aws-sdk-s3 1.203.0 → 1.205.0

data/lib/aws-sdk-s3/client_api.rb

@@ -14,6 +14,7 @@ module Aws::S3
 
     include Seahorse::Model
 
+    AbacStatus = Shapes::StructureShape.new(name: 'AbacStatus')
     AbortDate = Shapes::TimestampShape.new(name: 'AbortDate')
     AbortIncompleteMultipartUpload = Shapes::StructureShape.new(name: 'AbortIncompleteMultipartUpload')
     AbortMultipartUploadOutput = Shapes::StructureShape.new(name: 'AbortMultipartUploadOutput')
@@ -43,8 +44,10 @@ module Aws::S3
     AnalyticsS3BucketDestination = Shapes::StructureShape.new(name: 'AnalyticsS3BucketDestination')
     AnalyticsS3ExportFileFormat = Shapes::StringShape.new(name: 'AnalyticsS3ExportFileFormat')
     ArchiveStatus = Shapes::StringShape.new(name: 'ArchiveStatus')
+    BlockedEncryptionTypes = Shapes::StructureShape.new(name: 'BlockedEncryptionTypes')
     Body = Shapes::BlobShape.new(name: 'Body')
     Bucket = Shapes::StructureShape.new(name: 'Bucket')
+    BucketAbacStatus = Shapes::StringShape.new(name: 'BucketAbacStatus')
     BucketAccelerateStatus = Shapes::StringShape.new(name: 'BucketAccelerateStatus')
     BucketAlreadyExists = Shapes::StructureShape.new(name: 'BucketAlreadyExists')
     BucketAlreadyOwnedByYou = Shapes::StructureShape.new(name: 'BucketAlreadyOwnedByYou')
@@ -177,6 +180,8 @@ module Aws::S3
     EncodingType = Shapes::StringShape.new(name: 'EncodingType')
     Encryption = Shapes::StructureShape.new(name: 'Encryption')
     EncryptionConfiguration = Shapes::StructureShape.new(name: 'EncryptionConfiguration')
+    EncryptionType = Shapes::StringShape.new(name: 'EncryptionType')
+    EncryptionTypeList = Shapes::ListShape.new(name: 'EncryptionTypeList', flattened: true)
     EncryptionTypeMismatch = Shapes::StructureShape.new(name: 'EncryptionTypeMismatch')
     End = Shapes::IntegerShape.new(name: 'End')
     EndEvent = Shapes::StructureShape.new(name: 'EndEvent')
@@ -208,6 +213,8 @@ module Aws::S3
     FilterRuleList = Shapes::ListShape.new(name: 'FilterRuleList', flattened: true)
     FilterRuleName = Shapes::StringShape.new(name: 'FilterRuleName')
     FilterRuleValue = Shapes::StringShape.new(name: 'FilterRuleValue')
+    GetBucketAbacOutput = Shapes::StructureShape.new(name: 'GetBucketAbacOutput')
+    GetBucketAbacRequest = Shapes::StructureShape.new(name: 'GetBucketAbacRequest')
     GetBucketAccelerateConfigurationOutput = Shapes::StructureShape.new(name: 'GetBucketAccelerateConfigurationOutput')
     GetBucketAccelerateConfigurationRequest = Shapes::StructureShape.new(name: 'GetBucketAccelerateConfigurationRequest')
     GetBucketAclOutput = Shapes::StructureShape.new(name: 'GetBucketAclOutput')
@@ -497,6 +504,7 @@ module Aws::S3
     ProgressEvent = Shapes::StructureShape.new(name: 'ProgressEvent')
     Protocol = Shapes::StringShape.new(name: 'Protocol')
     PublicAccessBlockConfiguration = Shapes::StructureShape.new(name: 'PublicAccessBlockConfiguration')
+    PutBucketAbacRequest = Shapes::StructureShape.new(name: 'PutBucketAbacRequest')
     PutBucketAccelerateConfigurationRequest = Shapes::StructureShape.new(name: 'PutBucketAccelerateConfigurationRequest')
     PutBucketAclRequest = Shapes::StructureShape.new(name: 'PutBucketAclRequest')
     PutBucketAnalyticsConfigurationRequest = Shapes::StructureShape.new(name: 'PutBucketAnalyticsConfigurationRequest')
@@ -686,6 +694,9 @@ module Aws::S3
     WriteOffsetBytes = Shapes::IntegerShape.new(name: 'WriteOffsetBytes')
     Years = Shapes::IntegerShape.new(name: 'Years')
 
+    AbacStatus.add_member(:status, Shapes::ShapeRef.new(shape: BucketAbacStatus, location_name: "Status"))
+    AbacStatus.struct_class = Types::AbacStatus
+
     AbortIncompleteMultipartUpload.add_member(:days_after_initiation, Shapes::ShapeRef.new(shape: DaysAfterInitiation, location_name: "DaysAfterInitiation"))
     AbortIncompleteMultipartUpload.struct_class = Types::AbortIncompleteMultipartUpload
 
