aws-sdk-s3 1.196.1 → 1.213.0

data/lib/aws-sdk-s3/client_api.rb

@@ -14,6 +14,7 @@ module Aws::S3
 
     include Seahorse::Model
 
+    AbacStatus = Shapes::StructureShape.new(name: 'AbacStatus')
     AbortDate = Shapes::TimestampShape.new(name: 'AbortDate')
     AbortIncompleteMultipartUpload = Shapes::StructureShape.new(name: 'AbortIncompleteMultipartUpload')
     AbortMultipartUploadOutput = Shapes::StructureShape.new(name: 'AbortMultipartUploadOutput')
@@ -23,6 +24,7 @@ module Aws::S3
     AcceptRanges = Shapes::StringShape.new(name: 'AcceptRanges')
     AccessControlPolicy = Shapes::StructureShape.new(name: 'AccessControlPolicy')
     AccessControlTranslation = Shapes::StructureShape.new(name: 'AccessControlTranslation')
+    AccessDenied = Shapes::StructureShape.new(name: 'AccessDenied')
     AccessKeyIdValue = Shapes::StringShape.new(name: 'AccessKeyIdValue')
     AccessPointAlias = Shapes::BooleanShape.new(name: 'AccessPointAlias')
     AccessPointArn = Shapes::StringShape.new(name: 'AccessPointArn')
@@ -43,8 +45,10 @@ module Aws::S3
     AnalyticsS3BucketDestination = Shapes::StructureShape.new(name: 'AnalyticsS3BucketDestination')
     AnalyticsS3ExportFileFormat = Shapes::StringShape.new(name: 'AnalyticsS3ExportFileFormat')
     ArchiveStatus = Shapes::StringShape.new(name: 'ArchiveStatus')
+    BlockedEncryptionTypes = Shapes::StructureShape.new(name: 'BlockedEncryptionTypes')
     Body = Shapes::BlobShape.new(name: 'Body')
     Bucket = Shapes::StructureShape.new(name: 'Bucket')
+    BucketAbacStatus = Shapes::StringShape.new(name: 'BucketAbacStatus')
     BucketAccelerateStatus = Shapes::StringShape.new(name: 'BucketAccelerateStatus')
     BucketAlreadyExists = Shapes::StructureShape.new(name: 'BucketAlreadyExists')
     BucketAlreadyOwnedByYou = Shapes::StructureShape.new(name: 'BucketAlreadyOwnedByYou')
@@ -177,6 +181,8 @@ module Aws::S3
     EncodingType = Shapes::StringShape.new(name: 'EncodingType')
     Encryption = Shapes::StructureShape.new(name: 'Encryption')
     EncryptionConfiguration = Shapes::StructureShape.new(name: 'EncryptionConfiguration')
+    EncryptionType = Shapes::StringShape.new(name: 'EncryptionType')
+    EncryptionTypeList = Shapes::ListShape.new(name: 'EncryptionTypeList', flattened: true)
     EncryptionTypeMismatch = Shapes::StructureShape.new(name: 'EncryptionTypeMismatch')
     End = Shapes::IntegerShape.new(name: 'End')
     EndEvent = Shapes::StructureShape.new(name: 'EndEvent')
@@ -208,6 +214,8 @@ module Aws::S3
     FilterRuleList = Shapes::ListShape.new(name: 'FilterRuleList', flattened: true)
     FilterRuleName = Shapes::StringShape.new(name: 'FilterRuleName')
     FilterRuleValue = Shapes::StringShape.new(name: 'FilterRuleValue')
+    GetBucketAbacOutput = Shapes::StructureShape.new(name: 'GetBucketAbacOutput')
+    GetBucketAbacRequest = Shapes::StructureShape.new(name: 'GetBucketAbacRequest')
     GetBucketAccelerateConfigurationOutput = Shapes::StructureShape.new(name: 'GetBucketAccelerateConfigurationOutput')
     GetBucketAccelerateConfigurationRequest = Shapes::StructureShape.new(name: 'GetBucketAccelerateConfigurationRequest')
     GetBucketAclOutput = Shapes::StructureShape.new(name: 'GetBucketAclOutput')
@@ -431,6 +439,7 @@ module Aws::S3
     NoSuchBucket = Shapes::StructureShape.new(name: 'NoSuchBucket')
