aws-sdk-s3 1.160.0 → 1.163.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 626b7f94bf87dd8ee9f00eea6d41f99e94f36960c1b22a6de4e3c22033a23e73
4
- data.tar.gz: 6a1dd3a39ca55926608b7ee234a764370063e66dfc308392b47f8b8cbe5ed693
3
+ metadata.gz: afd4c360870e136ada49d27ff23a992d83e10cf8086d49fa60e4109a83befc49
4
+ data.tar.gz: 74b212aa39f93b6233b2aaa1dfcd647339745c8ad5e54fa26ee341040c27bc22
5
5
  SHA512:
6
- metadata.gz: 90976c3b85af292542c4a17a2102ae02b89796aa14f9282f8a0959c81071155a7790b9587ea5ab69d19db4a431103387764caa395d2f1e390213797d677cfdd2
7
- data.tar.gz: 2205aed27fc2ffbdf8f279459102fd36c5d91fcbdb9b2e661877707d408c8cb8c0cc7a9766b41c10d7594f88434d0ab24dda6e0658968e460f2f722cdf9501c2
6
+ metadata.gz: 86ea94d75b351388571d07466ea49d5243f70a31c7688d18047acb746ede2d81703ba5225a58eb221430304de7bb483ca70e6d31eaa89feb3b1b4a12e830cbb6
7
+ data.tar.gz: 1aca70a5ee0e958587aa59e255ef5a2ddbce7e61f466fca44ae482d8703965d0ec30b46e6f58f76c9c97b2590f86a25d34e7aed4c81a59191442461b8641c39b
data/CHANGELOG.md CHANGED
@@ -1,6 +1,21 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.163.0 (2024-09-18)
5
+ ------------------
6
+
7
+ * Feature - Added SSE-KMS support for directory buckets.
8
+
9
+ 1.162.0 (2024-09-11)
10
+ ------------------
11
+
12
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
13
+
14
+ 1.161.0 (2024-09-10)
15
+ ------------------
16
+
17
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
18
+
4
19
  1.160.0 (2024-09-03)
5
20
  ------------------
6
21
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.160.0
1
+ 1.163.0
@@ -773,25 +773,65 @@ module Aws::S3
773
773
  # object in Amazon S3 (for example, `AES256`, `aws:kms`,
774
774
  # `aws:kms:dsse`).
775
775
  #
776
- # <b>General purpose buckets </b> - You have four mutually exclusive
777
- # options to protect data using server-side encryption in Amazon S3,
778
- # depending on how you choose to manage the encryption keys.
779
- # Specifically, the encryption key options are Amazon S3 managed keys
780
- # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
781
- # customer-provided keys (SSE-C). Amazon S3 encrypts data with
782
- # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
783
- # default. You can optionally tell Amazon S3 to encrypt data at rest by
784
- # using server-side encryption with other key options. For more
785
- # information, see [Using Server-Side Encryption][1] in the *Amazon S3
786
- # User Guide*.
787
- #
788
- # <b>Directory buckets </b> - For directory buckets, only the
789
- # server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`)
790
- # value is supported.
776
+ # * <b>General purpose buckets </b> - You have four mutually exclusive
777
+ # options to protect data using server-side encryption in Amazon S3,
778
+ # depending on how you choose to manage the encryption keys.
779
+ # Specifically, the encryption key options are Amazon S3 managed keys
780
+ # (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
781
+ # customer-provided keys (SSE-C). Amazon S3 encrypts data with
782
+ # server-side encryption by using Amazon S3 managed keys (SSE-S3) by
783
+ # default. You can optionally tell Amazon S3 to encrypt data at rest
784
+ # by using server-side encryption with other key options. For more
785
+ # information, see [Using Server-Side Encryption][1] in the *Amazon S3
786
+ # User Guide*.
787
+ #
788
+ # * <b>Directory buckets </b> - For directory buckets, there are only
789
+ # two supported options for server-side encryption: server-side
790
+ # encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
791
+ # server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
792
+ # recommend that the bucket's default encryption uses the desired
793
+ # encryption configuration and you don't override the bucket default
794
+ # encryption in your `CreateSession` requests or `PUT` object
795
+ # requests. Then, new objects are automatically encrypted with the
796
+ # desired encryption settings. For more information, see [Protecting
797
+ # data with server-side encryption][2] in the *Amazon S3 User Guide*.
798
+ # For more information about the encryption overriding behaviors in
799
+ # directory buckets, see [Specifying server-side encryption with KMS
800
+ # for new object uploads][3].
801
+ #
802
+ # In the Zonal endpoint API calls (except [CopyObject][4] and
803
+ # [UploadPartCopy][5]) using the REST API, the encryption request
804
+ # headers must match the encryption settings that are specified in the
805
+ # `CreateSession` request. You can't override the values of the
806
+ # encryption settings (`x-amz-server-side-encryption`,
807
+ # `x-amz-server-side-encryption-aws-kms-key-id`,
808
+ # `x-amz-server-side-encryption-context`, and
809
+ # `x-amz-server-side-encryption-bucket-key-enabled`) that are
810
+ # specified in the `CreateSession` request. You don't need to
811
+ # explicitly specify these encryption settings values in Zonal
812
+ # endpoint API calls, and Amazon S3 will use the encryption settings
813
+ # values from the `CreateSession` request to protect new objects in
814
+ # the directory bucket.
815
+ #
816
+ # <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
817
+ # `CreateSession`, the session token refreshes automatically to avoid
818
+ # service interruptions when a session expires. The CLI or the Amazon
819
+ # Web Services SDKs use the bucket's default encryption configuration
820
+ # for the `CreateSession` request. It's not supported to override the
821
+ # encryption settings values in the `CreateSession` request. So in the
822
+ # Zonal endpoint API calls (except [CopyObject][4] and
823
+ # [UploadPartCopy][5]), the encryption request headers must match the
824
+ # default encryption configuration of the directory bucket.
