aws-sdk-s3 1.188.0 → 1.205.0

data/lib/aws-sdk-s3/types.rb

@@ -10,6 +10,29 @@
 module Aws::S3
   module Types
 
+    # The ABAC status of the general purpose bucket. When ABAC is enabled
+    # for the general purpose bucket, you can use tags to manage access to
+    # the general purpose buckets as well as for cost tracking purposes.
+    # When ABAC is disabled for the general purpose buckets, you can only
+    # use tags for cost tracking purposes. For more information, see [Using
+    # tags with S3 general purpose buckets][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging.html
+    #
+    # @!attribute [rw] status
+    #   The ABAC status of the general purpose bucket.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbacStatus AWS API Documentation
+    #
+    class AbacStatus < Struct.new(
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the days since the initiation of an incomplete multipart
     # upload that Amazon S3 will wait before permanently removing all parts
     # of the upload. For more information, see [ Aborting Incomplete
@@ -355,6 +378,63 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # A bucket-level setting for Amazon S3 general purpose buckets used to
+    # prevent the upload of new objects encrypted with the specified
+    # server-side encryption type. For example, blocking an encryption type
+    # will block `PutObject`, `CopyObject`, `PostObject`, multipart upload,
+    # and replication requests to the bucket for objects with the specified
+    # encryption type. However, you can continue to read and list any
+    # pre-existing objects already encrypted with the specified encryption
+    # type. For more information, see [Blocking an encryption type for a
+    # general purpose bucket][1].
+    #
+    # This data type is used with the following actions:
+    #
+    # * [PutBucketEncryption][2]
+    #
+    # * [GetBucketEncryption][3]
+    #
+    # * [DeleteBucketEncryption][4]
+    #
+    # Permissions
+    #
+    # : You must have the `s3:PutEncryptionConfiguration` permission to
+    #   block or unblock an encryption type for a bucket.
+    #
+    #   You must have the `s3:GetEncryptionConfiguration` permission to view
+    #   a bucket's encryption type.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/userguide/block-encryption-type.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
+    #
+    # @!attribute [rw] encryption_type
+    #   The object encryption type that you want to block or unblock for an
+    #   Amazon S3 general purpose bucket.
+    #
+    #   <note markdown="1"> Currently, this parameter only supports blocking or unblocking
+    #   server side encryption with customer-provided keys (SSE-C). For more
+    #   information about SSE-C, see [Using server-side encryption with
+    #   customer-provided keys (SSE-C)][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/BlockedEncryptionTypes AWS API Documentation
+    #
+    class BlockedEncryptionTypes < Struct.new(
+      :encryption_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # In terms of implementation, a Bucket is a resource.
     #
     # @!attribute [rw] name
@@ -372,12 +452,28 @@ module Aws::S3
     #   parameter, it is included in the response.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_arn
+    #   The Amazon Resource Name (ARN) of the S3 bucket. ARNs uniquely
+    #   identify Amazon Web Services resources across all of Amazon Web
+    #   Services.
+    #
+    #   <note markdown="1"> This parameter is only supported for S3 directory buckets. For more
+    #   information, see [Using tags with directory buckets][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Bucket AWS API Documentation
     #
     class Bucket < Struct.new(
       :name,
       :creation_date,
-      :bucket_region)
+      :bucket_region,
+      :bucket_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -664,7 +760,7 @@ module Aws::S3
     #
     # @!attribute [rw] checksum_crc32
     #   The Base64 encoded, 32-bit `CRC32 checksum` of the object. This
-    #   checksum is only be present if the checksum was uploaded with the
+    #   checksum is only present if the checksum was uploaded with the
     #   object. When you use an API operation on an object that was uploaded
     #   using multipart uploads, this value may not be a direct checksum
     #   value of the full object. Instead, it's a calculation based on the
@@ -706,14 +802,15 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha1
-    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use the API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use the API operation on an object that was
+    #   uploaded using multipart uploads, this value may not be a direct
+    #   checksum value of the full object. Instead, it's a calculation
+    #   based on the checksum values of each individual part. For more
+    #   information about how checksums are calculated with multipart
+    #   uploads, see [ Checking object integrity][1] in the *Amazon S3 User
+    #   Guide*.
     #
     #
     #
@@ -721,14 +818,14 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha256
-    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use an API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use an API operation on an object that was uploaded
+    #   using multipart uploads, this value may not be a direct checksum
+    #   value of the full object. Instead, it's a calculation based on the
+    #   checksum values of each individual part. For more information about
+    #   how checksums are calculated with multipart uploads, see [ Checking
+    #   object integrity][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -858,7 +955,7 @@ module Aws::S3
     #
     # @!attribute [rw] checksum_crc32
     #   The Base64 encoded, 32-bit `CRC32 checksum` of the object. This
-    #   checksum is only be present if the checksum was uploaded with the
+    #   checksum is only present if the checksum was uploaded with the
     #   object. When you use an API operation on an object that was uploaded
     #   using multipart uploads, this value may not be a direct checksum
     #   value of the full object. Instead, it's a calculation based on the
@@ -900,14 +997,15 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha1
-    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use the API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use the API operation on an object that was
+    #   uploaded using multipart uploads, this value may not be a direct
+    #   checksum value of the full object. Instead, it's a calculation
+    #   based on the checksum values of each individual part. For more
+    #   information about how checksums are calculated with multipart
+    #   uploads, see [ Checking object integrity][1] in the *Amazon S3 User
+    #   Guide*.
     #
     #
     #
@@ -915,14 +1013,14 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha256
-    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use an API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use an API operation on an object that was uploaded
+    #   using multipart uploads, this value may not be a direct checksum
+    #   value of the full object. Instead, it's a calculation based on the
+    #   checksum values of each individual part. For more information about
+    #   how checksums are calculated with multipart uploads, see [ Checking
+    #   object integrity][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -945,7 +1043,13 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when storing this object
-    #   in Amazon S3 (for example, `AES256`, `aws:kms`).
+    #   in Amazon S3.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] version_id
@@ -1481,7 +1585,13 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when you store this object
-    #   in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
+    #   in Amazon S3 or Amazon FSx.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_algorithm
@@ -1887,6 +1997,40 @@ module Aws::S3
     #    </note>
     #   @return [String]
     #
+    # @!attribute [rw] if_match
+    #   Copies the object if the entity tag (ETag) of the destination object
+    #   matches the specified tag. If the ETag values do not match, the
+    #   operation returns a `412 Precondition Failed` error. If a concurrent
+    #   operation occurs during the upload S3 returns a `409
+    #   ConditionalRequestConflict` response. On a 409 failure you should
+    #   fetch the object's ETag and retry the upload.
+    #
+    #   Expects the ETag value as a string.
+    #
+    #   For more information about conditional requests, see [RFC 7232][1].
+    #
+    #
+    #
+    #   [1]: https://tools.ietf.org/html/rfc7232
+    #   @return [String]
+    #
+    # @!attribute [rw] if_none_match
+    #   Copies the object only if the object key name at the destination
+    #   does not already exist in the bucket specified. Otherwise, Amazon S3
+    #   returns a `412 Precondition Failed` error. If a concurrent operation
+    #   occurs during the upload S3 returns a `409
+    #   ConditionalRequestConflict` response. On a 409 failure you should
+    #   retry the upload.
+    #
+    #   Expects the '*' (asterisk) character.
+    #
+    #   For more information about conditional requests, see [RFC 7232][1].
+    #
+    #
+    #
+    #   [1]: https://tools.ietf.org/html/rfc7232
+    #   @return [String]
+    #
     # @!attribute [rw] key
     #   The key of the destination object.
     #   @return [String]
@@ -2038,6 +2182,14 @@ module Aws::S3
     #     key is the same customer managed key that you specified for the
     #     directory bucket's default encryption configuration.
     #
+    #   * <b>S3 access points for Amazon FSx </b> - When accessing data
+    #     stored in Amazon FSx file systems using S3 access points, the only
+    #     valid server side encryption option is `aws:fsx`. All Amazon FSx
+    #     file systems have encryption configured by default and are
+    #     encrypted at rest. Data is automatically encrypted before being
+    #     written to the file system, and automatically decrypted as it is
+    #     read. These processes are handled transparently by Amazon FSx.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
@@ -2405,6 +2557,8 @@ module Aws::S3
       :grant_read,
       :grant_read_acp,
       :grant_write_acp,
+      :if_match,
+      :if_none_match,
       :key,
       :metadata,
       :metadata_directive,
@@ -2466,9 +2620,9 @@ module Aws::S3
     #
     # @!attribute [rw] checksum_crc32c
     #   The Base64 encoded, 32-bit `CRC32C` checksum of the object. This
-    #   will only be present if the object was uploaded with the object. For
-    #   more information, see [ Checking object integrity][1] in the *Amazon
-    #   S3 User Guide*.
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. For more information, see [ Checking object integrity][1] in
+    #   the *Amazon S3 User Guide*.
