1042
1027
  # destination bucket. By default, all buckets have a base level of
1043
1028
  # encryption configuration that uses server-side encryption with Amazon
1044
- # S3 managed keys (SSE-S3). If the destination bucket has a default
1045
- # encryption configuration that uses server-side encryption with Key
1046
- # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
1047
- # encryption with Amazon Web Services KMS keys (DSSE-KMS), or
1048
- # server-side encryption with customer-provided encryption keys (SSE-C),
1049
- # Amazon S3 uses the corresponding KMS key, or a customer-provided key
1050
- # to encrypt the target object copy.
1051
- #
1052
- # When you perform a `CopyObject` operation, if you want to use a
1053
- # different type of encryption setting for the target object, you can
1054
- # specify appropriate encryption-related headers to encrypt the target
1055
- # object with an Amazon S3 managed key, a KMS key, or a
1056
- # customer-provided key. If the encryption setting in your request is
1057
- # different from the default encryption configuration of the destination
1058
- # bucket, the encryption setting in your request takes precedence.
1029
+ # S3 managed keys (SSE-S3). If the destination bucket has a different
1030
+ # default encryption configuration, Amazon S3 uses the corresponding
1031
+ # encryption key to encrypt the target object copy.
1059
1032
  #
1060
1033
  # With server-side encryption, Amazon S3 encrypts your data as it writes
1061
1034
  # your data to disks in its data centers and decrypts the data when you
1062
1035
  # access it. For more information about server-side encryption, see
1063
1036
  # [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
1064
1037
  #
1065
- # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
1066
- # managed keys (SSE-S3) (`AES256`) is supported.
1067
- #
1068
- # </note>
1038
+ # <b>General purpose buckets </b>
1039
+ #
1040
+ # * For general purpose buckets, there are the following supported
1041
+ # options for server-side encryption: server-side encryption with Key
1042
+ # Management Service (KMS) keys (SSE-KMS), dual-layer server-side
1043
+ # encryption with Amazon Web Services KMS keys (DSSE-KMS), and
1044
+ # server-side encryption with customer-provided encryption keys
1045
+ # (SSE-C). Amazon S3 uses the corresponding KMS key, or a
1046
+ # customer-provided key to encrypt the target object copy.
1047
+ #
1048
+ # * When you perform a `CopyObject` operation, if you want to use a
1049
+ # different type of encryption setting for the target object, you can
1050
+ # specify appropriate encryption-related headers to encrypt the target
1051
+ # object with an Amazon S3 managed key, a KMS key, or a
1052
+ # customer-provided key. If the encryption setting in your request is
1053
+ # different from the default encryption configuration of the
1054
+ # destination bucket, the encryption setting in your request takes
1055
+ # precedence.
1056
+ #
1057
+ # <b>Directory buckets </b>
1058
+ #
1059
+ # * For directory buckets, there are only two supported options for
1060
+ # server-side encryption: server-side encryption with Amazon S3
1061
+ # managed keys (SSE-S3) (`AES256`) and server-side encryption with KMS
1062
+ # keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default
1063
+ # encryption uses the desired encryption configuration and you don't
1064
+ # override the bucket default encryption in your `CreateSession`
1065
+ # requests or `PUT` object requests. Then, new objects are
1066
+ # automatically encrypted with the desired encryption settings. For
1067
+ # more information, see [Protecting data with server-side
1068
+ # encryption][2] in the *Amazon S3 User Guide*. For more information
1069
+ # about the encryption overriding behaviors in directory buckets, see
1070
+ # [Specifying server-side encryption with KMS for new object
1071
+ # uploads][3].
1072
+ #
1073
+ # * To encrypt new object copies to a directory bucket with SSE-KMS, we
1074
+ # recommend you specify SSE-KMS as the directory bucket's default
1075
+ # encryption configuration with a KMS key (specifically, a [customer
1076
+ # managed key][4]). The [Amazon Web Services managed key][5]
1077
+ # (`aws/s3`) isn't supported. Your SSE-KMS configuration can only
1078
+ # support 1 [customer managed key][4] per directory bucket for the
1079
+ # lifetime of the bucket. After you specify a customer managed key for
1080
+ # SSE-KMS, you can't override the customer managed key for the
1081
+ # bucket's SSE-KMS configuration. Then, when you perform a
1082
+ # `CopyObject` operation and want to specify server-side encryption
1083
+ # settings for new object copies with SSE-KMS in the
1084
+ # encryption-related request headers, you must ensure the encryption
1085
+ # key is the same customer managed key that you specified for the
1086
+ # directory bucket's default encryption configuration.
