aws-sdk-s3 1.159.0 → 1.166.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +35 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/bucket.rb +123 -43
- data/lib/aws-sdk-s3/client.rb +1115 -395
- data/lib/aws-sdk-s3/client_api.rb +9 -0
- data/lib/aws-sdk-s3/customizations/object.rb +6 -0
- data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
- data/lib/aws-sdk-s3/customizations/object_version.rb +13 -0
- data/lib/aws-sdk-s3/customizations.rb +24 -38
- data/lib/aws-sdk-s3/endpoints.rb +99 -396
- data/lib/aws-sdk-s3/errors.rb +3 -0
- data/lib/aws-sdk-s3/multipart_upload.rb +3 -0
- data/lib/aws-sdk-s3/object.rb +339 -129
- data/lib/aws-sdk-s3/object_summary.rb +327 -109
- data/lib/aws-sdk-s3/object_version.rb +17 -8
- data/lib/aws-sdk-s3/plugins/endpoints.rb +23 -8
- data/lib/aws-sdk-s3/types.rb +647 -306
- data/lib/aws-sdk-s3.rb +35 -31
- data/sig/client.rbs +11 -1
- data/sig/resource.rbs +2 -0
- data/sig/types.rbs +10 -2
- metadata +5 -4
data/lib/aws-sdk-s3/client.rb
CHANGED
@@ -32,6 +32,7 @@ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
|
32
32
|
require 'aws-sdk-core/plugins/request_compression.rb'
|
33
33
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
34
34
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
35
|
+
require 'aws-sdk-core/plugins/telemetry.rb'
|
35
36
|
require 'aws-sdk-core/plugins/sign.rb'
|
36
37
|
require 'aws-sdk-core/plugins/protocols/rest_xml.rb'
|
37
38
|
require 'aws-sdk-s3/plugins/accelerate.rb'
|
@@ -56,8 +57,6 @@ require 'aws-sdk-s3/plugins/streaming_retry.rb'
|
|
56
57
|
require 'aws-sdk-s3/plugins/url_encoded_keys.rb'
|
57
58
|
require 'aws-sdk-core/plugins/event_stream_configuration.rb'
|
58
59
|
|
59
|
-
Aws::Plugins::GlobalConfiguration.add_identifier(:s3)
|
60
|
-
|
61
60
|
module Aws::S3
|
62
61
|
# An API client for S3. To construct a client, you need to configure a `:region` and `:credentials`.
|
63
62
|
#
|
@@ -104,6 +103,7 @@ module Aws::S3
|
|
104
103
|
add_plugin(Aws::Plugins::RequestCompression)
|
105
104
|
add_plugin(Aws::Plugins::DefaultsMode)
|
106
105
|
add_plugin(Aws::Plugins::RecursionDetection)
|
106
|
+
add_plugin(Aws::Plugins::Telemetry)
|
107
107
|
add_plugin(Aws::Plugins::Sign)
|
108
108
|
add_plugin(Aws::Plugins::Protocols::RestXml)
|
109
109
|
add_plugin(Aws::S3::Plugins::Accelerate)