     #
     #
     #
@@ -2489,10 +2643,10 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha1
-    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This will
-    #   only be present if the object was uploaded with the object. For more
-    #   information, see [ Checking object integrity][1] in the *Amazon S3
-    #   User Guide*.
+    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. For more information, see [ Checking object integrity][1] in
+    #   the *Amazon S3 User Guide*.
     #
     #
     #
@@ -2500,10 +2654,10 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha256
-    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This will
-    #   only be present if the object was uploaded with the object. For more
-    #   information, see [ Checking object integrity][1] in the *Amazon S3
-    #   User Guide*.
+    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. For more information, see [ Checking object integrity][1] in
+    #   the *Amazon S3 User Guide*.
     #
     #
     #
@@ -2661,19 +2815,72 @@ module Aws::S3
     #    </note>
     #   @return [Types::BucketInfo]
     #
+    # @!attribute [rw] tags
+    #   An array of tags that you can apply to the bucket that you're
+    #   creating. Tags are key-value pairs of metadata used to categorize
+    #   and organize your buckets, track costs, and control access.
+    #
+    #   <note markdown="1"> This parameter is only supported for S3 directory buckets. For more
+    #   information, see [Using tags with directory buckets][1].
+    #
+    #    You must have the `s3express:TagResource` permission to create a
+    #   directory bucket with tags.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucketConfiguration AWS API Documentation
     #
     class CreateBucketConfiguration < Struct.new(
       :location_constraint,
       :location,
-      :bucket)
+      :bucket,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] bucket
+    #   The general purpose bucket that you want to create the metadata
+    #   configuration for.
+    #   @return [String]
+    #
+    # @!attribute [rw] content_md5
+    #   The `Content-MD5` header for the metadata configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] checksum_algorithm
+    #   The checksum algorithm to use with your metadata configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] metadata_configuration
+    #   The contents of your metadata configuration.
+    #   @return [Types::MetadataConfiguration]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The expected owner of the general purpose bucket that corresponds to
+    #   your metadata configuration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucketMetadataConfigurationRequest AWS API Documentation
+    #
+    class CreateBucketMetadataConfigurationRequest < Struct.new(
+      :bucket,
+      :content_md5,
+      :checksum_algorithm,
+      :metadata_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] bucket
     #   The general purpose bucket that you want to create the metadata
-    #   table configuration in.
+    #   table configuration for.
     #   @return [String]
     #
     # @!attribute [rw] content_md5
@@ -2690,8 +2897,8 @@ module Aws::S3
     #   @return [Types::MetadataTableConfiguration]
     #
     # @!attribute [rw] expected_bucket_owner
-    #   The expected owner of the general purpose bucket that contains your
-    #   metadata table configuration.
+    #   The expected owner of the general purpose bucket that corresponds to
+    #   your metadata table configuration.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucketMetadataTableConfigurationRequest AWS API Documentation
@@ -2710,10 +2917,26 @@ module Aws::S3
     #   A forward slash followed by the name of the bucket.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_arn
+    #   The Amazon Resource Name (ARN) of the S3 bucket. ARNs uniquely
+    #   identify Amazon Web Services resources across all of Amazon Web
+    #   Services.
+    #
+    #   <note markdown="1"> This parameter is only supported for S3 directory buckets. For more
+    #   information, see [Using tags with directory buckets][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucketOutput AWS API Documentation
     #
     class CreateBucketOutput < Struct.new(
-      :location)
+      :location,
+      :bucket_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2912,7 +3135,13 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when you store this object
-    #   in Amazon S3 (for example, `AES256`, `aws:kms`).
+    #   in Amazon S3 or Amazon FSx.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_algorithm
@@ -3380,7 +3609,7 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when you store this object
-    #   in Amazon S3 (for example, `AES256`, `aws:kms`).
+    #   in Amazon S3 or Amazon FSx.
     #
     #   * <b>Directory buckets </b> - For directory buckets, there are only
     #     two supported options for server-side encryption: server-side
@@ -3423,6 +3652,14 @@ module Aws::S3
     #
     #      </note>
     #
+    #   * <b>S3 access points for Amazon FSx </b> - When accessing data
+    #     stored in Amazon FSx file systems using S3 access points, the only
+    #     valid server side encryption option is `aws:fsx`. All Amazon FSx
+    #     file systems have encryption configured by default and are
+    #     encrypted at rest. Data is automatically encrypted before being
+    #     written to the file system, and automatically decrypted as it is
+    #     read. These processes are handled transparently by Amazon FSx.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
@@ -3689,6 +3926,12 @@ module Aws::S3
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when you store objects in
     #   the directory bucket.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] ssekms_key_id
@@ -3753,6 +3996,14 @@ module Aws::S3
     #   SSE-S3. For more information, see [Protecting data with server-side
     #   encryption][1] in the *Amazon S3 User Guide*.
     #
+    #   <b>S3 access points for Amazon FSx </b> - When accessing data stored
+    #   in Amazon FSx file systems using S3 access points, the only valid
+    #   server side encryption option is `aws:fsx`. All Amazon FSx file
+    #   systems have encryption configured by default and are encrypted at
+    #   rest. Data is automatically encrypted before being written to the
+    #   file system, and automatically decrypted as it is read. These
+    #   processes are handled transparently by Amazon FSx.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
@@ -4000,11 +4251,19 @@ module Aws::S3
     #   The ID used to identify the S3 Intelligent-Tiering configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account ID of the expected bucket owner. If the account ID that
+    #   you provide does not match the actual owner of the bucket, the
+    #   request fails with the HTTP status code `403 Forbidden` (access
+    #   denied).
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketIntelligentTieringConfigurationRequest AWS API Documentation
     #
     class DeleteBucketIntelligentTieringConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4060,6 +4319,25 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] bucket
+    #   The general purpose bucket that you want to remove the metadata
+    #   configuration from.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The expected bucket owner of the general purpose bucket that you
+    #   want to remove the metadata table configuration from.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetadataConfigurationRequest AWS API Documentation
+    #
+    class DeleteBucketMetadataConfigurationRequest < Struct.new(
+      :bucket,
+      :expected_bucket_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] bucket
     #   The general purpose bucket that you want to remove the metadata
     #   table configuration from.
@@ -4502,17 +4780,16 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] if_match
-    #   The `If-Match` header field makes the request method conditional on
-    #   ETags. If the ETag value does not match, the operation returns a
-    #   `412 Precondition Failed` error. If the ETag matches or if the
-    #   object doesn't exist, the operation will return a `204 Success (No
-    #   Content) response`.
+    #   Deletes the object if the ETag (entity tag) value provided during
+    #   the delete operation matches the ETag of the object in S3. If the
+    #   ETag values do not match, the operation returns a `412 Precondition
+    #   Failed` error.
     #
-    #   For more information about conditional requests, see [RFC 7232][1].
+    #   Expects the ETag value as a string. `If-Match` does accept a string
+    #   value of an '*' (asterisk) character to denote a match of any
+    #   ETag.
     #
-    #   <note markdown="1"> This functionality is only supported for directory buckets.
-    #
-    #    </note>
+    #   For more information about conditional requests, see [RFC 7232][1].
     #
     #
     #
@@ -4938,6 +5215,8 @@ module Aws::S3
     #   For valid values, see the `StorageClass` element of the [PUT Bucket
     #   replication][1] action in the *Amazon S3 API Reference*.
     #
+    #   `FSX_OPENZFS` is not an accepted value when replicating objects.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html
@@ -4984,6 +5263,37 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # The destination information for the S3 Metadata configuration.
+    #
+    # @!attribute [rw] table_bucket_type
+    #   The type of the table bucket where the metadata configuration is
+    #   stored. The `aws` value indicates an Amazon Web Services managed
+    #   table bucket, and the `customer` value indicates a customer-managed
+    #   table bucket. V2 metadata configurations are stored in Amazon Web
+    #   Services managed table buckets, and V1 metadata configurations are
+    #   stored in customer-managed table buckets.
+    #   @return [String]
+    #
+    # @!attribute [rw] table_bucket_arn
+    #   The Amazon Resource Name (ARN) of the table bucket where the
+    #   metadata configuration is stored.
+    #   @return [String]
+    #
+    # @!attribute [rw] table_namespace
+    #   The namespace in the table bucket where the metadata tables for a
+    #   metadata configuration are stored.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DestinationResult AWS API Documentation
+    #
+    class DestinationResult < Struct.new(
+      :table_bucket_type,
+      :table_bucket_arn,
+      :table_namespace)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains the type of server-side encryption used.
     #
     # @!attribute [rw] encryption_type
@@ -5825,12 +6135,24 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # If the `CreateBucketMetadataTableConfiguration` request succeeds, but
-    # S3 Metadata was unable to create the table, this structure contains
-    # the error code and error message.
+    # If an S3 Metadata V1 `CreateBucketMetadataTableConfiguration` or V2
+    # `CreateBucketMetadataConfiguration` request succeeds, but S3 Metadata
+    # was unable to create the table, this structure contains the error code
+    # and error message.