     NoSuchKey = Shapes::StructureShape.new(name: 'NoSuchKey')
     NoSuchUpload = Shapes::StructureShape.new(name: 'NoSuchUpload')
+    NonEmptyKmsKeyArnString = Shapes::StringShape.new(name: 'NonEmptyKmsKeyArnString')
     NoncurrentVersionExpiration = Shapes::StructureShape.new(name: 'NoncurrentVersionExpiration')
     NoncurrentVersionTransition = Shapes::StructureShape.new(name: 'NoncurrentVersionTransition')
     NoncurrentVersionTransitionList = Shapes::ListShape.new(name: 'NoncurrentVersionTransitionList', flattened: true)
@@ -443,6 +452,7 @@ module Aws::S3
     ObjectAttributes = Shapes::StringShape.new(name: 'ObjectAttributes')
     ObjectAttributesList = Shapes::ListShape.new(name: 'ObjectAttributesList')
     ObjectCannedACL = Shapes::StringShape.new(name: 'ObjectCannedACL')
+    ObjectEncryption = Shapes::UnionShape.new(name: 'ObjectEncryption')
     ObjectIdentifier = Shapes::StructureShape.new(name: 'ObjectIdentifier')
     ObjectIdentifierList = Shapes::ListShape.new(name: 'ObjectIdentifierList', flattened: true)
     ObjectKey = Shapes::StringShape.new(name: 'ObjectKey')
@@ -497,6 +507,7 @@ module Aws::S3
     ProgressEvent = Shapes::StructureShape.new(name: 'ProgressEvent')
     Protocol = Shapes::StringShape.new(name: 'Protocol')
     PublicAccessBlockConfiguration = Shapes::StructureShape.new(name: 'PublicAccessBlockConfiguration')
+    PutBucketAbacRequest = Shapes::StructureShape.new(name: 'PutBucketAbacRequest')
     PutBucketAccelerateConfigurationRequest = Shapes::StructureShape.new(name: 'PutBucketAccelerateConfigurationRequest')
     PutBucketAclRequest = Shapes::StructureShape.new(name: 'PutBucketAclRequest')
     PutBucketAnalyticsConfigurationRequest = Shapes::StructureShape.new(name: 'PutBucketAnalyticsConfigurationRequest')
@@ -608,6 +619,7 @@ module Aws::S3
     SSECustomerKey = Shapes::StringShape.new(name: 'SSECustomerKey')
     SSECustomerKeyMD5 = Shapes::StringShape.new(name: 'SSECustomerKeyMD5')
     SSEKMS = Shapes::StructureShape.new(name: 'SSEKMS', locationName: "SSE-KMS")
+    SSEKMSEncryption = Shapes::StructureShape.new(name: 'SSEKMSEncryption', locationName: "SSE-KMS")
     SSEKMSEncryptionContext = Shapes::StringShape.new(name: 'SSEKMSEncryptionContext')
     SSEKMSKeyId = Shapes::StringShape.new(name: 'SSEKMSKeyId')
     SSES3 = Shapes::StructureShape.new(name: 'SSES3', locationName: "SSE-S3")
@@ -670,6 +682,8 @@ module Aws::S3
     URI = Shapes::StringShape.new(name: 'URI')
     UpdateBucketMetadataInventoryTableConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateBucketMetadataInventoryTableConfigurationRequest')
     UpdateBucketMetadataJournalTableConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateBucketMetadataJournalTableConfigurationRequest')
+    UpdateObjectEncryptionRequest = Shapes::StructureShape.new(name: 'UpdateObjectEncryptionRequest')
+    UpdateObjectEncryptionResponse = Shapes::StructureShape.new(name: 'UpdateObjectEncryptionResponse')
     UploadIdMarker = Shapes::StringShape.new(name: 'UploadIdMarker')
     UploadPartCopyOutput = Shapes::StructureShape.new(name: 'UploadPartCopyOutput')
     UploadPartCopyRequest = Shapes::StructureShape.new(name: 'UploadPartCopyRequest')
@@ -686,6 +700,9 @@ module Aws::S3
     WriteOffsetBytes = Shapes::IntegerShape.new(name: 'WriteOffsetBytes')
     Years = Shapes::IntegerShape.new(name: 'Years')
 