|
@@ -170,13 +170,15 @@ module Aws::S3
|
|
170
170
|
# locations will be searched for credentials:
|
171
171
|
#
|
172
172
|
# * `Aws.config[:credentials]`
|
173
|
-
# * The `:access_key_id`, `:secret_access_key`,
|
174
|
-
#
|
173
|
+
# * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
|
174
|
+
# `:account_id` options.
|
175
|
+
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
|
176
|
+
# ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
|
175
177
|
# * `~/.aws/credentials`
|
176
178
|
# * `~/.aws/config`
|
177
179
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
178
180
|
# are very aggressive. Construct and pass an instance of
|
179
|
-
# `Aws::
|
181
|
+
# `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
|
180
182
|
# enable retries and extended timeouts. Instance profile credential
|
181
183
|
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
182
184
|
# to true.
|
@@ -205,6 +207,8 @@ module Aws::S3
|
|
205
207
|
#
|
206
208
|
# @option options [String] :access_key_id
|
207
209
|
#
|
210
|
+
# @option options [String] :account_id
|
211
|
+
#
|
208
212
|
# @option options [Boolean] :active_endpoint_cache (false)
|
209
213
|
# When set to `true`, a thread polling for endpoints will be running in
|
210
214
|
# the background every 60 secs (default). Defaults to `false`.
|
@@ -432,6 +436,16 @@ module Aws::S3
|
|
432
436
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
433
437
|
# requests are made, and retries are disabled.
|
434
438
|
#
|
439
|
+
# @option options [Aws::Telemetry::TelemetryProviderBase] :telemetry_provider (Aws::Telemetry::NoOpTelemetryProvider)
|
440
|
+
# Allows you to provide a telemetry provider, which is used to
|
441
|
+
# emit telemetry data. By default, uses `NoOpTelemetryProvider` which
|
442
|
+
# will not record or emit any telemetry data. The SDK supports the
|
443
|
+
# following telemetry providers:
|
444
|
+
#
|
445
|
+
# * OpenTelemetry (OTel) - To use the OTel provider, install and require the
|
446
|
+
# `opentelemetry-sdk` gem and then, pass in an instance of a
|
447
|
+
# `Aws::Telemetry::OTelProvider` for telemetry provider.
|
448
|
+
#
|
435
449
|
# @option options [Aws::TokenProvider] :token_provider
|
436
450
|
# A Bearer Token Provider. This can be an instance of any one of the
|
437
451
|
# following classes:
|
@@ -464,7 +478,9 @@ module Aws::S3
|
|
464
478
|
# sending the request.
|
465
479
|
#
|
466
480
|
# @option options [Aws::S3::EndpointProvider] :endpoint_provider
|
467
|
-
# The endpoint provider used to resolve endpoints. Any object that responds to
|
481
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to
|
482
|
+
# `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
|
483
|
+
# `Aws::S3::EndpointParameters`.
|
468
484
|
#
|
469
485
|
# @option options [Float] :http_continue_timeout (1)
|
470
486
|
# The number of seconds to wait for a 100-continue response before sending the
|
@@ -520,6 +536,12 @@ module Aws::S3
|
|
520
536
|
# @option options [String] :ssl_ca_store
|
521
537
|
# Sets the X509::Store to verify peer certificate.
|
522
538
|
#
|
539
|
+
# @option options [OpenSSL::X509::Certificate] :ssl_cert
|
540
|
+
# Sets a client certificate when creating http connections.
|
541
|
+
#
|
542
|
+
# @option options [OpenSSL::PKey] :ssl_key
|
543
|
+
# Sets a client key when creating http connections.
|
544
|
+
#
|
523
545
|
# @option options [Float] :ssl_timeout
|
524
546
|
# Sets the SSL timeout in seconds
|
525
547
|
#
|
@@ -782,9 +804,15 @@ module Aws::S3
|
|
782
804
|
# [Multipart Upload and Permissions][6] in the *Amazon S3 User
|
783
805
|
# Guide*.
|
784
806
|
#
|
807
|
+
# If you provide an [additional checksum value][7] in your
|
808
|
+
# `MultipartUpload` requests and the object is encrypted with Key
|
809
|
+
# Management Service, you must have permission to use the
|
810
|
+
# `kms:Decrypt` action for the `CompleteMultipartUpload` request to
|
811
|
+
# succeed.
|
812
|
+
#
|
785
813
|
# * **Directory bucket permissions** - To grant access to this API
|
786
814
|
# operation on a directory bucket, we recommend that you use the [
|
787
|
-
# `CreateSession` ][
|
815
|
+
# `CreateSession` ][8] API operation for session-based
|
788
816
|
# authorization. Specifically, you grant the
|
789
817
|
# `s3express:CreateSession` permission to the directory bucket in a
|
790
818
|
# bucket policy or an IAM identity-based policy. Then, you make the
|
@@ -795,13 +823,11 @@ module Aws::S3
|
|
795
823
|
# token for use. Amazon Web Services CLI or SDKs create session and
|
796
824
|
# refresh the session token automatically to avoid service
|
797
825
|
# interruptions when a session expires. For more information about
|
798
|
-
# authorization, see [ `CreateSession` ][
|
826
|
+
# authorization, see [ `CreateSession` ][8].
|
799
827
|
#
|
800
|
-
#
|
801
|
-
# `
|
802
|
-
#
|
803
|
-
# `kms:Decrypt` action for the `CompleteMultipartUpload` request to
|
804
|
-
# succeed.
|
828
|
+
# If the object is encrypted with SSE-KMS, you must also have the
|
829
|
+
# `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM
|
830
|
+
# identity-based policies and KMS key policies for the KMS key.
|
805
831
|
#
|
806
832
|
# Special errors
|
807
833
|
# : * Error Code: `EntityTooSmall`
|
@@ -860,8 +886,8 @@ module Aws::S3
|
|
860
886
|
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
|
861
887
|
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html
|
862
888
|
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
|
863
|
-
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
864
|
-
# [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
889
|
+
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
|
890
|
+
# [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html
|
865
891
|
# [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
|
866
892
|
# [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
|
867
893
|
# [11]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
|
@@ -1247,6 +1273,10 @@ module Aws::S3
|
|
1247
1273
|
# destination. The `s3express:SessionMode` condition key can't be
|
1248
1274
|
# set to `ReadOnly` on the copy destination bucket.
|
1249
1275
|
#
|
1276
|
+
# If the object is encrypted with SSE-KMS, you must also have the
|
1277
|
+
# `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM
|
1278
|
+
# identity-based policies and KMS key policies for the KMS key.
|
1279
|
+
#
|
1250
1280
|
# For example policies, see [Example bucket policies for S3 Express
|
1251
1281
|
# One Zone][6] and [Amazon Web Services Identity and Access
|
1252
1282
|
# Management (IAM) identity-based policies for S3 Express One
|
@@ -1693,9 +1723,8 @@ module Aws::S3
|
|
1693
1723
|
#
|
1694
1724
|
# @option params [String] :server_side_encryption
|
1695
1725
|
# The server-side encryption algorithm used when storing this object in
|
1696
|
-
# Amazon S3
|
1697
|
-
#
|
1698
|
-
# and will receive a `400 Bad Request` response.
|
1726
|
+
# Amazon S3. Unrecognized or unsupported values won’t write a
|
1727
|
+
# destination object and will receive a `400 Bad Request` response.
|
1699
1728
|
#
|
1700
1729
|
# Amazon S3 automatically encrypts all new objects that are copied to an
|
1701
1730
|
# S3 bucket. When copying an object, if you don't specify encryption
|
@@ -1703,35 +1732,72 @@ module Aws::S3
|
|
1703
1732
|
# object is set to the default encryption configuration of the
|
1704
1733
|
# destination bucket. By default, all buckets have a base level of
|
1705
1734
|
# encryption configuration that uses server-side encryption with Amazon
|
1706
|
-
# S3 managed keys (SSE-S3). If the destination bucket has a
|
1707
|
-
# encryption configuration
|
1708
|
-
#
|
1709
|
-
# encryption with Amazon Web Services KMS keys (DSSE-KMS), or
|
1710
|
-
# server-side encryption with customer-provided encryption keys (SSE-C),
|
1711
|
-
# Amazon S3 uses the corresponding KMS key, or a customer-provided key
|
1712
|
-
# to encrypt the target object copy.
|
1713
|
-
#
|
1714
|
-
# When you perform a `CopyObject` operation, if you want to use a
|
1715
|
-
# different type of encryption setting for the target object, you can
|
1716
|
-
# specify appropriate encryption-related headers to encrypt the target
|
1717
|
-
# object with an Amazon S3 managed key, a KMS key, or a
|
1718
|
-
# customer-provided key. If the encryption setting in your request is
|
1719
|
-
# different from the default encryption configuration of the destination
|
1720
|
-
# bucket, the encryption setting in your request takes precedence.
|
1735
|
+
# S3 managed keys (SSE-S3). If the destination bucket has a different
|
1736
|
+
# default encryption configuration, Amazon S3 uses the corresponding
|
1737
|
+
# encryption key to encrypt the target object copy.
|
1721
1738
|
#
|
1722
1739
|
# With server-side encryption, Amazon S3 encrypts your data as it writes
|
1723
1740
|
# your data to disks in its data centers and decrypts the data when you
|
1724
1741
|
# access it. For more information about server-side encryption, see
|
1725
1742
|
# [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
|
1726
1743
|
#
|
1727
|
-
# <
|
1728
|
-
#
|
1729
|
-
#
|
1730
|
-
#
|
1744
|
+
# <b>General purpose buckets </b>
|
1745
|
+
#
|
1746
|
+
# * For general purpose buckets, there are the following supported
|
1747
|
+
# options for server-side encryption: server-side encryption with Key
|
1748
|
+
# Management Service (KMS) keys (SSE-KMS), dual-layer server-side
|
1749
|
+
# encryption with Amazon Web Services KMS keys (DSSE-KMS), and
|
1750
|
+
# server-side encryption with customer-provided encryption keys
|
1751
|
+
# (SSE-C). Amazon S3 uses the corresponding KMS key, or a
|
1752
|
+
# customer-provided key to encrypt the target object copy.
|
1753
|
+
#
|
1754
|
+
# * When you perform a `CopyObject` operation, if you want to use a
|
1755
|
+
# different type of encryption setting for the target object, you can
|
1756
|
+
# specify appropriate encryption-related headers to encrypt the target
|
1757
|
+
# object with an Amazon S3 managed key, a KMS key, or a
|
1758
|
+
# customer-provided key. If the encryption setting in your request is
|
1759
|
+
# different from the default encryption configuration of the
|
1760
|
+
# destination bucket, the encryption setting in your request takes
|
1761
|
+
# precedence.
|
1762
|
+
#
|
1763
|
+
# <b>Directory buckets </b>
|
1764
|
+
#
|
1765
|
+
# * For directory buckets, there are only two supported options for
|
1766
|
+
# server-side encryption: server-side encryption with Amazon S3
|
1767
|
+
# managed keys (SSE-S3) (`AES256`) and server-side encryption with KMS
|
1768
|
+
# keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default
|
1769
|
+
# encryption uses the desired encryption configuration and you don't
|
1770
|
+
# override the bucket default encryption in your `CreateSession`
|
1771
|
+
# requests or `PUT` object requests. Then, new objects are
|
1772
|
+
# automatically encrypted with the desired encryption settings. For
|
1773
|
+
# more information, see [Protecting data with server-side
|
1774
|
+
# encryption][2] in the *Amazon S3 User Guide*. For more information
|
1775
|
+
# about the encryption overriding behaviors in directory buckets, see
|
1776
|
+
# [Specifying server-side encryption with KMS for new object
|
1777
|
+
# uploads][3].
|
1778
|
+
#
|
1779
|
+
# * To encrypt new object copies to a directory bucket with SSE-KMS, we
|
1780
|
+
# recommend you specify SSE-KMS as the directory bucket's default
|
1781
|
+
# encryption configuration with a KMS key (specifically, a [customer
|
1782
|
+
# managed key][4]). [Amazon Web Services managed key][5] (`aws/s3`)
|
1783
|
+
# isn't supported. Your SSE-KMS configuration can only support 1
|
1784
|
+
# [customer managed key][4] per directory bucket for the lifetime of
|
1785
|
+
# the bucket. After you specify a customer managed key for SSE-KMS,
|
1786
|
+
# you can't override the customer managed key for the bucket's
|
1787
|
+
# SSE-KMS configuration. Then, when you perform a `CopyObject`
|
1788
|
+
# operation and want to specify server-side encryption settings for
|
1789
|
+
# new object copies with SSE-KMS in the encryption-related request
|
1790
|
+
# headers, you must ensure the encryption key is the same customer
|
1791
|
+
# managed key that you specified for the directory bucket's default
|
1792
|
+
# encryption configuration.
|
1731
1793
|
#
|
1732
1794
|
#
|
1733
1795
|
#
|
1734
1796
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
|
1797
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
1798
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
1799
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
1800
|
+
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
1735
1801
|
#
|
1736
1802
|
# @option params [String] :storage_class
|
1737
1803
|
# If the `x-amz-storage-class` header is not used, the copied object
|
@@ -1828,33 +1894,51 @@ module Aws::S3
|
|
1828
1894
|
# </note>
|
1829
1895
|
#
|
1830
1896
|
# @option params [String] :ssekms_key_id
|
1831
|
-
# Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for
|
1832
|
-
# encryption. All GET and PUT requests for an object protected by
|
1833
|
-
# will fail if they're not made via SSL or using SigV4. For
|
1834
|
-
# about configuring any of the officially supported Amazon
|
1835
|
-
# SDKs and Amazon Web Services CLI, see [Specifying the
|
1836
|
-
# Version in Request Authentication][1] in the *Amazon S3 User
|
1837
|
-
#
|
1838
|
-
# <note markdown="1"> This functionality is not supported when the destination bucket is a
|
1839
|
-
# directory bucket.
|
1897
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
1898
|
+
# object encryption. All GET and PUT requests for an object protected by
|
1899
|
+
# KMS will fail if they're not made via SSL or using SigV4. For
|
1900
|
+
# information about configuring any of the officially supported Amazon
|
1901
|
+
# Web Services SDKs and Amazon Web Services CLI, see [Specifying the
|
1902
|
+
# Signature Version in Request Authentication][1] in the *Amazon S3 User
|
1903
|
+
# Guide*.
|
1840
1904
|
#
|
1841
|
-
#
|
1905
|
+
# **Directory buckets** - If you specify `x-amz-server-side-encryption`
|
1906
|
+
# with `aws:kms`, you must specify the `
|
1907
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header with the ID (Key
|
1908
|
+
# ID or Key ARN) of the KMS symmetric encryption customer managed key to
|
1909
|
+
# use. Otherwise, you get an HTTP `400 Bad Request` error. Only use the
|
1910
|
+
# key ID or key ARN. The key alias format of the KMS key isn't
|
1911
|
+
# supported. Your SSE-KMS configuration can only support 1 [customer
|
1912
|
+
# managed key][2] per directory bucket for the lifetime of the bucket.
|
1913
|
+
# [Amazon Web Services managed key][3] (`aws/s3`) isn't supported.
|
1842
1914
|
#
|
1843
1915
|
#
|
1844
1916
|
#
|
1845
1917
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
1918
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
1919
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
1846
1920
|
#
|
1847
1921
|
# @option params [String] :ssekms_encryption_context
|
1848
|
-
# Specifies the Amazon Web Services KMS Encryption Context
|
1849
|
-
#
|
1850
|
-
#
|
1851
|
-
#
|
1852
|
-
#
|
1922
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
1923
|
+
# additional encryption context to use for the destination object
|
1924
|
+
# encryption. The value of this header is a base64-encoded UTF-8 string
|
1925
|
+
# holding JSON with the encryption context key-value pairs.
|
1926
|
+
#
|
1927
|
+
# **General purpose buckets** - This value must be explicitly added to
|
1928
|
+
# specify encryption context for `CopyObject` requests if you want an
|
1929
|
+
# additional encryption context for your destination object. The
|
1930
|
+
# additional encryption context of the source object won't be copied to
|
1931
|
+
# the destination object. For more information, see [Encryption
|
1932
|
+
# context][1] in the *Amazon S3 User Guide*.
|
1933
|
+
#
|
1934
|
+
# **Directory buckets** - You can optionally provide an explicit
|
1935
|
+
# encryption context value. The value must match the default encryption
|
1936
|
+
# context - the bucket Amazon Resource Name (ARN). An additional
|
1937
|
+
# encryption context value is not supported.
|
1853
1938
|
#
|
1854
|
-
# <note markdown="1"> This functionality is not supported when the destination bucket is a
|
1855
|
-
# directory bucket.
|
1856
1939
|
#
|
1857
|
-
#
|
1940
|
+
#
|
1941
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
1858
1942
|
#
|
1859
1943
|
# @option params [Boolean] :bucket_key_enabled
|
1860
1944
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
@@ -1869,14 +1953,19 @@ module Aws::S3
|
|
1869
1953
|
# For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
|
1870
1954
|
# User Guide*.
|
1871
1955
|
#
|
1872
|
-
# <note markdown="1">
|
1873
|
-
#
|
1956
|
+
# <note markdown="1"> **Directory buckets** - S3 Bucket Keys aren't supported, when you
|
1957
|
+
# copy SSE-KMS encrypted objects from general purpose buckets to
|
1958
|
+
# directory buckets, from directory buckets to general purpose buckets,
|
1959
|
+
# or between directory buckets, through [CopyObject][2]. In this case,
|
1960
|
+
# Amazon S3 makes a call to KMS every time a copy request is made for a
|
1961
|
+
# KMS-encrypted object.
|
1874
1962
|
#
|
1875
1963
|
# </note>
|
1876
1964
|
#
|
1877
1965
|
#
|
1878
1966
|
#
|
1879
1967
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
|
1968
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
1880
1969
|
#
|
1881
1970
|
# @option params [String] :copy_source_sse_customer_algorithm
|
1882
1971
|
# Specifies the algorithm to use when decrypting the source object (for
|
@@ -2618,9 +2707,53 @@ module Aws::S3
|
|
2618
2707
|
# using server-side encryption with customer-provided encryption
|
2619
2708
|
# keys (SSE-C)][11] in the *Amazon S3 User Guide*.
|
2620
2709
|
#
|
2621
|
-
# * **Directory buckets** -For directory buckets, only
|
2622
|
-
#
|
2623
|
-
#
|
2710
|
+
# * **Directory buckets** - For directory buckets, there are only two
|
2711
|
+
# supported options for server-side encryption: server-side
|
2712
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
2713
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
2714
|
+
# recommend that the bucket's default encryption uses the desired
|
2715
|
+
# encryption configuration and you don't override the bucket
|
2716
|
+
# default encryption in your `CreateSession` requests or `PUT`
|
2717
|
+
# object requests. Then, new objects are automatically encrypted
|
2718
|
+
# with the desired encryption settings. For more information, see
|
2719
|
+
# [Protecting data with server-side encryption][12] in the *Amazon
|
2720
|
+
# S3 User Guide*. For more information about the encryption
|
2721
|
+
# overriding behaviors in directory buckets, see [Specifying
|