+    #
+    # <note markdown="1"> If you created your S3 Metadata configuration before July 15, 2025, we
+    # recommend that you delete and re-create your configuration by using
+    # [CreateBucketMetadataConfiguration][1] so that you can expire journal
+    # table records and create a live inventory table.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html
     #
     # @!attribute [rw] error_code
-    #   If the `CreateBucketMetadataTableConfiguration` request succeeds,
+    #   If the V1 `CreateBucketMetadataTableConfiguration` request succeeds,
     #   but S3 Metadata was unable to create the table, this structure
     #   contains the error code. The possible error codes and error messages
     #   are as follows:
@@ -5869,10 +6191,65 @@ module Aws::S3
     #     Create or choose a different table bucket. To create a new
     #     metadata table, you must delete the metadata configuration for
     #     this bucket, and then create a new metadata configuration.
+    #
+    #   If the V2 `CreateBucketMetadataConfiguration` request succeeds, but
+    #   S3 Metadata was unable to create the table, this structure contains
+    #   the error code. The possible error codes and error messages are as
+    #   follows:
+    #
+    #   * `AccessDeniedCreatingResources` - You don't have sufficient
+    #     permissions to create the required resources. Make sure that you
+    #     have `s3tables:CreateTableBucket`, `s3tables:CreateNamespace`,
+    #     `s3tables:CreateTable`, `s3tables:GetTable`,
+    #     `s3tables:PutTablePolicy`, `kms:DescribeKey`, and
+    #     `s3tables:PutTableEncryption` permissions. Additionally, ensure
+    #     that the KMS key used to encrypt the table still exists, is active
+    #     and has a resource policy granting access to the S3 service
+    #     principals '`maintenance.s3tables.amazonaws.com`' and
+    #     '`metadata.s3.amazonaws.com`'. To create a new metadata table,
+    #     you must delete the metadata configuration for this bucket, and
+    #     then create a new metadata configuration.
+    #
+    #   * `AccessDeniedWritingToTable` - Unable to write to the metadata
+    #     table because of missing resource permissions. To fix the resource
+    #     policy, Amazon S3 needs to create a new metadata table. To create
+    #     a new metadata table, you must delete the metadata configuration
+    #     for this bucket, and then create a new metadata configuration.
+    #
+    #   * `DestinationTableNotFound` - The destination table doesn't exist.
+    #     To create a new metadata table, you must delete the metadata
+    #     configuration for this bucket, and then create a new metadata
+    #     configuration.
+    #
+    #   * `ServerInternalError` - An internal error has occurred. To create
+    #     a new metadata table, you must delete the metadata configuration
+    #     for this bucket, and then create a new metadata configuration.
+    #
+    #   * `JournalTableAlreadyExists` - A journal table already exists in
+    #     the Amazon Web Services managed table bucket's namespace. Delete
+    #     the journal table, and then try again. To create a new metadata
+    #     table, you must delete the metadata configuration for this bucket,
+    #     and then create a new metadata configuration.
+    #
+    #   * `InventoryTableAlreadyExists` - An inventory table already exists
+    #     in the Amazon Web Services managed table bucket's namespace.
+    #     Delete the inventory table, and then try again. To create a new
+    #     metadata table, you must delete the metadata configuration for
+    #     this bucket, and then create a new metadata configuration.
+    #
+    #   * `JournalTableNotAvailable` - The journal table that the inventory
+    #     table relies on has a `FAILED` status. An inventory table requires
+    #     a journal table with an `ACTIVE` status. To create a new journal
+    #     or inventory table, you must delete the metadata configuration for
+    #     this bucket, along with any journal or inventory tables, and then
+    #     create a new metadata configuration.
+    #
+    #   * `NoSuchBucket` - The specified general purpose bucket does not
+    #     exist.
     #   @return [String]
     #
     # @!attribute [rw] error_message
-    #   If the `CreateBucketMetadataTableConfiguration` request succeeds,
+    #   If the V1 `CreateBucketMetadataTableConfiguration` request succeeds,
     #   but S3 Metadata was unable to create the table, this structure
     #   contains the error message. The possible error codes and error
     #   messages are as follows:
@@ -5911,6 +6288,61 @@ module Aws::S3
     #     Create or choose a different table bucket. To create a new
     #     metadata table, you must delete the metadata configuration for
     #     this bucket, and then create a new metadata configuration.
+    #
+    #   If the V2 `CreateBucketMetadataConfiguration` request succeeds, but
+    #   S3 Metadata was unable to create the table, this structure contains
+    #   the error code. The possible error codes and error messages are as
+    #   follows:
+    #
+    #   * `AccessDeniedCreatingResources` - You don't have sufficient
+    #     permissions to create the required resources. Make sure that you
+    #     have `s3tables:CreateTableBucket`, `s3tables:CreateNamespace`,
+    #     `s3tables:CreateTable`, `s3tables:GetTable`,
+    #     `s3tables:PutTablePolicy`, `kms:DescribeKey`, and
+    #     `s3tables:PutTableEncryption` permissions. Additionally, ensure
+    #     that the KMS key used to encrypt the table still exists, is active
+    #     and has a resource policy granting access to the S3 service
+    #     principals '`maintenance.s3tables.amazonaws.com`' and
+    #     '`metadata.s3.amazonaws.com`'. To create a new metadata table,
+    #     you must delete the metadata configuration for this bucket, and
+    #     then create a new metadata configuration.
+    #
+    #   * `AccessDeniedWritingToTable` - Unable to write to the metadata
+    #     table because of missing resource permissions. To fix the resource
+    #     policy, Amazon S3 needs to create a new metadata table. To create
+    #     a new metadata table, you must delete the metadata configuration
+    #     for this bucket, and then create a new metadata configuration.
+    #
+    #   * `DestinationTableNotFound` - The destination table doesn't exist.
+    #     To create a new metadata table, you must delete the metadata
+    #     configuration for this bucket, and then create a new metadata
+    #     configuration.
+    #
+    #   * `ServerInternalError` - An internal error has occurred. To create
+    #     a new metadata table, you must delete the metadata configuration
+    #     for this bucket, and then create a new metadata configuration.
+    #
+    #   * `JournalTableAlreadyExists` - A journal table already exists in
+    #     the Amazon Web Services managed table bucket's namespace. Delete
+    #     the journal table, and then try again. To create a new metadata
+    #     table, you must delete the metadata configuration for this bucket,
+    #     and then create a new metadata configuration.
+    #
+    #   * `InventoryTableAlreadyExists` - An inventory table already exists
+    #     in the Amazon Web Services managed table bucket's namespace.
+    #     Delete the inventory table, and then try again. To create a new
+    #     metadata table, you must delete the metadata configuration for
+    #     this bucket, and then create a new metadata configuration.
+    #
+    #   * `JournalTableNotAvailable` - The journal table that the inventory
+    #     table relies on has a `FAILED` status. An inventory table requires
+    #     a journal table with an `ACTIVE` status. To create a new journal
+    #     or inventory table, you must delete the metadata configuration for
+    #     this bucket, along with any journal or inventory tables, and then
+    #     create a new metadata configuration.
+    #
+    #   * `NoSuchBucket` - The specified general purpose bucket does not
+    #     exist.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ErrorDetails AWS API Documentation
@@ -6004,11 +6436,41 @@ module Aws::S3
     #   The value that the filter searches for in object key names.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/FilterRule AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/FilterRule AWS API Documentation
+    #
+    class FilterRule < Struct.new(
+      :name,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] abac_status
+    #   The ABAC status of the general purpose bucket.
+    #   @return [Types::AbacStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAbacOutput AWS API Documentation
+    #
+    class GetBucketAbacOutput < Struct.new(
+      :abac_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] bucket
+    #   The name of the general purpose bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The Amazon Web Services account ID of the general purpose bucket's
+    #   owner.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAbacRequest AWS API Documentation
     #
-    class FilterRule < Struct.new(
-      :name,
-      :value)
+    class GetBucketAbacRequest < Struct.new(
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6292,11 +6754,19 @@ module Aws::S3
     #   The ID used to identify the S3 Intelligent-Tiering configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account ID of the expected bucket owner. If the account ID that
+    #   you provide does not match the actual owner of the bucket, the
+    #   request fails with the HTTP status code `403 Forbidden` (access
+    #   denied).
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketIntelligentTieringConfigurationRequest AWS API Documentation
     #
     class GetBucketIntelligentTieringConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6525,6 +6995,51 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] get_bucket_metadata_configuration_result
+    #   The metadata configuration for the general purpose bucket.
+    #   @return [Types::GetBucketMetadataConfigurationResult]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetadataConfigurationOutput AWS API Documentation
+    #
+    class GetBucketMetadataConfigurationOutput < Struct.new(
+      :get_bucket_metadata_configuration_result)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] bucket
+    #   The general purpose bucket that corresponds to the metadata
+    #   configuration that you want to retrieve.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The expected owner of the general purpose bucket that you want to
+    #   retrieve the metadata table configuration for.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetadataConfigurationRequest AWS API Documentation
+    #
+    class GetBucketMetadataConfigurationRequest < Struct.new(
+      :bucket,
+      :expected_bucket_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The S3 Metadata configuration for a general purpose bucket.