+    AbacStatus.add_member(:status, Shapes::ShapeRef.new(shape: BucketAbacStatus, location_name: "Status"))
+    AbacStatus.struct_class = Types::AbacStatus
+
     AbortIncompleteMultipartUpload.add_member(:days_after_initiation, Shapes::ShapeRef.new(shape: DaysAfterInitiation, location_name: "DaysAfterInitiation"))
     AbortIncompleteMultipartUpload.struct_class = Types::AbortIncompleteMultipartUpload
 
@@ -710,6 +727,8 @@ module Aws::S3
     AccessControlTranslation.add_member(:owner, Shapes::ShapeRef.new(shape: OwnerOverride, required: true, location_name: "Owner"))
     AccessControlTranslation.struct_class = Types::AccessControlTranslation
 
+    AccessDenied.struct_class = Types::AccessDenied
+
     AllowedHeaders.member = Shapes::ShapeRef.new(shape: AllowedHeader)
 
     AllowedMethods.member = Shapes::ShapeRef.new(shape: AllowedMethod)
@@ -741,6 +760,9 @@ module Aws::S3
     AnalyticsS3BucketDestination.add_member(:prefix, Shapes::ShapeRef.new(shape: Prefix, location_name: "Prefix"))
     AnalyticsS3BucketDestination.struct_class = Types::AnalyticsS3BucketDestination
 
+    BlockedEncryptionTypes.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionTypeList, location_name: "EncryptionType"))
+    BlockedEncryptionTypes.struct_class = Types::BlockedEncryptionTypes
+
     Bucket.add_member(:name, Shapes::ShapeRef.new(shape: BucketName, location_name: "Name"))
     Bucket.add_member(:creation_date, Shapes::ShapeRef.new(shape: CreationDate, location_name: "CreationDate"))
     Bucket.add_member(:bucket_region, Shapes::ShapeRef.new(shape: BucketRegion, location_name: "BucketRegion"))
@@ -907,6 +929,8 @@ module Aws::S3
     CopyObjectRequest.add_member(:grant_read, Shapes::ShapeRef.new(shape: GrantRead, location: "header", location_name: "x-amz-grant-read"))
     CopyObjectRequest.add_member(:grant_read_acp, Shapes::ShapeRef.new(shape: GrantReadACP, location: "header", location_name: "x-amz-grant-read-acp"))
     CopyObjectRequest.add_member(:grant_write_acp, Shapes::ShapeRef.new(shape: GrantWriteACP, location: "header", location_name: "x-amz-grant-write-acp"))
+    CopyObjectRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: IfMatch, location: "header", location_name: "If-Match"))
+    CopyObjectRequest.add_member(:if_none_match, Shapes::ShapeRef.new(shape: IfNoneMatch, location: "header", location_name: "If-None-Match"))
     CopyObjectRequest.add_member(:key, Shapes::ShapeRef.new(shape: ObjectKey, required: true, location: "uri", location_name: "Key", metadata: {"contextParam" => {"name" => "Key"}}))
     CopyObjectRequest.add_member(:metadata, Shapes::ShapeRef.new(shape: Metadata, location: "headers", location_name: "x-amz-meta-"))
     CopyObjectRequest.add_member(:metadata_directive, Shapes::ShapeRef.new(shape: MetadataDirective, location: "header", location_name: "x-amz-metadata-directive"))
@@ -1218,6 +1242,8 @@ module Aws::S3
     EncryptionConfiguration.add_member(:replica_kms_key_id, Shapes::ShapeRef.new(shape: ReplicaKmsKeyID, location_name: "ReplicaKmsKeyID"))
     EncryptionConfiguration.struct_class = Types::EncryptionConfiguration
 
+    EncryptionTypeList.member = Shapes::ShapeRef.new(shape: EncryptionType, location_name: "EncryptionType")
+
     EncryptionTypeMismatch.struct_class = Types::EncryptionTypeMismatch
 
     EndEvent.struct_class = Types::EndEvent
@@ -1252,6 +1278,15 @@ module Aws::S3
 
     FilterRuleList.member = Shapes::ShapeRef.new(shape: FilterRule)
 
+    GetBucketAbacOutput.add_member(:abac_status, Shapes::ShapeRef.new(shape: AbacStatus, location_name: "AbacStatus"))
+    GetBucketAbacOutput.struct_class = Types::GetBucketAbacOutput
+    GetBucketAbacOutput[:payload] = :abac_status
+    GetBucketAbacOutput[:payload_member] = GetBucketAbacOutput.member(:abac_status)
+
+    GetBucketAbacRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
+    GetBucketAbacRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
+    GetBucketAbacRequest.struct_class = Types::GetBucketAbacRequest
+
     GetBucketAccelerateConfigurationOutput.add_member(:status, Shapes::ShapeRef.new(shape: BucketAccelerateStatus, location_name: "Status"))
     GetBucketAccelerateConfigurationOutput.add_member(:request_charged, Shapes::ShapeRef.new(shape: RequestCharged, location: "header", location_name: "x-amz-request-charged"))
     GetBucketAccelerateConfigurationOutput.struct_class = Types::GetBucketAccelerateConfigurationOutput
@@ -2183,6 +2218,12 @@ module Aws::S3
 
