aws-sdk-s3 1.162.0 → 1.167.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +25 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/bucket.rb +135 -55
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +38 -1
- data/lib/aws-sdk-s3/bucket_policy.rb +4 -4
- data/lib/aws-sdk-s3/client.rb +1124 -398
- data/lib/aws-sdk-s3/client_api.rb +17 -1
- data/lib/aws-sdk-s3/customizations/object.rb +6 -0
- data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
- data/lib/aws-sdk-s3/customizations/object_version.rb +13 -0
- data/lib/aws-sdk-s3/customizations.rb +24 -38
- data/lib/aws-sdk-s3/errors.rb +3 -0
- data/lib/aws-sdk-s3/multipart_upload.rb +7 -4
- data/lib/aws-sdk-s3/multipart_upload_part.rb +8 -8
- data/lib/aws-sdk-s3/object.rb +353 -143
- data/lib/aws-sdk-s3/object_summary.rb +339 -121
- data/lib/aws-sdk-s3/object_version.rb +21 -12
- data/lib/aws-sdk-s3/plugins/endpoints.rb +13 -7
- data/lib/aws-sdk-s3/types.rb +755 -350
- data/lib/aws-sdk-s3.rb +35 -31
- data/sig/bucket_lifecycle_configuration.rbs +7 -3
- data/sig/client.rbs +19 -4
- data/sig/resource.rbs +1 -0
- data/sig/types.rbs +17 -2
- metadata +5 -4
data/lib/aws-sdk-s3/types.rb
CHANGED
@@ -634,7 +634,7 @@ module Aws::S3
|
|
634
634
|
# Contains all the possible checksum or digest values for an object.
|
635
635
|
#
|
636
636
|
# @!attribute [rw] checksum_crc32
|
637
|
-
# The base64-encoded, 32-bit
|
637
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
638
638
|
# only be present if it was uploaded with the object. When you use an
|
639
639
|
# API operation on an object that was uploaded using multipart
|
640
640
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -649,7 +649,7 @@ module Aws::S3
|
|
649
649
|
# @return [String]
|
650
650
|
#
|
651
651
|
# @!attribute [rw] checksum_crc32c
|
652
|
-
# The base64-encoded, 32-bit
|
652
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
653
653
|
# only be present if it was uploaded with the object. When you use an
|
654
654
|
# API operation on an object that was uploaded using multipart
|
655
655
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -803,7 +803,7 @@ module Aws::S3
|
|
803
803
|
# @return [String]
|
804
804
|
#
|
805
805
|
# @!attribute [rw] checksum_crc32
|
806
|
-
# The base64-encoded, 32-bit
|
806
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
807
807
|
# only be present if it was uploaded with the object. When you use an
|
808
808
|
# API operation on an object that was uploaded using multipart
|
809
809
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -818,7 +818,7 @@ module Aws::S3
|
|
818
818
|
# @return [String]
|
819
819
|
#
|
820
820
|
# @!attribute [rw] checksum_crc32c
|
821
|
-
# The base64-encoded, 32-bit
|
821
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
822
822
|
# only be present if it was uploaded with the object. When you use an
|
823
823
|
# API operation on an object that was uploaded using multipart
|
824
824
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -865,11 +865,6 @@ module Aws::S3
|
|
865
865
|
# @!attribute [rw] server_side_encryption
|
866
866
|
# The server-side encryption algorithm used when storing this object
|
867
867
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
868
|
-
#
|
869
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
870
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
871
|
-
#
|
872
|
-
# </note>
|
873
868
|
# @return [String]
|
874
869
|
#
|
875
870
|
# @!attribute [rw] version_id
|
@@ -882,23 +877,14 @@ module Aws::S3
|
|
882
877
|
# @return [String]
|
883
878
|
#
|
884
879
|
# @!attribute [rw] ssekms_key_id
|
885
|
-
# If present, indicates the ID of the
|
886
|
-
#
|
887
|
-
# object.
|
888
|
-
#
|
889
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
890
|
-
#
|
891
|
-
# </note>
|
880
|
+
# If present, indicates the ID of the KMS key that was used for object
|
881
|
+
# encryption.
|
892
882
|
# @return [String]
|
893
883
|
#
|
894
884
|
# @!attribute [rw] bucket_key_enabled
|
895
885
|
# Indicates whether the multipart upload uses an S3 Bucket Key for
|
896
886
|
# server-side encryption with Key Management Service (KMS) keys
|
897
887
|
# (SSE-KMS).
|
898
|
-
#
|
899
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
900
|
-
#
|
901
|
-
# </note>
|
902
888
|
# @return [Boolean]
|
903
889
|
#
|
904
890
|
# @!attribute [rw] request_charged
|
@@ -991,7 +977,7 @@ module Aws::S3
|
|
991
977
|
# @!attribute [rw] checksum_crc32
|
992
978
|
# This header can be used as a data integrity check to verify that the
|
993
979
|
# data received is the same data that was originally sent. This header
|
994
|
-
# specifies the base64-encoded, 32-bit
|
980
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
995
981
|
# For more information, see [Checking object integrity][1] in the
|
996
982
|
# *Amazon S3 User Guide*.
|
997
983
|
#
|
@@ -1003,7 +989,7 @@ module Aws::S3
|
|
1003
989
|
# @!attribute [rw] checksum_crc32c
|
1004
990
|
# This header can be used as a data integrity check to verify that the
|
1005
991
|
# data received is the same data that was originally sent. This header
|
1006
|
-
# specifies the base64-encoded, 32-bit
|
992
|
+
# specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
|
1007
993
|
# For more information, see [Checking object integrity][1] in the
|
1008
994
|
# *Amazon S3 User Guide*.
|
1009
995
|
#
|
@@ -1173,7 +1159,7 @@ module Aws::S3
|
|
1173
1159
|
# @return [String]
|
1174
1160
|
#
|
1175
1161
|
# @!attribute [rw] checksum_crc32
|
1176
|
-
# The base64-encoded, 32-bit
|
1162
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
1177
1163
|
# only be present if it was uploaded with the object. When you use an
|
1178
1164
|
# API operation on an object that was uploaded using multipart
|
1179
1165
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -1188,7 +1174,7 @@ module Aws::S3
|
|
1188
1174
|
# @return [String]
|
1189
1175
|
#
|
1190
1176
|
# @!attribute [rw] checksum_crc32c
|
1191
|
-
# The base64-encoded, 32-bit
|
1177
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
1192
1178
|
# only be present if it was uploaded with the object. When you use an
|
1193
1179
|
# API operation on an object that was uploaded using multipart
|
1194
1180
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -1348,11 +1334,6 @@ module Aws::S3