+    #
+    # @!attribute [rw] metadata_configuration_result
+    #   The metadata configuration for a general purpose bucket.
+    #   @return [Types::MetadataConfigurationResult]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetadataConfigurationResult AWS API Documentation
+    #
+    class GetBucketMetadataConfigurationResult < Struct.new(
+      :metadata_configuration_result)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] get_bucket_metadata_table_configuration_result
     #   The metadata table configuration for the general purpose bucket.
     #   @return [Types::GetBucketMetadataTableConfigurationResult]
@@ -6538,13 +7053,13 @@ module Aws::S3
     end
 
     # @!attribute [rw] bucket
-    #   The general purpose bucket that contains the metadata table
+    #   The general purpose bucket that corresponds to the metadata table
     #   configuration that you want to retrieve.
     #   @return [String]
     #
     # @!attribute [rw] expected_bucket_owner
     #   The expected owner of the general purpose bucket that you want to
-    #   retrieve the metadata table configuration from.
+    #   retrieve the metadata table configuration for.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetadataTableConfigurationRequest AWS API Documentation
@@ -6556,10 +7071,21 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # The metadata table configuration for a general purpose bucket.
+    # The V1 S3 Metadata configuration for a general purpose bucket.
+    #
+    # <note markdown="1"> If you created your S3 Metadata configuration before July 15, 2025, we
+    # recommend that you delete and re-create your configuration by using
+    # [CreateBucketMetadataConfiguration][1] so that you can expire journal
+    # table records and create a live inventory table.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html
     #
     # @!attribute [rw] metadata_table_configuration_result
-    #   The metadata table configuration for a general purpose bucket.
+    #   The V1 S3 Metadata configuration for a general purpose bucket.
     #   @return [Types::MetadataTableConfigurationResult]
     #
     # @!attribute [rw] status
@@ -6568,7 +7094,7 @@ module Aws::S3
     #   * `CREATING` - The metadata table is in the process of being created
     #     in the specified table bucket.
     #
-    #   * `ACTIVE` - The metadata table has been created successfully and
+    #   * `ACTIVE` - The metadata table has been created successfully, and
     #     records are being delivered to the table.
     #
     #   * `FAILED` - Amazon S3 is unable to create the metadata table, or
@@ -7222,15 +7748,15 @@ module Aws::S3
     #   A container for elements related to a particular part. A response
     #   can contain zero or more `Parts` elements.
     #
-    #   <note markdown="1"> * **General purpose buckets** - For `GetObjectAttributes`, if a
+    #   <note markdown="1"> * **General purpose buckets** - For `GetObjectAttributes`, if an
     #     additional checksum (including `x-amz-checksum-crc32`,
     #     `x-amz-checksum-crc32c`, `x-amz-checksum-sha1`, or
     #     `x-amz-checksum-sha256`) isn't applied to the object specified in
-    #     the request, the response doesn't return `Part`.
+    #     the request, the response doesn't return the `Part` element.
     #
-    #   * **Directory buckets** - For `GetObjectAttributes`, no matter
-    #     whether a additional checksum is applied to the object specified
-    #     in the request, the response returns `Part`.
+    #   * **Directory buckets** - For `GetObjectAttributes`, regardless of
+    #     whether an additional checksum is applied to the object specified
+    #     in the request, the response returns the `Part` element.
     #
     #    </note>
     #   @return [Array<Types::ObjectPart>]
@@ -7627,9 +8153,9 @@ module Aws::S3
     #
     # @!attribute [rw] checksum_crc32c
     #   The Base64 encoded, 32-bit `CRC32C` checksum of the object. This
-    #   will only be present if the object was uploaded with the object. For
-    #   more information, see [ Checking object integrity][1] in the *Amazon
-    #   S3 User Guide*.
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. For more information, see [ Checking object integrity][1] in
+    #   the *Amazon S3 User Guide*.
     #
     #
     #
@@ -7647,10 +8173,10 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha1
-    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This will
-    #   only be present if the object was uploaded with the object. For more
-    #   information, see [ Checking object integrity][1] in the *Amazon S3
-    #   User Guide*.
+    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. For more information, see [ Checking object integrity][1] in
+    #   the *Amazon S3 User Guide*.
     #
     #
     #
@@ -7658,10 +8184,10 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha256
-    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This will
-    #   only be present if the object was uploaded with the object. For more
-    #   information, see [ Checking object integrity][1] in the *Amazon S3
-    #   User Guide*.
+    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. For more information, see [ Checking object integrity][1] in
+    #   the *Amazon S3 User Guide*.
     #
     #
     #
@@ -7747,7 +8273,13 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when you store this object
-    #   in Amazon S3.
+    #   in Amazon S3 or Amazon FSx.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] metadata
@@ -8583,6 +9115,19 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # End of support notice: Beginning November 21, 2025, Amazon S3 will
+    # stop returning `DisplayName`. Update your applications to use
+    # canonical IDs (unique identifier for Amazon Web Services accounts),
+    # Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full
+    # resource naming) as a direct replacement of `DisplayName`.
+    #
+    #  This change affects the following Amazon Web Services Regions: US
+    # East
+    # (N. Virginia) Region, US West (N. California) Region, US West (Oregon)
+    # Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region,
+    # Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South
+    # America (São Paulo) Region.
+    #
     # Container for the person being granted permissions.
     #
     # @!attribute [rw] display_name
@@ -8646,6 +9191,21 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] bucket_arn
+    #   The Amazon Resource Name (ARN) of the S3 bucket. ARNs uniquely
+    #   identify Amazon Web Services resources across all of Amazon Web
+    #   Services.
+    #
+    #   <note markdown="1"> This parameter is only supported for S3 directory buckets. For more
+    #   information, see [Using tags with directory buckets][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html
+    #   @return [String]
+    #
     # @!attribute [rw] bucket_location_type
     #   The type of location where the bucket is created.
     #
@@ -8682,6 +9242,7 @@ module Aws::S3
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucketOutput AWS API Documentation
     #
     class HeadBucketOutput < Struct.new(
+      :bucket_arn,
       :bucket_location_type,
       :bucket_location_name,
       :bucket_region,
@@ -8842,7 +9403,7 @@ module Aws::S3
     #
     # @!attribute [rw] checksum_crc32
     #   The Base64 encoded, 32-bit `CRC32 checksum` of the object. This
-    #   checksum is only be present if the checksum was uploaded with the
+    #   checksum is only present if the checksum was uploaded with the
     #   object. When you use an API operation on an object that was uploaded
     #   using multipart uploads, this value may not be a direct checksum
     #   value of the full object. Instead, it's a calculation based on the
@@ -8881,14 +9442,15 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha1
-    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use the API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use the API operation on an object that was
+    #   uploaded using multipart uploads, this value may not be a direct
+    #   checksum value of the full object. Instead, it's a calculation
+    #   based on the checksum values of each individual part. For more
+    #   information about how checksums are calculated with multipart
+    #   uploads, see [ Checking object integrity][1] in the *Amazon S3 User
+    #   Guide*.
     #
     #
     #
@@ -8896,14 +9458,14 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha256
-    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use an API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use an API operation on an object that was uploaded
+    #   using multipart uploads, this value may not be a direct checksum
+    #   value of the full object. Instead, it's a calculation based on the
+    #   checksum values of each individual part. For more information about
+    #   how checksums are calculated with multipart uploads, see [ Checking
+    #   object integrity][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -8995,7 +9557,13 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when you store this object
-    #   in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
+    #   in Amazon S3 or Amazon FSx.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] metadata
@@ -9121,6 +9689,22 @@ module Aws::S3
     #   as a multipart upload.
     #   @return [Integer]
     #
+    # @!attribute [rw] tag_count
+    #   The number of tags, if any, on the object, when you have the
+    #   relevant permission to read object tags.
+    #
+    #   You can use [GetObjectTagging][1] to retrieve the tag set associated
+    #   with an object.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html
+    #   @return [Integer]
+    #
     # @!attribute [rw] object_lock_mode
     #   The Object Lock mode, if any, that's in effect for this object.
     #   This header is only returned if the requester has the
@@ -9201,6 +9785,7 @@ module Aws::S3
       :request_charged,
       :replication_status,
       :parts_count,
+      :tag_count,
       :object_lock_mode,
       :object_lock_retain_until_date,
       :object_lock_legal_hold_status)
@@ -9489,6 +10074,27 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # Parameters on this idempotent request are inconsistent with parameters
+    # used in previous request(s).
+    #
+    # For a list of error codes and more information on Amazon S3 errors,
+    # see [Error codes][1].