     ObjectAttributesList.member = Shapes::ShapeRef.new(shape: ObjectAttributes)
 
+    ObjectEncryption.add_member(:ssekms, Shapes::ShapeRef.new(shape: SSEKMSEncryption, location_name: "SSE-KMS"))
+    ObjectEncryption.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    ObjectEncryption.add_member_subclass(:ssekms, Types::ObjectEncryption::Ssekms)
+    ObjectEncryption.add_member_subclass(:unknown, Types::ObjectEncryption::Unknown)
+    ObjectEncryption.struct_class = Types::ObjectEncryption
+
     ObjectIdentifier.add_member(:key, Shapes::ShapeRef.new(shape: ObjectKey, required: true, location_name: "Key"))
     ObjectIdentifier.add_member(:version_id, Shapes::ShapeRef.new(shape: ObjectVersionId, location_name: "VersionId"))
     ObjectIdentifier.add_member(:etag, Shapes::ShapeRef.new(shape: ETag, location_name: "ETag"))
@@ -2292,6 +2333,15 @@ module Aws::S3
     PublicAccessBlockConfiguration.add_member(:restrict_public_buckets, Shapes::ShapeRef.new(shape: Setting, location_name: "RestrictPublicBuckets"))
     PublicAccessBlockConfiguration.struct_class = Types::PublicAccessBlockConfiguration
 
+    PutBucketAbacRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
+    PutBucketAbacRequest.add_member(:content_md5, Shapes::ShapeRef.new(shape: ContentMD5, location: "header", location_name: "Content-MD5"))
+    PutBucketAbacRequest.add_member(:checksum_algorithm, Shapes::ShapeRef.new(shape: ChecksumAlgorithm, location: "header", location_name: "x-amz-sdk-checksum-algorithm"))
+    PutBucketAbacRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
+    PutBucketAbacRequest.add_member(:abac_status, Shapes::ShapeRef.new(shape: AbacStatus, required: true, location_name: "AbacStatus", metadata: {"xmlNamespace" => {"uri" => "http://s3.amazonaws.com/doc/2006-03-01/"}}))
+    PutBucketAbacRequest.struct_class = Types::PutBucketAbacRequest
+    PutBucketAbacRequest[:payload] = :abac_status
+    PutBucketAbacRequest[:payload_member] = PutBucketAbacRequest.member(:abac_status)
+
     PutBucketAccelerateConfigurationRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
     PutBucketAccelerateConfigurationRequest.add_member(:accelerate_configuration, Shapes::ShapeRef.new(shape: AccelerateConfiguration, required: true, location_name: "AccelerateConfiguration", metadata: {"xmlNamespace" => {"uri" => "http://s3.amazonaws.com/doc/2006-03-01/"}}))
     PutBucketAccelerateConfigurationRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
@@ -2794,6 +2844,10 @@ module Aws::S3
     SSEKMS.add_member(:key_id, Shapes::ShapeRef.new(shape: SSEKMSKeyId, required: true, location_name: "KeyId"))
     SSEKMS.struct_class = Types::SSEKMS
 
+    SSEKMSEncryption.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: NonEmptyKmsKeyArnString, required: true, location_name: "KMSKeyArn"))
+    SSEKMSEncryption.add_member(:bucket_key_enabled, Shapes::ShapeRef.new(shape: BucketKeyEnabled, location_name: "BucketKeyEnabled"))
+    SSEKMSEncryption.struct_class = Types::SSEKMSEncryption
+
     SSES3.struct_class = Types::SSES3
 
     ScanRange.add_member(:start, Shapes::ShapeRef.new(shape: Start, location_name: "Start"))
@@ -2841,6 +2895,7 @@ module Aws::S3
 
     ServerSideEncryptionRule.add_member(:apply_server_side_encryption_by_default, Shapes::ShapeRef.new(shape: ServerSideEncryptionByDefault, location_name: "ApplyServerSideEncryptionByDefault"))
     ServerSideEncryptionRule.add_member(:bucket_key_enabled, Shapes::ShapeRef.new(shape: BucketKeyEnabled, location_name: "BucketKeyEnabled"))
+    ServerSideEncryptionRule.add_member(:blocked_encryption_types, Shapes::ShapeRef.new(shape: BlockedEncryptionTypes, location_name: "BlockedEncryptionTypes"))
     ServerSideEncryptionRule.struct_class = Types::ServerSideEncryptionRule
 