|
|
1348
1334
|
# @!attribute [rw] server_side_encryption
|
1349
1335
|
# The server-side encryption algorithm used when you store this object
|
1350
1336
|
# in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
|
1351
|
-
#
|
1352
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
1353
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
1354
|
-
#
|
1355
|
-
# </note>
|
1356
1337
|
# @return [String]
|
1357
1338
|
#
|
1358
1339
|
# @!attribute [rw] sse_customer_algorithm
|
@@ -1377,13 +1358,8 @@ module Aws::S3
|
|
1377
1358
|
# @return [String]
|
1378
1359
|
#
|
1379
1360
|
# @!attribute [rw] ssekms_key_id
|
1380
|
-
# If present, indicates the ID of the
|
1381
|
-
#
|
1382
|
-
# object.
|
1383
|
-
#
|
1384
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
1385
|
-
#
|
1386
|
-
# </note>
|
1361
|
+
# If present, indicates the ID of the KMS key that was used for object
|
1362
|
+
# encryption.
|
1387
1363
|
# @return [String]
|
1388
1364
|
#
|
1389
1365
|
# @!attribute [rw] ssekms_encryption_context
|
@@ -1391,20 +1367,12 @@ module Aws::S3
|
|
1391
1367
|
# to use for object encryption. The value of this header is a
|
1392
1368
|
# base64-encoded UTF-8 string holding JSON with the encryption context
|
1393
1369
|
# key-value pairs.
|
1394
|
-
#
|
1395
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
1396
|
-
#
|
1397
|
-
# </note>
|
1398
1370
|
# @return [String]
|
1399
1371
|
#
|
1400
1372
|
# @!attribute [rw] bucket_key_enabled
|
1401
1373
|
# Indicates whether the copied object uses an S3 Bucket Key for
|
1402
1374
|
# server-side encryption with Key Management Service (KMS) keys
|
1403
1375
|
# (SSE-KMS).
|
1404
|
-
#
|
1405
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
1406
|
-
#
|
1407
|
-
# </note>
|
1408
1376
|
# @return [Boolean]
|
1409
1377
|
#
|
1410
1378
|
# @!attribute [rw] request_charged
|
@@ -1832,9 +1800,8 @@ module Aws::S3
|
|
1832
1800
|
#
|
1833
1801
|
# @!attribute [rw] server_side_encryption
|
1834
1802
|
# The server-side encryption algorithm used when storing this object
|
1835
|
-
# in Amazon S3
|
1836
|
-
#
|
1837
|
-
# and will receive a `400 Bad Request` response.
|
1803
|
+
# in Amazon S3. Unrecognized or unsupported values won’t write a
|
1804
|
+
# destination object and will receive a `400 Bad Request` response.
|
1838
1805
|
#
|
1839
1806
|
# Amazon S3 automatically encrypts all new objects that are copied to
|
1840
1807
|
# an S3 bucket. When copying an object, if you don't specify
|
@@ -1843,21 +1810,8 @@ module Aws::S3
|
|
1843
1810
|
# of the destination bucket. By default, all buckets have a base level
|
1844
1811
|
# of encryption configuration that uses server-side encryption with
|
1845
1812
|
# Amazon S3 managed keys (SSE-S3). If the destination bucket has a
|
1846
|
-
# default encryption configuration
|
1847
|
-
#
|
1848
|
-
# server-side encryption with Amazon Web Services KMS keys (DSSE-KMS),
|
1849
|
-
# or server-side encryption with customer-provided encryption keys
|
1850
|
-
# (SSE-C), Amazon S3 uses the corresponding KMS key, or a
|
1851
|
-
# customer-provided key to encrypt the target object copy.
|
1852
|
-
#
|
1853
|
-
# When you perform a `CopyObject` operation, if you want to use a
|
1854
|
-
# different type of encryption setting for the target object, you can
|
1855
|
-
# specify appropriate encryption-related headers to encrypt the target
|
1856
|
-
# object with an Amazon S3 managed key, a KMS key, or a
|
1857
|
-
# customer-provided key. If the encryption setting in your request is
|
1858
|
-
# different from the default encryption configuration of the
|
1859
|
-
# destination bucket, the encryption setting in your request takes
|
1860
|
-
# precedence.
|
1813
|
+
# different default encryption configuration, Amazon S3 uses the
|
1814
|
+
# corresponding encryption key to encrypt the target object copy.
|
1861
1815
|
#
|
1862
1816
|
# With server-side encryption, Amazon S3 encrypts your data as it
|
1863
1817
|
# writes your data to disks in its data centers and decrypts the data
|
@@ -1865,14 +1819,63 @@ module Aws::S3
|
|
1865
1819
|
# encryption, see [Using Server-Side Encryption][1] in the *Amazon S3
|
1866
1820
|
# User Guide*.
|
1867
1821
|
#
|
1868
|
-
# <
|
1869
|
-
#
|
1870
|
-
#
|
1871
|
-
#
|
1822
|
+
# <b>General purpose buckets </b>
|
1823
|
+
#
|
1824
|
+
# * For general purpose buckets, there are the following supported
|
1825
|
+
# options for server-side encryption: server-side encryption with
|
1826
|
+
# Key Management Service (KMS) keys (SSE-KMS), dual-layer
|
1827
|
+
# server-side encryption with Amazon Web Services KMS keys
|
1828
|
+
# (DSSE-KMS), and server-side encryption with customer-provided
|
1829
|
+
# encryption keys (SSE-C). Amazon S3 uses the corresponding KMS key,
|
1830
|
+
# or a customer-provided key to encrypt the target object copy.
|
1831
|
+
#
|
1832
|
+
# * When you perform a `CopyObject` operation, if you want to use a
|
1833
|
+
# different type of encryption setting for the target object, you
|
1834
|
+
# can specify appropriate encryption-related headers to encrypt the
|
1835
|
+
# target object with an Amazon S3 managed key, a KMS key, or a
|
1836
|
+
# customer-provided key. If the encryption setting in your request
|
1837
|
+
# is different from the default encryption configuration of the
|
1838
|
+
# destination bucket, the encryption setting in your request takes
|
1839
|
+
# precedence.
|
1840
|
+
#
|
1841
|
+
# <b>Directory buckets </b>
|
1842
|
+
#
|
1843
|
+
# * For directory buckets, there are only two supported options for
|
1844
|
+
# server-side encryption: server-side encryption with Amazon S3
|
1845
|
+
# managed keys (SSE-S3) (`AES256`) and server-side encryption with
|
1846
|
+
# KMS keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's
|
1847
|
+
# default encryption uses the desired encryption configuration and
|
1848
|
+
# you don't override the bucket default encryption in your
|
1849
|
+
# `CreateSession` requests or `PUT` object requests. Then, new
|
1850
|
+
# objects are automatically encrypted with the desired encryption
|
1851
|
+
# settings. For more information, see [Protecting data with
|
1852
|
+
# server-side encryption][2] in the *Amazon S3 User Guide*. For more
|
1853
|
+
# information about the encryption overriding behaviors in directory
|
1854
|
+
# buckets, see [Specifying server-side encryption with KMS for new
|
1855
|
+
# object uploads][3].
|
1856
|
+
#
|
1857
|
+
# * To encrypt new object copies to a directory bucket with SSE-KMS,
|
1858
|
+
# we recommend you specify SSE-KMS as the directory bucket's
|
1859
|
+
# default encryption configuration with a KMS key (specifically, a
|
1860
|
+
# [customer managed key][4]). [Amazon Web Services managed key][5]
|
1861
|
+
# (`aws/s3`) isn't supported. Your SSE-KMS configuration can only
|
1862
|
+
# support 1 [customer managed key][4] per directory bucket for the
|
1863
|
+
# lifetime of the bucket. After you specify a customer managed key
|
1864
|
+
# for SSE-KMS, you can't override the customer managed key for the
|
1865
|
+
# bucket's SSE-KMS configuration. Then, when you perform a
|
1866
|
+
# `CopyObject` operation and want to specify server-side encryption
|
1867
|
+
# settings for new object copies with SSE-KMS in the
|
1868
|
+
# encryption-related request headers, you must ensure the encryption
|
1869
|
+
# key is the same customer managed key that you specified for the
|
1870
|
+
# directory bucket's default encryption configuration.
|
1872
1871
|
#
|
1873
1872
|
#
|
1874
1873
|
#
|
1875
1874
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
|
1875
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
1876
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
1877
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
1878
|
+
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
1876
1879
|
# @return [String]
|
1877
1880
|
#
|
1878
1881
|
# @!attribute [rw] storage_class
|
@@ -1978,7 +1981,7 @@ module Aws::S3
|
|
1978
1981
|
# @return [String]
|
1979
1982
|
#
|
1980
1983
|
# @!attribute [rw] ssekms_key_id
|
1981
|
-
# Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for
|
1984
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
1982
1985
|
# object encryption. All GET and PUT requests for an object protected
|
1983
1986
|
# by KMS will fail if they're not made via SSL or using SigV4. For
|
1984
1987
|
# information about configuring any of the officially supported Amazon
|
@@ -1986,27 +1989,45 @@ module Aws::S3
|
|
1986
1989
|
# Signature Version in Request Authentication][1] in the *Amazon S3
|
1987
1990
|
# User Guide*.
|
1988
1991
|
#
|
1989
|
-
#
|
1990
|
-
#
|
1991
|
-
#
|
1992
|
-
#
|
1992
|
+
# **Directory buckets** - If you specify
|
1993
|
+
# `x-amz-server-side-encryption` with `aws:kms`, you must specify the
|
1994
|
+
# ` x-amz-server-side-encryption-aws-kms-key-id` header with the ID
|
1995
|
+
# (Key ID or Key ARN) of the KMS symmetric encryption customer managed
|
1996
|
+
# key to use. Otherwise, you get an HTTP `400 Bad Request` error. Only
|
1997
|
+
# use the key ID or key ARN. The key alias format of the KMS key
|
1998
|
+
# isn't supported. Your SSE-KMS configuration can only support 1
|
1999
|
+
# [customer managed key][2] per directory bucket for the lifetime of
|
2000
|
+
# the bucket. [Amazon Web Services managed key][3] (`aws/s3`) isn't
|
2001
|
+
# supported.
|
1993
2002
|
#
|
1994
2003
|
#
|
1995
2004
|
#
|
1996
2005
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
2006
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
2007
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
1997
2008
|
# @return [String]
|
1998
2009
|
#
|
1999
2010
|
# @!attribute [rw] ssekms_encryption_context
|
2000
|
-
# Specifies the Amazon Web Services KMS Encryption Context
|
2001
|
-
#
|
2002
|
-
#
|
2003
|
-
#
|
2004
|
-
# context for `CopyObject` requests.
|
2011
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
2012
|
+
# additional encryption context to use for the destination object
|
2013
|
+
# encryption. The value of this header is a base64-encoded UTF-8
|
2014
|
+
# string holding JSON with the encryption context key-value pairs.
|
2005
2015
|
#
|
2006
|
-
#
|
2007
|
-
#
|
2016
|
+
# **General purpose buckets** - This value must be explicitly added to
|
2017
|
+
# specify encryption context for `CopyObject` requests if you want an
|
2018
|
+
# additional encryption context for your destination object. The
|
2019
|
+
# additional encryption context of the source object won't be copied
|
2020
|
+
# to the destination object. For more information, see [Encryption
|
2021
|
+
# context][1] in the *Amazon S3 User Guide*.
|
2008
2022
|
#
|
2009
|
-
#
|
2023
|
+
# **Directory buckets** - You can optionally provide an explicit
|
2024
|
+
# encryption context value. The value must match the default
|
2025
|
+
# encryption context - the bucket Amazon Resource Name (ARN). An
|
2026
|
+
# additional encryption context value is not supported.
|
2027
|
+
#
|
2028
|
+
#
|
2029
|
+
#
|
2030
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
2010
2031
|
# @return [String]
|
2011
2032
|
#
|
2012
2033
|
# @!attribute [rw] bucket_key_enabled
|
@@ -2023,14 +2044,19 @@ module Aws::S3
|
|
2023
2044
|
# For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon
|
2024
2045
|
# S3 User Guide*.
|
2025
2046
|
#
|
2026
|
-
# <note markdown="1">
|
2027
|
-
#
|
2047
|
+
# <note markdown="1"> **Directory buckets** - S3 Bucket Keys aren't supported, when you
|
2048
|
+
# copy SSE-KMS encrypted objects from general purpose buckets to
|
2049
|
+
# directory buckets, from directory buckets to general purpose
|
2050
|
+
# buckets, or between directory buckets, through [CopyObject][2]. In
|
2051
|
+
# this case, Amazon S3 makes a call to KMS every time a copy request
|
2052
|
+
# is made for a KMS-encrypted object.
|
2028
2053
|
#
|
2029
2054
|
# </note>
|
2030
2055
|
#
|
2031
2056
|
#
|
2032
2057
|
#
|
2033
2058
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
|
2059
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
2034
2060
|
# @return [Boolean]
|
2035
2061
|
#
|
2036
2062
|
# @!attribute [rw] copy_source_sse_customer_algorithm
|
@@ -2247,7 +2273,7 @@ module Aws::S3
|
|
2247
2273
|
# @return [Time]
|
2248
2274
|
#
|
2249
2275
|
# @!attribute [rw] checksum_crc32
|
2250
|
-
# The base64-encoded, 32-bit
|
2276
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
2251
2277
|
# only be present if it was uploaded with the object. For more
|
2252
2278
|
# information, see [ Checking object integrity][1] in the *Amazon S3
|
2253
2279
|
# User Guide*.
|
@@ -2258,7 +2284,7 @@ module Aws::S3
|
|
2258
2284
|
# @return [String]
|
2259
2285
|
#
|
2260
2286
|
# @!attribute [rw] checksum_crc32c
|
2261
|
-
# The base64-encoded, 32-bit
|
2287
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
2262
2288
|
# only be present if it was uploaded with the object. For more
|
2263
2289
|
# information, see [ Checking object integrity][1] in the *Amazon S3
|
2264
2290
|
# User Guide*.
|
@@ -2314,7 +2340,7 @@ module Aws::S3
|
|
2314
2340
|
# @return [Time]
|
2315
2341
|
#
|
2316
2342
|
# @!attribute [rw] checksum_crc32
|
2317
|
-
# The base64-encoded, 32-bit
|
2343
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
2318
2344
|
# only be present if it was uploaded with the object. When you use an
|
2319
2345
|
# API operation on an object that was uploaded using multipart
|
2320
2346
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -2329,7 +2355,7 @@ module Aws::S3
|
|
2329
2355
|
# @return [String]
|
2330
2356
|
#
|
2331
2357
|
# @!attribute [rw] checksum_crc32c
|
2332
|
-
# The base64-encoded, 32-bit
|
2358
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
2333
2359
|
# only be present if it was uploaded with the object. When you use an
|
2334
2360
|
# API operation on an object that was uploaded using multipart
|
2335
2361
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -2642,11 +2668,6 @@ module Aws::S3