2722
|
+
# server-side encryption with KMS for new object uploads][13].
|
2723
|
+
#
|
2724
|
+
# In the Zonal endpoint API calls (except [CopyObject][14] and
|
2725
|
+
# [UploadPartCopy][9]) using the REST API, the encryption request
|
2726
|
+
# headers must match the encryption settings that are specified in
|
2727
|
+
# the `CreateSession` request. You can't override the values of the
|
2728
|
+
# encryption settings (`x-amz-server-side-encryption`,
|
2729
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
2730
|
+
# `x-amz-server-side-encryption-context`, and
|
2731
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) that are
|
2732
|
+
# specified in the `CreateSession` request. You don't need to
|
2733
|
+
# explicitly specify these encryption settings values in Zonal
|
2734
|
+
# endpoint API calls, and Amazon S3 will use the encryption settings
|
2735
|
+
# values from the `CreateSession` request to protect new objects in
|
2736
|
+
# the directory bucket.
|
2737
|
+
#
|
2738
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
2739
|
+
# `CreateSession`, the session token refreshes automatically to
|
2740
|
+
# avoid service interruptions when a session expires. The CLI or the
|
2741
|
+
# Amazon Web Services SDKs use the bucket's default encryption
|
2742
|
+
# configuration for the `CreateSession` request. It's not supported
|
2743
|
+
# to override the encryption settings values in the `CreateSession`
|
2744
|
+
# request. So in the Zonal endpoint API calls (except
|
2745
|
+
# [CopyObject][14] and [UploadPartCopy][9]), the encryption request
|
2746
|
+
# headers must match the default encryption configuration of the
|
2747
|
+
# directory bucket.
|
2748
|
+
#
|
2749
|
+
# </note>
|
2750
|
+
#
|
2751
|
+
# <note markdown="1"> For directory buckets, when you perform a `CreateMultipartUpload`
|
2752
|
+
# operation and an `UploadPartCopy` operation, the request headers
|
2753
|
+
# you provide in the `CreateMultipartUpload` request must match the
|
2754
|
+
# default encryption configuration of the destination bucket.
|
2755
|
+
#
|
2756
|
+
# </note>
|
2624
2757
|
#
|
2625
2758
|
# HTTP Host header syntax
|
2626
2759
|
#
|
@@ -2631,13 +2764,13 @@ module Aws::S3
|
|
2631
2764
|
#
|
2632
2765
|
# * [UploadPart][1]
|
2633
2766
|
#
|
2634
|
-
# * [CompleteMultipartUpload][
|
2767
|
+
# * [CompleteMultipartUpload][15]
|
2635
2768
|
#
|
2636
|
-
# * [AbortMultipartUpload][
|
2769
|
+
# * [AbortMultipartUpload][16]
|
2637
2770
|
#
|
2638
|
-
# * [ListParts][
|
2771
|
+
# * [ListParts][17]
|
2639
2772
|
#
|
2640
|
-
# * [ListMultipartUploads][
|
2773
|
+
# * [ListMultipartUploads][18]
|
2641
2774
|
#
|
2642
2775
|
#
|
2643
2776
|
#
|
@@ -2652,10 +2785,13 @@ module Aws::S3
|
|
2652
2785
|
# [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
2653
2786
|
# [10]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
2654
2787
|
# [11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
|
2655
|
-
# [12]: https://docs.aws.amazon.com/AmazonS3/latest/
|
2656
|
-
# [13]: https://docs.aws.amazon.com/AmazonS3/latest/
|
2657
|
-
# [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
2658
|
-
# [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
2788
|
+
# [12]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
2789
|
+
# [13]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
2790
|
+
# [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
2791
|
+
# [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
|
2792
|
+
# [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
|
2793
|
+
# [17]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
|
2794
|
+
# [18]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
|
2659
2795
|
#
|
2660
2796
|
# @option params [String] :acl
|
2661
2797
|
# The canned ACL to apply to the object. Amazon S3 supports a set of
|
@@ -3018,10 +3154,52 @@ module Aws::S3
|
|
3018
3154
|
# The server-side encryption algorithm used when you store this object
|
3019
3155
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
3020
3156
|
#
|
3021
|
-
# <
|
3022
|
-
#
|
3157
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
3158
|
+
# two supported options for server-side encryption: server-side
|
3159
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
3160
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
3161
|
+
# recommend that the bucket's default encryption uses the desired
|
3162
|
+
# encryption configuration and you don't override the bucket default
|
3163
|
+
# encryption in your `CreateSession` requests or `PUT` object
|
3164
|
+
# requests. Then, new objects are automatically encrypted with the
|
3165
|
+
# desired encryption settings. For more information, see [Protecting
|
3166
|
+
# data with server-side encryption][1] in the *Amazon S3 User Guide*.
|
3167
|
+
# For more information about the encryption overriding behaviors in
|
3168
|
+
# directory buckets, see [Specifying server-side encryption with KMS
|
3169
|
+
# for new object uploads][2].
|
3170
|
+
#
|
3171
|
+
# In the Zonal endpoint API calls (except [CopyObject][3] and
|
3172
|
+
# [UploadPartCopy][4]) using the REST API, the encryption request
|
3173
|
+
# headers must match the encryption settings that are specified in the
|
3174
|
+
# `CreateSession` request. You can't override the values of the
|
3175
|
+
# encryption settings (`x-amz-server-side-encryption`,
|
3176
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
3177
|
+
# `x-amz-server-side-encryption-context`, and
|
3178
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) that are
|
3179
|
+
# specified in the `CreateSession` request. You don't need to
|
3180
|
+
# explicitly specify these encryption settings values in Zonal
|
3181
|
+
# endpoint API calls, and Amazon S3 will use the encryption settings
|
3182
|
+
# values from the `CreateSession` request to protect new objects in
|
3183
|
+
# the directory bucket.
|
3184
|
+
#
|
3185
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
3186
|
+
# `CreateSession`, the session token refreshes automatically to avoid
|
3187
|
+
# service interruptions when a session expires. The CLI or the Amazon
|
3188
|
+
# Web Services SDKs use the bucket's default encryption configuration
|
3189
|
+
# for the `CreateSession` request. It's not supported to override the
|
3190
|
+
# encryption settings values in the `CreateSession` request. So in the
|
3191
|
+
# Zonal endpoint API calls (except [CopyObject][3] and
|
3192
|
+
# [UploadPartCopy][4]), the encryption request headers must match the
|
3193
|
+
# default encryption configuration of the directory bucket.
|
3023
3194
|
#
|
3024
|
-
#
|
3195
|
+
# </note>
|
3196
|
+
#
|
3197
|
+
#
|
3198
|
+
#
|
3199
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
3200
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
3201
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
3202
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3025
3203
|
#
|
3026
3204
|
# @option params [String] :storage_class
|
3027
3205
|
# By default, Amazon S3 uses the STANDARD Storage Class to store newly
|
@@ -3080,34 +3258,71 @@ module Aws::S3
|
|
3080
3258
|
# </note>
|
3081
3259
|
#
|
3082
3260
|
# @option params [String] :ssekms_key_id
|
3083
|
-
# Specifies the ID (Key ID, Key ARN, or Key Alias)
|
3084
|
-
# encryption
|
3085
|
-
#
|
3086
|
-
#
|
3087
|
-
#
|
3088
|
-
#
|
3261
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
3262
|
+
# object encryption. If the KMS key doesn't exist in the same account
|
3263
|
+
# that's issuing the command, you must use the full Key ARN not the Key
|
3264
|
+
# ID.
|
3265
|
+
#
|
3266
|
+
# **General purpose buckets** - If you specify
|
3267
|
+
# `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
|
3268
|
+
# header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
|
3269
|
+
# to use. If you specify `x-amz-server-side-encryption:aws:kms` or
|
3270
|
+
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
3271
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
3272
|
+
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
3273
|
+
#
|
3274
|
+
# **Directory buckets** - If you specify `x-amz-server-side-encryption`
|
3275
|
+
# with `aws:kms`, you must specify the `
|
3276
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header with the ID (Key
|
3277
|
+
# ID or Key ARN) of the KMS symmetric encryption customer managed key to
|
3278
|
+
# use. Otherwise, you get an HTTP `400 Bad Request` error. Only use the
|
3279
|
+
# key ID or key ARN. The key alias format of the KMS key isn't
|
3280
|
+
# supported. Your SSE-KMS configuration can only support 1 [customer
|
3281
|
+
# managed key][1] per directory bucket for the lifetime of the bucket.
|
3282
|
+
# [Amazon Web Services managed key][2] (`aws/s3`) isn't supported.
|
3283
|
+
#
|
3284
|
+
#
|
3285
|
+
#
|
3286
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
3287
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
3089
3288
|
#
|
3090
3289
|
# @option params [String] :ssekms_encryption_context
|
3091
3290
|
# Specifies the Amazon Web Services KMS Encryption Context to use for
|
3092
|
-
# object encryption. The value of this header is a
|
3093
|
-
#
|
3291
|
+
# object encryption. The value of this header is a Base64-encoded string
|
3292
|
+
# of a UTF-8 encoded JSON, which contains the encryption context as
|
3293
|
+
# key-value pairs.
|
3094
3294
|
#
|
3095
|
-
#
|
3096
|
-
#
|
3097
|
-
#
|
3295
|
+
# **Directory buckets** - You can optionally provide an explicit
|
3296
|
+
# encryption context value. The value must match the default encryption
|
3297
|
+
# context - the bucket Amazon Resource Name (ARN). An additional
|
3298
|
+
# encryption context value is not supported.
|
3098
3299
|
#
|
3099
3300
|
# @option params [Boolean] :bucket_key_enabled
|
3100
3301
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
3101
3302
|
# encryption with server-side encryption using Key Management Service
|
3102
|
-
# (KMS) keys (SSE-KMS).
|
3103
|
-
# to use an S3 Bucket Key for object encryption with SSE-KMS.
|
3303
|
+
# (KMS) keys (SSE-KMS).
|
3104
3304
|
#
|
3105
|
-
#
|
3305
|
+
# **General purpose buckets** - Setting this header to `true` causes
|
3306
|
+
# Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
|
3307
|
+
# Also, specifying this header with a PUT action doesn't affect
|
3106
3308
|
# bucket-level settings for S3 Bucket Key.
|
3107
3309
|
#
|
3108
|
-
#
|
3310
|
+
# **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
|
3311
|
+
# and `PUT` operations in a directory bucket and can’t be disabled. S3
|
3312
|
+
# Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
|
3313
|
+
# from general purpose buckets to directory buckets, from directory
|
3314
|
+
# buckets to general purpose buckets, or between directory buckets,
|
3315
|
+
# through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
|
3316
|
+
# Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
|
3317
|
+
# makes a call to KMS every time a copy request is made for a
|
3318
|
+
# KMS-encrypted object.
|
3109
3319
|
#
|
3110
|
-
#
|
3320
|
+
#
|
3321
|
+
#
|
3322
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
3323
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3324
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
3325
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
3111
3326
|
#
|
3112
3327
|
# @option params [String] :request_payer
|
3113
3328
|
# Confirms that the requester knows that they will be charged for the
|
@@ -3268,9 +3483,10 @@ module Aws::S3
|
|
3268
3483
|
|
3269
3484
|
# Creates a session that establishes temporary security credentials to
|
3270
3485
|
# support fast authentication and authorization for the Zonal endpoint
|
3271
|
-
#
|
3272
|
-
#
|
3273
|
-
# [S3 Express One Zone APIs][1] in the *Amazon S3
|
3486
|
+
# API operations on directory buckets. For more information about Zonal
|
3487
|
+
# endpoint API operations that include the Availability Zone in the
|
3488
|
+
# request endpoint, see [S3 Express One Zone APIs][1] in the *Amazon S3
|
3489
|
+
# User Guide*.
|
3274
3490
|
#
|
3275
3491
|
# To make Zonal endpoint API requests on a directory bucket, use the
|
3276
3492
|
# `CreateSession` API operation. Specifically, you grant
|
@@ -3279,13 +3495,13 @@ module Aws::S3
|
|
3279
3495
|
# the `CreateSession` API request on the bucket, which returns temporary
|
3280
3496
|
# security credentials that include the access key ID, secret access
|
3281
3497
|
# key, session token, and expiration. These credentials have associated
|
3282
|
-
# permissions to access the Zonal endpoint
|
3283
|
-
# created, you don’t need to use other policies to grant
|
3284
|
-
# each Zonal endpoint API individually. Instead, in your
|
3285
|
-
# API requests, you sign your requests by applying the
|
3286
|
-
# security credentials of the session to the request headers
|
3287
|
-
# following the SigV4 protocol for authentication. You also apply
|
3288
|
-
# session token to the `x-amz-s3session-token` request header for
|
3498
|
+
# permissions to access the Zonal endpoint API operations. After the
|
3499
|
+
# session is created, you don’t need to use other policies to grant
|
3500
|
+
# permissions to each Zonal endpoint API individually. Instead, in your
|
3501
|
+
# Zonal endpoint API requests, you sign your requests by applying the
|
3502
|
+
# temporary security credentials of the session to the request headers
|
3503
|
+
# and following the SigV4 protocol for authentication. You also apply
|
3504
|
+
# the session token to the `x-amz-s3session-token` request header for
|
3289
3505
|
# authorization. Temporary security credentials are scoped to the bucket
|
3290
3506
|
# and expire after 5 minutes. After the expiration time, any calls that
|
3291
3507
|
# you make with those credentials will fail. You must use IAM
|
@@ -3308,16 +3524,16 @@ module Aws::S3
|
|
3308
3524
|
# [Regional and Zonal endpoints][3] in the *Amazon S3 User Guide*.
|
3309
3525
|
#
|
3310
3526
|
# * <b> <code>CopyObject</code> API operation</b> - Unlike other Zonal
|
3311
|
-
# endpoint
|
3312
|
-
# temporary security credentials returned from the `CreateSession`
|
3313
|
-
# operation for authentication and authorization. For information
|
3527
|
+
# endpoint API operations, the `CopyObject` API operation doesn't use
|
3528
|
+
# the temporary security credentials returned from the `CreateSession`
|
3529
|
+
# API operation for authentication and authorization. For information
|
3314
3530
|
# about authentication and authorization of the `CopyObject` API
|
3315
3531
|
# operation on directory buckets, see [CopyObject][4].
|
3316
3532
|
#
|
3317
3533
|
# * <b> <code>HeadBucket</code> API operation</b> - Unlike other Zonal
|
3318
|
-
# endpoint
|
3319
|
-
# temporary security credentials returned from the `CreateSession`
|
3320
|
-
# operation for authentication and authorization. For information
|
3534
|
+
# endpoint API operations, the `HeadBucket` API operation doesn't use
|
3535
|
+
# the temporary security credentials returned from the `CreateSession`
|
3536
|
+
# API operation for authentication and authorization. For information
|
3321
3537
|
# about authentication and authorization of the `HeadBucket` API
|
3322
3538
|
# operation on directory buckets, see [HeadBucket][5].
|
3323
3539
|
#
|
@@ -3336,9 +3552,71 @@ module Aws::S3
|
|
3336
3552
|
# Identity and Access Management (IAM) identity-based policies for S3
|
3337
3553
|
# Express One Zone][8] in the *Amazon S3 User Guide*.
|
3338
3554
|
#
|
3339
|
-
# To grant cross-account access to Zonal endpoint
|
3340
|
-
# policy should also grant both accounts the
|
3341
|
-
# permission.
|
3555
|
+
# To grant cross-account access to Zonal endpoint API operations, the
|
3556
|
+
# bucket policy should also grant both accounts the
|
3557
|
+
# `s3express:CreateSession` permission.
|
3558
|
+
#
|
3559
|
+
# If you want to encrypt objects with SSE-KMS, you must also have the
|
3560
|
+
# `kms:GenerateDataKey` and the `kms:Decrypt` permissions in IAM
|
3561
|
+
# identity-based policies and KMS key policies for the target KMS key.
|
3562
|
+
#
|
3563
|
+
# Encryption
|
3564
|
+
#
|
3565
|
+
# : For directory buckets, there are only two supported options for
|
3566
|
+
# server-side encryption: server-side encryption with Amazon S3
|
3567
|
+
# managed keys (SSE-S3) (`AES256`) and server-side encryption with KMS
|
3568
|
+
# keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default
|
3569
|
+
# encryption uses the desired encryption configuration and you don't
|
3570
|
+
# override the bucket default encryption in your `CreateSession`
|
3571
|
+
# requests or `PUT` object requests. Then, new objects are
|
3572
|
+
# automatically encrypted with the desired encryption settings. For
|
3573
|
+
# more information, see [Protecting data with server-side
|
3574
|
+
# encryption][9] in the *Amazon S3 User Guide*. For more information
|
3575
|
+
# about the encryption overriding behaviors in directory buckets, see
|
3576
|
+
# [Specifying server-side encryption with KMS for new object
|
3577
|
+
# uploads][10].
|
3578
|
+
#
|
3579
|
+
# For [Zonal endpoint (object-level) API operations][11] except
|
3580
|
+
# [CopyObject][4] and [UploadPartCopy][12], you authenticate and
|
3581
|
+
# authorize requests through [CreateSession][13] for low latency. To
|
3582
|
+
# encrypt new objects in a directory bucket with SSE-KMS, you must
|
3583
|
+
# specify SSE-KMS as the directory bucket's default encryption
|
3584
|
+
# configuration with a KMS key (specifically, a [customer managed
|
3585
|
+
# key][14]). Then, when a session is created for Zonal endpoint API
|
3586
|
+
# operations, new objects are automatically encrypted and decrypted
|
3587
|
+
# with SSE-KMS and S3 Bucket Keys during the session.
|
3588
|
+
#
|
3589
|
+
# <note markdown="1"> Only 1 [customer managed key][14] is supported per directory bucket
|
3590
|
+
# for the lifetime of the bucket. [Amazon Web Services managed
|
3591
|
+
# key][15] (`aws/s3`) isn't supported. After you specify SSE-KMS as
|
3592
|
+
# your bucket's default encryption configuration with a customer
|
3593
|
+
# managed key, you can't change the customer managed key for the
|
3594
|
+
# bucket's SSE-KMS configuration.
|
3595
|
+
#
|
3596
|
+
# </note>
|
3597
|
+
#
|
3598
|
+
# In the Zonal endpoint API calls (except [CopyObject][4] and
|
3599
|
+
# [UploadPartCopy][12]) using the REST API, you can't override the
|
3600
|
+
# values of the encryption settings (`x-amz-server-side-encryption`,
|
3601
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
3602
|
+
# `x-amz-server-side-encryption-context`, and
|
3603
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) from the
|
3604
|
+
# `CreateSession` request. You don't need to explicitly specify these
|
3605
|
+
# encryption settings values in Zonal endpoint API calls, and Amazon
|