     ServerSideEncryptionRules.member = Shapes::ShapeRef.new(shape: ServerSideEncryptionRule)
@@ -2941,6 +2996,21 @@ module Aws::S3
     UpdateBucketMetadataJournalTableConfigurationRequest[:payload] = :journal_table_configuration
     UpdateBucketMetadataJournalTableConfigurationRequest[:payload_member] = UpdateBucketMetadataJournalTableConfigurationRequest.member(:journal_table_configuration)
 
+    UpdateObjectEncryptionRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
+    UpdateObjectEncryptionRequest.add_member(:key, Shapes::ShapeRef.new(shape: ObjectKey, required: true, location: "uri", location_name: "Key"))
+    UpdateObjectEncryptionRequest.add_member(:version_id, Shapes::ShapeRef.new(shape: ObjectVersionId, location: "querystring", location_name: "versionId"))
+    UpdateObjectEncryptionRequest.add_member(:object_encryption, Shapes::ShapeRef.new(shape: ObjectEncryption, required: true, location_name: "ObjectEncryption", metadata: {"xmlNamespace" => {"uri" => "http://s3.amazonaws.com/doc/2006-03-01/"}}))
+    UpdateObjectEncryptionRequest.add_member(:request_payer, Shapes::ShapeRef.new(shape: RequestPayer, location: "header", location_name: "x-amz-request-payer"))
+    UpdateObjectEncryptionRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
+    UpdateObjectEncryptionRequest.add_member(:content_md5, Shapes::ShapeRef.new(shape: ContentMD5, location: "header", location_name: "Content-MD5"))
+    UpdateObjectEncryptionRequest.add_member(:checksum_algorithm, Shapes::ShapeRef.new(shape: ChecksumAlgorithm, location: "header", location_name: "x-amz-sdk-checksum-algorithm"))
+    UpdateObjectEncryptionRequest.struct_class = Types::UpdateObjectEncryptionRequest
+    UpdateObjectEncryptionRequest[:payload] = :object_encryption
+    UpdateObjectEncryptionRequest[:payload_member] = UpdateObjectEncryptionRequest.member(:object_encryption)
+
+    UpdateObjectEncryptionResponse.add_member(:request_charged, Shapes::ShapeRef.new(shape: RequestCharged, location: "header", location_name: "x-amz-request-charged"))
+    UpdateObjectEncryptionResponse.struct_class = Types::UpdateObjectEncryptionResponse
+
     UploadPartCopyOutput.add_member(:copy_source_version_id, Shapes::ShapeRef.new(shape: CopySourceVersionId, location: "header", location_name: "x-amz-copy-source-version-id"))
     UploadPartCopyOutput.add_member(:copy_part_result, Shapes::ShapeRef.new(shape: CopyPartResult, location_name: "CopyPartResult"))
     UploadPartCopyOutput.add_member(:server_side_encryption, Shapes::ShapeRef.new(shape: ServerSideEncryption, location: "header", location_name: "x-amz-server-side-encryption"))
@@ -3332,6 +3402,14 @@ module Aws::S3
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
       end)
 
+      api.add_operation(:get_bucket_abac, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetBucketAbac"
+        o.http_method = "GET"
+        o.http_request_uri = "/?abac"
+        o.input = Shapes::ShapeRef.new(shape: GetBucketAbacRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetBucketAbacOutput)
+      end)
+
       api.add_operation(:get_bucket_accelerate_configuration, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetBucketAccelerateConfiguration"
         o.http_method = "GET"
@@ -3766,6 +3844,22 @@ module Aws::S3
         )
       end)
 
+      api.add_operation(:put_bucket_abac, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutBucketAbac"
+        o.http_method = "PUT"
+        o.http_request_uri = "/?abac"
+        o.http_checksum = {
+          "requestAlgorithmMember" => "checksum_algorithm",
+          "requestChecksumRequired" => false,
+        }
+        o.http_checksum = {
+          "requestAlgorithmMember" => "checksum_algorithm",
+          "requestChecksumRequired" => false,
+        }
+        o.input = Shapes::ShapeRef.new(shape: PutBucketAbacRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+      end)
+
       api.add_operation(:put_bucket_accelerate_configuration, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutBucketAccelerateConfiguration"
         o.http_method = "PUT"
@@ -4060,6 +4154,7 @@ module Aws::S3
           "requestAlgorithmMember" => "checksum_algorithm",
           "requestChecksumRequired" => false,
         }
+        o['unsignedPayload'] = true
         o.input = Shapes::ShapeRef.new(shape: PutObjectRequest)
         o.output = Shapes::ShapeRef.new(shape: PutObjectOutput)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequest)
@@ -4236,6 +4331,25 @@ module Aws::S3
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
       end)
 