|
|
2642
2668
|
# @!attribute [rw] server_side_encryption
|
2643
2669
|
# The server-side encryption algorithm used when you store this object
|
2644
2670
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
2645
|
-
#
|
2646
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
2647
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
2648
|
-
#
|
2649
|
-
# </note>
|
2650
2671
|
# @return [String]
|
2651
2672
|
#
|
2652
2673
|
# @!attribute [rw] sse_customer_algorithm
|
@@ -2671,34 +2692,21 @@ module Aws::S3
|
|
2671
2692
|
# @return [String]
|
2672
2693
|
#
|
2673
2694
|
# @!attribute [rw] ssekms_key_id
|
2674
|
-
# If present, indicates the ID of the
|
2675
|
-
#
|
2676
|
-
# object.
|
2677
|
-
#
|
2678
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
2679
|
-
#
|
2680
|
-
# </note>
|
2695
|
+
# If present, indicates the ID of the KMS key that was used for object
|
2696
|
+
# encryption.
|
2681
2697
|
# @return [String]
|
2682
2698
|
#
|
2683
2699
|
# @!attribute [rw] ssekms_encryption_context
|
2684
2700
|
# If present, indicates the Amazon Web Services KMS Encryption Context
|
2685
2701
|
# to use for object encryption. The value of this header is a
|
2686
|
-
#
|
2687
|
-
# key-value pairs.
|
2688
|
-
#
|
2689
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
2690
|
-
#
|
2691
|
-
# </note>
|
2702
|
+
# Base64-encoded string of a UTF-8 encoded JSON, which contains the
|
2703
|
+
# encryption context as key-value pairs.
|
2692
2704
|
# @return [String]
|
2693
2705
|
#
|
2694
2706
|
# @!attribute [rw] bucket_key_enabled
|
2695
2707
|
# Indicates whether the multipart upload uses an S3 Bucket Key for
|
2696
2708
|
# server-side encryption with Key Management Service (KMS) keys
|
2697
2709
|
# (SSE-KMS).
|
2698
|
-
#
|
2699
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
2700
|
-
#
|
2701
|
-
# </note>
|
2702
2710
|
# @return [Boolean]
|
2703
2711
|
#
|
2704
2712
|
# @!attribute [rw] request_charged
|
@@ -3110,10 +3118,53 @@ module Aws::S3
|
|
3110
3118
|
# The server-side encryption algorithm used when you store this object
|
3111
3119
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
3112
3120
|
#
|
3113
|
-
# <
|
3114
|
-
#
|
3121
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
3122
|
+
# two supported options for server-side encryption: server-side
|
3123
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
3124
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
3125
|
+
# recommend that the bucket's default encryption uses the desired
|
3126
|
+
# encryption configuration and you don't override the bucket
|
3127
|
+
# default encryption in your `CreateSession` requests or `PUT`
|
3128
|
+
# object requests. Then, new objects are automatically encrypted
|
3129
|
+
# with the desired encryption settings. For more information, see
|
3130
|
+
# [Protecting data with server-side encryption][1] in the *Amazon S3
|
3131
|
+
# User Guide*. For more information about the encryption overriding
|
3132
|
+
# behaviors in directory buckets, see [Specifying server-side
|
3133
|
+
# encryption with KMS for new object uploads][2].
|
3134
|
+
#
|
3135
|
+
# In the Zonal endpoint API calls (except [CopyObject][3] and
|
3136
|
+
# [UploadPartCopy][4]) using the REST API, the encryption request
|
3137
|
+
# headers must match the encryption settings that are specified in
|
3138
|
+
# the `CreateSession` request. You can't override the values of the
|
3139
|
+
# encryption settings (`x-amz-server-side-encryption`,
|
3140
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
3141
|
+
# `x-amz-server-side-encryption-context`, and
|
3142
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) that are
|
3143
|
+
# specified in the `CreateSession` request. You don't need to
|
3144
|
+
# explicitly specify these encryption settings values in Zonal
|
3145
|
+
# endpoint API calls, and Amazon S3 will use the encryption settings
|
3146
|
+
# values from the `CreateSession` request to protect new objects in
|
3147
|
+
# the directory bucket.
|
3148
|
+
#
|
3149
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
3150
|
+
# `CreateSession`, the session token refreshes automatically to
|
3151
|
+
# avoid service interruptions when a session expires. The CLI or the
|
3152
|
+
# Amazon Web Services SDKs use the bucket's default encryption
|
3153
|
+
# configuration for the `CreateSession` request. It's not supported
|
3154
|
+
# to override the encryption settings values in the `CreateSession`
|
3155
|
+
# request. So in the Zonal endpoint API calls (except
|
3156
|
+
# [CopyObject][3] and [UploadPartCopy][4]), the encryption request
|
3157
|
+
# headers must match the default encryption configuration of the
|
3158
|
+
# directory bucket.
|
3115
3159
|
#
|
3116
|
-
#
|
3160
|
+
# </note>
|
3161
|
+
#
|
3162
|
+
#
|
3163
|
+
#
|
3164
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
3165
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
3166
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
3167
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3117
3168
|
# @return [String]
|
3118
3169
|
#
|
3119
3170
|
# @!attribute [rw] storage_class
|
@@ -3179,37 +3230,75 @@ module Aws::S3
|
|
3179
3230
|
# @return [String]
|
3180
3231
|
#
|
3181
3232
|
# @!attribute [rw] ssekms_key_id
|
3182
|
-
# Specifies the ID (Key ID, Key ARN, or Key Alias)
|
3183
|
-
# encryption
|
3233
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
3234
|
+
# object encryption. If the KMS key doesn't exist in the same account
|
3235
|
+
# that's issuing the command, you must use the full Key ARN not the
|
3236
|
+
# Key ID.
|
3237
|
+
#
|
3238
|
+
# **General purpose buckets** - If you specify
|
3239
|
+
# `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`,
|
3240
|
+
# this header specifies the ID (Key ID, Key ARN, or Key Alias) of the
|
3241
|
+
# KMS key to use. If you specify
|
3242
|
+
# `x-amz-server-side-encryption:aws:kms` or
|
3243
|
+
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
3244
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
3245
|
+
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
3184
3246
|
#
|
3185
|
-
#
|
3247
|
+
# **Directory buckets** - If you specify
|
3248
|
+
# `x-amz-server-side-encryption` with `aws:kms`, you must specify the
|
3249
|
+
# ` x-amz-server-side-encryption-aws-kms-key-id` header with the ID
|
3250
|
+
# (Key ID or Key ARN) of the KMS symmetric encryption customer managed
|
3251
|
+
# key to use. Otherwise, you get an HTTP `400 Bad Request` error. Only
|
3252
|
+
# use the key ID or key ARN. The key alias format of the KMS key
|
3253
|
+
# isn't supported. Your SSE-KMS configuration can only support 1
|
3254
|
+
# [customer managed key][1] per directory bucket for the lifetime of
|
3255
|
+
# the bucket. [Amazon Web Services managed key][2] (`aws/s3`) isn't
|
3256
|
+
# supported.
|
3186
3257
|
#
|
3187
|
-
#
|
3258
|
+
#
|
3259
|
+
#
|
3260
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
3261
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
3188
3262
|
# @return [String]
|
3189
3263
|
#
|
3190
3264
|
# @!attribute [rw] ssekms_encryption_context
|
3191
3265
|
# Specifies the Amazon Web Services KMS Encryption Context to use for
|
3192
|
-
# object encryption. The value of this header is a
|
3193
|
-
# UTF-8
|
3194
|
-
# pairs.
|
3195
|
-
#
|
3196
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
3266
|
+
# object encryption. The value of this header is a Base64-encoded
|
3267
|
+
# string of a UTF-8 encoded JSON, which contains the encryption
|
3268
|
+
# context as key-value pairs.
|
3197
3269
|
#
|
3198
|
-
#
|
3270
|
+
# **Directory buckets** - You can optionally provide an explicit
|
3271
|
+
# encryption context value. The value must match the default
|
3272
|
+
# encryption context - the bucket Amazon Resource Name (ARN). An
|
3273
|
+
# additional encryption context value is not supported.
|
3199
3274
|
# @return [String]
|
3200
3275
|
#
|
3201
3276
|
# @!attribute [rw] bucket_key_enabled
|
3202
3277
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
3203
3278
|
# encryption with server-side encryption using Key Management Service
|
3204
|
-
# (KMS) keys (SSE-KMS).
|
3205
|
-
# to use an S3 Bucket Key for object encryption with SSE-KMS.
|
3279
|
+
# (KMS) keys (SSE-KMS).
|
3206
3280
|
#
|
3207
|
-
#
|
3208
|
-
#
|
3281
|
+
# **General purpose buckets** - Setting this header to `true` causes
|
3282
|
+
# Amazon S3 to use an S3 Bucket Key for object encryption with
|
3283
|
+
# SSE-KMS. Also, specifying this header with a PUT action doesn't
|
3284
|
+
# affect bucket-level settings for S3 Bucket Key.
|
3209
3285
|
#
|
3210
|
-
#
|
3286
|
+
# **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
|
3287
|
+
# and `PUT` operations in a directory bucket and can’t be disabled. S3
|
3288
|
+
# Bucket Keys aren't supported, when you copy SSE-KMS encrypted
|
3289
|
+
# objects from general purpose buckets to directory buckets, from
|
3290
|
+
# directory buckets to general purpose buckets, or between directory
|
3291
|
+
# buckets, through [CopyObject][1], [UploadPartCopy][2], [the Copy
|
3292
|
+
# operation in Batch Operations][3], or [the import jobs][4]. In this
|
3293
|
+
# case, Amazon S3 makes a call to KMS every time a copy request is
|
3294
|
+
# made for a KMS-encrypted object.
|
3211
3295
|
#
|
3212
|
-
#
|
3296
|
+
#
|
3297
|
+
#
|
3298
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
3299
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3300
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
3301
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
3213
3302
|
# @return [Boolean]
|
3214
3303
|
#
|
3215
3304
|
# @!attribute [rw] request_payer
|
@@ -3319,6 +3408,31 @@ module Aws::S3
|
|
3319
3408
|
include Aws::Structure
|
3320
3409
|
end
|
3321
3410
|
|
3411
|
+
# @!attribute [rw] server_side_encryption
|
3412
|
+
# The server-side encryption algorithm used when you store objects in
|
3413
|
+
# the directory bucket.
|
3414
|
+
# @return [String]
|
3415
|
+
#
|
3416
|
+
# @!attribute [rw] ssekms_key_id
|
3417
|
+
# If you specify `x-amz-server-side-encryption` with `aws:kms`, this
|
3418
|
+
# header indicates the ID of the KMS symmetric encryption customer
|
3419
|
+
# managed key that was used for object encryption.
|
3420
|
+
# @return [String]
|
3421
|
+
#
|
3422
|
+
# @!attribute [rw] ssekms_encryption_context
|
3423
|
+
# If present, indicates the Amazon Web Services KMS Encryption Context
|
3424
|
+
# to use for object encryption. The value of this header is a
|
3425
|
+
# Base64-encoded string of a UTF-8 encoded JSON, which contains the
|
3426
|
+
# encryption context as key-value pairs. This value is stored as
|
3427
|
+
# object metadata and automatically gets passed on to Amazon Web
|
3428
|
+
# Services KMS for future `GetObject` operations on this object.
|
3429
|
+
# @return [String]
|
3430
|
+
#
|
3431
|
+
# @!attribute [rw] bucket_key_enabled
|
3432
|
+
# Indicates whether to use an S3 Bucket Key for server-side encryption
|
3433
|
+
# with KMS keys (SSE-KMS).
|
3434
|
+
# @return [Boolean]
|
3435
|
+
#
|
3322
3436
|
# @!attribute [rw] credentials
|
3323
3437
|
# The established temporary security credentials for the created
|
3324
3438
|
# session.
|
@@ -3327,8 +3441,12 @@ module Aws::S3
|
|
3327
3441
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSessionOutput AWS API Documentation
|
3328
3442
|
#
|
3329
3443
|
class CreateSessionOutput < Struct.new(
|
3444
|
+
:server_side_encryption,
|
3445
|
+
:ssekms_key_id,
|
3446
|
+
:ssekms_encryption_context,
|
3447
|
+
:bucket_key_enabled,
|
3330
3448
|
:credentials)
|
3331
|
-
SENSITIVE = []