1069
1087
  #
1070
1088
  #
1071
1089
  #
1072
1090
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
1091
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
1092
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
1093
+ # [4]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
1094
+ # [5]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
1073
1095
  # @option options [String] :storage_class
1074
1096
  # If the `x-amz-storage-class` header is not used, the copied object
1075
1097
  # will be stored in the `STANDARD` Storage Class by default. The
@@ -1160,32 +1182,55 @@ module Aws::S3
1160
1182
  #
1161
1183
  # </note>
1162
1184
  # @option options [String] :ssekms_key_id
1163
- # Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object
1164
- # encryption. All GET and PUT requests for an object protected by KMS
1165
- # will fail if they're not made via SSL or using SigV4. For information
1166
- # about configuring any of the officially supported Amazon Web Services
1167
- # SDKs and Amazon Web Services CLI, see [Specifying the Signature
1168
- # Version in Request Authentication][1] in the *Amazon S3 User Guide*.
1169
- #
1170
- # <note markdown="1"> This functionality is not supported when the destination bucket is a
1171
- # directory bucket.
1172
- #
1173
- # </note>
1185
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
1186
+ # object encryption. All GET and PUT requests for an object protected by
1187
+ # KMS will fail if they're not made via SSL or using SigV4. For
1188
+ # information about configuring any of the officially supported Amazon
1189
+ # Web Services SDKs and Amazon Web Services CLI, see [Specifying the
1190
+ # Signature Version in Request Authentication][1] in the *Amazon S3 User
1191
+ # Guide*.
1192
+ #
1193
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
1194
+ # with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id`
1195
+ # header is implicitly assigned the ID of the KMS symmetric encryption
1196
+ # customer managed key that's configured for your directory bucket's
1197
+ # default encryption setting. If you want to specify the `
1198
+ # x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
1199
+ # can only specify it with the ID (Key ID or Key ARN) of the KMS
1200
+ # customer managed key that's configured for your directory bucket's
1201
+ # default encryption setting. Otherwise, you get an HTTP `400 Bad
1202
+ # Request` error. Only use the key ID or key ARN. The key alias format
1203
+ # of the KMS key isn't supported. Your SSE-KMS configuration can only
1204
+ # support 1 [customer managed key][2] per directory bucket for the
1205
+ # lifetime of the bucket. The [Amazon Web Services managed key][3]
1206
+ # (`aws/s3`) isn't supported.
1174
1207
  #
1175
1208
  #
1176
1209
  #
1177
1210
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
1211
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
1212
+ # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
1178
1213
  # @option options [String] :ssekms_encryption_context
1179
- # Specifies the Amazon Web Services KMS Encryption Context to use for
1180
- # object encryption. The value of this header is a base64-encoded UTF-8
1181
- # string holding JSON with the encryption context key-value pairs. This
1182
- # value must be explicitly added to specify encryption context for
1183
- # `CopyObject` requests.
1214
+ # Specifies the Amazon Web Services KMS Encryption Context as an
1215
+ # additional encryption context to use for the destination object
1216
+ # encryption. The value of this header is a base64-encoded UTF-8 string
1217
+ # holding JSON with the encryption context key-value pairs.
1184
1218
  #
1185
- # <note markdown="1"> This functionality is not supported when the destination bucket is a
1186
- # directory bucket.
1219
+ # **General purpose buckets** - This value must be explicitly added to
1220
+ # specify encryption context for `CopyObject` requests if you want an
1221
+ # additional encryption context for your destination object. The
1222
+ # additional encryption context of the source object won't be copied to
1223
+ # the destination object. For more information, see [Encryption
1224
+ # context][1] in the *Amazon S3 User Guide*.
1187
1225
  #
1188
- # </note>
1226
+ # **Directory buckets** - You can optionally provide an explicit
1227
+ # encryption context value. The value must match the default encryption
1228
+ # context - the bucket Amazon Resource Name (ARN). An additional
1229
+ # encryption context value is not supported.
1230
+ #
1231
+ #
1232
+ #
1233
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
1189
1234
  # @option options [Boolean] :bucket_key_enabled
1190
1235
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1191
1236
  # encryption with server-side encryption using Key Management Service
@@ -1199,14 +1244,19 @@ module Aws::S3
1199
1244
  # For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
1200
1245
  # User Guide*.
1201
1246
  #
1202
- # <note markdown="1"> This functionality is not supported when the destination bucket is a
1203
- # directory bucket.
1247
+ # <note markdown="1"> **Directory buckets** - S3 Bucket Keys aren't supported, when you
1248
+ # copy SSE-KMS encrypted objects from general purpose buckets to
1249
+ # directory buckets, from directory buckets to general purpose buckets,
1250
+ # or between directory buckets, through [CopyObject][2]. In this case,
1251
+ # Amazon S3 makes a call to KMS every time a copy request is made for a
1252
+ # KMS-encrypted object.