+    #
+    # <note markdown="1"> Idempotency ensures that an API request completes no more than one
+    # time. With an idempotent request, if the original request completes
+    # successfully, any subsequent retries complete successfully without
+    # performing any further actions.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/IdempotencyParameterMismatch AWS API Documentation
+    #
+    class IdempotencyParameterMismatch < Aws::EmptyStructure; end
+
     # Container for the `Suffix` element.
     #
     # @!attribute [rw] suffix
@@ -9729,7 +10335,7 @@ module Aws::S3
     #
     class InvalidWriteOffset < Aws::EmptyStructure; end
 
-    # Specifies the inventory configuration for an Amazon S3 bucket. For
+    # Specifies the S3 Inventory configuration for an Amazon S3 bucket. For
     # more information, see [GET Bucket inventory][1] in the *Amazon S3 API
     # Reference*.
     #
@@ -9787,7 +10393,7 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # Specifies the inventory configuration for an Amazon S3 bucket.
+    # Specifies the S3 Inventory configuration for an Amazon S3 bucket.
     #
     # @!attribute [rw] s3_bucket_destination
     #   Contains the bucket name, file format, bucket owner (optional), and
@@ -9802,8 +10408,8 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # Contains the type of server-side encryption used to encrypt the
-    # inventory results.
+    # Contains the type of server-side encryption used to encrypt the S3
+    # Inventory results.
     #
     # @!attribute [rw] sses3
     #   Specifies the use of SSE-S3 to encrypt delivered inventory reports.
@@ -9822,7 +10428,7 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # Specifies an inventory filter. The inventory only includes objects
+    # Specifies an S3 Inventory filter. The inventory only includes objects
     # that meet the filter's criteria.
     #
     # @!attribute [rw] prefix
@@ -9839,7 +10445,7 @@ module Aws::S3
     end
 
     # Contains the bucket name, file format, bucket owner (optional), and
-    # prefix (optional) where inventory results are published.
+    # prefix (optional) where S3 Inventory results are published.
     #
     # @!attribute [rw] account_id
     #   The account ID that owns the destination S3 bucket. If no account ID
@@ -9882,7 +10488,7 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # Specifies the schedule for generating inventory results.
+    # Specifies the schedule for generating S3 Inventory results.
     #
     # @!attribute [rw] frequency
     #   Specifies how frequently inventory results are produced.
@@ -9896,6 +10502,117 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # The inventory table configuration for an S3 Metadata configuration.
+    #
+    # @!attribute [rw] configuration_state
+    #   The configuration state of the inventory table, indicating whether
+    #   the inventory table is enabled or disabled.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_configuration
+    #   The encryption configuration for the inventory table.
+    #   @return [Types::MetadataTableEncryptionConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InventoryTableConfiguration AWS API Documentation
+    #
+    class InventoryTableConfiguration < Struct.new(
+      :configuration_state,
+      :encryption_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The inventory table configuration for an S3 Metadata configuration.
+    #
+    # @!attribute [rw] configuration_state
+    #   The configuration state of the inventory table, indicating whether
+    #   the inventory table is enabled or disabled.
+    #   @return [String]
+    #
+    # @!attribute [rw] table_status
+    #   The status of the inventory table. The status values are:
+    #
+    #   * `CREATING` - The inventory table is in the process of being
+    #     created in the specified Amazon Web Services managed table bucket.
+    #
+    #   * `BACKFILLING` - The inventory table is in the process of being
+    #     backfilled. When you enable the inventory table for your metadata
+    #     configuration, the table goes through a process known as
+    #     backfilling, during which Amazon S3 scans your general purpose
+    #     bucket to retrieve the initial metadata for all objects in the
+    #     bucket. Depending on the number of objects in your bucket, this
+    #     process can take several hours. When the backfilling process is
+    #     finished, the status of your inventory table changes from
+    #     `BACKFILLING` to `ACTIVE`. After backfilling is completed, updates
+    #     to your objects are reflected in the inventory table within one
+    #     hour.
+    #
+    #   * `ACTIVE` - The inventory table has been created successfully, and
+    #     records are being delivered to the table.
+    #
+    #   * `FAILED` - Amazon S3 is unable to create the inventory table, or
+    #     Amazon S3 is unable to deliver records.
+    #   @return [String]
+    #
+    # @!attribute [rw] error
+    #   If an S3 Metadata V1 `CreateBucketMetadataTableConfiguration` or V2
+    #   `CreateBucketMetadataConfiguration` request succeeds, but S3
+    #   Metadata was unable to create the table, this structure contains the
+    #   error code and error message.
+    #
+    #   <note markdown="1"> If you created your S3 Metadata configuration before July 15, 2025,
+    #   we recommend that you delete and re-create your configuration by
+    #   using [CreateBucketMetadataConfiguration][1] so that you can expire
+    #   journal table records and create a live inventory table.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html
+    #   @return [Types::ErrorDetails]
+    #
+    # @!attribute [rw] table_name
+    #   The name of the inventory table.
+    #   @return [String]
+    #
+    # @!attribute [rw] table_arn
+    #   The Amazon Resource Name (ARN) for the inventory table.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InventoryTableConfigurationResult AWS API Documentation
+    #
+    class InventoryTableConfigurationResult < Struct.new(
+      :configuration_state,
+      :table_status,
+      :error,
+      :table_name,
+      :table_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The specified updates to the S3 Metadata inventory table
+    # configuration.
+    #
+    # @!attribute [rw] configuration_state
+    #   The configuration state of the inventory table, indicating whether
+    #   the inventory table is enabled or disabled.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_configuration
+    #   The encryption configuration for the inventory table.
+    #   @return [Types::MetadataTableEncryptionConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InventoryTableConfigurationUpdates AWS API Documentation
+    #
+    class InventoryTableConfigurationUpdates < Struct.new(
+      :configuration_state,
+      :encryption_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies JSON as object's input serialization format.
     #
     # @!attribute [rw] type
@@ -9925,6 +10642,96 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # The journal table configuration for an S3 Metadata configuration.
+    #
+    # @!attribute [rw] record_expiration
+    #   The journal table record expiration settings for the journal table.
+    #   @return [Types::RecordExpiration]
+    #
+    # @!attribute [rw] encryption_configuration
+    #   The encryption configuration for the journal table.
+    #   @return [Types::MetadataTableEncryptionConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/JournalTableConfiguration AWS API Documentation
+    #
+    class JournalTableConfiguration < Struct.new(
+      :record_expiration,
+      :encryption_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The journal table configuration for the S3 Metadata configuration.
+    #
+    # @!attribute [rw] table_status
+    #   The status of the journal table. The status values are:
+    #
+    #   * `CREATING` - The journal table is in the process of being created
+    #     in the specified table bucket.
+    #
+    #   * `ACTIVE` - The journal table has been created successfully, and
+    #     records are being delivered to the table.
+    #
+    #   * `FAILED` - Amazon S3 is unable to create the journal table, or
+    #     Amazon S3 is unable to deliver records.
+    #   @return [String]
+    #
+    # @!attribute [rw] error
+    #   If an S3 Metadata V1 `CreateBucketMetadataTableConfiguration` or V2
+    #   `CreateBucketMetadataConfiguration` request succeeds, but S3
+    #   Metadata was unable to create the table, this structure contains the
+    #   error code and error message.
+    #
+    #   <note markdown="1"> If you created your S3 Metadata configuration before July 15, 2025,
+    #   we recommend that you delete and re-create your configuration by
+    #   using [CreateBucketMetadataConfiguration][1] so that you can expire
+    #   journal table records and create a live inventory table.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html
+    #   @return [Types::ErrorDetails]
+    #
+    # @!attribute [rw] table_name
+    #   The name of the journal table.
+    #   @return [String]
+    #
+    # @!attribute [rw] table_arn
+    #   The Amazon Resource Name (ARN) for the journal table.
+    #   @return [String]
+    #
+    # @!attribute [rw] record_expiration
+    #   The journal table record expiration settings for the journal table.
+    #   @return [Types::RecordExpiration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/JournalTableConfigurationResult AWS API Documentation
+    #
+    class JournalTableConfigurationResult < Struct.new(
+      :table_status,
+      :error,
+      :table_name,
+      :table_arn,
+      :record_expiration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The specified updates to the S3 Metadata journal table configuration.
+    #
+    # @!attribute [rw] record_expiration
+    #   The journal table record expiration settings for the journal table.
+    #   @return [Types::RecordExpiration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/JournalTableConfigurationUpdates AWS API Documentation
+    #
+    class JournalTableConfigurationUpdates < Struct.new(
+      :record_expiration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A container for specifying the configuration for Lambda notifications.
     #
     # @!attribute [rw] id
@@ -10057,8 +10864,10 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] prefix
-    #   Prefix identifying one or more objects to which the rule applies.
-    #   This is no longer used; use `Filter` instead.
+    #   The general purpose bucket prefix that identifies one or more
+    #   objects to which the rule applies. We recommend using `Filter`
+    #   instead of `Prefix` for new PUTs. Previous configurations where a
+    #   prefix is defined will continue to operate as before.