|
3449
|
+
SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
|
3332
3450
|
include Aws::Structure
|
3333
3451
|
end
|
3334
3452
|
|
@@ -3336,22 +3454,108 @@ module Aws::S3
|
|
3336
3454
|
# Specifies the mode of the session that will be created, either
|
3337
3455
|
# `ReadWrite` or `ReadOnly`. By default, a `ReadWrite` session is
|
3338
3456
|
# created. A `ReadWrite` session is capable of executing all the Zonal
|
3339
|
-
# endpoint
|
3340
|
-
# constrained to execute the following Zonal endpoint
|
3341
|
-
# `GetObject`, `HeadObject`, `ListObjectsV2`,
|
3342
|
-
# `ListParts`, and `ListMultipartUploads`.
|
3457
|
+
# endpoint API operations on a directory bucket. A `ReadOnly` session
|
3458
|
+
# is constrained to execute the following Zonal endpoint API
|
3459
|
+
# operations: `GetObject`, `HeadObject`, `ListObjectsV2`,
|
3460
|
+
# `GetObjectAttributes`, `ListParts`, and `ListMultipartUploads`.
|
3343
3461
|
# @return [String]
|
3344
3462
|
#
|
3345
3463
|
# @!attribute [rw] bucket
|
3346
3464
|
# The name of the bucket that you create a session for.
|
3347
3465
|
# @return [String]
|
3348
3466
|
#
|
3467
|
+
# @!attribute [rw] server_side_encryption
|
3468
|
+
# The server-side encryption algorithm to use when you store objects
|
3469
|
+
# in the directory bucket.
|
3470
|
+
#
|
3471
|
+
# For directory buckets, there are only two supported options for
|
3472
|
+
# server-side encryption: server-side encryption with Amazon S3
|
3473
|
+
# managed keys (SSE-S3) (`AES256`) and server-side encryption with KMS
|
3474
|
+
# keys (SSE-KMS) (`aws:kms`). By default, Amazon S3 encrypts data with
|
3475
|
+
# SSE-S3. For more information, see [Protecting data with server-side
|
3476
|
+
# encryption][1] in the *Amazon S3 User Guide*.
|
3477
|
+
#
|
3478
|
+
#
|
3479
|
+
#
|
3480
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
3481
|
+
# @return [String]
|
3482
|
+
#
|
3483
|
+
# @!attribute [rw] ssekms_key_id
|
3484
|
+
# If you specify `x-amz-server-side-encryption` with `aws:kms`, you
|
3485
|
+
# must specify the ` x-amz-server-side-encryption-aws-kms-key-id`
|
3486
|
+
# header with the ID (Key ID or Key ARN) of the KMS symmetric
|
3487
|
+
# encryption customer managed key to use. Otherwise, you get an HTTP
|
3488
|
+
# `400 Bad Request` error. Only use the key ID or key ARN. The key
|
3489
|
+
# alias format of the KMS key isn't supported. Also, if the KMS key
|
3490
|
+
# doesn't exist in the same account that't issuing the command, you
|
3491
|
+
# must use the full Key ARN not the Key ID.
|
3492
|
+
#
|
3493
|
+
# Your SSE-KMS configuration can only support 1 [customer managed
|
3494
|
+
# key][1] per directory bucket for the lifetime of the bucket. [Amazon
|
3495
|
+
# Web Services managed key][2] (`aws/s3`) isn't supported.
|
3496
|
+
#
|
3497
|
+
#
|
3498
|
+
#
|
3499
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
3500
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
3501
|
+
# @return [String]
|
3502
|
+
#
|
3503
|
+
# @!attribute [rw] ssekms_encryption_context
|
3504
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
3505
|
+
# additional encryption context to use for object encryption. The
|
3506
|
+
# value of this header is a Base64-encoded string of a UTF-8 encoded
|
3507
|
+
# JSON, which contains the encryption context as key-value pairs. This
|
3508
|
+
# value is stored as object metadata and automatically gets passed on
|
3509
|
+
# to Amazon Web Services KMS for future `GetObject` operations on this
|
3510
|
+
# object.
|
3511
|
+
#
|
3512
|
+
# **General purpose buckets** - This value must be explicitly added
|
3513
|
+
# during `CopyObject` operations if you want an additional encryption
|
3514
|
+
# context for your object. For more information, see [Encryption
|
3515
|
+
# context][1] in the *Amazon S3 User Guide*.
|
3516
|
+
#
|
3517
|
+
# **Directory buckets** - You can optionally provide an explicit
|
3518
|
+
# encryption context value. The value must match the default
|
3519
|
+
# encryption context - the bucket Amazon Resource Name (ARN). An
|
3520
|
+
# additional encryption context value is not supported.
|
3521
|
+
#
|
3522
|
+
#
|
3523
|
+
#
|
3524
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
3525
|
+
# @return [String]
|
3526
|
+
#
|
3527
|
+
# @!attribute [rw] bucket_key_enabled
|
3528
|
+
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
3529
|
+
# encryption with server-side encryption using KMS keys (SSE-KMS).
|
3530
|
+
#
|
3531
|
+
# S3 Bucket Keys are always enabled for `GET` and `PUT` operations in
|
3532
|
+
# a directory bucket and can’t be disabled. S3 Bucket Keys aren't
|
3533
|
+
# supported, when you copy SSE-KMS encrypted objects from general
|
3534
|
+
# purpose buckets to directory buckets, from directory buckets to
|
3535
|
+
# general purpose buckets, or between directory buckets, through
|
3536
|
+
# [CopyObject][1], [UploadPartCopy][2], [the Copy operation in Batch
|
3537
|
+
# Operations][3], or [the import jobs][4]. In this case, Amazon S3
|
3538
|
+
# makes a call to KMS every time a copy request is made for a
|
3539
|
+
# KMS-encrypted object.
|
3540
|
+
#
|
3541
|
+
#
|
3542
|
+
#
|
3543
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
3544
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
3545
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
3546
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
3547
|
+
# @return [Boolean]
|
3548
|
+
#
|
3349
3549
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSessionRequest AWS API Documentation
|
3350
3550
|
#
|
3351
3551
|
class CreateSessionRequest < Struct.new(
|
3352
3552
|
:session_mode,
|
3353
|
-
:bucket
|
3354
|
-
|
3553
|
+
:bucket,
|
3554
|
+
:server_side_encryption,
|
3555
|
+
:ssekms_key_id,
|
3556
|
+
:ssekms_encryption_context,
|
3557
|
+
:bucket_key_enabled)
|
3558
|
+
SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
|
3355
3559
|
include Aws::Structure
|
3356
3560
|
end
|
3357
3561
|
|
@@ -3470,6 +3674,20 @@ module Aws::S3
|
|
3470
3674
|
# @!attribute [rw] bucket
|
3471
3675
|
# The name of the bucket containing the server-side encryption
|
3472
3676
|
# configuration to delete.
|
3677
|
+
#
|
3678
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
3679
|
+
# directory bucket, you must use path-style requests in the format
|
3680
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
3681
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
3682
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
3683
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
3684
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information
|
3685
|
+
# about bucket naming restrictions, see [Directory bucket naming
|
3686
|
+
# rules][1] in the *Amazon S3 User Guide*
|
3687
|
+
#
|
3688
|
+
#
|
3689
|
+
#
|
3690
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
3473
3691
|
# @return [String]
|
3474
3692
|
#
|
3475
3693
|
# @!attribute [rw] expected_bucket_owner
|
@@ -3477,6 +3695,12 @@ module Aws::S3
|
|
3477
3695
|
# you provide does not match the actual owner of the bucket, the
|
3478
3696
|
# request fails with the HTTP status code `403 Forbidden` (access
|
3479
3697
|
# denied).
|
3698
|
+
#
|
3699
|
+
# <note markdown="1"> For directory buckets, this header is not supported in this API
|
3700
|
+
# operation. If you specify this header, the request fails with the
|
3701
|
+
# HTTP status code `501 Not Implemented`.
|
3702
|
+
#
|
3703
|
+
# </note>
|
3480
3704
|
# @return [String]
|
3481
3705
|
#
|
3482
3706
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryptionRequest AWS API Documentation
|
@@ -4190,13 +4414,13 @@ module Aws::S3
|
|
4190
4414
|
# For the `x-amz-checksum-algorithm ` header, replace ` algorithm `
|
4191
4415
|
# with the supported algorithm from the following list:
|
4192
4416
|
#
|
4193
|
-
# * CRC32
|
4417
|
+
# * `CRC32`
|
4194
4418
|
#
|
4195
|
-
# * CRC32C
|
4419
|
+
# * `CRC32C`
|
4196
4420
|
#
|
4197
|
-
# * SHA1
|
4421
|
+
# * `SHA1`
|
4198
4422
|
#
|
4199
|
-
# * SHA256
|
4423
|
+
# * `SHA256`
|
4200
4424
|
#
|
4201
4425
|
# For more information, see [Checking object integrity][1] in the
|
4202
4426
|
# *Amazon S3 User Guide*.
|
@@ -5326,12 +5550,16 @@ module Aws::S3
|
|
5326
5550
|
class EventBridgeConfiguration < Aws::EmptyStructure; end
|
5327
5551
|
|
5328
5552
|
# Optional configuration to replicate existing source bucket objects.
|
5329
|
-
#
|
5553
|
+
#
|
5554
|
+
# <note markdown="1"> This parameter is no longer supported. To replicate existing objects,
|
5555
|
+
# see [Replicating existing objects with S3 Batch Replication][1] in the
|
5330
5556
|
# *Amazon S3 User Guide*.
|
5331
5557
|
#
|
5558
|
+
# </note>
|
5332
5559
|
#
|
5333
5560
|
#
|
5334
|
-
#
|
5561
|
+
#
|
5562
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-batch-replication-batch.html
|
5335
5563
|
#
|
5336
5564
|
# @!attribute [rw] status
|
5337
5565
|
# Specifies whether Amazon S3 replicates existing source bucket
|
@@ -5595,6 +5823,20 @@ module Aws::S3
|
|
5595
5823
|
# @!attribute [rw] bucket
|
5596
5824
|
# The name of the bucket from which the server-side encryption
|
5597
5825
|
# configuration is retrieved.
|
5826
|
+
#
|
5827
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
5828
|
+
# directory bucket, you must use path-style requests in the format
|
5829
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
5830
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
5831
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
5832
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
5833
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information
|
5834
|
+
# about bucket naming restrictions, see [Directory bucket naming
|
5835
|
+
# rules][1] in the *Amazon S3 User Guide*
|
5836
|
+
#
|
5837
|
+
#
|
5838
|
+
#
|
5839
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
5598
5840
|
# @return [String]
|
5599
5841
|
#
|
5600
5842
|
# @!attribute [rw] expected_bucket_owner
|
@@ -5602,6 +5844,12 @@ module Aws::S3
|
|
5602
5844
|
# you provide does not match the actual owner of the bucket, the
|
5603
5845
|
# request fails with the HTTP status code `403 Forbidden` (access
|
5604
5846
|
# denied).
|
5847
|
+
#
|
5848
|
+
# <note markdown="1"> For directory buckets, this header is not supported in this API
|
5849
|
+
# operation. If you specify this header, the request fails with the
|
5850
|
+
# HTTP status code `501 Not Implemented`.
|
5851
|
+
#
|
5852
|
+
# </note>
|
5605
5853
|
# @return [String]
|
5606
5854
|
#
|
5607
5855
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryptionRequest AWS API Documentation
|
@@ -5685,10 +5933,29 @@ module Aws::S3
|
|
5685
5933
|
# Container for a lifecycle rule.
|
5686
5934
|
# @return [Array<Types::LifecycleRule>]
|
5687
5935
|
#
|
5936
|
+
# @!attribute [rw] transition_default_minimum_object_size
|
5937
|
+
# Indicates which default minimum object size behavior is applied to
|
5938
|
+
# the lifecycle configuration.
|
5939
|
+
#
|
5940
|
+
# * `all_storage_classes_128K` - Objects smaller than 128 KB will not
|
5941
|
+
# transition to any storage class by default.
|
5942
|
+
#
|
5943
|
+
# * `varies_by_storage_class` - Objects smaller than 128 KB will
|
5944
|
+
# transition to Glacier Flexible Retrieval or Glacier Deep Archive
|
5945
|
+
# storage classes. By default, all other storage classes will
|
5946
|
+
# prevent transitions smaller than 128 KB.
|
5947
|
+
#
|
5948
|
+
# To customize the minimum object size for any transition you can add
|
5949
|
+
# a filter that specifies a custom `ObjectSizeGreaterThan` or
|
5950
|
+
# `ObjectSizeLessThan` in the body of your transition rule. Custom
|
5951
|
+
# filters always take precedence over the default transition behavior.
|
5952
|
+
# @return [String]
|
5953
|
+
#
|
5688
5954
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfigurationOutput AWS API Documentation
|
5689
5955
|
#
|
5690
5956
|
class GetBucketLifecycleConfigurationOutput < Struct.new(
|
5691
|
-
:rules
|
5957
|
+
:rules,
|
5958
|
+
:transition_default_minimum_object_size)
|
5692
5959
|
SENSITIVE = []