1204
1253
  #
1205
1254
  # </note>
1206
1255
  #
1207
1256
  #
1208
1257
  #
1209
1258
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
1259
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
1210
1260
  # @option options [String] :copy_source_sse_customer_algorithm
1211
1261
  # Specifies the algorithm to use when decrypting the source object (for
1212
1262
  # example, `AES256`).
@@ -1346,7 +1396,7 @@ module Aws::S3
1346
1396
  bucket: @bucket_name,
1347
1397
  key: @key
1348
1398
  )
1349
- resp = Aws::Plugins::UserAgent.feature('resource') do
1399
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1350
1400
  @client.copy_object(options)
1351
1401
  end
1352
1402
  resp.data
@@ -1412,7 +1462,7 @@ module Aws::S3
1412
1462
  bucket: @bucket_name,
1413
1463
  key: @key
1414
1464
  )
1415
- resp = Aws::Plugins::UserAgent.feature('resource') do
1465
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1416
1466
  @client.delete_object(options)
1417
1467
  end
1418
1468
  resp.data
@@ -1662,13 +1712,22 @@ module Aws::S3
1662
1712
  # fails with the HTTP status code `403 Forbidden` (access denied).
1663
1713
  # @option options [String] :checksum_mode
1664
1714
  # To retrieve the checksum, this mode must be enabled.
1715
+ #
1716
+ # **General purpose buckets** - In addition, if you enable checksum mode
1717
+ # and the object is uploaded with a [checksum][1] and encrypted with an
1718
+ # Key Management Service (KMS) key, you must have permission to use the
1719
+ # `kms:Decrypt` action to retrieve the checksum.
1720
+ #
1721
+ #
1722
+ #
1723
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
1665
1724
  # @return [Types::GetObjectOutput]
1666
1725
  def get(options = {}, &block)
1667
1726
  options = options.merge(
1668
1727
  bucket: @bucket_name,
1669
1728
  key: @key
1670
1729
  )
1671
- resp = Aws::Plugins::UserAgent.feature('resource') do
1730
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
1672
1731
  @client.get_object(options, &block)
1673
1732
  end
1674
1733
  resp.data
@@ -2010,10 +2069,52 @@ module Aws::S3
2010
2069
  # The server-side encryption algorithm used when you store this object
2011
2070
  # in Amazon S3 (for example, `AES256`, `aws:kms`).
2012
2071
  #
2013
- # <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
2014
- # managed keys (SSE-S3) (`AES256`) is supported.
2072
+ # * <b>Directory buckets </b> - For directory buckets, there are only
2073
+ # two supported options for server-side encryption: server-side
2074
+ # encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
2075
+ # server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
2076
+ # recommend that the bucket's default encryption uses the desired
2077
+ # encryption configuration and you don't override the bucket default
2078
+ # encryption in your `CreateSession` requests or `PUT` object
2079
+ # requests. Then, new objects are automatically encrypted with the
2080
+ # desired encryption settings. For more information, see [Protecting
2081
+ # data with server-side encryption][1] in the *Amazon S3 User Guide*.
2082
+ # For more information about the encryption overriding behaviors in
2083
+ # directory buckets, see [Specifying server-side encryption with KMS
2084
+ # for new object uploads][2].
2085
+ #
2086
+ # In the Zonal endpoint API calls (except [CopyObject][3] and
2087
+ # [UploadPartCopy][4]) using the REST API, the encryption request
2088
+ # headers must match the encryption settings that are specified in the
2089
+ # `CreateSession` request. You can't override the values of the
2090
+ # encryption settings (`x-amz-server-side-encryption`,
2091
+ # `x-amz-server-side-encryption-aws-kms-key-id`,
2092
+ # `x-amz-server-side-encryption-context`, and
2093
+ # `x-amz-server-side-encryption-bucket-key-enabled`) that are
2094
+ # specified in the `CreateSession` request. You don't need to
2095
+ # explicitly specify these encryption settings values in Zonal
2096
+ # endpoint API calls, and Amazon S3 will use the encryption settings
2097
+ # values from the `CreateSession` request to protect new objects in
2098
+ # the directory bucket.
2099
+ #
2100
+ # <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
2101
+ # `CreateSession`, the session token refreshes automatically to avoid
2102
+ # service interruptions when a session expires. The CLI or the Amazon
2103
+ # Web Services SDKs use the bucket's default encryption configuration
2104
+ # for the `CreateSession` request. It's not supported to override the
2105
+ # encryption settings values in the `CreateSession` request. So in the
2106
+ # Zonal endpoint API calls (except [CopyObject][3] and
2107
+ # [UploadPartCopy][4]), the encryption request headers must match the
2108
+ # default encryption configuration of the directory bucket.
2015
2109
  #
2016
- # </note>
2110
+ # </note>
2111
+ #
2112
+ #
2113
+ #
2114
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
2115
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
2116
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2117
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2017
2118
  # @option options [String] :storage_class
2018
2119
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
2019
2120
  # created objects. The STANDARD storage class provides high durability
@@ -2066,32 +2167,74 @@ module Aws::S3
2066
2167
  #
2067
2168
  # </note>
2068
2169
  # @option options [String] :ssekms_key_id
2069
- # Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric
2070
- # encryption customer managed key to use for object encryption.