825
+ #
826
+ # </note>
791
827
  #
792
828
  #
793
829
  #
794
830
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
831
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
832
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
833
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
834
+ # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
795
835
  # @option options [String] :storage_class
796
836
  # By default, Amazon S3 uses the STANDARD Storage Class to store newly
797
837
  # created objects. The STANDARD storage class provides high durability
@@ -865,44 +905,81 @@ module Aws::S3
865
905
  #
866
906
  # </note>
867
907
  # @option options [String] :ssekms_key_id
868
- # If `x-amz-server-side-encryption` has a valid value of `aws:kms` or
869
- # `aws:kms:dsse`, this header specifies the ID (Key ID, Key ARN, or Key
870
- # Alias) of the Key Management Service (KMS) symmetric encryption
871
- # customer managed key that was used for the object. If you specify
872
- # `x-amz-server-side-encryption:aws:kms` or
873
- # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide`
874
- # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
875
- # Amazon Web Services managed key (`aws/s3`) to protect the data. If the
876
- # KMS key does not exist in the same account that's issuing the
877
- # command, you must use the full ARN and not just the ID.
908
+ # Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
909
+ # object encryption. If the KMS key doesn't exist in the same account
910
+ # that's issuing the command, you must use the full Key ARN not the Key
911
+ # ID.
912
+ #
913
+ # **General purpose buckets** - If you specify
914
+ # `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
915
+ # header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
916
+ # to use. If you specify `x-amz-server-side-encryption:aws:kms` or
917
+ # `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
918
+ # `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
919
+ # Amazon Web Services managed key (`aws/s3`) to protect the data.
920
+ #
921
+ # **Directory buckets** - If you specify `x-amz-server-side-encryption`
922
+ # with `aws:kms`, you must specify the `
923
+ # x-amz-server-side-encryption-aws-kms-key-id` header with the ID (Key
924
+ # ID or Key ARN) of the KMS symmetric encryption customer managed key to
925
+ # use. Otherwise, you get an HTTP `400 Bad Request` error. Only use the
926
+ # key ID or key ARN. The key alias format of the KMS key isn't
927
+ # supported. Your SSE-KMS configuration can only support 1 [customer
928
+ # managed key][1] per directory bucket for the lifetime of the bucket.
929
+ # [Amazon Web Services managed key][2] (`aws/s3`) isn't supported.
930
+ #
931
+ #
932
+ #
933
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
934
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
935
+ # @option options [String] :ssekms_encryption_context
936
+ # Specifies the Amazon Web Services KMS Encryption Context as an
937
+ # additional encryption context to use for object encryption. The value
938
+ # of this header is a Base64-encoded string of a UTF-8 encoded JSON,
939
+ # which contains the encryption context as key-value pairs. This value
940
+ # is stored as object metadata and automatically gets passed on to
941
+ # Amazon Web Services KMS for future `GetObject` operations on this
942
+ # object.
878
943
  #
879
- # <note markdown="1"> This functionality is not supported for directory buckets.
944
+ # **General purpose buckets** - This value must be explicitly added
945
+ # during `CopyObject` operations if you want an additional encryption
946
+ # context for your object. For more information, see [Encryption
947
+ # context][1] in the *Amazon S3 User Guide*.
880
948
  #
881
- # </note>
882
- # @option options [String] :ssekms_encryption_context
883
- # Specifies the Amazon Web Services KMS Encryption Context to use for
884
- # object encryption. The value of this header is a base64-encoded UTF-8
885
- # string holding JSON with the encryption context key-value pairs. This
886
- # value is stored as object metadata and automatically gets passed on to
887
- # Amazon Web Services KMS for future `GetObject` or `CopyObject`
888
- # operations on this object. This value must be explicitly added during
889
- # `CopyObject` operations.
949
+ # **Directory buckets** - You can optionally provide an explicit
950
+ # encryption context value. The value must match the default encryption
951
+ # context - the bucket Amazon Resource Name (ARN). An additional
952
+ # encryption context value is not supported.
890
953
  #
891
- # <note markdown="1"> This functionality is not supported for directory buckets.
892
954
  #
893
- # </note>
955
+ #
956
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
894
957
  # @option options [Boolean] :bucket_key_enabled
895
958
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
896
959
  # encryption with server-side encryption using Key Management Service
897
- # (KMS) keys (SSE-KMS). Setting this header to `true` causes Amazon S3
898
- # to use an S3 Bucket Key for object encryption with SSE-KMS.
960
+ # (KMS) keys (SSE-KMS).
899
961
  #
900
- # Specifying this header with a PUT action doesn’t affect bucket-level
901
- # settings for S3 Bucket Key.
962
+ # **General purpose buckets** - Setting this header to `true` causes
963
+ # Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
964
+ # Also, specifying this header with a PUT action doesn't affect
965
+ # bucket-level settings for S3 Bucket Key.
902
966
  #
903
- # <note markdown="1"> This functionality is not supported for directory buckets.
967
+ # **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
968
+ # and `PUT` operations in a directory bucket and can’t be disabled. S3
969
+ # Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
970
+ # from general purpose buckets to directory buckets, from directory
971
+ # buckets to general purpose buckets, or between directory buckets,
972
+ # through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
973
+ # Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
974
+ # makes a call to KMS every time a copy request is made for a
975
+ # KMS-encrypted object.
904
976
  #
905
- # </note>
977
+ #
978
+ #
979
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
980
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
981
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
982
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
906
983
  # @option options [String] :request_payer
907
984
  # Confirms that the requester knows that they will be charged for the
908
985
  # request. Bucket owners need not specify this parameter in their