|
5693
5960
|
include Aws::Structure
|
5694
5961
|
end
|
@@ -6814,7 +7081,7 @@ module Aws::S3
|
|
6814
7081
|
# @return [String]
|
6815
7082
|
#
|
6816
7083
|
# @!attribute [rw] checksum_crc32
|
6817
|
-
# The base64-encoded, 32-bit
|
7084
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
6818
7085
|
# only be present if it was uploaded with the object. For more
|
6819
7086
|
# information, see [ Checking object integrity][1] in the *Amazon S3
|
6820
7087
|
# User Guide*.
|
@@ -6825,7 +7092,7 @@ module Aws::S3
|
|
6825
7092
|
# @return [String]
|
6826
7093
|
#
|
6827
7094
|
# @!attribute [rw] checksum_crc32c
|
6828
|
-
# The base64-encoded, 32-bit
|
7095
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
6829
7096
|
# only be present if it was uploaded with the object. For more
|
6830
7097
|
# information, see [ Checking object integrity][1] in the *Amazon S3
|
6831
7098
|
# User Guide*.
|
@@ -6923,12 +7190,7 @@ module Aws::S3
|
|
6923
7190
|
#
|
6924
7191
|
# @!attribute [rw] server_side_encryption
|
6925
7192
|
# The server-side encryption algorithm used when you store this object
|
6926
|
-
# in Amazon S3
|
6927
|
-
#
|
6928
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
6929
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
6930
|
-
#
|
6931
|
-
# </note>
|
7193
|
+
# in Amazon S3.
|
6932
7194
|
# @return [String]
|
6933
7195
|
#
|
6934
7196
|
# @!attribute [rw] metadata
|
@@ -6957,22 +7219,13 @@ module Aws::S3
|
|
6957
7219
|
# @return [String]
|
6958
7220
|
#
|
6959
7221
|
# @!attribute [rw] ssekms_key_id
|
6960
|
-
# If present, indicates the ID of the
|
6961
|
-
#
|
6962
|
-
# object.
|
6963
|
-
#
|
6964
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
6965
|
-
#
|
6966
|
-
# </note>
|
7222
|
+
# If present, indicates the ID of the KMS key that was used for object
|
7223
|
+
# encryption.
|
6967
7224
|
# @return [String]
|
6968
7225
|
#
|
6969
7226
|
# @!attribute [rw] bucket_key_enabled
|
6970
7227
|
# Indicates whether the object uses an S3 Bucket Key for server-side
|
6971
7228
|
# encryption with Key Management Service (KMS) keys (SSE-KMS).
|
6972
|
-
#
|
6973
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
6974
|
-
#
|
6975
|
-
# </note>
|
6976
7229
|
# @return [Boolean]
|
6977
7230
|
#
|
6978
7231
|
# @!attribute [rw] storage_class
|
@@ -7413,10 +7666,10 @@ module Aws::S3
|
|
7413
7666
|
# @!attribute [rw] checksum_mode
|
7414
7667
|
# To retrieve the checksum, this mode must be enabled.
|
7415
7668
|
#
|
7416
|
-
# In addition, if you enable checksum
|
7417
|
-
# with a [checksum][1] and encrypted
|
7418
|
-
# (KMS) key, you must have permission
|
7419
|
-
# to retrieve the checksum.
|
7669
|
+
# **General purpose buckets** - In addition, if you enable checksum
|
7670
|
+
# mode and the object is uploaded with a [checksum][1] and encrypted
|
7671
|
+
# with an Key Management Service (KMS) key, you must have permission
|
7672
|
+
# to use the `kms:Decrypt` action to retrieve the checksum.
|
7420
7673
|
#
|
7421
7674
|
#
|
7422
7675
|
#
|
@@ -8010,7 +8263,7 @@ module Aws::S3
|
|
8010
8263
|
# @return [Integer]
|
8011
8264
|
#
|
8012
8265
|
# @!attribute [rw] checksum_crc32
|
8013
|
-
# The base64-encoded, 32-bit
|
8266
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
8014
8267
|
# only be present if it was uploaded with the object. When you use an
|
8015
8268
|
# API operation on an object that was uploaded using multipart
|
8016
8269
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -8025,7 +8278,7 @@ module Aws::S3
|
|
8025
8278
|
# @return [String]
|
8026
8279
|
#
|
8027
8280
|
# @!attribute [rw] checksum_crc32c
|
8028
|
-
# The base64-encoded, 32-bit
|
8281
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
8029
8282
|
# only be present if it was uploaded with the object. When you use an
|
8030
8283
|
# API operation on an object that was uploaded using multipart
|
8031
8284
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -8137,11 +8390,6 @@ module Aws::S3
|
|
8137
8390
|
# @!attribute [rw] server_side_encryption
|
8138
8391
|
# The server-side encryption algorithm used when you store this object
|
8139
8392
|
# in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
|
8140
|
-
#
|
8141
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
8142
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
8143
|
-
#
|
8144
|
-
# </note>
|
8145
8393
|
# @return [String]
|
8146
8394
|
#
|
8147
8395
|
# @!attribute [rw] metadata
|
@@ -8170,22 +8418,13 @@ module Aws::S3
|
|
8170
8418
|
# @return [String]
|
8171
8419
|
#
|
8172
8420
|
# @!attribute [rw] ssekms_key_id
|
8173
|
-
# If present, indicates the ID of the
|
8174
|
-
#
|
8175
|
-
# object.
|
8176
|
-
#
|
8177
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
8178
|
-
#
|
8179
|
-
# </note>
|
8421
|
+
# If present, indicates the ID of the KMS key that was used for object
|
8422
|
+
# encryption.
|
8180
8423
|
# @return [String]
|
8181
8424
|
#
|
8182
8425
|
# @!attribute [rw] bucket_key_enabled
|
8183
8426
|
# Indicates whether the object uses an S3 Bucket Key for server-side
|
8184
8427
|
# encryption with Key Management Service (KMS) keys (SSE-KMS).
|
8185
|
-
#
|
8186
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
8187
|
-
#
|
8188
|
-
# </note>
|
8189
8428
|
# @return [Boolean]
|
8190
8429
|
#
|
8191
8430
|
# @!attribute [rw] storage_class
|
@@ -8587,10 +8826,16 @@ module Aws::S3
|
|
8587
8826
|
# @!attribute [rw] checksum_mode
|
8588
8827
|
# To retrieve the checksum, this parameter must be enabled.
|
8589
8828
|
#
|
8590
|
-
#
|
8591
|
-
# with a [checksum][1] and encrypted with an Key
|
8592
|
-
# (KMS) key, you must have permission to use the
|
8593
|
-
# to retrieve the checksum.
|
8829
|
+
# **General purpose buckets** - If you enable checksum mode and the
|
8830
|
+
# object is uploaded with a [checksum][1] and encrypted with an Key
|
8831
|
+
# Management Service (KMS) key, you must have permission to use the
|
8832
|
+
# `kms:Decrypt` action to retrieve the checksum.
|
8833
|
+
#
|
8834
|
+
# **Directory buckets** - If you enable `ChecksumMode` and the object
|
8835
|
+
# is encrypted with Amazon Web Services Key Management Service (Amazon
|
8836
|
+
# Web Services KMS), you must also have the `kms:GenerateDataKey` and
|
8837
|
+
# `kms:Decrypt` permissions in IAM identity-based policies and KMS key
|
8838
|
+
# policies for the KMS key to retrieve the checksum of the object.
|
8594
8839
|
#
|
8595
8840
|
#
|
8596
8841
|
#
|
@@ -11736,7 +11981,7 @@ module Aws::S3
|
|
11736
11981
|
# @!attribute [rw] checksum_crc32
|
11737
11982
|
# This header can be used as a data integrity check to verify that the
|
11738
11983
|
# data received is the same data that was originally sent. This header
|
11739
|
-
# specifies the base64-encoded, 32-bit
|
11984
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
11740
11985
|
# For more information, see [Checking object integrity][1] in the
|
11741
11986
|
# *Amazon S3 User Guide*.
|
11742
11987
|
#
|
@@ -11746,7 +11991,7 @@ module Aws::S3
|
|
11746
11991
|
# @return [String]
|
11747
11992
|
#
|
11748
11993
|
# @!attribute [rw] checksum_crc32c
|
11749
|
-
# The base64-encoded, 32-bit
|
11994
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
11750
11995
|
# only be present if it was uploaded with the object. When you use an
|
11751
11996
|
# API operation on an object that was uploaded using multipart
|
11752
11997
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -12036,7 +12281,7 @@ module Aws::S3
|
|
12036
12281
|
# @!attribute [rw] checksum_crc32
|
12037
12282
|
# This header can be used as a data integrity check to verify that the
|
12038
12283
|
# data received is the same data that was originally sent. This header
|
12039
|
-
# specifies the base64-encoded, 32-bit
|
12284
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
12040
12285
|
# For more information, see [Checking object integrity][1] in the
|
12041
12286
|
# *Amazon S3 User Guide*.
|
12042
12287
|
#
|
@@ -12046,7 +12291,7 @@ module Aws::S3
|
|
12046
12291
|
# @return [String]
|
12047
12292
|
#
|
12048
12293
|
# @!attribute [rw] checksum_crc32c
|
12049
|
-
# The base64-encoded, 32-bit
|
12294
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
12050
12295
|
# only be present if it was uploaded with the object. When you use an
|
12051
12296
|
# API operation on an object that was uploaded using multipart
|
12052
12297
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -12490,18 +12735,21 @@ module Aws::S3
|
|
12490
12735
|
|
12491
12736
|
# @!attribute [rw] bucket
|
12492
12737
|
# Specifies default encryption for a bucket using server-side
|
12493
|
-
# encryption with different key options.
|
12494
|
-
#
|
12495
|
-
#
|
12496
|
-
#
|
12497
|
-
#
|
12498
|
-
#
|
12499
|
-
#
|
12500
|
-
#
|
12738
|
+
# encryption with different key options.
|
12739
|
+
#
|
12740
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
12741
|
+
# directory bucket, you must use path-style requests in the format
|
12742
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
12743
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
12744
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
12745
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
12746
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information
|
12747
|
+
# about bucket naming restrictions, see [Directory bucket naming
|
12748
|
+
# rules][1] in the *Amazon S3 User Guide*
|
12501
12749
|
#
|
12502
12750
|
#
|
12503
12751
|
#
|
12504
|
-
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/
|
12752
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
12505
12753
|
# @return [String]
|
12506
12754
|
#
|
12507
12755
|
# @!attribute [rw] content_md5
|
@@ -12511,6 +12759,10 @@ module Aws::S3
|
|
12511
12759
|
# For requests made using the Amazon Web Services Command Line
|
12512
12760
|
# Interface (CLI) or Amazon Web Services SDKs, this field is
|
12513
12761
|
# calculated automatically.
|
12762
|
+
#
|
12763
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
12764
|
+
#
|
12765
|
+
# </note>
|
12514
12766
|
# @return [String]
|
12515
12767
|
#
|
12516
12768
|
# @!attribute [rw] checksum_algorithm
|
@@ -12525,6 +12777,12 @@ module Aws::S3
|
|
12525
12777
|
# If you provide an individual checksum, Amazon S3 ignores any
|
12526
12778
|
# provided `ChecksumAlgorithm` parameter.
|
12527
12779
|
#
|
12780
|
+
# <note markdown="1"> For directory buckets, when you use Amazon Web Services SDKs,
|
12781
|
+
# `CRC32` is the default checksum algorithm that's used for
|
12782
|
+
# performance.
|
12783
|
+
#
|
12784
|
+
# </note>
|
12785
|
+
#
|
12528
12786
|
#
|
12529
12787
|
#
|
12530
12788
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
|
@@ -12539,6 +12797,12 @@ module Aws::S3
|
|
12539
12797
|
# you provide does not match the actual owner of the bucket, the
|
12540
12798
|
# request fails with the HTTP status code `403 Forbidden` (access
|
12541
12799
|
# denied).
|
12800
|
+
#
|
12801
|
+
# <note markdown="1"> For directory buckets, this header is not supported in this API
|
12802
|
+
# operation. If you specify this header, the request fails with the
|
12803
|
+
# HTTP status code `501 Not Implemented`.
|
12804
|
+
#
|
12805
|
+
# </note>
|
12542
12806
|
# @return [String]
|
12543
12807
|
#
|
12544
12808
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryptionRequest AWS API Documentation
|
@@ -12607,6 +12871,32 @@ module Aws::S3
|
|
12607
12871
|
include Aws::Structure
|
12608
12872
|
end
|
12609
12873
|
|
12874
|
+
# @!attribute [rw] transition_default_minimum_object_size
|
12875
|
+
# Indicates which default minimum object size behavior is applied to
|
12876
|
+
# the lifecycle configuration.
|
12877
|
+
#
|
12878
|
+
# * `all_storage_classes_128K` - Objects smaller than 128 KB will not
|
12879
|
+
# transition to any storage class by default.
|
12880
|
+
#
|
12881
|
+
# * `varies_by_storage_class` - Objects smaller than 128 KB will
|
12882
|
+
# transition to Glacier Flexible Retrieval or Glacier Deep Archive
|
12883
|
+
# storage classes. By default, all other storage classes will
|
12884
|
+
# prevent transitions smaller than 128 KB.
|
12885
|
+
#
|
12886
|
+
# To customize the minimum object size for any transition you can add
|
12887
|
+
# a filter that specifies a custom `ObjectSizeGreaterThan` or
|
12888
|
+
# `ObjectSizeLessThan` in the body of your transition rule. Custom
|
12889
|
+
# filters always take precedence over the default transition behavior.
|
12890
|
+
# @return [String]
|
12891
|
+
#
|
12892
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationOutput AWS API Documentation
|
12893
|
+
#
|
12894
|
+
class PutBucketLifecycleConfigurationOutput < Struct.new(
|
12895
|
+
:transition_default_minimum_object_size)
|
12896
|
+
SENSITIVE = []