2071
- #
2072
- # <note markdown="1"> This functionality is not supported for directory buckets.
2073
- #
2074
- # </note>
2170
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
2171
+ # object encryption. If the KMS key doesn't exist in the same account
2172
+ # that's issuing the command, you must use the full Key ARN not the Key
2173
+ # ID.
2174
+ #
2175
+ # **General purpose buckets** - If you specify
2176
+ # `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
2177
+ # header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
2178
+ # to use. If you specify `x-amz-server-side-encryption:aws:kms` or
2179
+ # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
2180
+ # `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
2181
+ # Amazon Web Services managed key (`aws/s3`) to protect the data.
2182
+ #
2183
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
2184
+ # with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id`
2185
+ # header is implicitly assigned the ID of the KMS symmetric encryption
2186
+ # customer managed key that's configured for your directory bucket's
2187
+ # default encryption setting. If you want to specify the `
2188
+ # x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
2189
+ # can only specify it with the ID (Key ID or Key ARN) of the KMS
2190
+ # customer managed key that's configured for your directory bucket's
2191
+ # default encryption setting. Otherwise, you get an HTTP `400 Bad
2192
+ # Request` error. Only use the key ID or key ARN. The key alias format
2193
+ # of the KMS key isn't supported. Your SSE-KMS configuration can only
2194
+ # support 1 [customer managed key][1] per directory bucket for the
2195
+ # lifetime of the bucket. The [Amazon Web Services managed key][2]
2196
+ # (`aws/s3`) isn't supported.
2197
+ #
2198
+ #
2199
+ #
2200
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
2201
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
2075
2202
  # @option options [String] :ssekms_encryption_context
2076
2203
  # Specifies the Amazon Web Services KMS Encryption Context to use for
2077
- # object encryption. The value of this header is a base64-encoded UTF-8
2078
- # string holding JSON with the encryption context key-value pairs.
2079
- #
2080
- # <note markdown="1"> This functionality is not supported for directory buckets.
2081
- #
2082
- # </note>
2204
+ # object encryption. The value of this header is a Base64-encoded string
2205
+ # of a UTF-8 encoded JSON, which contains the encryption context as
2206
+ # key-value pairs.
2207
+ #
2208
+ # **Directory buckets** - You can optionally provide an explicit
2209
+ # encryption context value. The value must match the default encryption
2210
+ # context - the bucket Amazon Resource Name (ARN). An additional
2211
+ # encryption context value is not supported.
2083
2212
  # @option options [Boolean] :bucket_key_enabled
2084
2213
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
2085
2214
  # encryption with server-side encryption using Key Management Service
2086
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
2087
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
2215
+ # (KMS) keys (SSE-KMS).
2088
2216
  #
2089
- # Specifying this header with an object action doesn’t affect
2217
+ # **General purpose buckets** - Setting this header to `true` causes
2218
+ # Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
2219
+ # Also, specifying this header with a PUT action doesn't affect
2090
2220
  # bucket-level settings for S3 Bucket Key.
2091
2221
  #
2092
- # <note markdown="1"> This functionality is not supported for directory buckets.
2222
+ # **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
2223
+ # and `PUT` operations in a directory bucket and can’t be disabled. S3
2224
+ # Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
2225
+ # from general purpose buckets to directory buckets, from directory
2226
+ # buckets to general purpose buckets, or between directory buckets,
2227
+ # through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
2228
+ # Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
2229
+ # makes a call to KMS every time a copy request is made for a
2230
+ # KMS-encrypted object.
2093
2231
  #
2094
- # </note>
2232
+ #
2233
+ #
2234
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2235
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2236
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
2237
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
2095
2238
  # @option options [String] :request_payer
2096
2239
  # Confirms that the requester knows that they will be charged for the
2097
2240
  # request. Bucket owners need not specify this parameter in their
@@ -2153,7 +2296,7 @@ module Aws::S3
2153
2296
  bucket: @bucket_name,
2154
2297
  key: @key
2155
2298
  )
2156
- resp = Aws::Plugins::UserAgent.feature('resource') do
2299
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
2157
2300
  @client.create_multipart_upload(options)
2158
2301
  end
2159
2302
  MultipartUpload.new(
@@ -2182,6 +2325,7 @@ module Aws::S3
2182
2325
  # checksum_sha1: "ChecksumSHA1",
2183
2326
  # checksum_sha256: "ChecksumSHA256",
2184
2327
  # expires: Time.now,
2328
+ # if_none_match: "IfNoneMatch",
2185
2329
  # grant_full_control: "GrantFullControl",
2186
2330
  # grant_read: "GrantRead",
2187
2331
  # grant_read_acp: "GrantReadACP",
@@ -2289,10 +2433,11 @@ module Aws::S3
2289
2433
  # information about REST request authentication, see [REST
2290
2434
  # Authentication][1].
2291
2435
  #
2292
- # <note markdown="1"> The `Content-MD5` header is required for any request to upload an
2293
- # object with a retention period configured using Amazon S3 Object Lock.