3606
|
+
# S3 will use the encryption settings values from the `CreateSession`
|
3607
|
+
# request to protect new objects in the directory bucket.
|
3608
|
+
#
|
3609
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
3610
|
+
# `CreateSession`, the session token refreshes automatically to avoid
|
3611
|
+
# service interruptions when a session expires. The CLI or the Amazon
|
3612
|
+
# Web Services SDKs use the bucket's default encryption configuration
|
3613
|
+
# for the `CreateSession` request. It's not supported to override the
|
3614
|
+
# encryption settings values in the `CreateSession` request. Also, in
|
3615
|
+
# the Zonal endpoint API calls (except [CopyObject][4] and
|
3616
|
+
# [UploadPartCopy][12]), it's not supported to override the values of
|
3617
|
+
# the encryption settings from the `CreateSession` request.
|
3618
|
+
#
|
3619
|
+
# </note>
|
3342
3620
|
#
|
3343
3621
|
# HTTP Host header syntax
|
3344
3622
|
#
|
@@ -3355,21 +3633,110 @@ module Aws::S3
|
|
3355
3633
|
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters
|
3356
3634
|
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html
|
3357
3635
|
# [8]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html
|
3636
|
+
# [9]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
3637
|
+
# [10]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
3638
|
+
# [11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-differences.html#s3-express-differences-api-operations
|
3639
|
+
# [12]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3640
|
+
# [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html
|
3641
|
+
# [14]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
3642
|
+
# [15]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
3358
3643
|
#
|
3359
3644
|
# @option params [String] :session_mode
|
3360
3645
|
# Specifies the mode of the session that will be created, either
|
3361
3646
|
# `ReadWrite` or `ReadOnly`. By default, a `ReadWrite` session is
|
3362
3647
|
# created. A `ReadWrite` session is capable of executing all the Zonal
|
3363
|
-
# endpoint
|
3364
|
-
# constrained to execute the following Zonal endpoint
|
3365
|
-
# `HeadObject`, `ListObjectsV2`, `GetObjectAttributes`,
|
3366
|
-
# `ListMultipartUploads`.
|
3648
|
+
# endpoint API operations on a directory bucket. A `ReadOnly` session is
|
3649
|
+
# constrained to execute the following Zonal endpoint API operations:
|
3650
|
+
# `GetObject`, `HeadObject`, `ListObjectsV2`, `GetObjectAttributes`,
|
3651
|
+
# `ListParts`, and `ListMultipartUploads`.
|
3367
3652
|
#
|
3368
3653
|
# @option params [required, String] :bucket
|
3369
3654
|
# The name of the bucket that you create a session for.
|
3370
3655
|
#
|
3656
|
+
# @option params [String] :server_side_encryption
|
3657
|
+
# The server-side encryption algorithm to use when you store objects in
|
3658
|
+
# the directory bucket.
|
3659
|
+
#
|
3660
|
+
# For directory buckets, there are only two supported options for
|
3661
|
+
# server-side encryption: server-side encryption with Amazon S3 managed
|
3662
|
+
# keys (SSE-S3) (`AES256`) and server-side encryption with KMS keys
|
3663
|
+
# (SSE-KMS) (`aws:kms`). By default, Amazon S3 encrypts data with
|
3664
|
+
# SSE-S3. For more information, see [Protecting data with server-side
|
3665
|
+
# encryption][1] in the *Amazon S3 User Guide*.
|
3666
|
+
#
|
3667
|
+
#
|
3668
|
+
#
|
3669
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
3670
|
+
#
|
3671
|
+
# @option params [String] :ssekms_key_id
|
3672
|
+
# If you specify `x-amz-server-side-encryption` with `aws:kms`, you must
|
3673
|
+
# specify the ` x-amz-server-side-encryption-aws-kms-key-id` header with
|
3674
|
+
# the ID (Key ID or Key ARN) of the KMS symmetric encryption customer
|
3675
|
+
# managed key to use. Otherwise, you get an HTTP `400 Bad Request`
|
3676
|
+
# error. Only use the key ID or key ARN. The key alias format of the KMS
|
3677
|
+
# key isn't supported. Also, if the KMS key doesn't exist in the same
|
3678
|
+
# account that't issuing the command, you must use the full Key ARN not
|
3679
|
+
# the Key ID.
|
3680
|
+
#
|
3681
|
+
# Your SSE-KMS configuration can only support 1 [customer managed
|
3682
|
+
# key][1] per directory bucket for the lifetime of the bucket. [Amazon
|
3683
|
+
# Web Services managed key][2] (`aws/s3`) isn't supported.
|
3684
|
+
#
|
3685
|
+
#
|
3686
|
+
#
|
3687
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
3688
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
3689
|
+
#
|
3690
|
+
# @option params [String] :ssekms_encryption_context
|
3691
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
3692
|
+
# additional encryption context to use for object encryption. The value
|
3693
|
+
# of this header is a Base64-encoded string of a UTF-8 encoded JSON,
|
3694
|
+
# which contains the encryption context as key-value pairs. This value
|
3695
|
+
# is stored as object metadata and automatically gets passed on to
|
3696
|
+
# Amazon Web Services KMS for future `GetObject` operations on this
|
3697
|
+
# object.
|
3698
|
+
#
|
3699
|
+
# **General purpose buckets** - This value must be explicitly added
|
3700
|
+
# during `CopyObject` operations if you want an additional encryption
|
3701
|
+
# context for your object. For more information, see [Encryption
|
3702
|
+
# context][1] in the *Amazon S3 User Guide*.
|
3703
|
+
#
|
3704
|
+
# **Directory buckets** - You can optionally provide an explicit
|
3705
|
+
# encryption context value. The value must match the default encryption
|
3706
|
+
# context - the bucket Amazon Resource Name (ARN). An additional
|
3707
|
+
# encryption context value is not supported.
|
3708
|
+
#
|
3709
|
+
#
|
3710
|
+
#
|
3711
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
3712
|
+
#
|
3713
|
+
# @option params [Boolean] :bucket_key_enabled
|
3714
|
+
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
3715
|
+
# encryption with server-side encryption using KMS keys (SSE-KMS).
|
3716
|
+
#
|
3717
|
+
# S3 Bucket Keys are always enabled for `GET` and `PUT` operations in a
|
3718
|
+
# directory bucket and can’t be disabled. S3 Bucket Keys aren't
|
3719
|
+
# supported, when you copy SSE-KMS encrypted objects from general
|
3720
|
+
# purpose buckets to directory buckets, from directory buckets to
|
3721
|
+
# general purpose buckets, or between directory buckets, through
|
3722
|
+
# [CopyObject][1], [UploadPartCopy][2], [the Copy operation in Batch
|
3723
|
+
# Operations][3], or [the import jobs][4]. In this case, Amazon S3 makes
|
3724
|
+
# a call to KMS every time a copy request is made for a KMS-encrypted
|
3725
|
+
# object.
|
3726
|
+
#
|
3727
|
+
#
|
3728
|
+
#
|
3729
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
3730
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3731
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
3732
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
3733
|
+
#
|
3371
3734
|
# @return [Types::CreateSessionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3372
3735
|
#
|
3736
|
+
# * {Types::CreateSessionOutput#server_side_encryption #server_side_encryption} => String
|
3737
|
+
# * {Types::CreateSessionOutput#ssekms_key_id #ssekms_key_id} => String
|
3738
|
+
# * {Types::CreateSessionOutput#ssekms_encryption_context #ssekms_encryption_context} => String
|
3739
|
+
# * {Types::CreateSessionOutput#bucket_key_enabled #bucket_key_enabled} => Boolean
|
3373
3740
|
# * {Types::CreateSessionOutput#credentials #credentials} => Types::SessionCredentials
|
3374
3741
|
#
|
3375
3742
|
# @example Request syntax with placeholder values
|
@@ -3377,10 +3744,18 @@ module Aws::S3
|
|
3377
3744
|
# resp = client.create_session({
|
3378
3745
|
# session_mode: "ReadOnly", # accepts ReadOnly, ReadWrite
|
3379
3746
|
# bucket: "BucketName", # required
|
3747
|
+
# server_side_encryption: "AES256", # accepts AES256, aws:kms, aws:kms:dsse
|
3748
|
+
# ssekms_key_id: "SSEKMSKeyId",
|
3749
|
+
# ssekms_encryption_context: "SSEKMSEncryptionContext",
|
3750
|
+
# bucket_key_enabled: false,
|
3380
3751
|
# })
|
3381
3752
|
#
|
3382
3753
|
# @example Response structure
|
3383
3754
|
#
|
3755
|
+
# resp.server_side_encryption #=> String, one of "AES256", "aws:kms", "aws:kms:dsse"
|
3756
|
+
# resp.ssekms_key_id #=> String
|
3757
|
+
# resp.ssekms_encryption_context #=> String
|
3758
|
+
# resp.bucket_key_enabled #=> Boolean
|
3384
3759
|
# resp.credentials.access_key_id #=> String
|
3385
3760
|
# resp.credentials.secret_access_key #=> String
|
3386
3761
|
# resp.credentials.session_token #=> String
|
@@ -3626,47 +4001,92 @@ module Aws::S3
|
|
3626
4001
|
req.send_request(options)
|
3627
4002
|
end
|
3628
4003
|
|
3629
|
-
#
|
4004
|
+
# This implementation of the DELETE action resets the default encryption
|
4005
|
+
# for the bucket as server-side encryption with Amazon S3 managed keys
|
4006
|
+
# (SSE-S3).
|
4007
|
+
#
|
4008
|
+
# <note markdown="1"> * **General purpose buckets** - For information about the bucket
|
4009
|
+
# default encryption feature, see [Amazon S3 Bucket Default
|
4010
|
+
# Encryption][1] in the *Amazon S3 User Guide*.
|
4011
|
+
#
|
4012
|
+
# * **Directory buckets** - For directory buckets, there are only two
|
4013
|
+
# supported options for server-side encryption: SSE-S3 and SSE-KMS.
|
4014
|
+
# For information about the default encryption configuration in
|
4015
|
+
# directory buckets, see [Setting default server-side encryption
|
4016
|
+
# behavior for directory buckets][2].
|
3630
4017
|
#
|
3631
4018
|
# </note>
|
3632
4019
|
#
|
3633
|
-
#
|
3634
|
-
#
|
3635
|
-
#
|
3636
|
-
#
|
3637
|
-
#
|
4020
|
+
# Permissions
|
4021
|
+
# : * **General purpose bucket permissions** - The
|
4022
|
+
# `s3:PutEncryptionConfiguration` permission is required in a
|
4023
|
+
# policy. The bucket owner has this permission by default. The
|
4024
|
+
# bucket owner can grant this permission to others. For more
|
4025
|
+
# information about permissions, see [Permissions Related to Bucket
|
4026
|
+
# Operations][3] and [Managing Access Permissions to Your Amazon S3
|
4027
|
+
# Resources][4].
|
3638
4028
|
#
|
3639
|
-
#
|
3640
|
-
#
|
3641
|
-
# permission
|
3642
|
-
#
|
3643
|
-
#
|
3644
|
-
#
|
3645
|
-
#
|
4029
|
+
# * **Directory bucket permissions** - To grant access to this API
|
4030
|
+
# operation, you must have the
|
4031
|
+
# `s3express:PutEncryptionConfiguration` permission in an IAM
|
4032
|
+
# identity-based policy instead of a bucket policy. Cross-account
|
4033
|
+
# access to this API operation isn't supported. This operation can
|
4034
|
+
# only be performed by the Amazon Web Services account that owns the
|
4035
|
+
# resource. For more information about directory bucket policies and
|
4036
|
+
# permissions, see [Amazon Web Services Identity and Access
|
4037
|
+
# Management (IAM) for S3 Express One Zone][5] in the *Amazon S3
|
4038
|
+
# User Guide*.
|
4039
|
+
#
|
4040
|
+
# HTTP Host header syntax
|
4041
|
+
#
|
4042
|
+
# : <b>Directory buckets </b> - The HTTP Host header syntax is
|
4043
|
+
# `s3express-control.region.amazonaws.com`.
|
3646
4044
|
#
|
3647
4045
|
# The following operations are related to `DeleteBucketEncryption`:
|
3648
4046
|
#
|
3649
|
-
# * [PutBucketEncryption][
|
4047
|
+
# * [PutBucketEncryption][6]
|
3650
4048
|
#
|
3651
|
-
# * [GetBucketEncryption][
|
4049
|
+
# * [GetBucketEncryption][7]
|
3652
4050
|
#
|
3653
4051
|
#
|
3654
4052
|
#
|
3655
4053
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
|
3656
|
-
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/
|
3657
|
-
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-
|
3658
|
-
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/
|
3659
|
-
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/
|
4054
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html
|
4055
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
|
4056
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
|
4057
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html
|
4058
|
+
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
|
4059
|
+
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
|
3660
4060
|
#
|
3661
4061
|
# @option params [required, String] :bucket
|
3662
4062
|
# The name of the bucket containing the server-side encryption
|
3663
4063
|
# configuration to delete.
|
3664
4064
|
#
|
4065
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
4066
|
+
# directory bucket, you must use path-style requests in the format
|
4067
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
4068
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
4069
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
4070
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
4071
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about
|
4072
|
+
# bucket naming restrictions, see [Directory bucket naming rules][1] in
|
4073
|
+
# the *Amazon S3 User Guide*
|
4074
|
+
#
|
4075
|
+
#
|
4076
|
+
#
|
4077
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
4078
|
+
#
|
3665
4079
|
# @option params [String] :expected_bucket_owner
|
3666
4080
|
# The account ID of the expected bucket owner. If the account ID that
|
3667
4081
|
# you provide does not match the actual owner of the bucket, the request
|
3668
4082
|
# fails with the HTTP status code `403 Forbidden` (access denied).
|
3669
4083
|
#
|
4084
|
+
# <note markdown="1"> For directory buckets, this header is not supported in this API
|
4085
|
+
# operation. If you specify this header, the request fails with the HTTP
|
4086
|
+
# status code `501 Not Implemented`.
|
4087
|
+
#
|
4088
|
+
# </note>
|
4089
|
+
#
|
3670
4090
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
3671
4091
|
#
|
3672
4092
|
# @example Request syntax with placeholder values
|
@@ -4660,35 +5080,35 @@ module Aws::S3
|
|
4660
5080
|
# * {Types::DeleteObjectTaggingOutput#version_id #version_id} => String
|
4661
5081
|
#
|
4662
5082
|
#
|
4663
|
-
# @example Example: To remove tag set from an object
|
5083
|
+
# @example Example: To remove tag set from an object
|
4664
5084
|
#
|
4665
|
-
# # The following example removes tag set associated with the specified object
|
4666
|
-
# #
|
5085
|
+
# # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
|
5086
|
+
# # operation removes tag set from the latest object version.
|
4667
5087
|
#
|
4668
5088
|
# resp = client.delete_object_tagging({
|
4669
5089
|
# bucket: "examplebucket",
|
4670
5090
|
# key: "HappyFace.jpg",
|
4671
|
-
# version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
|
4672
5091
|
# })
|
4673
5092
|
#
|
4674
5093
|
# resp.to_h outputs the following:
|
4675
5094
|
# {
|
4676
|
-
# version_id: "
|
5095
|
+
# version_id: "null",
|
4677
5096
|
# }
|
4678
5097
|
#
|
4679
|
-
# @example Example: To remove tag set from an object
|
5098
|
+
# @example Example: To remove tag set from an object version
|
4680
5099
|
#
|
4681
|
-
# # The following example removes tag set associated with the specified object.
|
4682
|
-
# #
|
5100
|
+
# # The following example removes tag set associated with the specified object version. The request specifies both the
|
5101
|
+
# # object key and object version.
|
4683
5102
|
#
|
4684
5103
|
# resp = client.delete_object_tagging({
|
4685
5104
|
# bucket: "examplebucket",
|
4686
5105
|
# key: "HappyFace.jpg",
|
5106
|
+
# version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
|
4687
5107
|
# })
|
4688
5108
|
#
|
4689
5109
|
# resp.to_h outputs the following:
|
4690
5110
|
# {
|
4691
|
-
# version_id: "
|
5111
|
+
# version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
|
4692
5112
|
# }
|
4693
5113
|
#
|
4694
5114
|
# @example Request syntax with placeholder values
|
@@ -4971,20 +5391,22 @@ module Aws::S3
|
|
4971
5391
|
# * {Types::DeleteObjectsOutput#errors #errors} => Array<Types::Error>
|
4972
5392
|
#
|
4973
5393
|
#
|
4974
|
-
# @example Example: To delete multiple
|
5394
|
+
# @example Example: To delete multiple object versions from a versioned bucket
|
4975
5395
|
#
|
4976
|
-
# # The following example deletes objects from a bucket. The
|
4977
|
-
# #
|
5396
|
+
# # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
|
5397
|
+
# # versions and returns the key and versions of deleted objects in the response.
|
4978
5398
|
#
|
4979
5399
|
# resp = client.delete_objects({
|
4980
5400
|
# bucket: "examplebucket",
|
4981
5401
|
# delete: {
|
4982
5402
|
# objects: [
|
4983
5403
|
# {
|
4984
|
-
# key: "
|
5404
|
+
# key: "HappyFace.jpg",
|
5405
|
+
# version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b",
|
4985
5406
|
# },
|
4986
5407
|
# {
|
4987
|
-
# key: "
|
5408
|
+
# key: "HappyFace.jpg",
|
5409
|
+
# version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd",
|
4988
5410
|
# },
|
4989
5411
|
# ],
|
4990
5412
|
# quiet: false,
|
@@ -4995,34 +5417,30 @@ module Aws::S3
|
|
4995
5417
|
# {
|
4996
5418
|
# deleted: [
|
4997
5419
|
# {
|
4998
|
-
#
|
4999
|
-
#
|
5000
|
-
# key: "objectkey1",
|
5420
|
+
# key: "HappyFace.jpg",
|
5421
|
+
# version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd",
|
5001
5422
|
# },
|
5002
5423
|
# {
|
5003
|
-
#
|
5004
|
-
#
|
5005
|
-
# key: "objectkey2",
|
5424
|
+
# key: "HappyFace.jpg",
|
5425
|
+
# version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b",
|
5006
5426
|
# },
|
5007
5427
|
# ],
|
5008
5428
|
# }
|
5009
5429
|
#
|
5010
|
-
# @example Example: To delete multiple
|
5430
|
+
# @example Example: To delete multiple objects from a versioned bucket
|
5011
5431
|
#
|
5012
|
-
# # The following example deletes objects from a bucket. The
|
5013
|
-
# #
|
5432
|
+
# # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
|
5433
|
+
# # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
|
5014
5434
|
#
|
5015
5435
|
# resp = client.delete_objects({
|
5016
5436
|
# bucket: "examplebucket",
|
5017
5437
|
# delete: {
|
5018
5438
|
# objects: [
|
5019
5439
|
# {
|
5020
|
-
# key: "
|
5021
|
-
# version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b",
|
5440
|
+
# key: "objectkey1",
|
5022
5441
|
# },
|
5023
5442
|
# {
|
5024
|
-
# key: "
|
5025
|
-
# version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd",
|
5443
|
+
# key: "objectkey2",
|
5026
5444
|
# },
|
5027
5445
|
# ],
|
5028
5446
|
# quiet: false,
|
@@ -5033,12 +5451,14 @@ module Aws::S3
|
|
5033
5451
|
# {
|
5034
5452
|
# deleted: [
|
5035
5453
|
# {
|
5036
|
-
#
|
5037
|
-
#
|
5454
|
+
# delete_marker: true,
|
5455
|
+
# delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F",
|
5456
|
+
# key: "objectkey1",
|
5038
5457
|
# },
|
5039
5458
|
# {
|
5040
|
-
#
|
5041
|
-
#
|
5459
|
+
# delete_marker: true,
|
5460
|
+
# delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt",
|
5461
|
+
# key: "objectkey2",
|
5042
5462
|
# },
|
5043
5463
|
# ],
|
5044
5464
|
# }
|
@@ -5541,46 +5961,92 @@ module Aws::S3
|
|
5541
5961
|
req.send_request(options)