     #
     #   Replacement must be made for object keys containing special
     #   characters (such as carriage returns) when using XML requests. For
@@ -10076,9 +10885,16 @@ module Aws::S3
     #   `Filter` is required if the `LifecycleRule` does not contain a
     #   `Prefix` element.
     #
+    #   For more information about `Tag` filters, see [Adding filters to
+    #   Lifecycle rules][1] in the *Amazon S3 User Guide*.
+    #
     #   <note markdown="1"> `Tag` filters are not supported for directory buckets.
     #
     #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-filters.html
     #   @return [Types::LifecycleRuleFilter]
     #
     # @!attribute [rw] status
@@ -10344,11 +11160,19 @@ module Aws::S3
     #   this request should begin.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account ID of the expected bucket owner. If the account ID that
+    #   you provide does not match the actual owner of the bucket, the
+    #   request fails with the HTTP status code `403 Forbidden` (access
+    #   denied).
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketIntelligentTieringConfigurationsRequest AWS API Documentation
     #
     class ListBucketIntelligentTieringConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10809,6 +11633,9 @@ module Aws::S3
     #   `CommonPrefixes` result element are not returned elsewhere in the
     #   response.
     #
+    #   `CommonPrefixes` is filtered out from results if it is not
+    #   lexicographically greater than the key-marker.
+    #
     #   <note markdown="1"> **Directory buckets** - For directory buckets, `/` is the only
     #   supported delimiter.
     #
@@ -11068,6 +11895,9 @@ module Aws::S3
     #   element in `CommonPrefixes`. These groups are counted as one result
     #   against the `max-keys` limitation. These keys are not returned
     #   elsewhere in the response.
+    #
+    #   `CommonPrefixes` is filtered out from results if it is not
+    #   lexicographically greater than the key-marker.
     #   @return [String]
     #
     # @!attribute [rw] encoding_type
@@ -11341,6 +12171,9 @@ module Aws::S3
     #
     # @!attribute [rw] delimiter
     #   A delimiter is a character that you use to group keys.
+    #
+    #   `CommonPrefixes` is filtered out from results if it is not
+    #   lexicographically greater than the key-marker.
     #   @return [String]
     #
     # @!attribute [rw] encoding_type
@@ -11517,8 +12350,7 @@ module Aws::S3
     # @!attribute [rw] continuation_token
     #   If `ContinuationToken` was sent with the request, it is included in
     #   the response. You can use the returned `ContinuationToken` for
-    #   pagination of the list response. You can use this
-    #   `ContinuationToken` for pagination of the list results.
+    #   pagination of the list response.
     #   @return [String]
     #
     # @!attribute [rw] next_continuation_token
@@ -11621,6 +12453,9 @@ module Aws::S3
     # @!attribute [rw] delimiter
     #   A delimiter is a character that you use to group keys.
     #
+    #   `CommonPrefixes` is filtered out from results if it is not
+    #   lexicographically greater than the `StartAfter` value.
+    #
     #   <note markdown="1"> * **Directory buckets** - For directory buckets, `/` is the only
     #     supported delimiter.
     #
@@ -12145,6 +12980,49 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # The S3 Metadata configuration for a general purpose bucket.
+    #
+    # @!attribute [rw] journal_table_configuration
+    #   The journal table configuration for a metadata configuration.
+    #   @return [Types::JournalTableConfiguration]
+    #
+    # @!attribute [rw] inventory_table_configuration
+    #   The inventory table configuration for a metadata configuration.
+    #   @return [Types::InventoryTableConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/MetadataConfiguration AWS API Documentation
+    #
+    class MetadataConfiguration < Struct.new(
+      :journal_table_configuration,
+      :inventory_table_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The S3 Metadata configuration for a general purpose bucket.
+    #
+    # @!attribute [rw] destination_result
+    #   The destination settings for a metadata configuration.
+    #   @return [Types::DestinationResult]
+    #
+    # @!attribute [rw] journal_table_configuration_result
+    #   The journal table configuration for a metadata configuration.
+    #   @return [Types::JournalTableConfigurationResult]
+    #
+    # @!attribute [rw] inventory_table_configuration_result
+    #   The inventory table configuration for a metadata configuration.
+    #   @return [Types::InventoryTableConfigurationResult]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/MetadataConfigurationResult AWS API Documentation
+    #
+    class MetadataConfigurationResult < Struct.new(
+      :destination_result,
+      :journal_table_configuration_result,
+      :inventory_table_configuration_result)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A metadata key-value pair to store with an object.
     #
     # @!attribute [rw] name
@@ -12164,7 +13042,18 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # The metadata table configuration for a general purpose bucket.
+    # The V1 S3 Metadata configuration for a general purpose bucket.
+    #
+    # <note markdown="1"> If you created your S3 Metadata configuration before July 15, 2025, we
+    # recommend that you delete and re-create your configuration by using
+    # [CreateBucketMetadataConfiguration][1] so that you can expire journal
+    # table records and create a live inventory table.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html
     #
     # @!attribute [rw] s3_tables_destination
     #   The destination information for the metadata table configuration.
@@ -12182,12 +13071,23 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # The metadata table configuration for a general purpose bucket. The
+    # The V1 S3 Metadata configuration for a general purpose bucket. The
     # destination table bucket must be in the same Region and Amazon Web
     # Services account as the general purpose bucket. The specified metadata
     # table name must be unique within the `aws_s3_metadata` namespace in
     # the destination table bucket.
     #
+    # <note markdown="1"> If you created your S3 Metadata configuration before July 15, 2025, we
+    # recommend that you delete and re-create your configuration by using
+    # [CreateBucketMetadataConfiguration][1] so that you can expire journal
+    # table records and create a live inventory table.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html
+    #
     # @!attribute [rw] s3_tables_destination_result
     #   The destination information for the metadata table configuration.
     #   The destination table bucket must be in the same Region and Amazon
@@ -12204,6 +13104,34 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # The encryption settings for an S3 Metadata journal table or inventory
+    # table configuration.
+    #
+    # @!attribute [rw] sse_algorithm
+    #   The encryption type specified for a metadata table. To specify
+    #   server-side encryption with Key Management Service (KMS) keys
+    #   (SSE-KMS), use the `aws:kms` value. To specify server-side
+    #   encryption with Amazon S3 managed keys (SSE-S3), use the `AES256`
+    #   value.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_arn
+    #   If server-side encryption with Key Management Service (KMS) keys
+    #   (SSE-KMS) is specified, you must also specify the KMS key Amazon
+    #   Resource Name (ARN). You must specify a customer-managed KMS key
+    #   that's located in the same Region as the general purpose bucket
+    #   that corresponds to the metadata table configuration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/MetadataTableEncryptionConfiguration AWS API Documentation
+    #
+    class MetadataTableEncryptionConfiguration < Struct.new(
+      :sse_algorithm,
+      :kms_key_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A container specifying replication metrics-related settings enabling
     # replication metrics and events.
     #
@@ -13055,6 +13983,19 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # End of support notice: Beginning November 21, 2025, Amazon S3 will
+    # stop returning `DisplayName`. Update your applications to use
+    # canonical IDs (unique identifier for Amazon Web Services accounts),
+    # Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full
+    # resource naming) as a direct replacement of `DisplayName`.
+    #
+    #  This change affects the following Amazon Web Services Regions: US
+    # East
+    # (N. Virginia) Region, US West (N. California) Region, US West (Oregon)
+    # Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region,
+    # Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South
+    # America (São Paulo) Region.
+    #
     # Container for the owner's display name and ID.
     #
     # @!attribute [rw] display_name
@@ -13408,6 +14349,58 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] bucket
+    #   The name of the general purpose bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] content_md5
+    #   The MD5 hash of the `PutBucketAbac` request body.
+    #
+    #   For requests made using the Amazon Web Services Command Line
+    #   Interface (CLI) or Amazon Web Services SDKs, this field is
+    #   calculated automatically.
+    #   @return [String]
+    #
+    # @!attribute [rw] checksum_algorithm
+    #   Indicates the algorithm that you want Amazon S3 to use to create the
+    #   checksum. For more information, see [ Checking object integrity][1]
+    #   in the *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The Amazon Web Services account ID of the general purpose bucket's
+    #   owner.
+    #   @return [String]
+    #
+    # @!attribute [rw] abac_status
+    #   The ABAC status of the general purpose bucket. When ABAC is enabled
+    #   for the general purpose bucket, you can use tags to manage access to
+    #   the general purpose buckets as well as for cost tracking purposes.
+    #   When ABAC is disabled for the general purpose buckets, you can only
+    #   use tags for cost tracking purposes. For more information, see
+    #   [Using tags with S3 general purpose buckets][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging.html
+    #   @return [Types::AbacStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAbacRequest AWS API Documentation
+    #
+    class PutBucketAbacRequest < Struct.new(
+      :bucket,
+      :content_md5,
+      :checksum_algorithm,
+      :expected_bucket_owner,
+      :abac_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] bucket
     #   The name of the bucket for which the accelerate configuration is
     #   set.
@@ -13736,6 +14729,13 @@ module Aws::S3
     #   The ID used to identify the S3 Intelligent-Tiering configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account ID of the expected bucket owner. If the account ID that
+    #   you provide does not match the actual owner of the bucket, the
+    #   request fails with the HTTP status code `403 Forbidden` (access
+    #   denied).