2294
- # For more information about Amazon S3 Object Lock, see [Amazon S3
2295
- # Object Lock Overview][2] in the *Amazon S3 User Guide*.
2436
+ # <note markdown="1"> The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required
2437
+ # for any request to upload an object with a retention period configured
2438
+ # using Amazon S3 Object Lock. For more information, see [Uploading
2439
+ # objects to an Object Lock enabled bucket ][2] in the *Amazon S3 User
2440
+ # Guide*.
2296
2441
  #
2297
2442
  # </note>
2298
2443
  #
@@ -2303,7 +2448,7 @@ module Aws::S3
2303
2448
  #
2304
2449
  #
2305
2450
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
2306
- # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
2451
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
2307
2452
  # @option options [String] :content_type
2308
2453
  # A standard MIME type describing the format of the contents. For more
2309
2454
  # information, see
@@ -2323,13 +2468,13 @@ module Aws::S3
2323
2468
  # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
2324
2469
  # the supported algorithm from the following list:
2325
2470
  #
2326
- # * CRC32
2471
+ # * `CRC32`
2327
2472
  #
2328
- # * CRC32C
2473
+ # * `CRC32C`
2329
2474
  #
2330
- # * SHA1
2475
+ # * `SHA1`
2331
2476
  #
2332
- # * SHA256
2477
+ # * `SHA256`
2333
2478
  #
2334
2479
  # For more information, see [Checking object integrity][1] in the
2335
2480
  # *Amazon S3 User Guide*.
@@ -2340,20 +2485,27 @@ module Aws::S3
2340
2485
  # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
2341
2486
  # that matches the provided value in `x-amz-checksum-algorithm `.
2342
2487
  #
2343
- # <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
2344
- # is the default checksum algorithm that's used for performance.
2488
+ # <note markdown="1"> The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required
2489
+ # for any request to upload an object with a retention period configured
2490
+ # using Amazon S3 Object Lock. For more information, see [Uploading
2491
+ # objects to an Object Lock enabled bucket ][2] in the *Amazon S3 User
2492
+ # Guide*.
2345
2493
  #
2346
2494
  # </note>
2347
2495
  #
2496
+ # For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
2497
+ # is the default checksum algorithm that's used for performance.
2498
+ #
2348
2499
  #
2349
2500
  #
2350
2501
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
2502
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
2351
2503
  # @option options [String] :checksum_crc32
2352
2504
  # This header can be used as a data integrity check to verify that the
2353
2505
  # data received is the same data that was originally sent. This header
2354
- # specifies the base64-encoded, 32-bit CRC32 checksum of the object. For
2355
- # more information, see [Checking object integrity][1] in the *Amazon S3
2356
- # User Guide*.
2506
+ # specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
2507
+ # For more information, see [Checking object integrity][1] in the
2508
+ # *Amazon S3 User Guide*.
2357
2509
  #
2358
2510
  #
2359
2511
  #
@@ -2361,7 +2513,7 @@ module Aws::S3
2361
2513
  # @option options [String] :checksum_crc32c
2362
2514
  # This header can be used as a data integrity check to verify that the
2363
2515
  # data received is the same data that was originally sent. This header
2364
- # specifies the base64-encoded, 32-bit CRC32C checksum of the object.
2516
+ # specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
2365
2517
  # For more information, see [Checking object integrity][1] in the
2366
2518
  # *Amazon S3 User Guide*.
2367
2519
  #
@@ -2396,6 +2548,24 @@ module Aws::S3
2396
2548
  #
2397
2549
  #
2398
2550
  # [1]: https://www.rfc-editor.org/rfc/rfc7234#section-5.3
2551
+ # @option options [String] :if_none_match
2552
+ # Uploads the object only if the object key name does not already exist
2553
+ # in the bucket specified. Otherwise, Amazon S3 returns a `412
2554
+ # Precondition Failed` error.
2555
+ #
2556
+ # If a conflicting operation occurs during the upload S3 returns a `409
2557
+ # ConditionalRequestConflict` response. On a 409 failure you should
2558
+ # retry the upload.
2559
+ #
2560
+ # Expects the '*' (asterisk) character.
2561
+ #
2562
+ # For more information about conditional requests, see [RFC 7232][1], or
2563
+ # [Conditional requests][2] in the *Amazon S3 User Guide*.
2564
+ #
2565
+ #
2566
+ #
2567
+ # [1]: https://tools.ietf.org/html/rfc7232
2568
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
2399
2569
  # @option options [String] :grant_full_control
2400
2570
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
2401
2571
  # object.
@@ -2436,25 +2606,65 @@ module Aws::S3
2436
2606
  # object in Amazon S3 (for example, `AES256`, `aws:kms`,
2437
2607
  # `aws:kms:dsse`).
2438
2608
  #
2439
- # <b>General purpose buckets </b> - You have four mutually exclusive
2440
- # options to protect data using server-side encryption in Amazon S3,
2441
- # depending on how you choose to manage the encryption keys.