|
5542
5962
|
end
|
5543
5963
|
|
5544
|
-
#
|
5964
|
+
# Returns the default encryption configuration for an Amazon S3 bucket.
|
5965
|
+
# By default, all buckets have a default encryption configuration that
|
5966
|
+
# uses server-side encryption with Amazon S3 managed keys (SSE-S3).
|
5967
|
+
#
|
5968
|
+
# <note markdown="1"> * **General purpose buckets** - For information about the bucket
|
5969
|
+
# default encryption feature, see [Amazon S3 Bucket Default
|
5970
|
+
# Encryption][1] in the *Amazon S3 User Guide*.
|
5971
|
+
#
|
5972
|
+
# * **Directory buckets** - For directory buckets, there are only two
|
5973
|
+
# supported options for server-side encryption: SSE-S3 and SSE-KMS.
|
5974
|
+
# For information about the default encryption configuration in
|
5975
|
+
# directory buckets, see [Setting default server-side encryption
|
5976
|
+
# behavior for directory buckets][2].
|
5545
5977
|
#
|
5546
5978
|
# </note>
|
5547
5979
|
#
|
5548
|
-
#
|
5549
|
-
#
|
5550
|
-
#
|
5551
|
-
#
|
5552
|
-
#
|
5980
|
+
# Permissions
|
5981
|
+
# : * **General purpose bucket permissions** - The
|
5982
|
+
# `s3:GetEncryptionConfiguration` permission is required in a
|
5983
|
+
# policy. The bucket owner has this permission by default. The
|
5984
|
+
# bucket owner can grant this permission to others. For more
|
5985
|
+
# information about permissions, see [Permissions Related to Bucket
|
5986
|
+
# Operations][3] and [Managing Access Permissions to Your Amazon S3
|
5987
|
+
# Resources][4].
|
5553
5988
|
#
|
5554
|
-
#
|
5555
|
-
#
|
5556
|
-
# permission
|
5557
|
-
#
|
5558
|
-
#
|
5559
|
-
#
|
5989
|
+
# * **Directory bucket permissions** - To grant access to this API
|
5990
|
+
# operation, you must have the
|
5991
|
+
# `s3express:GetEncryptionConfiguration` permission in an IAM
|
5992
|
+
# identity-based policy instead of a bucket policy. Cross-account
|
5993
|
+
# access to this API operation isn't supported. This operation can
|
5994
|
+
# only be performed by the Amazon Web Services account that owns the
|
5995
|
+
# resource. For more information about directory bucket policies and
|
5996
|
+
# permissions, see [Amazon Web Services Identity and Access
|
5997
|
+
# Management (IAM) for S3 Express One Zone][5] in the *Amazon S3
|
5998
|
+
# User Guide*.
|
5999
|
+
#
|
6000
|
+
# HTTP Host header syntax
|
6001
|
+
#
|
6002
|
+
# : <b>Directory buckets </b> - The HTTP Host header syntax is
|
6003
|
+
# `s3express-control.region.amazonaws.com`.
|
5560
6004
|
#
|
5561
6005
|
# The following operations are related to `GetBucketEncryption`:
|
5562
6006
|
#
|
5563
|
-
# * [PutBucketEncryption][
|
6007
|
+
# * [PutBucketEncryption][6]
|
5564
6008
|
#
|
5565
|
-
# * [DeleteBucketEncryption][
|
6009
|
+
# * [DeleteBucketEncryption][7]
|
5566
6010
|
#
|
5567
6011
|
#
|
5568
6012
|
#
|
5569
6013
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
|
5570
|
-
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/
|
5571
|
-
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-
|
5572
|
-
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/
|
5573
|
-
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/
|
6014
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html
|
6015
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
|
6016
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
|
6017
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html
|
6018
|
+
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
|
6019
|
+
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
|
6020
|
+
#
|
6021
|
+
# @option params [required, String] :bucket
|
6022
|
+
# The name of the bucket from which the server-side encryption
|
6023
|
+
# configuration is retrieved.
|
6024
|
+
#
|
6025
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
6026
|
+
# directory bucket, you must use path-style requests in the format
|
6027
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
6028
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
6029
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
6030
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
6031
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about
|
6032
|
+
# bucket naming restrictions, see [Directory bucket naming rules][1] in
|
6033
|
+
# the *Amazon S3 User Guide*
|
6034
|
+
#
|
5574
6035
|
#
|
5575
|
-
#
|
5576
|
-
#
|
5577
|
-
# configuration is retrieved.
|
6036
|
+
#
|
6037
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
5578
6038
|
#
|
5579
6039
|
# @option params [String] :expected_bucket_owner
|
5580
6040
|
# The account ID of the expected bucket owner. If the account ID that
|
5581
6041
|
# you provide does not match the actual owner of the bucket, the request
|
5582
6042
|
# fails with the HTTP status code `403 Forbidden` (access denied).
|
5583
6043
|
#
|
6044
|
+
# <note markdown="1"> For directory buckets, this header is not supported in this API
|
6045
|
+
# operation. If you specify this header, the request fails with the HTTP
|
6046
|
+
# status code `501 Not Implemented`.
|
6047
|
+
#
|
6048
|
+
# </note>
|
6049
|
+
#
|
5584
6050
|
# @return [Types::GetBucketEncryptionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5585
6051
|
#
|
5586
6052
|
# * {Types::GetBucketEncryptionOutput#server_side_encryption_configuration #server_side_encryption_configuration} => Types::ServerSideEncryptionConfiguration