|
12897
|
+
include Aws::Structure
|
12898
|
+
end
|
12899
|
+
|
12610
12900
|
# @!attribute [rw] bucket
|
12611
12901
|
# The name of the bucket for which to set the configuration.
|
12612
12902
|
# @return [String]
|
@@ -12639,13 +12929,32 @@ module Aws::S3
|
|
12639
12929
|
# denied).
|
12640
12930
|
# @return [String]
|
12641
12931
|
#
|
12932
|
+
# @!attribute [rw] transition_default_minimum_object_size
|
12933
|
+
# Indicates which default minimum object size behavior is applied to
|
12934
|
+
# the lifecycle configuration.
|
12935
|
+
#
|
12936
|
+
# * `all_storage_classes_128K` - Objects smaller than 128 KB will not
|
12937
|
+
# transition to any storage class by default.
|
12938
|
+
#
|
12939
|
+
# * `varies_by_storage_class` - Objects smaller than 128 KB will
|
12940
|
+
# transition to Glacier Flexible Retrieval or Glacier Deep Archive
|
12941
|
+
# storage classes. By default, all other storage classes will
|
12942
|
+
# prevent transitions smaller than 128 KB.
|
12943
|
+
#
|
12944
|
+
# To customize the minimum object size for any transition you can add
|
12945
|
+
# a filter that specifies a custom `ObjectSizeGreaterThan` or
|
12946
|
+
# `ObjectSizeLessThan` in the body of your transition rule. Custom
|
12947
|
+
# filters always take precedence over the default transition behavior.
|
12948
|
+
# @return [String]
|
12949
|
+
#
|
12642
12950
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationRequest AWS API Documentation
|
12643
12951
|
#
|
12644
12952
|
class PutBucketLifecycleConfigurationRequest < Struct.new(
|
12645
12953
|
:bucket,
|
12646
12954
|
:checksum_algorithm,
|
12647
12955
|
:lifecycle_configuration,
|
12648
|
-
:expected_bucket_owner
|
12956
|
+
:expected_bucket_owner,
|
12957
|
+
:transition_default_minimum_object_size)
|
12649
12958
|
SENSITIVE = []
|
12650
12959
|
include Aws::Structure
|
12651
12960
|
end
|
@@ -12944,13 +13253,13 @@ module Aws::S3
|
|
12944
13253
|
# For the `x-amz-checksum-algorithm ` header, replace ` algorithm `
|
12945
13254
|
# with the supported algorithm from the following list:
|
12946
13255
|
#
|
12947
|
-
# * CRC32
|
13256
|
+
# * `CRC32`
|
12948
13257
|
#
|
12949
|
-
# * CRC32C
|
13258
|
+
# * `CRC32C`
|
12950
13259
|
#
|
12951
|
-
# * SHA1
|
13260
|
+
# * `SHA1`
|
12952
13261
|
#
|
12953
|
-
# * SHA256
|
13262
|
+
# * `SHA256`
|
12954
13263
|
#
|
12955
13264
|
# For more information, see [Checking object integrity][1] in the
|
12956
13265
|
# *Amazon S3 User Guide*.
|
@@ -13746,7 +14055,7 @@ module Aws::S3
|
|
13746
14055
|
# @return [String]
|
13747
14056
|
#
|
13748
14057
|
# @!attribute [rw] checksum_crc32
|
13749
|
-
# The base64-encoded, 32-bit
|
14058
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
13750
14059
|
# only be present if it was uploaded with the object. When you use an
|
13751
14060
|
# API operation on an object that was uploaded using multipart
|
13752
14061
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -13761,7 +14070,7 @@ module Aws::S3
|
|
13761
14070
|
# @return [String]
|
13762
14071
|
#
|
13763
14072
|
# @!attribute [rw] checksum_crc32c
|
13764
|
-
# The base64-encoded, 32-bit
|
14073
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
13765
14074
|
# only be present if it was uploaded with the object. When you use an
|
13766
14075
|
# API operation on an object that was uploaded using multipart
|
13767
14076
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -13807,12 +14116,7 @@ module Aws::S3