2442
- # Specifically, the encryption key options are Amazon S3 managed keys
2443
- # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2444
- # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2445
- # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2446
- # default. You can optionally tell Amazon S3 to encrypt data at rest by
2447
- # using server-side encryption with other key options. For more
2448
- # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2449
- # User Guide*.
2609
+ # * <b>General purpose buckets </b> - You have four mutually exclusive
2610
+ # options to protect data using server-side encryption in Amazon S3,
2611
+ # depending on how you choose to manage the encryption keys.
2612
+ # Specifically, the encryption key options are Amazon S3 managed keys
2613
+ # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
2614
+ # customer-provided keys (SSE-C). Amazon S3 encrypts data with
2615
+ # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
2616
+ # default. You can optionally tell Amazon S3 to encrypt data at rest
2617
+ # by using server-side encryption with other key options. For more
2618
+ # information, see [Using Server-Side Encryption][1] in the *Amazon S3
2619
+ # User Guide*.
2620
+ #
2621
+ # * <b>Directory buckets </b> - For directory buckets, there are only
2622
+ # two supported options for server-side encryption: server-side
2623
+ # encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
2624
+ # server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
2625
+ # recommend that the bucket's default encryption uses the desired
2626
+ # encryption configuration and you don't override the bucket default
2627
+ # encryption in your `CreateSession` requests or `PUT` object
2628
+ # requests. Then, new objects are automatically encrypted with the
2629
+ # desired encryption settings. For more information, see [Protecting
2630
+ # data with server-side encryption][2] in the *Amazon S3 User Guide*.
2631
+ # For more information about the encryption overriding behaviors in
2632
+ # directory buckets, see [Specifying server-side encryption with KMS
2633
+ # for new object uploads][3].
2634
+ #
2635
+ # In the Zonal endpoint API calls (except [CopyObject][4] and
2636
+ # [UploadPartCopy][5]) using the REST API, the encryption request
2637
+ # headers must match the encryption settings that are specified in the
2638
+ # `CreateSession` request. You can't override the values of the
2639
+ # encryption settings (`x-amz-server-side-encryption`,
2640
+ # `x-amz-server-side-encryption-aws-kms-key-id`,
2641
+ # `x-amz-server-side-encryption-context`, and
2642
+ # `x-amz-server-side-encryption-bucket-key-enabled`) that are
2643
+ # specified in the `CreateSession` request. You don't need to
2644
+ # explicitly specify these encryption settings values in Zonal
2645
+ # endpoint API calls, and Amazon S3 will use the encryption settings
2646
+ # values from the `CreateSession` request to protect new objects in
2647
+ # the directory bucket.
2648
+ #
2649
+ # <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
2650
+ # `CreateSession`, the session token refreshes automatically to avoid
2651
+ # service interruptions when a session expires. The CLI or the Amazon
2652
+ # Web Services SDKs use the bucket's default encryption configuration
2653
+ # for the `CreateSession` request. It's not supported to override the
2654
+ # encryption settings values in the `CreateSession` request. So in the
2655
+ # Zonal endpoint API calls (except [CopyObject][4] and
2656
+ # [UploadPartCopy][5]), the encryption request headers must match the
2657
+ # default encryption configuration of the directory bucket.
2450
2658
  #
2451
- # <b>Directory buckets </b> - For directory buckets, only the
2452
- # server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`)
2453
- # value is supported.
2659
+ # </note>
2454
2660
  #
2455
2661
  #
2456
2662
  #
2457
2663
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
2664
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
2665
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
2666
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2667
+ # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2458
2668
  # @option options [String] :storage_class
2459
2669
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
2460
2670
  # created objects. The STANDARD storage class provides high durability
@@ -2528,44 +2738,86 @@ module Aws::S3
2528
2738
  #
2529
2739
  # </note>
2530
2740
  # @option options [String] :ssekms_key_id
2531
- # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
2532
- # `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key
2533
- # Alias) of the Key Management Service (KMS) symmetric encryption
2534
- # customer managed key that was used for the object. If you specify
2535
- # `x-amz-server-side-encryption:aws:kms` or
2536
- # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
2537
- # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
2538
- # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
2539
- # KMS key does not exist in the same account that's issuing the
2540
- # command, you must use the full ARN and not just the ID.
2741
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
2742
+ # object encryption. If the KMS key doesn't exist in the same account
2743
+ # that's issuing the command, you must use the full Key ARN not the Key
2744
+ # ID.
2745
+ #
2746
+ # **General purpose buckets** - If you specify
2747
+ # `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
2748
+ # header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
2749
+ # to use. If you specify `x-amz-server-side-encryption:aws:kms` or
2750
+ # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
2751
+ # `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
2752
+ # Amazon Web Services managed key (`aws/s3`) to protect the data.