|
@@ -7320,6 +7786,10 @@ module Aws::S3
|
|
7320
7786
|
# interruptions when a session expires. For more information about
|
7321
7787
|
# authorization, see [ `CreateSession` ][4].
|
7322
7788
|
#
|
7789
|
+
# If the object is encrypted using SSE-KMS, you must also have the
|
7790
|
+
# `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM
|
7791
|
+
# identity-based policies and KMS key policies for the KMS key.
|
7792
|
+
#
|
7323
7793
|
# Storage classes
|
7324
7794
|
#
|
7325
7795
|
# : If the object you are retrieving is stored in the S3 Glacier
|
@@ -7348,6 +7818,11 @@ module Aws::S3
|
|
7348
7818
|
# `GetObject` requests for the object that uses these types of keys,
|
7349
7819
|
# you’ll get an HTTP `400 Bad Request` error.
|
7350
7820
|
#
|
7821
|
+
# **Directory buckets** - For directory buckets, there are only two
|
7822
|
+
# supported options for server-side encryption: SSE-S3 and SSE-KMS.
|
7823
|
+
# SSE-C isn't supported. For more information, see [Protecting data
|
7824
|
+
# with server-side encryption][7] in the *Amazon S3 User Guide*.
|
7825
|
+
#
|
7351
7826
|
# Overriding response header values through the request
|
7352
7827
|
#
|
7353
7828
|
# : There are times when you want to override certain response header
|
@@ -7395,9 +7870,9 @@ module Aws::S3
|
|
7395
7870
|
#
|
7396
7871
|
# The following operations are related to `GetObject`:
|
7397
7872
|
#
|
7398
|
-
# * [ListBuckets][
|
7873
|
+
# * [ListBuckets][8]
|
7399
7874
|
#
|
7400
|
-
# * [GetObjectAcl][
|
7875
|
+
# * [GetObjectAcl][9]
|
7401
7876
|
#
|
7402
7877
|
#
|
7403
7878
|
#
|
@@ -7407,8 +7882,9 @@ module Aws::S3
|
|
7407
7882
|
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html
|
7408
7883
|
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
|
7409
7884
|
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html
|
7410
|
-
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/
|
7411
|
-
# [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
7885
|
+
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
7886
|
+
# [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html
|
7887
|
+
# [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html
|
7412
7888
|
#
|
7413
7889
|
# @option params [String, IO] :response_target
|
7414
7890
|
# Where to write response data, file path, or IO object.
|
@@ -7705,10 +8181,10 @@ module Aws::S3
|
|
7705
8181
|
# @option params [String] :checksum_mode
|
7706
8182
|
# To retrieve the checksum, this mode must be enabled.
|
7707
8183
|
#
|
7708
|
-
# In addition, if you enable checksum mode
|
7709
|
-
# with a [checksum][1] and encrypted with an
|
7710
|
-
# (KMS) key, you must have permission to use the
|
7711
|
-
# retrieve the checksum.
|
8184
|
+
# **General purpose buckets** - In addition, if you enable checksum mode
|
8185
|
+
# and the object is uploaded with a [checksum][1] and encrypted with an
|
8186
|
+
# Key Management Service (KMS) key, you must have permission to use the
|
8187
|
+
# `kms:Decrypt` action to retrieve the checksum.
|
7712
8188
|
#
|
7713
8189
|
#
|
7714
8190
|
#
|
@@ -8110,7 +8586,7 @@ module Aws::S3
|
|
8110
8586
|
# Permissions
|
8111
8587
|
# : * **General purpose bucket permissions** - To use
|
8112
8588
|
# `GetObjectAttributes`, you must have READ access to the object.
|
8113
|
-
# The permissions that you need to use this operation
|
8589
|
+
# The permissions that you need to use this operation depend on
|
8114
8590
|
# whether the bucket is versioned. If the bucket is versioned, you
|
8115
8591
|
# need both the `s3:GetObjectVersion` and
|
8116
8592
|
# `s3:GetObjectVersionAttributes` permissions for this operation. If
|
@@ -8144,6 +8620,10 @@ module Aws::S3
|
|
8144
8620
|
# interruptions when a session expires. For more information about
|
8145
8621
|
# authorization, see [ `CreateSession` ][3].
|
8146
8622
|
#
|
8623
|
+
# If the object is encrypted with SSE-KMS, you must also have the
|
8624
|
+
# `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM
|
8625
|
+
# identity-based policies and KMS key policies for the KMS key.
|
8626
|
+
#
|
8147
8627
|
# Encryption
|
8148
8628
|
# : <note markdown="1"> Encryption request headers, like `x-amz-server-side-encryption`,
|
8149
8629
|
# should not be sent for `HEAD` requests if your object uses
|
@@ -8177,9 +8657,19 @@ module Aws::S3
|
|
8177
8657
|
# Customer-Provided Encryption Keys)][4] in the *Amazon S3 User
|
8178
8658
|
# Guide*.
|
8179
8659
|
#
|
8180
|
-
# <note markdown="1"> **Directory bucket permissions** - For directory buckets,
|
8181
|
-
#
|
8182
|
-
# (`AES256`)
|
8660
|
+
# <note markdown="1"> **Directory bucket permissions** - For directory buckets, there are
|
8661
|
+
# only two supported options for server-side encryption: server-side
|
8662
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
8663
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
8664
|
+
# recommend that the bucket's default encryption uses the desired
|
8665
|
+
# encryption configuration and you don't override the bucket default
|
8666
|
+
# encryption in your `CreateSession` requests or `PUT` object
|
8667
|
+
# requests. Then, new objects are automatically encrypted with the
|
8668
|
+
# desired encryption settings. For more information, see [Protecting
|
8669
|
+
# data with server-side encryption][5] in the *Amazon S3 User Guide*.
|
8670
|
+
# For more information about the encryption overriding behaviors in
|
8671
|
+
# directory buckets, see [Specifying server-side encryption with KMS
|
8672
|
+
# for new object uploads][6].
|
8183
8673
|
#
|
8184
8674
|
# </note>
|
8185
8675
|
#
|
@@ -8203,7 +8693,7 @@ module Aws::S3
|
|
8203
8693
|
# * `If-Unmodified-Since` condition evaluates to `false`.
|
8204
8694
|
#
|
8205
8695
|
# For more information about conditional requests, see [RFC
|
8206
|
-
# 7232][
|
8696
|
+
# 7232][7].
|
8207
8697
|
#
|
8208
8698
|
# * If both of the `If-None-Match` and `If-Modified-Since` headers are
|
8209
8699
|
# present in the request as follows, then Amazon S3 returns the HTTP
|
@@ -8214,7 +8704,7 @@ module Aws::S3
|
|
8214
8704
|
# * `If-Modified-Since` condition evaluates to `true`.
|
8215
8705
|
#
|
8216
8706
|
# For more information about conditional requests, see [RFC
|
8217
|
-
# 7232][
|
8707
|
+
# 7232][7].
|
8218
8708
|
#
|
8219
8709
|
# HTTP Host header syntax
|
8220
8710
|
#
|
@@ -8223,21 +8713,21 @@ module Aws::S3
|
|
8223
8713
|
#
|
8224
8714
|
# The following actions are related to `GetObjectAttributes`:
|
8225
8715
|
#
|
8226
|
-
# * [GetObject][
|
8716
|
+
# * [GetObject][8]
|
8227
8717
|
#
|
8228
|
-
# * [GetObjectAcl][
|
8718
|
+
# * [GetObjectAcl][9]
|
8229
8719
|
#
|
8230
|
-
# * [GetObjectLegalHold][
|
8720
|
+
# * [GetObjectLegalHold][10]
|
8231
8721
|
#
|
8232
|
-
# * [GetObjectLockConfiguration][
|
8722
|
+
# * [GetObjectLockConfiguration][11]
|
8233
8723
|
#
|
8234
|
-
# * [GetObjectRetention][
|
8724
|
+
# * [GetObjectRetention][12]
|
8235
8725
|
#
|
8236
|
-
# * [GetObjectTagging][
|
8726
|
+
# * [GetObjectTagging][13]
|
8237
8727
|
#
|
8238
|
-
# * [HeadObject][
|
8728
|
+
# * [HeadObject][14]
|
8239
8729
|
#
|
8240
|
-
# * [ListParts][
|
8730
|
+
# * [ListParts][15]
|
8241
8731
|
#
|
8242
8732
|
#
|
8243
8733
|
#
|
@@ -8245,15 +8735,17 @@ module Aws::S3
|
|
8245
8735
|
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
|
8246
8736
|
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html
|
8247
8737
|
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
|
8248
|
-
# [5]: https://
|
8249
|
-
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/
|
8250
|
-
# [7]: https://
|
8251
|
-
# [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
8252
|
-
# [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
8253
|
-
# [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
8254
|
-
# [11]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
8255
|
-
# [12]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
8256
|
-
# [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
8738
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
8739
|
+
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
8740
|
+
# [7]: https://tools.ietf.org/html/rfc7232
|
8741
|
+
# [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
|
8742
|
+
# [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html
|
8743
|
+
# [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html
|
8744
|
+
# [11]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html
|
8745
|
+
# [12]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html
|
8746
|
+
# [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html
|
8747
|
+
# [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html
|
8748
|
+
# [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
|
8257
8749
|
#
|
8258
8750
|
# @option params [required, String] :bucket
|
8259
8751
|
# The name of the bucket that contains the object.
|
@@ -8797,49 +9289,49 @@ module Aws::S3
|
|
8797
9289
|
# * {Types::GetObjectTaggingOutput#tag_set #tag_set} => Array<Types::Tag>
|
8798
9290
|
#
|
8799
9291
|
#
|
8800
|
-
# @example Example: To retrieve tag set of
|
9292
|
+
# @example Example: To retrieve tag set of a specific object version
|
8801
9293
|
#
|
8802
|
-
# # The following example retrieves tag set of an object.
|
9294
|
+
# # The following example retrieves tag set of an object. The request specifies object version.
|
8803
9295
|
#
|
8804
9296
|
# resp = client.get_object_tagging({
|
8805
9297
|
# bucket: "examplebucket",
|
8806
|
-
# key: "
|
9298
|
+
# key: "exampleobject",
|
9299
|
+
# version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
|
8807
9300
|
# })
|
8808
9301
|
#
|
8809
9302
|
# resp.to_h outputs the following:
|
8810
9303
|
# {
|
8811
9304
|
# tag_set: [
|
8812
9305
|
# {
|
8813
|
-
# key: "
|
8814
|
-
# value: "
|
8815
|
-
# },
|
8816
|
-
# {
|
8817
|
-
# key: "Key3",
|
8818
|
-
# value: "Value3",
|
9306
|
+
# key: "Key1",
|
9307
|
+
# value: "Value1",
|
8819
9308
|
# },
|
8820
9309
|
# ],
|
8821
|
-
# version_id: "
|
9310
|
+
# version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
|
8822
9311
|
# }
|
8823
9312
|
#
|
8824
|
-
# @example Example: To retrieve tag set of
|
9313
|
+
# @example Example: To retrieve tag set of an object
|
8825
9314
|
#
|
8826
|
-
# # The following example retrieves tag set of an object.
|
9315
|
+
# # The following example retrieves tag set of an object.
|
8827
9316
|
#
|
8828
9317
|
# resp = client.get_object_tagging({
|
8829
9318
|
# bucket: "examplebucket",
|
8830
|
-
# key: "
|
8831
|
-
# version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
|
9319
|
+
# key: "HappyFace.jpg",
|
8832
9320
|
# })
|
8833
9321
|
#
|
8834
9322
|
# resp.to_h outputs the following:
|
8835
9323
|
# {
|
8836
9324
|
# tag_set: [
|
8837
9325
|
# {
|
8838
|
-
# key: "
|
8839
|
-
# value: "
|
9326
|
+
# key: "Key4",
|
9327
|
+
# value: "Value4",
|
9328
|
+
# },
|
9329
|
+
# {
|
9330
|
+
# key: "Key3",
|
9331
|
+
# value: "Value3",
|
8840
9332
|
# },
|
8841
9333
|
# ],
|
8842
|
-
# version_id: "
|
9334
|
+
# version_id: "null",
|
8843
9335
|
# }
|
8844
9336
|
#
|
8845
9337
|
# @example Request syntax with placeholder values
|
@@ -9272,6 +9764,13 @@ module Aws::S3
|
|
9272
9764
|
# interruptions when a session expires. For more information about
|
9273
9765
|
# authorization, see [ `CreateSession` ][3].
|
9274
9766
|
#
|
9767
|
+
# If you enable `x-amz-checksum-mode` in the request and the object
|
9768
|
+
# is encrypted with Amazon Web Services Key Management Service
|
9769
|
+
# (Amazon Web Services KMS), you must also have the
|
9770
|
+
# `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM
|
9771
|
+
# identity-based policies and KMS key policies for the KMS key to
|
9772
|
+
# retrieve the checksum of the object.
|
9773
|
+
#
|
9275
9774
|
# Encryption
|
9276
9775
|
# : <note markdown="1"> Encryption request headers, like `x-amz-server-side-encryption`,
|
9277
9776
|
# should not be sent for `HEAD` requests if your object uses
|
@@ -9305,9 +9804,10 @@ module Aws::S3
|
|
9305
9804
|
# Customer-Provided Encryption Keys)][4] in the *Amazon S3 User
|
9306
9805
|
# Guide*.
|
9307
9806
|
#
|
9308
|
-
# <note markdown="1">
|
9309
|
-
# server-side encryption
|
9310
|
-
#
|
9807
|
+
# <note markdown="1"> <b>Directory bucket </b> - For directory buckets, there are only two
|
9808
|
+
# supported options for server-side encryption: SSE-S3 and SSE-KMS.
|
9809
|
+
# SSE-C isn't supported. For more information, see [Protecting data
|
9810
|
+
# with server-side encryption][5] in the *Amazon S3 User Guide*.
|
9311
9811
|
#
|
9312
9812
|
# </note>
|
9313
9813
|
#
|
@@ -9341,15 +9841,15 @@ module Aws::S3
|
|
9341
9841
|
# requests in the format
|
9342
9842
|
# `https://bucket_name.s3express-az_id.region.amazonaws.com/key-name
|
9343
9843
|
# `. Path-style requests are not supported. For more information, see
|
9344
|
-
# [Regional and Zonal endpoints][
|
9844
|
+
# [Regional and Zonal endpoints][6] in the *Amazon S3 User Guide*.
|
9345
9845
|
#
|
9346
9846
|
# </note>
|
9347
9847
|
#
|
9348
9848
|
# The following actions are related to `HeadObject`:
|
9349
9849
|
#
|
9350
|
-
# * [GetObject][
|
9850
|
+
# * [GetObject][7]
|
9351
9851
|
#
|
9352
|
-
# * [GetObjectAttributes][
|
9852
|
+
# * [GetObjectAttributes][8]
|
9353
9853
|
#
|
9354
9854
|
#
|
9355
9855
|
#
|
@@ -9357,9 +9857,10 @@ module Aws::S3
|
|
9357
9857
|
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html
|
9358
9858
|
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html
|
9359
9859
|
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
|
9360
|
-
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-
|
9361
|
-
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/
|
9362
|
-
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
9860
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
9861
|
+
# [6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html
|
9862
|
+
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
|
9863
|
+
# [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html
|
9363
9864
|
#
|
9364
9865
|
# @option params [required, String] :bucket
|
9365
9866
|
# The name of the bucket that contains the object.
|
@@ -9575,10 +10076,16 @@ module Aws::S3
|
|
9575
10076
|
# @option params [String] :checksum_mode
|
9576
10077
|
# To retrieve the checksum, this parameter must be enabled.
|
9577
10078
|
#
|
9578
|
-
#
|
9579
|
-
# with a [checksum][1] and encrypted with an Key
|
9580
|
-
# (KMS) key, you must have permission to use the
|
9581
|
-
# retrieve the checksum.
|
10079
|
+
# **General purpose buckets** - If you enable checksum mode and the
|
10080
|
+
# object is uploaded with a [checksum][1] and encrypted with an Key
|
10081
|
+
# Management Service (KMS) key, you must have permission to use the
|
10082
|
+
# `kms:Decrypt` action to retrieve the checksum.
|
10083
|
+
#
|
10084
|
+
# **Directory buckets** - If you enable `ChecksumMode` and the object is
|
10085
|
+
# encrypted with Amazon Web Services Key Management Service (Amazon Web
|
10086
|
+
# Services KMS), you must also have the `kms:GenerateDataKey` and
|
10087
|
+
# `kms:Decrypt` permissions in IAM identity-based policies and KMS key
|
10088
|
+
# policies for the KMS key to retrieve the checksum of the object.
|
9582
10089
|
#
|
9583
10090
|
#
|
9584
10091
|
#
|
@@ -12574,24 +13081,73 @@ module Aws::S3
|
|
12574
13081
|
req.send_request(options)