+      api.add_operation(:update_object_encryption, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateObjectEncryption"
+        o.http_method = "PUT"
+        o.http_request_uri = "/{Key+}?encryption"
+        o.http_checksum = {
+          "requestAlgorithmMember" => "checksum_algorithm",
+          "requestChecksumRequired" => true,
+        }
+        o.http_checksum = {
+          "requestAlgorithmMember" => "checksum_algorithm",
+          "requestChecksumRequired" => true,
+        }
+        o.input = Shapes::ShapeRef.new(shape: UpdateObjectEncryptionRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateObjectEncryptionResponse)
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchKey)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequest)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDenied)
+      end)
+
       api.add_operation(:upload_part, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UploadPart"
         o.http_method = "PUT"
@@ -4248,6 +4362,7 @@ module Aws::S3
           "requestAlgorithmMember" => "checksum_algorithm",
           "requestChecksumRequired" => false,
         }
+        o['unsignedPayload'] = true
         o.input = Shapes::ShapeRef.new(shape: UploadPartRequest)
         o.output = Shapes::ShapeRef.new(shape: UploadPartOutput)
       end)

data/lib/aws-sdk-s3/customizations/object.rb

@@ -358,8 +358,8 @@ module Aws
       #   {Client#complete_multipart_upload},
       #   and {Client#upload_part} can be provided.
       #
-      # @option options [Integer] :thread_count (10) The number of parallel
-      #   multipart uploads
+      # @option options [Integer] :thread_count (10) The number of parallel multipart uploads.
+      #   An additional thread is used internally for task coordination.
       #
       # @option options [Boolean] :tempfile (false) Normally read data is stored
       #   in memory when building the parts in order to complete the underlying
@@ -383,21 +383,21 @@ module Aws
       # @see Client#complete_multipart_upload
       # @see Client#upload_part
       def upload_stream(options = {}, &block)
-        uploading_options = options.dup
+        upload_opts = options.merge(bucket: bucket_name, key: key)
+        executor = DefaultExecutor.new(max_threads: upload_opts.delete(:thread_count))
         uploader = MultipartStreamUploader.new(
           client: client,
-          thread_count: uploading_options.delete(:thread_count),
-          tempfile: uploading_options.delete(:tempfile),
-          part_size: uploading_options.delete(:part_size)
+          executor: executor,
+          tempfile: upload_opts.delete(:tempfile),
+          part_size: upload_opts.delete(:part_size)
         )
         Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
-          uploader.upload(
-            uploading_options.merge(bucket: bucket_name, key: key),
-            &block
-          )
+          uploader.upload(upload_opts, &block)
         end
+        executor.shutdown
         true
       end
+      deprecated(:upload_stream, use: 'Aws::S3::TransferManager#upload_stream', version: 'next major version')
 
       # Uploads a file from disk to the current object in S3.
       #
@@ -457,14 +457,21 @@ module Aws
       # @see Client#complete_multipart_upload
       # @see Client#upload_part
       def upload_file(source, options = {})
-        uploading_options = options.dup
-        uploader = FileUploader.new(multipart_threshold: uploading_options.delete(:multipart_threshold), client: client)
+        upload_opts = options.merge(bucket: bucket_name, key: key)
+        executor = DefaultExecutor.new(max_threads: upload_opts.delete(:thread_count))
+        uploader = FileUploader.new(
+          client: client,
+          executor: executor,
+          multipart_threshold: upload_opts.delete(:multipart_threshold)
+        )
         response = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
-          uploader.upload(source, uploading_options.merge(bucket: bucket_name, key: key))
+          uploader.upload(source, upload_opts)
         end
         yield response if block_given?
+        executor.shutdown
         true
       end
+      deprecated(:upload_file, use: 'Aws::S3::TransferManager#upload_file', version: 'next major version')
 