+    #   @return [String]
+    #
     # @!attribute [rw] intelligent_tiering_configuration
     #   Container for S3 Intelligent-Tiering configuration.
     #   @return [Types::IntelligentTieringConfiguration]
@@ -13745,6 +14745,7 @@ module Aws::S3
     class PutBucketIntelligentTieringConfigurationRequest < Struct.new(
       :bucket,
       :id,
+      :expected_bucket_owner,
       :intelligent_tiering_configuration)
       SENSITIVE = []
       include Aws::Structure
@@ -14490,7 +15491,17 @@ module Aws::S3
     # @!attribute [rw] mfa
     #   The concatenation of the authentication device's serial number, a
     #   space, and the value that is displayed on your authentication
-    #   device.
+    #   device. The serial number is the number that uniquely identifies the
+    #   MFA device. For physical MFA devices, this is the unique serial
+    #   number that's provided with the device. For virtual MFA devices,
+    #   the serial number is the device ARN. For more information, see
+    #   [Enabling versioning on buckets][1] and [Configuring MFA delete][2]
+    #   in the *Amazon Simple Storage Service User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html
     #   @return [String]
     #
     # @!attribute [rw] versioning_configuration
@@ -15026,7 +16037,7 @@ module Aws::S3
     #
     # @!attribute [rw] checksum_crc32
     #   The Base64 encoded, 32-bit `CRC32 checksum` of the object. This
-    #   checksum is only be present if the checksum was uploaded with the
+    #   checksum is only present if the checksum was uploaded with the
     #   object. When you use an API operation on an object that was uploaded
     #   using multipart uploads, this value may not be a direct checksum
     #   value of the full object. Instead, it's a calculation based on the
@@ -15069,14 +16080,15 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha1
-    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use the API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use the API operation on an object that was
+    #   uploaded using multipart uploads, this value may not be a direct
+    #   checksum value of the full object. Instead, it's a calculation
+    #   based on the checksum values of each individual part. For more
+    #   information about how checksums are calculated with multipart
+    #   uploads, see [ Checking object integrity][1] in the *Amazon S3 User
+    #   Guide*.
     #
     #
     #
@@ -15084,14 +16096,14 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha256
-    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use an API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use an API operation on an object that was uploaded
+    #   using multipart uploads, this value may not be a direct checksum
+    #   value of the full object. Instead, it's a calculation based on the
+    #   checksum values of each individual part. For more information about
+    #   how checksums are calculated with multipart uploads, see [ Checking
+    #   object integrity][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -15115,7 +16127,13 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when you store this object
-    #   in Amazon S3.
+    #   in Amazon S3 or Amazon FSx.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] version_id
@@ -15627,8 +16645,7 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm that was used when you store
-    #   this object in Amazon S3 (for example, `AES256`, `aws:kms`,
-    #   `aws:kms:dsse`).
+    #   this object in Amazon S3 or Amazon FSx.
     #
     #   * <b>General purpose buckets </b> - You have four mutually exclusive
     #     options to protect data using server-side encryption in Amazon S3,
@@ -15683,6 +16700,14 @@ module Aws::S3
     #
     #      </note>
     #
+    #   * <b>S3 access points for Amazon FSx </b> - When accessing data
+    #     stored in Amazon FSx file systems using S3 access points, the only
+    #     valid server side encryption option is `aws:fsx`. All Amazon FSx
+    #     file systems have encryption configured by default and are
+    #     encrypted at rest. Data is automatically encrypted before being
+    #     written to the file system, and automatically decrypted as it is
+    #     read. These processes are handled transparently by Amazon FSx.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
@@ -16194,21 +17219,9 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] request_payer
-    #   Confirms that the requester knows that they will be charged for the
-    #   request. Bucket owners need not specify this parameter in their
-    #   requests. If either the source or destination S3 bucket has
-    #   Requester Pays enabled, the requester will pay for corresponding
-    #   charges to copy the object. For information about downloading
-    #   objects from Requester Pays buckets, see [Downloading Objects in
-    #   Requester Pays Buckets][1] in the *Amazon S3 User Guide*.
-    #
-    #   <note markdown="1"> This functionality is not supported for directory buckets.
-    #
-    #    </note>
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+    #   Confirms that the requester knows that she or he will be charged for
+    #   the tagging object request. Bucket owners need not specify this
+    #   parameter in their requests.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTaggingRequest AWS API Documentation
@@ -16368,6 +17381,32 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # The journal table record expiration settings for a journal table in an
+    # S3 Metadata configuration.
+    #
+    # @!attribute [rw] expiration
+    #   Specifies whether journal table record expiration is enabled or
+    #   disabled.
+    #   @return [String]
+    #
+    # @!attribute [rw] days
+    #   If you enable journal table record expiration, you can set the
+    #   number of days to retain your journal table records. Journal table
+    #   records must be retained for a minimum of 7 days. To set this value,
+    #   specify any whole number from `7` to `2147483647`. For example, to
+    #   retain your journal table records for one year, set this value to
+    #   `365`.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RecordExpiration AWS API Documentation
+    #
+    class RecordExpiration < Struct.new(
+      :expiration,
+      :days)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The container for the records event.
     #
     # @!attribute [rw] payload
@@ -16376,7 +17415,7 @@ module Aws::S3
     #   record frame. To ensure continuous streaming of data, S3 Select
     #   might split the same record across multiple record frames instead of
     #   aggregating the results in memory. Some S3 clients (for example, the
-    #   SDKforJava) handle this behavior by creating a `ByteStream` out of
+    #   SDK for Java) handle this behavior by creating a `ByteStream` out of
     #   the response by default. Other clients might not handle this
     #   behavior by default. In those cases, you must aggregate the results
     #   on the client side and parse the response.
@@ -16474,6 +17513,129 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RenameObjectOutput AWS API Documentation
+    #
+    class RenameObjectOutput < Aws::EmptyStructure; end
+
+    # @!attribute [rw] bucket
+    #   The bucket name of the directory bucket containing the object.
+    #
+    #   You must use virtual-hosted-style requests in the format
+    #   `Bucket-name.s3express-zone-id.region-code.amazonaws.com`.
+    #   Path-style requests are not supported. Directory bucket names must
+    #   be unique in the chosen Availability Zone. Bucket names must follow
+    #   the format `bucket-base-name--zone-id--x-s3 ` (for example,
+    #   `amzn-s3-demo-bucket--usw2-az1--x-s3`). For information about bucket
+    #   naming restrictions, see [Directory bucket naming rules][1] in the
+    #   *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
+    #   @return [String]
+    #
+    # @!attribute [rw] key
+    #   Key name of the object to rename.
+    #   @return [String]
+    #
+    # @!attribute [rw] rename_source
+    #   Specifies the source for the rename operation. The value must be URL
+    #   encoded.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_if_match
+    #   Renames the object only if the ETag (entity tag) value provided
+    #   during the operation matches the ETag of the object in S3. The
+    #   `If-Match` header field makes the request method conditional on
+    #   ETags. If the ETag values do not match, the operation returns a `412
+    #   Precondition Failed` error.
+    #
+    #   Expects the ETag value as a string.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_if_none_match
+    #   Renames the object only if the destination does not already exist in
+    #   the specified directory bucket. If the object does exist when you
+    #   send a request with `If-None-Match:*`, the S3 API will return a `412
+    #   Precondition Failed` error, preventing an overwrite. The
+    #   `If-None-Match` header prevents overwrites of existing data by
+    #   validating that there's not an object with the same key name
+    #   already in your directory bucket.
+    #
+    #   Expects the `*` character (asterisk).
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_if_modified_since
+    #   Renames the object if the destination exists and if it has been
+    #   modified since the specified time.
+    #   @return [Time]
+    #
+    # @!attribute [rw] destination_if_unmodified_since
+    #   Renames the object if it hasn't been modified since the specified
+    #   time.
+    #   @return [Time]
+    #
+    # @!attribute [rw] source_if_match
+    #   Renames the object if the source exists and if its entity tag (ETag)
+    #   matches the specified ETag.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_if_none_match
+    #   Renames the object if the source exists and if its entity tag (ETag)
+    #   is different than the specified ETag. If an asterisk (`*`) character
+    #   is provided, the operation will fail and return a `412 Precondition
+    #   Failed` error.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_if_modified_since
+    #   Renames the object if the source exists and if it has been modified
+    #   since the specified time.
+    #   @return [Time]
+    #
+    # @!attribute [rw] source_if_unmodified_since
+    #   Renames the object if the source exists and hasn't been modified
+    #   since the specified time.
+    #   @return [Time]
+    #
+    # @!attribute [rw] client_token
+    #   A unique string with a max of 64 ASCII characters in the ASCII range
+    #   of 33 - 126.