|
12575
13082
|
end
|
12576
13083
|
|
12577
|
-
#
|
13084
|
+
# This operation configures default encryption and Amazon S3 Bucket Keys
|
13085
|
+
# for an existing bucket.
|
12578
13086
|
#
|
12579
|
-
#
|
13087
|
+
# <note markdown="1"> <b>Directory buckets </b> - For directory buckets, you must make
|
13088
|
+
# requests for this API operation to the Regional endpoint. These
|
13089
|
+
# endpoints support path-style requests in the format
|
13090
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
13091
|
+
# Virtual-hosted-style requests aren't supported. For more information,
|
13092
|
+
# see [Regional and Zonal endpoints][1] in the *Amazon S3 User Guide*.
|
12580
13093
|
#
|
12581
|
-
#
|
12582
|
-
# encryption and Amazon S3 Bucket Keys for an existing bucket.
|
13094
|
+
# </note>
|
12583
13095
|
#
|
12584
13096
|
# By default, all buckets have a default encryption configuration that
|
12585
|
-
# uses server-side encryption with Amazon S3 managed keys (SSE-S3).
|
12586
|
-
#
|
12587
|
-
#
|
12588
|
-
#
|
12589
|
-
#
|
12590
|
-
#
|
12591
|
-
#
|
12592
|
-
#
|
12593
|
-
#
|
12594
|
-
#
|
13097
|
+
# uses server-side encryption with Amazon S3 managed keys (SSE-S3).
|
13098
|
+
#
|
13099
|
+
# <note markdown="1"> * **General purpose buckets**
|
13100
|
+
#
|
13101
|
+
# * You can optionally configure default encryption for a bucket by
|
13102
|
+
# using server-side encryption with Key Management Service (KMS)
|
13103
|
+
# keys (SSE-KMS) or dual-layer server-side encryption with Amazon
|
13104
|
+
# Web Services KMS keys (DSSE-KMS). If you specify default
|
13105
|
+
# encryption by using SSE-KMS, you can also configure [Amazon S3
|
13106
|
+
# Bucket Keys][2]. For information about the bucket default
|
13107
|
+
# encryption feature, see [Amazon S3 Bucket Default Encryption][3]
|
13108
|
+
# in the *Amazon S3 User Guide*.
|
13109
|
+
#
|
13110
|
+
# * If you use PutBucketEncryption to set your [default bucket
|
13111
|
+
# encryption][3] to SSE-KMS, you should verify that your KMS key ID
|
13112
|
+
# is correct. Amazon S3 doesn't validate the KMS key ID provided in
|
13113
|
+
# PutBucketEncryption requests.
|
13114
|
+
#
|
13115
|
+
# * <b>Directory buckets </b> - You can optionally configure default
|
13116
|
+
# encryption for a bucket by using server-side encryption with Key
|
13117
|
+
# Management Service (KMS) keys (SSE-KMS).
|
13118
|
+
#
|
13119
|
+
# * We recommend that the bucket's default encryption uses the
|
13120
|
+
# desired encryption configuration and you don't override the
|
13121
|
+
# bucket default encryption in your `CreateSession` requests or
|
13122
|
+
# `PUT` object requests. Then, new objects are automatically
|
13123
|
+
# encrypted with the desired encryption settings. For more
|
13124
|
+
# information about the encryption overriding behaviors in directory
|
13125
|
+
# buckets, see [Specifying server-side encryption with KMS for new
|
13126
|
+
# object uploads][4].
|
13127
|
+
#
|
13128
|
+
# * Your SSE-KMS configuration can only support 1 [customer managed
|
13129
|
+
# key][5] per directory bucket for the lifetime of the bucket.
|
13130
|
+
# [Amazon Web Services managed key][6] (`aws/s3`) isn't supported.
|
13131
|
+
#
|
13132
|
+
# * S3 Bucket Keys are always enabled for `GET` and `PUT` operations
|
13133
|
+
# in a directory bucket and can’t be disabled. S3 Bucket Keys
|
13134
|
+
# aren't supported, when you copy SSE-KMS encrypted objects from
|
13135
|
+
# general purpose buckets to directory buckets, from directory
|
13136
|
+
# buckets to general purpose buckets, or between directory buckets,
|
13137
|
+
# through [CopyObject][7], [UploadPartCopy][8], [the Copy operation
|
13138
|
+
# in Batch Operations][9], or [the import jobs][10]. In this case,
|
13139
|
+
# Amazon S3 makes a call to KMS every time a copy request is made
|
13140
|
+
# for a KMS-encrypted object.
|
13141
|
+
#
|
13142
|
+
# * When you specify an [KMS customer managed key][5] for encryption
|
13143
|
+
# in your directory bucket, only use the key ID or key ARN. The key
|
13144
|
+
# alias format of the KMS key isn't supported.
|
13145
|
+
#
|
13146
|
+
# * For directory buckets, if you use PutBucketEncryption to set your
|
13147
|
+
# [default bucket encryption][3] to SSE-KMS, Amazon S3 validates the
|
13148
|
+
# KMS key ID provided in PutBucketEncryption requests.
|
13149
|
+
#
|
13150
|
+
# </note>
|
12595
13151
|
#
|
12596
13152
|
# If you're specifying a customer managed KMS key, we recommend using a
|
12597
13153
|
# fully qualified KMS key ARN. If you use a KMS key alias instead, then
|
@@ -12601,45 +13157,80 @@ module Aws::S3
|
|
12601
13157
|
#
|
12602
13158
|
# Also, this action requires Amazon Web Services Signature Version 4.
|
12603
13159
|
# For more information, see [ Authenticating Requests (Amazon Web
|
12604
|
-
# Services Signature Version 4)][
|
13160
|
+
# Services Signature Version 4)][11].
|
12605
13161
|
#
|
12606
|
-
#
|
12607
|
-
#
|
12608
|
-
# permission
|
12609
|
-
#
|
12610
|
-
#
|
12611
|
-
#
|
12612
|
-
#
|
13162
|
+
# Permissions
|
13163
|
+
# : * **General purpose bucket permissions** - The
|
13164
|
+
# `s3:PutEncryptionConfiguration` permission is required in a
|
13165
|
+
# policy. The bucket owner has this permission by default. The
|
13166
|
+
# bucket owner can grant this permission to others. For more
|
13167
|
+
# information about permissions, see [Permissions Related to Bucket
|
13168
|
+
# Operations][12] and [Managing Access Permissions to Your Amazon S3
|
13169
|
+
# Resources][13] in the *Amazon S3 User Guide*.
|
13170
|
+
#
|
13171
|
+
# * **Directory bucket permissions** - To grant access to this API
|
13172
|
+
# operation, you must have the
|
13173
|
+
# `s3express:PutEncryptionConfiguration` permission in an IAM
|
13174
|
+
# identity-based policy instead of a bucket policy. Cross-account
|
13175
|
+
# access to this API operation isn't supported. This operation can
|
13176
|
+
# only be performed by the Amazon Web Services account that owns the
|
13177
|
+
# resource. For more information about directory bucket policies and
|
13178
|
+
# permissions, see [Amazon Web Services Identity and Access
|
13179
|
+
# Management (IAM) for S3 Express One Zone][14] in the *Amazon S3
|
13180
|
+
# User Guide*.
|
13181
|
+
#
|
13182
|
+
# To set a directory bucket default encryption with SSE-KMS, you
|
13183
|
+
# must also have the `kms:GenerateDataKey` and the `kms:Decrypt`
|
13184
|
+
# permissions in IAM identity-based policies and KMS key policies
|
13185
|
+
# for the target KMS key.
|
13186
|
+
#
|
13187
|
+
# HTTP Host header syntax
|
13188
|
+
#
|
13189
|
+
# : <b>Directory buckets </b> - The HTTP Host header syntax is
|
13190
|
+
# `s3express-control.region.amazonaws.com`.
|
12613
13191
|
#
|
12614
13192
|
# The following operations are related to `PutBucketEncryption`:
|
12615
13193
|
#
|
12616
|
-
# * [GetBucketEncryption][
|
13194
|
+
# * [GetBucketEncryption][15]
|
12617
13195
|
#
|
12618
|
-
# * [DeleteBucketEncryption][
|
13196
|
+
# * [DeleteBucketEncryption][16]
|
12619
13197
|
#
|
12620
13198
|
#
|
12621
13199
|
#
|
12622
|
-
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/
|
12623
|
-
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-
|
12624
|
-
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/
|
12625
|
-
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/
|
12626
|
-
# [5]: https://docs.aws.amazon.com/
|
12627
|
-
# [6]: https://docs.aws.amazon.com/
|
12628
|
-
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
13200
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html
|
13201
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
|
13202
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
|
13203
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
13204
|
+
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
13205
|
+
# [6]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
13206
|
+
# [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
13207
|
+
# [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
13208
|
+
# [9]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
13209
|
+
# [10]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
13210
|
+
# [11]: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
|
13211
|
+
# [12]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
|
13212
|
+
# [13]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
|
13213
|
+
# [14]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html
|
13214
|
+
# [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
|
13215
|
+
# [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
|
12629
13216
|
#
|
12630
13217
|
# @option params [required, String] :bucket
|
12631
13218
|
# Specifies default encryption for a bucket using server-side encryption
|
12632
|
-
# with different key options.
|
12633
|
-
#
|
12634
|
-
#
|
12635
|
-
#
|
12636
|
-
#
|
12637
|
-
#
|
12638
|
-
#
|
13219
|
+
# with different key options.
|
13220
|
+
#
|
13221
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
13222
|
+
# directory bucket, you must use path-style requests in the format
|
13223
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
13224
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
13225
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
13226
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
13227
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about
|
13228
|
+
# bucket naming restrictions, see [Directory bucket naming rules][1] in
|
13229
|
+
# the *Amazon S3 User Guide*
|
12639
13230
|
#
|
12640
13231
|
#
|
12641
13232
|
#
|
12642
|
-
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/
|
13233
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
12643
13234
|
#
|
12644
13235
|
# @option params [String] :content_md5
|
12645
13236
|
# The base64-encoded 128-bit MD5 digest of the server-side encryption
|
@@ -12649,6 +13240,10 @@ module Aws::S3
|
|
12649
13240
|
# (CLI) or Amazon Web Services SDKs, this field is calculated
|
12650
13241
|
# automatically.
|
12651
13242
|
#
|
13243
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
13244
|
+
#
|
13245
|
+
# </note>
|
13246
|
+
#
|
12652
13247
|
# @option params [String] :checksum_algorithm
|
12653
13248
|
# Indicates the algorithm used to create the checksum for the object
|
12654
13249
|
# when you use the SDK. This header will not provide any additional
|
@@ -12661,6 +13256,11 @@ module Aws::S3
|
|
12661
13256
|
# If you provide an individual checksum, Amazon S3 ignores any provided
|
12662
13257
|
# `ChecksumAlgorithm` parameter.
|
12663
13258
|
#
|
13259
|
+
# <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
|
13260
|
+
# is the default checksum algorithm that's used for performance.
|
13261
|
+
#
|
13262
|
+
# </note>
|
13263
|
+
#
|
12664
13264
|
#
|
12665
13265
|
#
|
12666
13266
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
|
@@ -12673,6 +13273,12 @@ module Aws::S3
|
|
12673
13273
|
# you provide does not match the actual owner of the bucket, the request
|
12674
13274
|
# fails with the HTTP status code `403 Forbidden` (access denied).
|
12675
13275
|
#
|
13276
|
+
# <note markdown="1"> For directory buckets, this header is not supported in this API
|
13277
|
+
# operation. If you specify this header, the request fails with the HTTP
|
13278
|
+
# status code `501 Not Implemented`.
|
13279
|
+
#
|
13280
|
+
# </note>
|
13281
|
+
#
|
12676
13282
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
12677
13283
|
#
|
12678
13284
|
# @example Request syntax with placeholder values
|
@@ -15070,6 +15676,10 @@ module Aws::S3
|
|
15070
15676
|
# interruptions when a session expires. For more information about
|
15071
15677
|
# authorization, see [ `CreateSession` ][5].
|
15072
15678
|
#
|
15679
|
+
# If the object is encrypted with SSE-KMS, you must also have the
|
15680
|
+
# `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM
|
15681
|
+
# identity-based policies and KMS key policies for the KMS key.
|
15682
|
+
#
|
15073
15683
|
# Data integrity with Content-MD5
|
15074
15684
|
# : * **General purpose bucket** - To ensure that data is not corrupted
|
15075
15685
|
# traversing the network, use the `Content-MD5` header. When you use
|
@@ -15419,25 +16029,65 @@ module Aws::S3
|
|
15419
16029
|
# object in Amazon S3 (for example, `AES256`, `aws:kms`,
|
15420
16030
|
# `aws:kms:dsse`).
|
15421
16031
|
#
|
15422
|
-
# <b>General purpose buckets </b> - You have four mutually exclusive
|
15423
|
-
#
|
15424
|
-
#
|
15425
|
-
#
|
15426
|
-
#
|
15427
|
-
#
|
15428
|
-
#
|
15429
|
-
#
|
15430
|
-
#
|
15431
|
-
#
|
15432
|
-
#
|
16032
|
+
# * <b>General purpose buckets </b> - You have four mutually exclusive
|
16033
|
+
# options to protect data using server-side encryption in Amazon S3,
|
16034
|
+
# depending on how you choose to manage the encryption keys.
|
16035
|
+
# Specifically, the encryption key options are Amazon S3 managed keys
|
16036
|
+
# (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
|
16037
|
+
# customer-provided keys (SSE-C). Amazon S3 encrypts data with
|
16038
|
+
# server-side encryption by using Amazon S3 managed keys (SSE-S3) by
|
16039
|
+
# default. You can optionally tell Amazon S3 to encrypt data at rest
|
16040
|
+
# by using server-side encryption with other key options. For more
|
16041
|
+
# information, see [Using Server-Side Encryption][1] in the *Amazon S3
|
16042
|
+
# User Guide*.
|
15433
16043
|
#
|
15434
|
-
# <b>Directory buckets </b> - For directory buckets, only
|
15435
|
-
#
|
15436
|
-
#
|
16044
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
16045
|
+
# two supported options for server-side encryption: server-side
|
16046
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
16047
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
16048
|
+
# recommend that the bucket's default encryption uses the desired
|
16049
|
+
# encryption configuration and you don't override the bucket default
|
16050
|
+
# encryption in your `CreateSession` requests or `PUT` object
|
16051
|
+
# requests. Then, new objects are automatically encrypted with the
|
16052
|
+
# desired encryption settings. For more information, see [Protecting
|
16053
|
+
# data with server-side encryption][2] in the *Amazon S3 User Guide*.
|
16054
|
+
# For more information about the encryption overriding behaviors in
|
16055
|
+
# directory buckets, see [Specifying server-side encryption with KMS
|
16056
|
+
# for new object uploads][3].
|
16057
|
+
#
|
16058
|
+
# In the Zonal endpoint API calls (except [CopyObject][4] and
|
16059
|
+
# [UploadPartCopy][5]) using the REST API, the encryption request
|
16060
|
+
# headers must match the encryption settings that are specified in the
|
16061
|
+
# `CreateSession` request. You can't override the values of the
|
16062
|
+
# encryption settings (`x-amz-server-side-encryption`,
|
16063
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
16064
|
+
# `x-amz-server-side-encryption-context`, and
|
16065
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) that are
|
16066
|
+
# specified in the `CreateSession` request. You don't need to
|
16067
|
+
# explicitly specify these encryption settings values in Zonal
|
16068
|
+
# endpoint API calls, and Amazon S3 will use the encryption settings
|
16069
|
+
# values from the `CreateSession` request to protect new objects in
|
16070
|
+
# the directory bucket.
|
16071
|
+
#
|
16072
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
16073
|
+
# `CreateSession`, the session token refreshes automatically to avoid
|
16074
|
+
# service interruptions when a session expires. The CLI or the Amazon
|
16075
|
+
# Web Services SDKs use the bucket's default encryption configuration
|
16076
|
+
# for the `CreateSession` request. It's not supported to override the
|
16077
|
+
# encryption settings values in the `CreateSession` request. So in the
|
16078
|
+
# Zonal endpoint API calls (except [CopyObject][4] and
|
16079
|
+
# [UploadPartCopy][5]), the encryption request headers must match the
|
16080
|
+
# default encryption configuration of the directory bucket.
|
16081
|
+
#
|
16082
|
+
# </note>
|
15437
16083
|
#
|
15438
16084
|
#
|
15439
16085
|
#
|
15440
16086
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
|
16087
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
16088
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
16089
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
16090
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
15441
16091
|
#
|
15442
16092
|
# @option params [String] :storage_class
|
15443
16093
|
# By default, Amazon S3 uses the STANDARD Storage Class to store newly
|
@@ -15517,46 +16167,83 @@ module Aws::S3
|
|
15517
16167
|
# </note>
|
15518
16168
|
#
|
15519
16169
|
# @option params [String] :ssekms_key_id
|
15520
|
-
#
|
15521
|
-
#
|
15522
|
-
#
|
15523
|
-
#
|
15524
|
-
#
|
15525
|
-
#
|
15526
|
-
# x-amz-server-side-encryption
|
15527
|
-
#
|
15528
|
-
#
|
15529
|
-
#
|
16170
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
16171
|
+
# object encryption. If the KMS key doesn't exist in the same account
|
16172
|
+
# that's issuing the command, you must use the full Key ARN not the Key
|
16173
|
+
# ID.
|
16174
|
+
#
|
16175
|
+
# **General purpose buckets** - If you specify
|
16176
|
+
# `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
|
16177
|
+
# header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
|
16178
|
+
# to use. If you specify `x-amz-server-side-encryption:aws:kms` or
|
16179
|
+
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
16180
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
16181
|
+
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
16182
|
+
#
|
16183
|
+
# **Directory buckets** - If you specify `x-amz-server-side-encryption`
|
16184
|
+
# with `aws:kms`, you must specify the `
|
16185
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header with the ID (Key
|
16186
|
+
# ID or Key ARN) of the KMS symmetric encryption customer managed key to
|
16187
|
+
# use. Otherwise, you get an HTTP `400 Bad Request` error. Only use the
|
16188
|
+
# key ID or key ARN. The key alias format of the KMS key isn't
|
16189
|
+
# supported. Your SSE-KMS configuration can only support 1 [customer
|
16190
|
+
# managed key][1] per directory bucket for the lifetime of the bucket.
|
16191
|
+
# [Amazon Web Services managed key][2] (`aws/s3`) isn't supported.
|
16192
|
+
#
|
16193
|
+
#
|
16194
|
+
#
|
16195
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
16196
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
15530
16197
|
#
|
15531
|
-
#
|
16198
|
+
# @option params [String] :ssekms_encryption_context
|
16199
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
16200
|
+
# additional encryption context to use for object encryption. The value
|
16201
|
+
# of this header is a Base64-encoded string of a UTF-8 encoded JSON,
|
16202
|
+
# which contains the encryption context as key-value pairs. This value
|
16203
|
+
# is stored as object metadata and automatically gets passed on to
|