       # Downloads a file in S3 to a path on disk.
       #
@@ -486,7 +493,16 @@ module Aws
       #     end
       #     obj.download_file('/path/to/file', progress_callback: progress)
       #
-      # @param [String] destination Where to download the file to.
+      # @param [String, Pathname, File, Tempfile] destination
+      #   Where to download the file to. This can either be a String or Pathname to the file, an open File object,
+      #   or an open Tempfile object. If you pass an open File or Tempfile object, then you are responsible for
+      #   closing it after the download completes. Download behavior varies by destination type:
+      #
+      #   * **String/Pathname paths**: Downloads to a temporary file first, then atomically moves to the final
+      #    destination. This prevents corruption of any existing file if the download fails.
+      #   * **File/Tempfile objects**: Downloads directly to the file object without using temporary files.
+      #    You are responsible for managing the file object's state and closing it after the download completes.
+      #    If the download fails, the file object may contain partial data.
       #
       # @param [Hash] options
       #   Additional options for {Client#get_object} and #{Client#head_object} may be provided.
@@ -501,15 +517,10 @@ module Aws
       #
       # @option options [Integer] :thread_count (10) Customize threads used in the multipart download.
       #
-      # @option options [String] :version_id The object version id used to retrieve the object.
-      #
-      #     @see https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectVersioning.html ObjectVersioning
-      #
       # @option options [String] :checksum_mode ("ENABLED")
-      #   When `"ENABLED"` and the object has a stored checksum, it will be used to validate the download and will
-      #   raise an `Aws::Errors::ChecksumError` if checksum validation fails. You may provide a `on_checksum_validated`
-      #   callback if you need to verify that validation occurred and which algorithm was used.
-      #   To disable checksum validation, set `checksum_mode` to `"DISABLED"`.
+      #   This option is deprecated. Use `:response_checksum_validation` on your S3 client instead.
+      #   To disable checksum validation, set `response_checksum_validation: 'when_required'`
+      #   when creating your S3 client.
       #
       # @option options [Callable] :on_checksum_validated
       #   Called each time a request's checksum is validated with the checksum algorithm and the
@@ -528,12 +539,16 @@ module Aws
       # @see Client#get_object
       # @see Client#head_object
       def download_file(destination, options = {})
-        downloader = FileDownloader.new(client: client)
+        download_opts = options.merge(bucket: bucket_name, key: key)
+        executor = DefaultExecutor.new(max_threads: download_opts.delete([:thread_count]))
+        downloader = FileDownloader.new(client: client, executor: executor)
         Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
-          downloader.download(destination, options.merge(bucket: bucket_name, key: key))
+          downloader.download(destination, download_opts)
         end
+        executor.shutdown
         true
       end
+      deprecated(:download_file, use: 'Aws::S3::TransferManager#download_file', version: 'next major version')
 
       class Collection < Aws::Resources::Collection
         alias_method :delete, :batch_delete!

data/lib/aws-sdk-s3/customizations.rb

@@ -6,7 +6,9 @@ module Aws
     autoload :BucketRegionCache, 'aws-sdk-s3/bucket_region_cache'
     autoload :Encryption, 'aws-sdk-s3/encryption'
     autoload :EncryptionV2, 'aws-sdk-s3/encryption_v2'
+    autoload :EncryptionV3, 'aws-sdk-s3/encryption_v3'
     autoload :FilePart, 'aws-sdk-s3/file_part'
+    autoload :DefaultExecutor, 'aws-sdk-s3/default_executor'
     autoload :FileUploader, 'aws-sdk-s3/file_uploader'
     autoload :FileDownloader, 'aws-sdk-s3/file_downloader'
     autoload :LegacySigner, 'aws-sdk-s3/legacy_signer'
@@ -18,13 +20,13 @@ module Aws
     autoload :ObjectMultipartCopier, 'aws-sdk-s3/object_multipart_copier'
     autoload :PresignedPost, 'aws-sdk-s3/presigned_post'
     autoload :Presigner, 'aws-sdk-s3/presigner'
+    autoload :TransferManager, 'aws-sdk-s3/transfer_manager'
 
     # s3 express session auth
     autoload :ExpressCredentials, 'aws-sdk-s3/express_credentials'
     autoload :ExpressCredentialsProvider, 'aws-sdk-s3/express_credentials_provider'
 
     # s3 access grants auth
-
     autoload :AccessGrantsCredentials, 'aws-sdk-s3/access_grants_credentials'
     autoload :AccessGrantsCredentialsProvider, 'aws-sdk-s3/access_grants_credentials_provider'
   end