+    #
+    #   <note markdown="1"> `RenameObject` supports idempotency using a client token. To make an
+    #   idempotent API request using `RenameObject`, specify a client token
+    #   in the request. You should not reuse the same client token for other
+    #   API requests. If you retry a request that completed successfully
+    #   using the same client token and the same parameters, the retry
+    #   succeeds without performing any further actions. If you retry a
+    #   successful request using the same client token, but one or more of
+    #   the parameters are different, the retry fails and an
+    #   `IdempotentParameterMismatch` error is returned.
+    #
+    #    </note>
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RenameObjectRequest AWS API Documentation
+    #
+    class RenameObjectRequest < Struct.new(
+      :bucket,
+      :key,
+      :rename_source,
+      :destination_if_match,
+      :destination_if_none_match,
+      :destination_if_modified_since,
+      :destination_if_unmodified_since,
+      :source_if_match,
+      :source_if_none_match,
+      :source_if_modified_since,
+      :source_if_unmodified_since,
+      :client_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A filter that you can specify for selection for modifications on
     # replicas. Amazon S3 doesn't replicate replica modifications by
     # default. In the latest version of replication configuration (when
@@ -17233,12 +18395,23 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # The destination information for the metadata table configuration. The
+    # The destination information for a V1 S3 Metadata configuration. The
     # destination table bucket must be in the same Region and Amazon Web
     # Services account as the general purpose bucket. The specified metadata
     # table name must be unique within the `aws_s3_metadata` namespace in
     # the destination table bucket.
     #
+    # <note markdown="1"> If you created your S3 Metadata configuration before July 15, 2025, we
+    # recommend that you delete and re-create your configuration by using
+    # [CreateBucketMetadataConfiguration][1] so that you can expire journal
+    # table records and create a live inventory table.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html
+    #
     # @!attribute [rw] table_bucket_arn
     #   The Amazon Resource Name (ARN) for the table bucket that's
     #   specified as the destination in the metadata table configuration.
@@ -17262,12 +18435,23 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # The destination information for the metadata table configuration. The
+    # The destination information for a V1 S3 Metadata configuration. The
     # destination table bucket must be in the same Region and Amazon Web
     # Services account as the general purpose bucket. The specified metadata
     # table name must be unique within the `aws_s3_metadata` namespace in
     # the destination table bucket.
     #
+    # <note markdown="1"> If you created your S3 Metadata configuration before July 15, 2025, we
+    # recommend that you delete and re-create your configuration by using
+    # [CreateBucketMetadataConfiguration][1] so that you can expire journal
+    # table records and create a live inventory table.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html
+    #
     # @!attribute [rw] table_bucket_arn
     #   The Amazon Resource Name (ARN) for the table bucket that's
     #   specified as the destination in the metadata table configuration.
@@ -17723,11 +18907,36 @@ module Aws::S3
     #   [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
     #   @return [Boolean]
     #
+    # @!attribute [rw] blocked_encryption_types
+    #   A bucket-level setting for Amazon S3 general purpose buckets used to
+    #   prevent the upload of new objects encrypted with the specified
+    #   server-side encryption type. For example, blocking an encryption
+    #   type will block `PutObject`, `CopyObject`, `PostObject`, multipart
+    #   upload, and replication requests to the bucket for objects with the
+    #   specified encryption type. However, you can continue to read and
+    #   list any pre-existing objects already encrypted with the specified
+    #   encryption type. For more information, see [Blocking an encryption
+    #   type for a general purpose bucket][1].
+    #
+    #   <note markdown="1"> Currently, this parameter only supports blocking or unblocking
+    #   Server Side Encryption with Customer Provided Keys (SSE-C). For more
+    #   information about SSE-C, see [Using server-side encryption with
+    #   customer-provided keys (SSE-C)][2].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/userguide/block-encryption-type.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
+    #   @return [Types::BlockedEncryptionTypes]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionRule AWS API Documentation
     #
     class ServerSideEncryptionRule < Struct.new(
       :apply_server_side_encryption_by_default,
-      :bucket_key_enabled)
+      :bucket_key_enabled,
+      :blocked_encryption_types)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -18173,6 +19382,79 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] bucket
+    #   The general purpose bucket that corresponds to the metadata
+    #   configuration that you want to enable or disable an inventory table
+    #   for.
+    #   @return [String]
+    #
+    # @!attribute [rw] content_md5
+    #   The `Content-MD5` header for the inventory table configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] checksum_algorithm
+    #   The checksum algorithm to use with your inventory table
+    #   configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] inventory_table_configuration
+    #   The contents of your inventory table configuration.
+    #   @return [Types::InventoryTableConfigurationUpdates]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The expected owner of the general purpose bucket that corresponds to
+    #   the metadata table configuration that you want to enable or disable
+    #   an inventory table for.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UpdateBucketMetadataInventoryTableConfigurationRequest AWS API Documentation
+    #
+    class UpdateBucketMetadataInventoryTableConfigurationRequest < Struct.new(
+      :bucket,
+      :content_md5,
+      :checksum_algorithm,
+      :inventory_table_configuration,
+      :expected_bucket_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] bucket
+    #   The general purpose bucket that corresponds to the metadata
+    #   configuration that you want to enable or disable journal table
+    #   record expiration for.
+    #   @return [String]
+    #
+    # @!attribute [rw] content_md5
+    #   The `Content-MD5` header for the journal table configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] checksum_algorithm
+    #   The checksum algorithm to use with your journal table configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] journal_table_configuration
+    #   The contents of your journal table configuration.
+    #   @return [Types::JournalTableConfigurationUpdates]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The expected owner of the general purpose bucket that corresponds to
+    #   the metadata table configuration that you want to enable or disable
+    #   journal table record expiration for.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UpdateBucketMetadataJournalTableConfigurationRequest AWS API Documentation
+    #
+    class UpdateBucketMetadataJournalTableConfigurationRequest < Struct.new(
+      :bucket,
+      :content_md5,
+      :checksum_algorithm,
+      :journal_table_configuration,
+      :expected_bucket_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] copy_source_version_id
     #   The version of the source object that was copied, if you have
     #   enabled versioning on the source bucket.
@@ -18189,7 +19471,13 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when you store this object
-    #   in Amazon S3 (for example, `AES256`, `aws:kms`).
+    #   in Amazon S3 or Amazon FSx.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_algorithm
@@ -18587,7 +19875,13 @@ module Aws::S3
 
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when you store this object
-    #   in Amazon S3 (for example, `AES256`, `aws:kms`).
+    #   in Amazon S3 or Amazon FSx.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] etag
@@ -18596,7 +19890,7 @@ module Aws::S3
     #
     # @!attribute [rw] checksum_crc32
     #   The Base64 encoded, 32-bit `CRC32 checksum` of the object. This
-    #   checksum is only be present if the checksum was uploaded with the
+    #   checksum is only present if the checksum was uploaded with the
     #   object. When you use an API operation on an object that was uploaded
     #   using multipart uploads, this value may not be a direct checksum
     #   value of the full object. Instead, it's a calculation based on the
@@ -18637,14 +19931,15 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha1
-    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use the API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 160-bit `SHA1` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use the API operation on an object that was
+    #   uploaded using multipart uploads, this value may not be a direct
+    #   checksum value of the full object. Instead, it's a calculation
+    #   based on the checksum values of each individual part. For more
+    #   information about how checksums are calculated with multipart
+    #   uploads, see [ Checking object integrity][1] in the *Amazon S3 User
+    #   Guide*.
     #
     #
     #
@@ -18652,14 +19947,14 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] checksum_sha256
-    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This will
-    #   only be present if the object was uploaded with the object. When you
-    #   use an API operation on an object that was uploaded using multipart
-    #   uploads, this value may not be a direct checksum value of the full
-    #   object. Instead, it's a calculation based on the checksum values of
-    #   each individual part. For more information about how checksums are
-    #   calculated with multipart uploads, see [ Checking object
-    #   integrity][1] in the *Amazon S3 User Guide*.
+    #   The Base64 encoded, 256-bit `SHA256` digest of the object. This
+    #   checksum is only present if the checksum was uploaded with the
+    #   object. When you use an API operation on an object that was uploaded
+    #   using multipart uploads, this value may not be a direct checksum
+    #   value of the full object. Instead, it's a calculation based on the
+    #   checksum values of each individual part. For more information about
+    #   how checksums are calculated with multipart uploads, see [ Checking
+    #   object integrity][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -19320,7 +20615,13 @@ module Aws::S3
     #
     # @!attribute [rw] server_side_encryption
     #   The server-side encryption algorithm used when storing requested
-    #   object in Amazon S3 (for example, AES256, `aws:kms`).
+    #   object in Amazon S3 or Amazon FSx.
+    #
+    #   <note markdown="1"> When accessing data stored in Amazon FSx file systems using S3
+    #   access points, the only valid server side encryption option is
+    #   `aws:fsx`.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_algorithm