2753
+ #
2754
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
2755
+ # with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id`
2756
+ # header is implicitly assigned the ID of the KMS symmetric encryption
2757
+ # customer managed key that's configured for your directory bucket's
2758
+ # default encryption setting. If you want to specify the `
2759
+ # x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
2760
+ # can only specify it with the ID (Key ID or Key ARN) of the KMS
2761
+ # customer managed key that's configured for your directory bucket's
2762
+ # default encryption setting. Otherwise, you get an HTTP `400 Bad
2763
+ # Request` error. Only use the key ID or key ARN. The key alias format
2764
+ # of the KMS key isn't supported. Your SSE-KMS configuration can only
2765
+ # support 1 [customer managed key][1] per directory bucket for the
2766
+ # lifetime of the bucket. The [Amazon Web Services managed key][2]
2767
+ # (`aws/s3`) isn't supported.
2768
+ #
2769
+ #
2770
+ #
2771
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
2772
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
2773
+ # @option options [String] :ssekms_encryption_context
2774
+ # Specifies the Amazon Web Services KMS Encryption Context as an
2775
+ # additional encryption context to use for object encryption. The value
2776
+ # of this header is a Base64-encoded string of a UTF-8 encoded JSON,
2777
+ # which contains the encryption context as key-value pairs. This value
2778
+ # is stored as object metadata and automatically gets passed on to
2779
+ # Amazon Web Services KMS for future `GetObject` operations on this
2780
+ # object.
2541
2781
  #
2542
- # <note markdown="1"> This functionality is not supported for directory buckets.
2782
+ # **General purpose buckets** - This value must be explicitly added
2783
+ # during `CopyObject` operations if you want an additional encryption
2784
+ # context for your object. For more information, see [Encryption
2785
+ # context][1] in the *Amazon S3 User Guide*.
2543
2786
  #
2544
- # </note>
2545
- # @option options [String] :ssekms_encryption_context
2546
- # Specifies the Amazon Web Services KMS Encryption Context to use for
2547
- # object encryption. The value of this header is a base64-encoded UTF-8
2548
- # string holding JSON with the encryption context key-value pairs. This
2549
- # value is stored as object metadata and automatically gets passed on to
2550
- # Amazon Web Services KMS for future `GetObject` or `CopyObject`
2551
- # operations on this object. This value must be explicitly added during
2552
- # `CopyObject` operations.
2787
+ # **Directory buckets** - You can optionally provide an explicit
2788
+ # encryption context value. The value must match the default encryption
2789
+ # context - the bucket Amazon Resource Name (ARN). An additional
2790
+ # encryption context value is not supported.
2553
2791
  #
2554
- # <note markdown="1"> This functionality is not supported for directory buckets.
2555
2792
  #
2556
- # </note>
2793
+ #
2794
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
2557
2795
  # @option options [Boolean] :bucket_key_enabled
2558
2796
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
2559
2797
  # encryption with server-side encryption using Key Management Service
2560
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
2561
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
2798
+ # (KMS) keys (SSE-KMS).
2562
2799
  #
2563
- # Specifying this header with a PUT action doesn’t affect bucket-level
2564
- # settings for S3 Bucket Key.
2800
+ # **General purpose buckets** - Setting this header to `true` causes
2801
+ # Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
2802
+ # Also, specifying this header with a PUT action doesn't affect
2803
+ # bucket-level settings for S3 Bucket Key.
2565
2804
  #
2566
- # <note markdown="1"> This functionality is not supported for directory buckets.
2805
+ # **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
2806
+ # and `PUT` operations in a directory bucket and can’t be disabled. S3
2807
+ # Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
2808
+ # from general purpose buckets to directory buckets, from directory
2809
+ # buckets to general purpose buckets, or between directory buckets,
2810
+ # through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
2811
+ # Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
2812
+ # makes a call to KMS every time a copy request is made for a
2813
+ # KMS-encrypted object.