|
|
13807
14116
|
#
|
13808
14117
|
# @!attribute [rw] server_side_encryption
|
13809
14118
|
# The server-side encryption algorithm used when you store this object
|
13810
|
-
# in Amazon S3
|
13811
|
-
#
|
13812
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
13813
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
13814
|
-
#
|
13815
|
-
# </note>
|
14119
|
+
# in Amazon S3.
|
13816
14120
|
# @return [String]
|
13817
14121
|
#
|
13818
14122
|
# @!attribute [rw] version_id
|
@@ -13860,37 +14164,23 @@ module Aws::S3
|
|
13860
14164
|
# @return [String]
|
13861
14165
|
#
|
13862
14166
|
# @!attribute [rw] ssekms_key_id
|
13863
|
-
# If
|
13864
|
-
#
|
13865
|
-
# Service (KMS) symmetric encryption customer managed key that was
|
13866
|
-
# used for the object.
|
13867
|
-
#
|
13868
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
13869
|
-
#
|
13870
|
-
# </note>
|
14167
|
+
# If present, indicates the ID of the KMS key that was used for object
|
14168
|
+
# encryption.
|
13871
14169
|
# @return [String]
|
13872
14170
|
#
|
13873
14171
|
# @!attribute [rw] ssekms_encryption_context
|
13874
14172
|
# If present, indicates the Amazon Web Services KMS Encryption Context
|
13875
14173
|
# to use for object encryption. The value of this header is a
|
13876
|
-
#
|
13877
|
-
# key-value pairs. This value is stored as
|
13878
|
-
# automatically gets passed on to Amazon Web
|
13879
|
-
#
|
13880
|
-
#
|
13881
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
13882
|
-
#
|
13883
|
-
# </note>
|
14174
|
+
# Base64-encoded string of a UTF-8 encoded JSON, which contains the
|
14175
|
+
# encryption context as key-value pairs. This value is stored as
|
14176
|
+
# object metadata and automatically gets passed on to Amazon Web
|
14177
|
+
# Services KMS for future `GetObject` operations on this object.
|
13884
14178
|
# @return [String]
|
13885
14179
|
#
|
13886
14180
|
# @!attribute [rw] bucket_key_enabled
|
13887
14181
|
# Indicates whether the uploaded object uses an S3 Bucket Key for
|
13888
14182
|
# server-side encryption with Key Management Service (KMS) keys
|
13889
14183
|
# (SSE-KMS).
|
13890
|
-
#
|
13891
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
13892
|
-
#
|
13893
|
-
# </note>
|
13894
14184
|
# @return [Boolean]
|
13895
14185
|
#
|
13896
14186
|
# @!attribute [rw] request_charged
|
@@ -14105,13 +14395,13 @@ module Aws::S3
|
|
14105
14395
|
# For the `x-amz-checksum-algorithm ` header, replace ` algorithm `
|
14106
14396
|
# with the supported algorithm from the following list:
|
14107
14397
|
#
|
14108
|
-
# * CRC32
|
14398
|
+
# * `CRC32`
|
14109
14399
|
#
|
14110
|
-
# * CRC32C
|
14400
|
+
# * `CRC32C`
|
14111
14401
|
#
|
14112
|
-
# * SHA1
|
14402
|
+
# * `SHA1`
|
14113
14403
|
#
|
14114
|
-
# * SHA256
|
14404
|
+
# * `SHA256`
|
14115
14405
|
#
|
14116
14406
|
# For more information, see [Checking object integrity][1] in the
|
14117
14407
|
# *Amazon S3 User Guide*.
|
@@ -14137,7 +14427,7 @@ module Aws::S3
|
|
14137
14427
|
# @!attribute [rw] checksum_crc32
|
14138
14428
|
# This header can be used as a data integrity check to verify that the
|
14139
14429
|
# data received is the same data that was originally sent. This header
|
14140
|
-
# specifies the base64-encoded, 32-bit
|
14430
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
14141
14431
|
# For more information, see [Checking object integrity][1] in the
|
14142
14432
|
# *Amazon S3 User Guide*.
|
14143
14433
|
#
|
@@ -14149,7 +14439,7 @@ module Aws::S3
|
|
14149
14439
|
# @!attribute [rw] checksum_crc32c
|
14150
14440
|
# This header can be used as a data integrity check to verify that the
|
14151
14441
|
# data received is the same data that was originally sent. This header
|
14152
|
-
# specifies the base64-encoded, 32-bit
|
14442
|
+
# specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
|
14153
14443
|
# For more information, see [Checking object integrity][1] in the
|
14154
14444
|
# *Amazon S3 User Guide*.
|
14155
14445
|
#
|
@@ -14266,25 +14556,66 @@ module Aws::S3
|
|
14266
14556
|
# this object in Amazon S3 (for example, `AES256`, `aws:kms`,
|
14267
14557
|
# `aws:kms:dsse`).
|
14268
14558
|
#
|
14269
|
-
# <b>General purpose buckets </b> - You have four mutually exclusive
|
14270
|
-
#
|
14271
|
-
#
|
14272
|
-
#
|
14273
|
-
#
|
14274
|
-
#
|
14275
|
-
#
|
14276
|
-
#
|
14277
|
-
#
|
14278
|
-
#
|
14279
|
-
#
|
14559
|
+
# * <b>General purpose buckets </b> - You have four mutually exclusive
|
14560
|
+
# options to protect data using server-side encryption in Amazon S3,
|
14561
|
+
# depending on how you choose to manage the encryption keys.
|
14562
|
+
# Specifically, the encryption key options are Amazon S3 managed
|
14563
|
+
# keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS),
|
14564
|
+
# and customer-provided keys (SSE-C). Amazon S3 encrypts data with
|
14565
|
+
# server-side encryption by using Amazon S3 managed keys (SSE-S3) by
|
14566
|
+
# default. You can optionally tell Amazon S3 to encrypt data at rest
|
14567
|
+
# by using server-side encryption with other key options. For more
|
14568
|
+
# information, see [Using Server-Side Encryption][1] in the *Amazon
|
14569
|
+
# S3 User Guide*.
|
14570
|
+
#
|
14571
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
14572
|
+
# two supported options for server-side encryption: server-side
|
14573
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
14574
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
14575
|
+
# recommend that the bucket's default encryption uses the desired
|
14576
|
+
# encryption configuration and you don't override the bucket
|
14577
|
+
# default encryption in your `CreateSession` requests or `PUT`
|
14578
|
+
# object requests. Then, new objects are automatically encrypted
|
14579
|
+
# with the desired encryption settings. For more information, see
|
14580
|
+
# [Protecting data with server-side encryption][2] in the *Amazon S3
|
14581
|
+
# User Guide*. For more information about the encryption overriding
|
14582
|
+
# behaviors in directory buckets, see [Specifying server-side
|
14583
|
+
# encryption with KMS for new object uploads][3].
|
14584
|
+
#
|
14585
|
+
# In the Zonal endpoint API calls (except [CopyObject][4] and
|
14586
|
+
# [UploadPartCopy][5]) using the REST API, the encryption request
|
14587
|
+
# headers must match the encryption settings that are specified in
|
14588
|
+
# the `CreateSession` request. You can't override the values of the
|
14589
|
+
# encryption settings (`x-amz-server-side-encryption`,
|
14590
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
14591
|
+
# `x-amz-server-side-encryption-context`, and
|
14592
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) that are
|
14593
|
+
# specified in the `CreateSession` request. You don't need to
|
14594
|
+
# explicitly specify these encryption settings values in Zonal
|
14595
|
+
# endpoint API calls, and Amazon S3 will use the encryption settings
|
14596
|
+
# values from the `CreateSession` request to protect new objects in
|
14597
|
+
# the directory bucket.
|
14598
|
+
#
|
14599
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
14600
|
+
# `CreateSession`, the session token refreshes automatically to
|
14601
|
+
# avoid service interruptions when a session expires. The CLI or the
|
14602
|
+
# Amazon Web Services SDKs use the bucket's default encryption
|
14603
|
+
# configuration for the `CreateSession` request. It's not supported
|
14604
|
+
# to override the encryption settings values in the `CreateSession`
|
14605
|
+
# request. So in the Zonal endpoint API calls (except
|
14606
|
+
# [CopyObject][4] and [UploadPartCopy][5]), the encryption request
|
14607
|
+
# headers must match the default encryption configuration of the
|
14608
|
+
# directory bucket.
|
14280
14609
|
#
|
14281
|
-
#
|
14282
|
-
# server-side encryption with Amazon S3 managed keys (SSE-S3)
|
14283
|
-
# (`AES256`) value is supported.
|
14610
|
+
# </note>
|
14284
14611
|
#
|
14285
14612
|
#
|
14286
14613
|
#
|
14287
14614
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
|
14615
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
14616
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
14617
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
14618
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
14288
14619
|
# @return [String]
|
14289
14620
|
#
|
14290
14621
|
# @!attribute [rw] storage_class
|
@@ -14370,48 +14701,87 @@ module Aws::S3
|
|
14370
14701
|
# @return [String]
|
14371
14702
|
#
|
14372
14703
|
# @!attribute [rw] ssekms_key_id
|
14373
|
-
#
|
14374
|
-
#
|
14375
|
-
#
|
14376
|
-
#
|
14704
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
14705
|
+
# object encryption. If the KMS key doesn't exist in the same account
|
14706
|
+
# that's issuing the command, you must use the full Key ARN not the
|
14707
|
+
# Key ID.
|
14708
|
+
#
|
14709
|
+
# **General purpose buckets** - If you specify
|
14710
|
+
# `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`,
|
14711
|
+
# this header specifies the ID (Key ID, Key ARN, or Key Alias) of the
|
14712
|
+
# KMS key to use. If you specify
|
14377
14713
|
# `x-amz-server-side-encryption:aws:kms` or
|
14378
|
-
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
14379
|
-
# x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
14380
|
-
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
14381
|
-
# the KMS key does not exist in the same account that's issuing the
|
14382
|
-
# command, you must use the full ARN and not just the ID.
|
14714
|
+
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
14715
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
14716
|
+
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
14383
14717
|
#
|
14384
|
-
#
|
14718
|
+
# **Directory buckets** - If you specify
|
14719
|
+
# `x-amz-server-side-encryption` with `aws:kms`, you must specify the
|
14720
|
+
# ` x-amz-server-side-encryption-aws-kms-key-id` header with the ID
|
14721
|
+
# (Key ID or Key ARN) of the KMS symmetric encryption customer managed
|
14722
|
+
# key to use. Otherwise, you get an HTTP `400 Bad Request` error. Only
|
14723
|
+
# use the key ID or key ARN. The key alias format of the KMS key
|
14724
|
+
# isn't supported. Your SSE-KMS configuration can only support 1
|
14725
|
+
# [customer managed key][1] per directory bucket for the lifetime of
|
14726
|
+
# the bucket. [Amazon Web Services managed key][2] (`aws/s3`) isn't
|
14727
|
+
# supported.
|
14385
14728
|
#
|
14386
|
-
#
|
14729
|
+
#
|
14730
|
+
#
|
14731
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
14732
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
14387
14733
|
# @return [String]
|
14388
14734
|
#
|
14389
14735
|
# @!attribute [rw] ssekms_encryption_context
|
14390
|
-
# Specifies the Amazon Web Services KMS Encryption Context
|
14391
|
-
#
|
14392
|
-
#
|
14393
|
-
#
|
14394
|
-
#
|
14395
|
-
# `
|
14396
|
-
#
|
14736
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
14737
|
+
# additional encryption context to use for object encryption. The
|
14738
|
+
# value of this header is a Base64-encoded string of a UTF-8 encoded
|
14739
|
+
# JSON, which contains the encryption context as key-value pairs. This
|
14740
|
+
# value is stored as object metadata and automatically gets passed on
|
14741
|
+
# to Amazon Web Services KMS for future `GetObject` operations on this
|
14742
|
+
# object.
|
14397
14743
|
#
|
14398
|
-
#
|
14744
|
+
# **General purpose buckets** - This value must be explicitly added
|
14745
|
+
# during `CopyObject` operations if you want an additional encryption
|
14746
|
+
# context for your object. For more information, see [Encryption
|
14747
|
+
# context][1] in the *Amazon S3 User Guide*.
|
14399
14748
|
#
|
14400
|
-
#
|
14749
|
+
# **Directory buckets** - You can optionally provide an explicit
|
14750
|
+
# encryption context value. The value must match the default
|
14751
|
+
# encryption context - the bucket Amazon Resource Name (ARN). An
|
14752
|
+
# additional encryption context value is not supported.
|
14753
|
+
#
|
14754
|
+
#
|
14755
|
+
#
|
14756
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
14401
14757
|
# @return [String]
|
14402
14758
|
#
|
14403
14759
|
# @!attribute [rw] bucket_key_enabled
|
14404
14760
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
14405
14761
|
# encryption with server-side encryption using Key Management Service
|
14406
|
-
# (KMS) keys (SSE-KMS).
|
14407
|
-
# to use an S3 Bucket Key for object encryption with SSE-KMS.
|
14762
|
+
# (KMS) keys (SSE-KMS).
|
14408
14763
|
#
|
14409
|
-
#
|
14410
|
-
#
|
14764
|
+
# **General purpose buckets** - Setting this header to `true` causes
|
14765
|
+
# Amazon S3 to use an S3 Bucket Key for object encryption with
|
14766
|
+
# SSE-KMS. Also, specifying this header with a PUT action doesn't
|
14767
|
+
# affect bucket-level settings for S3 Bucket Key.
|
14411
14768
|
#
|
14412
|
-
#
|
14769
|
+
# **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
|
14770
|
+
# and `PUT` operations in a directory bucket and can’t be disabled. S3
|
14771
|
+
# Bucket Keys aren't supported, when you copy SSE-KMS encrypted
|
14772
|
+
# objects from general purpose buckets to directory buckets, from
|
14773
|
+
# directory buckets to general purpose buckets, or between directory
|
14774
|
+
# buckets, through [CopyObject][1], [UploadPartCopy][2], [the Copy
|
14775
|
+
# operation in Batch Operations][3], or [the import jobs][4]. In this
|
14776
|
+
# case, Amazon S3 makes a call to KMS every time a copy request is
|
14777
|
+
# made for a KMS-encrypted object.
|
14413
14778
|
#
|
14414
|
-
#
|
14779
|
+
#
|
14780
|
+
#
|
14781
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
14782
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
14783
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
14784
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
14415
14785
|
# @return [Boolean]
|
14416
14786
|
#
|
14417
14787
|
# @!attribute [rw] request_payer
|
@@ -15125,12 +15495,16 @@ module Aws::S3
|
|
15125
15495
|
#
|
15126
15496
|
# @!attribute [rw] existing_object_replication
|
15127
15497
|
# Optional configuration to replicate existing source bucket objects.
|
15128
|
-
#
|
15129
|
-
#
|
15498
|
+
#
|
15499
|
+
# <note markdown="1"> This parameter is no longer supported. To replicate existing
|
15500
|
+
# objects, see [Replicating existing objects with S3 Batch
|
15501
|
+
# Replication][1] in the *Amazon S3 User Guide*.
|
15502
|
+
#
|
15503
|
+
# </note>
|
15130
15504
|
#
|
15131
15505
|
#
|
15132
15506
|
#
|
15133
|
-
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/
|
15507
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-batch-replication-batch.html