data/lib/aws-sdk-s3/default_executor.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    # @api private
+    class DefaultExecutor
+      DEFAULT_MAX_THREADS = 10
+      RUNNING = :running
+      SHUTTING_DOWN = :shutting_down
+      SHUTDOWN = :shutdown
+
+      def initialize(options = {})
+        @max_threads = options[:max_threads] || DEFAULT_MAX_THREADS
+        @state = RUNNING
+        @queue = Queue.new
+        @pool = []
+        @mutex = Mutex.new
+      end
+
+      # Submits a task for execution.
+      # @param [Object] args Variable number of arguments to pass to the block
+      # @param [Proc] block The block to be executed
+      # @return [Boolean] Returns true if the task was submitted successfully
+      def post(*args, &block)
+        @mutex.synchronize do
+          raise 'Executor has been shutdown and is no longer accepting tasks' unless @state == RUNNING
+
+          @queue << [args, block]
+          ensure_worker_available
+        end
+        true
+      end
+
+      # Immediately terminates all worker threads and clears pending tasks.
+      # This is a forceful shutdown that doesn't wait for running tasks to complete.
+      #
+      # @return [Boolean] true when termination is complete
+      def kill
+        @mutex.synchronize do
+          @state = SHUTDOWN
+          @pool.each(&:kill)
+          @pool.clear
+          @queue.clear
+        end
+        true
+      end
+
+      # Gracefully shuts down the executor, optionally with a timeout.
+      # Stops accepting new tasks and waits for running tasks to complete.
+      #
+      # @param timeout [Numeric, nil] Maximum time in seconds to wait for shutdown.
+      #   If nil, waits indefinitely. If timeout expires, remaining threads are killed.
+      # @return [Boolean] true when shutdown is complete
+      def shutdown(timeout = nil)
+        @mutex.synchronize do
+          return true if @state == SHUTDOWN
+
+          @state = SHUTTING_DOWN
+          @pool.size.times { @queue << :shutdown }
+        end
+
+        if timeout
+          deadline = Time.now + timeout
+          @pool.each do |thread|
+            remaining = deadline - Time.now
+            break if remaining <= 0
+
+            thread.join([remaining, 0].max)
+          end
+          @pool.select(&:alive?).each(&:kill)
+        else
+          @pool.each(&:join)
+        end
+
+        @mutex.synchronize do
+          @pool.clear
+          @state = SHUTDOWN
+        end
+        true
+      end
+
+      private
+
+      def ensure_worker_available
+        return unless @state == RUNNING
+
+        @pool.select!(&:alive?)
+        @pool << spawn_worker if @pool.size < @max_threads
+      end
+
+      def spawn_worker
+        Thread.new do
+          while (job = @queue.shift)
+            break if job == :shutdown
+
+            args, block = job
+            block.call(*args)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/encryption/client.rb

@@ -6,9 +6,9 @@ module Aws
   module S3
 
     # [MAINTENANCE MODE] There is a new version of the Encryption Client.
-    # AWS strongly recommends upgrading to the {Aws::S3::EncryptionV2::Client},
+    # AWS strongly recommends upgrading to the {Aws::S3::EncryptionV3::Client},
     # which provides updated data security best practices.
-    # See documentation for {Aws::S3::EncryptionV2::Client}.
+    # See documentation for {Aws::S3::EncryptionV3::Client}.
     # Provides an encryption client that encrypts and decrypts data client-side,
     # storing the encrypted data in Amazon S3.
     #

data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb

@@ -16,6 +16,8 @@ module Aws
         #   envelope and encryption cipher.
         def encryption_cipher
           cipher = Utils.aes_encryption_cipher(:CBC)
+          ##= ../specification/s3-encryption/data-format/content-metadata.md#algorithm-suite-and-message-format-version-compatibility
+          ##% Objects encrypted with ALG_AES_256_CBC_IV16_NO_KDF MAY use either the V1 or V2 message format version.
           envelope = {
             'x-amz-key' => encode64(encrypt(envelope_key(cipher))),
             'x-amz-iv' => encode64(envelope_iv(cipher)),

data/lib/aws-sdk-s3/encryption/encrypt_handler.rb

@@ -38,6 +38,8 @@ module Aws
           io = StringIO.new(io) if String === io
           context.params[:body] = IOEncrypter.new(cipher, io)
           context.params[:metadata] ||= {}
+          ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+          ##% - The mapkey "x-amz-unencrypted-content-length" SHOULD be present for V1 format objects.
           context.params[:metadata]['x-amz-unencrypted-content-length'] = io.size
           if context.params.delete(:content_md5)
             warn('Setting content_md5 on client side encrypted objects is deprecated')

data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb

@@ -26,6 +26,8 @@ module Aws
           end
           cipher = Utils.aes_encryption_cipher(:CBC)
           cipher.key = key_data.plaintext
+          ##= ../specification/s3-encryption/data-format/content-metadata.md#algorithm-suite-and-message-format-version-compatibility
+          ##% Objects encrypted with ALG_AES_256_CBC_IV16_NO_KDF MAY use either the V1 or V2 message format version.
           envelope = {
             'x-amz-key-v2' => encode64(key_data.ciphertext_blob),
             'x-amz-iv' => encode64(cipher.iv = cipher.random_iv),