2567
2814
  #
2568
- # </note>
2815
+ #
2816
+ #
2817
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
2818
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
2819
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
2820
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
2569
2821
  # @option options [String] :request_payer
2570
2822
  # Confirms that the requester knows that they will be charged for the
2571
2823
  # request. Bucket owners need not specify this parameter in their
@@ -2624,7 +2876,7 @@ module Aws::S3
2624
2876
  bucket: @bucket_name,
2625
2877
  key: @key
2626
2878
  )
2627
- resp = Aws::Plugins::UserAgent.feature('resource') do
2879
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
2628
2880
  @client.put_object(options)
2629
2881
  end
2630
2882
  resp.data
@@ -2765,7 +3017,7 @@ module Aws::S3
2765
3017
  bucket: @bucket_name,
2766
3018
  key: @key
2767
3019
  )
2768
- resp = Aws::Plugins::UserAgent.feature('resource') do
3020
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
2769
3021
  @client.restore_object(options)
2770
3022
  end
2771
3023
  resp.data
@@ -2779,6 +3031,12 @@ module Aws::S3
2779
3031
  # if_none_match: "IfNoneMatch",
2780
3032
  # if_unmodified_since: Time.now,
2781
3033
  # range: "Range",
3034
+ # response_cache_control: "ResponseCacheControl",
3035
+ # response_content_disposition: "ResponseContentDisposition",
3036
+ # response_content_encoding: "ResponseContentEncoding",
3037
+ # response_content_language: "ResponseContentLanguage",
3038
+ # response_content_type: "ResponseContentType",
3039
+ # response_expires: Time.now,
2782
3040
  # version_id: "ObjectVersionId",
2783
3041
  # sse_customer_algorithm: "SSECustomerAlgorithm",
2784
3042
  # sse_customer_key: "SSECustomerKey",
@@ -2866,6 +3124,18 @@ module Aws::S3
2866
3124
  # satisfiable, only the `ContentLength` is affected in the response. If
2867
3125
  # the Range is not satisfiable, S3 returns a `416 - Requested Range Not
2868
3126
  # Satisfiable` error.
3127
+ # @option options [String] :response_cache_control
3128
+ # Sets the `Cache-Control` header of the response.
3129
+ # @option options [String] :response_content_disposition
3130
+ # Sets the `Content-Disposition` header of the response.
3131
+ # @option options [String] :response_content_encoding
3132
+ # Sets the `Content-Encoding` header of the response.
3133
+ # @option options [String] :response_content_language
3134
+ # Sets the `Content-Language` header of the response.
3135
+ # @option options [String] :response_content_type
3136
+ # Sets the `Content-Type` header of the response.
3137
+ # @option options [Time,DateTime,Date,Integer,String] :response_expires
3138
+ # Sets the `Expires` header of the response.
2869
3139
  # @option options [String] :version_id
2870
3140
  # Version ID used to reference a specific version of the object.
2871
3141
  #
@@ -2926,17 +3196,27 @@ module Aws::S3
2926
3196
  # @option options [String] :checksum_mode
2927
3197
  # To retrieve the checksum, this parameter must be enabled.
2928
3198
  #
2929
- # In addition, if you enable `ChecksumMode` and the object is encrypted
2930
- # with Amazon Web Services Key Management Service (Amazon Web Services
2931
- # KMS), you must have permission to use the `kms:Decrypt` action for the
2932
- # request to succeed.
3199
+ # **General purpose buckets** - If you enable checksum mode and the
3200
+ # object is uploaded with a [checksum][1] and encrypted with an Key
3201
+ # Management Service (KMS) key, you must have permission to use the
3202
+ # `kms:Decrypt` action to retrieve the checksum.
3203
+ #
3204
+ # **Directory buckets** - If you enable `ChecksumMode` and the object is
3205
+ # encrypted with Amazon Web Services Key Management Service (Amazon Web
3206
+ # Services KMS), you must also have the `kms:GenerateDataKey` and
3207
+ # `kms:Decrypt` permissions in IAM identity-based policies and KMS key
3208
+ # policies for the KMS key to retrieve the checksum of the object.
3209
+ #
3210
+ #
3211
+ #
3212
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
2933
3213
  # @return [Types::HeadObjectOutput]
2934
3214
  def head(options = {})
2935
3215
  options = options.merge(
2936
3216
  bucket: @bucket_name,
2937
3217
  key: @key
2938
3218
  )
2939
- resp = Aws::Plugins::UserAgent.feature('resource') do
3219
+ resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
2940
3220
  @client.head_object(options)
2941
3221
  end
2942
3222
  resp.data
@@ -3119,13 +3399,13 @@ module Aws::S3
3119
3399
  # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
3120
3400
  # the supported algorithm from the following list:
3121
3401
  #
3122
- # * CRC32
3402
+ # * `CRC32`
3123
3403
  #
3124
- # * CRC32C
3404
+ # * `CRC32C`
3125
3405
  #
3126
- # * SHA1
3406
+ # * `SHA1`
3127
3407
  #
3128
- # * SHA256
3408
+ # * `SHA256`
3129
3409
  #
3130
3410
  # For more information, see [Checking object integrity][1] in the
3131
3411
  # *Amazon S3 User Guide*.
@@ -3154,7 +3434,7 @@ module Aws::S3
3154
3434
  key: item.key
3155
3435
  }
3156
3436
  end
3157
- Aws::Plugins::UserAgent.feature('resource') do
3437
+ Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
3158
3438
  batch[0].client.delete_objects(params)
3159
3439
  end
3160
3440
  end
@@ -3166,3 +3446,6 @@ module Aws::S3
3166
3446
  end
3167
3447
  end
3168
3448
  end
3449
+
3450
+ # Load customizations if they exist
3451
+ require 'aws-sdk-s3/customizations/object'