|
15134
15508
|
# @return [Types::ExistingObjectReplication]
|
15135
15509
|
#
|
15136
15510
|
# @!attribute [rw] destination
|
@@ -16002,35 +16376,51 @@ module Aws::S3
|
|
16002
16376
|
|
16003
16377
|
# Describes the default server-side encryption to apply to new objects
|
16004
16378
|
# in the bucket. If a PUT Object request doesn't specify any
|
16005
|
-
# server-side encryption, this default encryption will be applied.
|
16006
|
-
#
|
16007
|
-
# automatically creates an Amazon Web Services KMS key in your Amazon
|
16008
|
-
# Web Services account the first time that you add an object encrypted
|
16009
|
-
# with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for
|
16010
|
-
# SSE-KMS. For more information, see [PUT Bucket encryption][1] in the
|
16011
|
-
# *Amazon S3 API Reference*.
|
16379
|
+
# server-side encryption, this default encryption will be applied. For
|
16380
|
+
# more information, see [PutBucketEncryption][1].
|
16012
16381
|
#
|
16013
|
-
# <note markdown="1">
|
16014
|
-
#
|
16015
|
-
#
|
16016
|
-
#
|
16017
|
-
#
|
16382
|
+
# <note markdown="1"> * **General purpose buckets** - If you don't specify a customer
|
16383
|
+
# managed key at configuration, Amazon S3 automatically creates an
|
16384
|
+
# Amazon Web Services KMS key (`aws/s3`) in your Amazon Web Services
|
16385
|
+
# account the first time that you add an object encrypted with SSE-KMS
|
16386
|
+
# to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.
|
16387
|
+
#
|
16388
|
+
# * **Directory buckets** - Your SSE-KMS configuration can only support
|
16389
|
+
# 1 [customer managed key][2] per directory bucket for the lifetime of
|
16390
|
+
# the bucket. [Amazon Web Services managed key][3] (`aws/s3`) isn't
|
16391
|
+
# supported.
|
16392
|
+
#
|
16393
|
+
# * **Directory buckets** - For directory buckets, there are only two
|
16394
|
+
# supported options for server-side encryption: SSE-S3 and SSE-KMS.
|
16018
16395
|
#
|
16019
16396
|
# </note>
|
16020
16397
|
#
|
16021
16398
|
#
|
16022
16399
|
#
|
16023
16400
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html
|
16401
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
16402
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
16024
16403
|
#
|
16025
16404
|
# @!attribute [rw] sse_algorithm
|
16026
16405
|
# Server-side encryption algorithm to use for the default encryption.
|
16406
|
+
#
|
16407
|
+
# <note markdown="1"> For directory buckets, there are only two supported values for
|
16408
|
+
# server-side encryption: `AES256` and `aws:kms`.
|
16409
|
+
#
|
16410
|
+
# </note>
|
16027
16411
|
# @return [String]
|
16028
16412
|
#
|
16029
16413
|
# @!attribute [rw] kms_master_key_id
|
16030
|
-
# Amazon Web Services Key Management Service (KMS) customer
|
16031
|
-
#
|
16032
|
-
#
|
16033
|
-
#
|
16414
|
+
# Amazon Web Services Key Management Service (KMS) customer managed
|
16415
|
+
# key ID to use for the default encryption.
|
16416
|
+
#
|
16417
|
+
# <note markdown="1"> * **General purpose buckets** - This parameter is allowed if and
|
16418
|
+
# only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse`.
|
16419
|
+
#
|
16420
|
+
# * **Directory buckets** - This parameter is allowed if and only if
|
16421
|
+
# `SSEAlgorithm` is set to `aws:kms`.
|
16422
|
+
#
|
16423
|
+
# </note>
|
16034
16424
|
#
|
16035
16425
|
# You can specify the key ID, key alias, or the Amazon Resource Name
|
16036
16426
|
# (ARN) of the KMS key.
|
@@ -16042,22 +16432,36 @@ module Aws::S3
|
|
16042
16432
|
#
|
16043
16433
|
# * Key Alias: `alias/alias-name`
|
16044
16434
|
#
|
16045
|
-
# If you use a key ID, you can run into a LogDestination undeliverable
|
16046
|
-
# error when creating a VPC flow log.
|
16047
|
-
#
|
16048
16435
|
# If you are using encryption with cross-account or Amazon Web
|
16049
|
-
# Services service operations you must use a fully qualified KMS key
|
16436
|
+
# Services service operations, you must use a fully qualified KMS key
|
16050
16437
|
# ARN. For more information, see [Using encryption for cross-account
|
16051
16438
|
# operations][1].
|
16052
16439
|
#
|
16440
|
+
# <note markdown="1"> * **General purpose buckets** - If you're specifying a customer
|
16441
|
+
# managed KMS key, we recommend using a fully qualified KMS key ARN.
|
16442
|
+
# If you use a KMS key alias instead, then KMS resolves the key
|
16443
|
+
# within the requester’s account. This behavior can result in data
|
16444
|
+
# that's encrypted with a KMS key that belongs to the requester,
|
16445
|
+
# and not the bucket owner. Also, if you use a key ID, you can run
|
16446
|
+
# into a LogDestination undeliverable error when creating a VPC flow
|
16447
|
+
# log.
|
16448
|
+
#
|
16449
|
+
# * **Directory buckets** - When you specify an [KMS customer managed
|
16450
|
+
# key][2] for encryption in your directory bucket, only use the key
|
16451
|
+
# ID or key ARN. The key alias format of the KMS key isn't
|
16452
|
+
# supported.
|
16453
|
+
#
|
16454
|
+
# </note>
|
16455
|
+
#
|
16053
16456
|
# Amazon S3 only supports symmetric encryption KMS keys. For more
|
16054
|
-
# information, see [Asymmetric keys in Amazon Web Services KMS][
|
16457
|
+
# information, see [Asymmetric keys in Amazon Web Services KMS][3] in
|
16055
16458
|
# the *Amazon Web Services Key Management Service Developer Guide*.
|
16056
16459
|
#
|
16057
16460
|
#
|
16058
16461
|
#
|
16059
16462
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy
|
16060
|
-
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/
|
16463
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
16464
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
|
16061
16465
|
# @return [String]
|
16062
16466
|
#
|
16063
16467
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionByDefault AWS API Documentation
|
@@ -16086,14 +16490,23 @@ module Aws::S3
|
|
16086
16490
|
|
16087
16491
|
# Specifies the default server-side encryption configuration.
|
16088
16492
|
#
|
16089
|
-
# <note markdown="1"> If you're specifying a customer
|
16090
|
-
#
|
16091
|
-
#
|
16092
|
-
# result in data that's
|
16093
|
-
# requester, and not the
|
16493
|
+
# <note markdown="1"> * **General purpose buckets** - If you're specifying a customer
|
16494
|
+
# managed KMS key, we recommend using a fully qualified KMS key ARN.
|
16495
|
+
# If you use a KMS key alias instead, then KMS resolves the key within
|
16496
|
+
# the requester’s account. This behavior can result in data that's
|
16497
|
+
# encrypted with a KMS key that belongs to the requester, and not the
|
16498
|
+
# bucket owner.
|
16499
|
+
#
|
16500
|
+
# * **Directory buckets** - When you specify an [KMS customer managed
|
16501
|
+
# key][1] for encryption in your directory bucket, only use the key ID
|
16502
|
+
# or key ARN. The key alias format of the KMS key isn't supported.
|
16094
16503
|
#
|
16095
16504
|
# </note>
|
16096
16505
|
#
|
16506
|
+
#
|
16507
|
+
#
|
16508
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
16509
|
+
#
|
16097
16510
|
# @!attribute [rw] apply_server_side_encryption_by_default
|
16098
16511
|
# Specifies the default server-side encryption to apply to new objects
|
16099
16512
|
# in the bucket. If a PUT Object request doesn't specify any
|
@@ -16105,14 +16518,31 @@ module Aws::S3
|
|
16105
16518
|
# server-side encryption using KMS (SSE-KMS) for new objects in the
|
16106
16519
|
# bucket. Existing objects are not affected. Setting the
|
16107
16520
|
# `BucketKeyEnabled` element to `true` causes Amazon S3 to use an S3
|
16108
|
-
# Bucket Key.
|
16521
|
+
# Bucket Key.
|
16109
16522
|
#
|
16110
|
-
#
|
16111
|
-
#
|
16523
|
+
# <note markdown="1"> * **General purpose buckets** - By default, S3 Bucket Key is not
|
16524
|
+
# enabled. For more information, see [Amazon S3 Bucket Keys][1] in
|
16525
|
+
# the *Amazon S3 User Guide*.
|
16526
|
+
#
|
16527
|
+
# * **Directory buckets** - S3 Bucket Keys are always enabled for
|
16528
|
+
# `GET` and `PUT` operations in a directory bucket and can’t be
|
16529
|
+
# disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS
|
16530
|
+
# encrypted objects from general purpose buckets to directory
|
16531
|
+
# buckets, from directory buckets to general purpose buckets, or
|
16532
|
+
# between directory buckets, through [CopyObject][2],
|
16533
|
+
# [UploadPartCopy][3], [the Copy operation in Batch Operations][4],
|
16534
|
+
# or [the import jobs][5]. In this case, Amazon S3 makes a call to
|
16535
|
+
# KMS every time a copy request is made for a KMS-encrypted object.
|
16536
|
+
#
|
16537
|
+
# </note>
|
16112
16538
|
#
|
16113
16539
|
#
|
16114
16540
|
#
|
16115
16541
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
|
16542
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
16543
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
16544
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
16545
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
16116
16546
|
# @return [Boolean]
|
16117
16547
|
#
|
16118
16548
|
# @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionRule AWS API Documentation
|
@@ -16127,8 +16557,8 @@ module Aws::S3
|
|
16127
16557
|
# The established temporary security credentials of the session.
|
16128
16558
|
#
|
16129
16559
|
# <note markdown="1"> **Directory buckets** - These session credentials are only supported
|
16130
|
-
# for the authentication and authorization of Zonal endpoint
|
16131
|
-
# directory buckets.
|
16560
|
+
# for the authentication and authorization of Zonal endpoint API
|
16561
|
+
# operations on directory buckets.
|
16132
16562
|
#
|
16133
16563
|
# </note>
|
16134
16564
|
#
|
@@ -16562,11 +16992,6 @@ module Aws::S3
|
|
16562
16992
|
# @!attribute [rw] server_side_encryption
|
16563
16993
|
# The server-side encryption algorithm used when you store this object
|
16564
16994
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
16565
|
-
#
|
16566
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
16567
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
16568
|
-
#
|
16569
|
-
# </note>
|
16570
16995
|
# @return [String]
|
16571
16996
|
#
|
16572
16997
|
# @!attribute [rw] sse_customer_algorithm
|
@@ -16591,23 +17016,14 @@ module Aws::S3
|
|
16591
17016
|
# @return [String]
|
16592
17017
|
#
|
16593
17018
|
# @!attribute [rw] ssekms_key_id
|
16594
|
-
# If present, indicates the ID of the
|
16595
|
-
#
|
16596
|
-
# object.
|
16597
|
-
#
|
16598
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
16599
|
-
#
|
16600
|
-
# </note>
|
17019
|
+
# If present, indicates the ID of the KMS key that was used for object
|
17020
|
+
# encryption.
|
16601
17021
|
# @return [String]
|
16602
17022
|
#
|
16603
17023
|
# @!attribute [rw] bucket_key_enabled
|
16604
17024
|
# Indicates whether the multipart upload uses an S3 Bucket Key for
|
16605
17025
|
# server-side encryption with Key Management Service (KMS) keys
|
16606
17026
|
# (SSE-KMS).
|
16607
|
-
#
|
16608
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
16609
|
-
#
|
16610
|
-
# </note>
|
16611
17027
|
# @return [Boolean]
|
16612
17028
|
#
|
16613
17029
|
# @!attribute [rw] request_charged
|
@@ -16958,11 +17374,6 @@ module Aws::S3
|
|
16958
17374
|
# @!attribute [rw] server_side_encryption
|
16959
17375
|
# The server-side encryption algorithm used when you store this object
|
16960
17376
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
16961
|
-
#
|
16962
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
16963
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
16964
|
-
#
|
16965
|
-
# </note>
|
16966
17377
|
# @return [String]
|
16967
17378
|
#
|
16968
17379
|
# @!attribute [rw] etag
|
@@ -16970,7 +17381,7 @@ module Aws::S3
|
|
16970
17381
|
# @return [String]
|
16971
17382
|
#
|
16972
17383
|
# @!attribute [rw] checksum_crc32
|
16973
|
-
# The base64-encoded, 32-bit
|
17384
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
16974
17385
|
# only be present if it was uploaded with the object. When you use an
|
16975
17386
|
# API operation on an object that was uploaded using multipart
|
16976
17387
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -16985,7 +17396,7 @@ module Aws::S3
|
|
16985
17396
|
# @return [String]
|
16986
17397
|
#
|
16987
17398
|
# @!attribute [rw] checksum_crc32c
|
16988
|
-
# The base64-encoded, 32-bit
|
17399
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
16989
17400
|
# only be present if it was uploaded with the object. When you use an
|
16990
17401
|
# API operation on an object that was uploaded using multipart
|
16991
17402
|
# uploads, this value may not be a direct checksum value of the full
|
@@ -17051,23 +17462,14 @@ module Aws::S3
|
|
17051
17462
|
# @return [String]
|
17052
17463
|
#
|
17053
17464
|
# @!attribute [rw] ssekms_key_id
|
17054
|
-
# If present, indicates the ID of the
|
17055
|
-
#
|
17056
|
-
# object.
|
17057
|
-
#
|
17058
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
17059
|
-
#
|
17060
|
-
# </note>
|
17465
|
+
# If present, indicates the ID of the KMS key that was used for object
|
17466
|
+
# encryption.
|
17061
17467
|
# @return [String]
|
17062
17468
|
#
|
17063
17469
|
# @!attribute [rw] bucket_key_enabled
|
17064
17470
|
# Indicates whether the multipart upload uses an S3 Bucket Key for
|
17065
17471
|
# server-side encryption with Key Management Service (KMS) keys
|
17066
17472
|
# (SSE-KMS).
|
17067
|
-
#
|
17068
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
17069
|
-
#
|
17070
|
-
# </note>
|
17071
17473
|
# @return [Boolean]
|
17072
17474
|
#
|
17073
17475
|
# @!attribute [rw] request_charged
|
@@ -17184,7 +17586,7 @@ module Aws::S3
|
|
17184
17586
|
# @!attribute [rw] checksum_crc32
|
17185
17587
|
# This header can be used as a data integrity check to verify that the
|
17186
17588
|
# data received is the same data that was originally sent. This header
|
17187
|
-
# specifies the base64-encoded, 32-bit
|
17589
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
17188
17590
|
# For more information, see [Checking object integrity][1] in the
|
17189
17591
|
# *Amazon S3 User Guide*.
|
17190
17592
|
#
|
@@ -17196,7 +17598,7 @@ module Aws::S3
|
|
17196
17598
|
# @!attribute [rw] checksum_crc32c
|
17197
17599
|
# This header can be used as a data integrity check to verify that the
|
17198
17600
|
# data received is the same data that was originally sent. This header
|
17199
|
-
# specifies the base64-encoded, 32-bit
|
17601
|
+
# specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
|
17200
17602
|
# For more information, see [Checking object integrity][1] in the
|
17201
17603
|
# *Amazon S3 User Guide*.
|
17202
17604
|
#
|
@@ -17486,7 +17888,7 @@ module Aws::S3
|
|
17486
17888
|
# @!attribute [rw] checksum_crc32
|
17487
17889
|
# This header can be used as a data integrity check to verify that the
|
17488
17890
|
# data received is the same data that was originally sent. This
|
17489
|
-
# specifies the base64-encoded, 32-bit
|
17891
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object
|
17490
17892
|
# returned by the Object Lambda function. This may not match the
|
17491
17893
|
# checksum for the object stored in Amazon S3. Amazon S3 will perform
|
17492
17894
|
# validation of the checksum values only when the original `GetObject`
|
@@ -17507,7 +17909,7 @@ module Aws::S3
|
|
17507
17909
|
# @!attribute [rw] checksum_crc32c
|
17508
17910
|
# This header can be used as a data integrity check to verify that the
|
17509
17911
|
# data received is the same data that was originally sent. This
|
17510
|
-
# specifies the base64-encoded, 32-bit
|
17912
|
+
# specifies the base64-encoded, 32-bit CRC-32C checksum of the object
|
17511
17913
|
# returned by the Object Lambda function. This may not match the
|
17512
17914
|
# checksum for the object stored in Amazon S3. Amazon S3 will perform
|
17513
17915
|
# validation of the checksum values only when the original `GetObject`
|
@@ -17770,3 +18172,6 @@ module Aws::S3
|
|
17770
18172
|
|
17771
18173
|
end
|
17772
18174
|
end
|
18175
|
+
|
18176
|
+
require "aws-sdk-s3/customizations/types/list_object_versions_output"
|
18177
|
+
require "aws-sdk-s3/customizations/types/permanent_redirect"
|