16204
|
+
# Amazon Web Services KMS for future `GetObject` operations on this
|
16205
|
+
# object.
|
15532
16206
|
#
|
15533
|
-
#
|
16207
|
+
# **General purpose buckets** - This value must be explicitly added
|
16208
|
+
# during `CopyObject` operations if you want an additional encryption
|
16209
|
+
# context for your object. For more information, see [Encryption
|
16210
|
+
# context][1] in the *Amazon S3 User Guide*.
|
15534
16211
|
#
|
15535
|
-
#
|
15536
|
-
#
|
15537
|
-
#
|
15538
|
-
#
|
15539
|
-
# value is stored as object metadata and automatically gets passed on to
|
15540
|
-
# Amazon Web Services KMS for future `GetObject` or `CopyObject`
|
15541
|
-
# operations on this object. This value must be explicitly added during
|
15542
|
-
# `CopyObject` operations.
|
16212
|
+
# **Directory buckets** - You can optionally provide an explicit
|
16213
|
+
# encryption context value. The value must match the default encryption
|
16214
|
+
# context - the bucket Amazon Resource Name (ARN). An additional
|
16215
|
+
# encryption context value is not supported.
|
15543
16216
|
#
|
15544
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
15545
16217
|
#
|
15546
|
-
#
|
16218
|
+
#
|
16219
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
15547
16220
|
#
|
15548
16221
|
# @option params [Boolean] :bucket_key_enabled
|
15549
16222
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
15550
16223
|
# encryption with server-side encryption using Key Management Service
|
15551
|
-
# (KMS) keys (SSE-KMS).
|
15552
|
-
#
|
16224
|
+
# (KMS) keys (SSE-KMS).
|
16225
|
+
#
|
16226
|
+
# **General purpose buckets** - Setting this header to `true` causes
|
16227
|
+
# Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
|
16228
|
+
# Also, specifying this header with a PUT action doesn't affect
|
16229
|
+
# bucket-level settings for S3 Bucket Key.
|
15553
16230
|
#
|
15554
|
-
#
|
15555
|
-
#
|
16231
|
+
# **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
|
16232
|
+
# and `PUT` operations in a directory bucket and can’t be disabled. S3
|
16233
|
+
# Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
|
16234
|
+
# from general purpose buckets to directory buckets, from directory
|
16235
|
+
# buckets to general purpose buckets, or between directory buckets,
|
16236
|
+
# through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
|
16237
|
+
# Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
|
16238
|
+
# makes a call to KMS every time a copy request is made for a
|
16239
|
+
# KMS-encrypted object.
|
15556
16240
|
#
|
15557
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
15558
16241
|
#
|
15559
|
-
#
|
16242
|
+
#
|
16243
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
16244
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
16245
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
16246
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
15560
16247
|
#
|
15561
16248
|
# @option params [String] :request_payer
|
15562
16249
|
# Confirms that the requester knows that they will be charged for the
|
@@ -15634,24 +16321,22 @@ module Aws::S3
|
|
15634
16321
|
# * {Types::PutObjectOutput#request_charged #request_charged} => String
|
15635
16322
|
#
|
15636
16323
|
#
|
15637
|
-
# @example Example: To upload an object
|
16324
|
+
# @example Example: To upload an object and specify optional tags
|
15638
16325
|
#
|
15639
|
-
# # The following example uploads an object. The request specifies optional
|
15640
|
-
# #
|
16326
|
+
# # The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore
|
16327
|
+
# # S3 returns version ID of the newly created object.
|
15641
16328
|
#
|
15642
16329
|
# resp = client.put_object({
|
15643
|
-
# body: "HappyFace.jpg",
|
16330
|
+
# body: "c:\\HappyFace.jpg",
|
15644
16331
|
# bucket: "examplebucket",
|
15645
16332
|
# key: "HappyFace.jpg",
|
15646
|
-
#
|
15647
|
-
# storage_class: "STANDARD_IA",
|
16333
|
+
# tagging: "key1=value1&key2=value2",
|
15648
16334
|
# })
|
15649
16335
|
#
|
15650
16336
|
# resp.to_h outputs the following:
|
15651
16337
|
# {
|
15652
16338
|
# etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
|
15653
|
-
#
|
15654
|
-
# version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp",
|
16339
|
+
# version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a",
|
15655
16340
|
# }
|
15656
16341
|
#
|
15657
16342
|
# @example Example: To create an object.
|
@@ -15670,98 +16355,100 @@ module Aws::S3
|
|
15670
16355
|
# version_id: "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ",
|
15671
16356
|
# }
|
15672
16357
|
#
|
15673
|
-
# @example Example: To upload
|
16358
|
+
# @example Example: To upload object and specify user-defined metadata
|
15674
16359
|
#
|
15675
|
-
# # The following example
|
15676
|
-
# #
|
16360
|
+
# # The following example creates an object. The request also specifies optional metadata. If the bucket is versioning
|
16361
|
+
# # enabled, S3 returns version ID in response.
|
15677
16362
|
#
|
15678
16363
|
# resp = client.put_object({
|
15679
|
-
# body: "
|
16364
|
+
# body: "filetoupload",
|
15680
16365
|
# bucket: "examplebucket",
|
15681
|
-
# key: "
|
16366
|
+
# key: "exampleobject",
|
16367
|
+
# metadata: {
|
16368
|
+
# "metadata1" => "value1",
|
16369
|
+
# "metadata2" => "value2",
|
16370
|
+
# },
|
15682
16371
|
# })
|
15683
16372
|
#
|
15684
16373
|
# resp.to_h outputs the following:
|
15685
16374
|
# {
|
15686
16375
|
# etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
|
15687
|
-
# version_id: "
|
16376
|
+
# version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0",
|
15688
16377
|
# }
|
15689
16378
|
#
|
15690
|
-
# @example Example: To upload an object
|
16379
|
+
# @example Example: To upload an object
|
15691
16380
|
#
|
15692
|
-
# # The following example uploads an object
|
15693
|
-
# # S3 returns
|
16381
|
+
# # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
|
16382
|
+
# # syntax. S3 returns VersionId of the newly created object.
|
15694
16383
|
#
|
15695
16384
|
# resp = client.put_object({
|
15696
|
-
# body: "
|
16385
|
+
# body: "HappyFace.jpg",
|
15697
16386
|
# bucket: "examplebucket",
|
15698
16387
|
# key: "HappyFace.jpg",
|
15699
|
-
# tagging: "key1=value1&key2=value2",
|
15700
16388
|
# })
|
15701
16389
|
#
|
15702
16390
|
# resp.to_h outputs the following:
|
15703
16391
|
# {
|
15704
16392
|
# etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
|
15705
|
-
# version_id: "
|
16393
|
+
# version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk",
|
15706
16394
|
# }
|
15707
16395
|
#
|
15708
|
-
# @example Example: To upload an object and specify
|
16396
|
+
# @example Example: To upload an object and specify server-side encryption and object tags
|
15709
16397
|
#
|
15710
|
-
# # The following example uploads
|
15711
|
-
# #
|
16398
|
+
# # The following example uploads an object. The request specifies the optional server-side encryption option. The request
|
16399
|
+
# # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
|
15712
16400
|
#
|
15713
16401
|
# resp = client.put_object({
|
15714
|
-
# acl: "authenticated-read",
|
15715
16402
|
# body: "filetoupload",
|
15716
16403
|
# bucket: "examplebucket",
|
15717
16404
|
# key: "exampleobject",
|
16405
|
+
# server_side_encryption: "AES256",
|
16406
|
+
# tagging: "key1=value1&key2=value2",
|
15718
16407
|
# })
|
15719
16408
|
#
|
15720
16409
|
# resp.to_h outputs the following:
|
15721
16410
|
# {
|
15722
16411
|
# etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
|
15723
|
-
#
|
16412
|
+
# server_side_encryption: "AES256",
|
16413
|
+
# version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt",
|
15724
16414
|
# }
|
15725
16415
|
#
|
15726
|
-
# @example Example: To upload object and specify
|
16416
|
+
# @example Example: To upload an object and specify canned ACL.
|
15727
16417
|
#
|
15728
|
-
# # The following example
|
15729
|
-
# # enabled, S3 returns version ID in response.
|
16418
|
+
# # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
|
16419
|
+
# # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
|
15730
16420
|
#
|
15731
16421
|
# resp = client.put_object({
|
16422
|
+
# acl: "authenticated-read",
|
15732
16423
|
# body: "filetoupload",
|
15733
16424
|
# bucket: "examplebucket",
|
15734
16425
|
# key: "exampleobject",
|
15735
|
-
# metadata: {
|
15736
|
-
# "metadata1" => "value1",
|
15737
|
-
# "metadata2" => "value2",
|
15738
|
-
# },
|
15739
16426
|
# })
|
15740
16427
|
#
|
15741
16428
|
# resp.to_h outputs the following:
|
15742
16429
|
# {
|
15743
16430
|
# etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
|
15744
|
-
# version_id: "
|
16431
|
+
# version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr",
|
15745
16432
|
# }
|
15746
16433
|
#
|
15747
|
-
# @example Example: To upload an object
|
16434
|
+
# @example Example: To upload an object (specify optional headers)
|
15748
16435
|
#
|
15749
|
-
# # The following example uploads an object. The request specifies
|
15750
|
-
# #
|
16436
|
+
# # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
|
16437
|
+
# # storage class and use server-side encryption.
|
15751
16438
|
#
|
15752
16439
|
# resp = client.put_object({
|
15753
|
-
# body: "
|
16440
|
+
# body: "HappyFace.jpg",
|
15754
16441
|
# bucket: "examplebucket",
|
15755
|
-
# key: "
|
16442
|
+
# key: "HappyFace.jpg",
|
15756
16443
|
# server_side_encryption: "AES256",
|
15757
|
-
#
|
16444
|
+
# storage_class: "STANDARD_IA",
|
15758
16445
|
# })
|
15759
16446
|
#
|
15760
16447
|
# resp.to_h outputs the following:
|
15761
16448
|
# {
|
15762
16449
|
# etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
|
15763
16450
|
# server_side_encryption: "AES256",
|
15764
|
-
# version_id: "
|
16451
|
+
# version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp",
|
15765
16452
|
# }
|
15766
16453
|
#
|
15767
16454
|
# @example Streaming a file from disk
|
@@ -17774,6 +18461,10 @@ module Aws::S3
|
|
17774
18461
|
# interruptions when a session expires. For more information about
|
17775
18462
|
# authorization, see [ `CreateSession` ][9].
|
17776
18463
|
#
|
18464
|
+
# If the object is encrypted with SSE-KMS, you must also have the
|
18465
|
+
# `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM
|
18466
|
+
# identity-based policies and KMS key policies for the KMS key.
|
18467
|
+
#
|
17777
18468
|
# Data integrity
|
17778
18469
|
#
|
17779
18470
|
# : **General purpose bucket** - To ensure that data is not corrupted
|
@@ -17825,12 +18516,13 @@ module Aws::S3
|
|
17825
18516
|
#
|
17826
18517
|
# * x-amz-server-side-encryption-customer-key-MD5
|
17827
18518
|
#
|
17828
|
-
#
|
17829
|
-
#
|
17830
|
-
# supported.
|
18519
|
+
# For more information, see [Using Server-Side Encryption][11] in
|
18520
|
+
# the *Amazon S3 User Guide*.
|
17831
18521
|
#
|
17832
|
-
#
|
17833
|
-
#
|
18522
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
18523
|
+
# two supported options for server-side encryption: server-side
|
18524
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
18525
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`).
|
17834
18526
|
#
|
17835
18527
|
# Special errors
|
17836
18528
|
# : * Error Code: `NoSuchUpload`
|
@@ -18243,6 +18935,10 @@ module Aws::S3
|
|
18243
18935
|
# destination. The `s3express:SessionMode` condition key cannot be
|
18244
18936
|
# set to `ReadOnly` on the copy destination.
|
18245
18937
|
#
|
18938
|
+
# If the object is encrypted with SSE-KMS, you must also have the
|
18939
|
+
# `kms:GenerateDataKey` and `kms:Decrypt` permissions in IAM
|
18940
|
+
# identity-based policies and KMS key policies for the KMS key.
|
18941
|
+
#
|
18246
18942
|
# For example policies, see [Example bucket policies for S3 Express
|
18247
18943
|
# One Zone][10] and [Amazon Web Services Identity and Access
|
18248
18944
|
# Management (IAM) identity-based policies for S3 Express One
|
@@ -18254,9 +18950,26 @@ module Aws::S3
|
|
18254
18950
|
# the `UploadPartCopy` operation, see [CopyObject][12] and
|
18255
18951
|
# [UploadPart][2].
|
18256
18952
|
#
|
18257
|
-
# * <b>Directory buckets </b> - For directory buckets, only
|
18258
|
-
# server-side encryption
|
18259
|
-
# (`AES256`)
|
18953
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
18954
|
+
# two supported options for server-side encryption: server-side
|
18955
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
18956
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). For
|
18957
|
+
# more information, see [Protecting data with server-side
|
18958
|
+
# encryption][13] in the *Amazon S3 User Guide*.
|
18959
|
+
#
|
18960
|
+
# <note markdown="1"> For directory buckets, when you perform a `CreateMultipartUpload`
|
18961
|
+
# operation and an `UploadPartCopy` operation, the request headers
|
18962
|
+
# you provide in the `CreateMultipartUpload` request must match the
|
18963
|
+
# default encryption configuration of the destination bucket.
|
18964
|
+
#
|
18965
|
+
# </note>
|
18966
|
+
#
|
18967
|
+
# S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted
|
18968
|
+
# objects from general purpose buckets to directory buckets, from
|
18969
|
+
# directory buckets to general purpose buckets, or between directory
|
18970
|
+
# buckets, through [UploadPartCopy][14]. In this case, Amazon S3
|
18971
|
+
# makes a call to KMS every time a copy request is made for a
|
18972
|
+
# KMS-encrypted object.
|
18260
18973
|
#
|
18261
18974
|
# Special errors
|
18262
18975
|
# : * Error Code: `NoSuchUpload`
|
@@ -18281,17 +18994,17 @@ module Aws::S3
|
|
18281
18994
|
#
|
18282
18995
|
# The following operations are related to `UploadPartCopy`:
|
18283
18996
|
#
|
18284
|
-
# * [CreateMultipartUpload][
|
18997
|
+
# * [CreateMultipartUpload][15]
|
18285
18998
|
#
|
18286
18999
|
# * [UploadPart][2]
|
18287
19000
|
#
|
18288
|
-
# * [CompleteMultipartUpload][
|
19001
|
+
# * [CompleteMultipartUpload][16]
|
18289
19002
|
#
|
18290
|
-
# * [AbortMultipartUpload][
|
19003
|
+
# * [AbortMultipartUpload][17]
|
18291
19004
|
#
|
18292
|
-
# * [ListParts][
|
19005
|
+
# * [ListParts][18]
|
18293
19006
|
#
|
18294
|
-
# * [ListMultipartUploads][
|
19007
|
+
# * [ListMultipartUploads][19]
|
18295
19008
|
#
|
18296
19009
|
#
|
18297
19010
|
#
|
@@ -18307,11 +19020,13 @@ module Aws::S3
|
|
18307
19020
|
# [10]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html
|
18308
19021
|
# [11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html
|
18309
19022
|
# [12]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
18310
|
-
# [13]: https://docs.aws.amazon.com/AmazonS3/latest/
|
18311
|
-
# [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
18312
|
-
# [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
18313
|
-
# [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
18314
|
-
# [17]: https://docs.aws.amazon.com/AmazonS3/latest/API/
|
19023
|
+
# [13]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
19024
|
+
# [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
19025
|
+
# [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
|
19026
|
+
# [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
|
19027
|
+
# [17]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
|
19028
|
+
# [18]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
|
19029
|
+
# [19]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
|
18315
19030
|
#
|
18316
19031
|
# @option params [required, String] :bucket
|
18317
19032
|
# The bucket name.
|
@@ -18597,45 +19312,45 @@ module Aws::S3
|
|
18597
19312
|
# * {Types::UploadPartCopyOutput#request_charged #request_charged} => String
|
18598
19313
|
#
|
18599
19314
|
#
|
18600
|
-
# @example Example: To upload a part by copying
|
19315
|
+
# @example Example: To upload a part by copying byte range from an existing object as data source
|
18601
19316
|
#
|
18602
|
-
# # The following example uploads a part of a multipart upload by copying
|
19317
|
+
# # The following example uploads a part of a multipart upload by copying a specified byte range from an existing object as
|
19318
|
+
# # data source.
|
18603
19319
|
#
|
18604
19320
|
# resp = client.upload_part_copy({
|
18605
19321
|
# bucket: "examplebucket",
|
18606
19322
|
# copy_source: "/bucketname/sourceobjectkey",
|
19323
|
+
# copy_source_range: "bytes=1-100000",
|
18607
19324
|
# key: "examplelargeobject",
|
18608
|
-
# part_number:
|
19325
|
+
# part_number: 2,
|
18609
19326
|
# upload_id: "exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--",
|
18610
19327
|
# })
|
18611
19328
|
#
|
18612
19329
|
# resp.to_h outputs the following:
|
18613
19330
|
# {
|
18614
19331
|
# copy_part_result: {
|
18615
|
-
# etag: "\"
|
18616
|
-
# last_modified: Time.parse("2016-12-29T21:
|
19332
|
+
# etag: "\"65d16d19e65a7508a51f043180edcc36\"",
|
19333
|
+
# last_modified: Time.parse("2016-12-29T21:44:28.000Z"),
|
18617
19334
|
# },
|
18618
19335
|
# }
|
18619
19336
|
#
|
18620
|
-
# @example Example: To upload a part by copying
|
19337
|
+
# @example Example: To upload a part by copying data from an existing object as data source
|
18621
19338
|
#
|
18622
|
-
# # The following example uploads a part of a multipart upload by copying
|
18623
|
-
# # data source.
|
19339
|
+
# # The following example uploads a part of a multipart upload by copying data from an existing object as data source.
|
18624
19340
|
#
|
18625
19341
|
# resp = client.upload_part_copy({
|
18626
19342
|
# bucket: "examplebucket",
|
18627
19343
|
# copy_source: "/bucketname/sourceobjectkey",
|
18628
|
-
# copy_source_range: "bytes=1-100000",
|
18629
19344
|
# key: "examplelargeobject",
|
18630
|
-
# part_number:
|
19345
|
+
# part_number: 1,
|
18631
19346
|
# upload_id: "exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--",
|
18632
19347
|
# })
|
18633
19348
|
#
|
18634
19349
|
# resp.to_h outputs the following:
|
18635
19350
|
# {
|
18636
19351
|
# copy_part_result: {
|
18637
|
-
# etag: "\"
|
18638
|
-
# last_modified: Time.parse("2016-12-29T21:
|
19352
|
+
# etag: "\"b0c6f0e7e054ab8fa2536a2677f8734d\"",
|
19353
|
+
# last_modified: Time.parse("2016-12-29T21:24:43.000Z"),
|
18639
19354
|
# },
|
18640
19355
|
# }
|
18641
19356
|
#
|
@@ -19085,14 +19800,19 @@ module Aws::S3
|
|
19085
19800
|
# @api private
|
19086
19801
|
def build_request(operation_name, params = {})
|
19087
19802
|
handlers = @handlers.for(operation_name)
|
19803
|
+
tracer = config.telemetry_provider.tracer_provider.tracer(
|
19804
|
+
Aws::Telemetry.module_to_tracer_name('Aws::S3')
|
19805
|
+
)
|
19088
19806
|
context = Seahorse::Client::RequestContext.new(
|
19089
19807
|
operation_name: operation_name,
|
19090
19808
|
operation: config.api.operation(operation_name),
|
19091
19809
|
client: self,
|
19092
19810
|
params: params,
|
19093
|
-
config: config
|
19811
|
+
config: config,
|
19812
|
+
tracer: tracer
|
19813
|
+
)
|
19094
19814
|
context[:gem_name] = 'aws-sdk-s3'
|
19095
|
-
context[:gem_version] = '1.
|
19815
|
+
context[:gem_version] = '1.166.0'
|
19096
19816
|
Seahorse::Client::Request.new(handlers, context)
|
19097
19817
|
end
|
19098
19818
|
|