@@ -741,6 +752,9 @@ module Aws::S3
     AnalyticsS3BucketDestination.add_member(:prefix, Shapes::ShapeRef.new(shape: Prefix, location_name: "Prefix"))
     AnalyticsS3BucketDestination.struct_class = Types::AnalyticsS3BucketDestination
 
+    BlockedEncryptionTypes.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionTypeList, location_name: "EncryptionType"))
+    BlockedEncryptionTypes.struct_class = Types::BlockedEncryptionTypes
+
     Bucket.add_member(:name, Shapes::ShapeRef.new(shape: BucketName, location_name: "Name"))
     Bucket.add_member(:creation_date, Shapes::ShapeRef.new(shape: CreationDate, location_name: "CreationDate"))
     Bucket.add_member(:bucket_region, Shapes::ShapeRef.new(shape: BucketRegion, location_name: "BucketRegion"))
@@ -1220,6 +1234,8 @@ module Aws::S3
     EncryptionConfiguration.add_member(:replica_kms_key_id, Shapes::ShapeRef.new(shape: ReplicaKmsKeyID, location_name: "ReplicaKmsKeyID"))
     EncryptionConfiguration.struct_class = Types::EncryptionConfiguration
 
+    EncryptionTypeList.member = Shapes::ShapeRef.new(shape: EncryptionType, location_name: "EncryptionType")
+
     EncryptionTypeMismatch.struct_class = Types::EncryptionTypeMismatch
 
     EndEvent.struct_class = Types::EndEvent
@@ -1254,6 +1270,15 @@ module Aws::S3
 
     FilterRuleList.member = Shapes::ShapeRef.new(shape: FilterRule)
 
+    GetBucketAbacOutput.add_member(:abac_status, Shapes::ShapeRef.new(shape: AbacStatus, location_name: "AbacStatus"))
+    GetBucketAbacOutput.struct_class = Types::GetBucketAbacOutput
+    GetBucketAbacOutput[:payload] = :abac_status
+    GetBucketAbacOutput[:payload_member] = GetBucketAbacOutput.member(:abac_status)
+
+    GetBucketAbacRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
+    GetBucketAbacRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
+    GetBucketAbacRequest.struct_class = Types::GetBucketAbacRequest
+
     GetBucketAccelerateConfigurationOutput.add_member(:status, Shapes::ShapeRef.new(shape: BucketAccelerateStatus, location_name: "Status"))
     GetBucketAccelerateConfigurationOutput.add_member(:request_charged, Shapes::ShapeRef.new(shape: RequestCharged, location: "header", location_name: "x-amz-request-charged"))
     GetBucketAccelerateConfigurationOutput.struct_class = Types::GetBucketAccelerateConfigurationOutput
@@ -2294,6 +2319,15 @@ module Aws::S3
     PublicAccessBlockConfiguration.add_member(:restrict_public_buckets, Shapes::ShapeRef.new(shape: Setting, location_name: "RestrictPublicBuckets"))
     PublicAccessBlockConfiguration.struct_class = Types::PublicAccessBlockConfiguration
 
+    PutBucketAbacRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
+    PutBucketAbacRequest.add_member(:content_md5, Shapes::ShapeRef.new(shape: ContentMD5, location: "header", location_name: "Content-MD5"))
+    PutBucketAbacRequest.add_member(:checksum_algorithm, Shapes::ShapeRef.new(shape: ChecksumAlgorithm, location: "header", location_name: "x-amz-sdk-checksum-algorithm"))
+    PutBucketAbacRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
+    PutBucketAbacRequest.add_member(:abac_status, Shapes::ShapeRef.new(shape: AbacStatus, required: true, location_name: "AbacStatus", metadata: {"xmlNamespace" => {"uri" => "http://s3.amazonaws.com/doc/2006-03-01/"}}))
+    PutBucketAbacRequest.struct_class = Types::PutBucketAbacRequest
+    PutBucketAbacRequest[:payload] = :abac_status
+    PutBucketAbacRequest[:payload_member] = PutBucketAbacRequest.member(:abac_status)
+
     PutBucketAccelerateConfigurationRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
     PutBucketAccelerateConfigurationRequest.add_member(:accelerate_configuration, Shapes::ShapeRef.new(shape: AccelerateConfiguration, required: true, location_name: "AccelerateConfiguration", metadata: {"xmlNamespace" => {"uri" => "http://s3.amazonaws.com/doc/2006-03-01/"}}))
     PutBucketAccelerateConfigurationRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
@@ -2843,6 +2877,7 @@ module Aws::S3
 
     ServerSideEncryptionRule.add_member(:apply_server_side_encryption_by_default, Shapes::ShapeRef.new(shape: ServerSideEncryptionByDefault, location_name: "ApplyServerSideEncryptionByDefault"))
     ServerSideEncryptionRule.add_member(:bucket_key_enabled, Shapes::ShapeRef.new(shape: BucketKeyEnabled, location_name: "BucketKeyEnabled"))
+    ServerSideEncryptionRule.add_member(:blocked_encryption_types, Shapes::ShapeRef.new(shape: BlockedEncryptionTypes, location_name: "BlockedEncryptionTypes"))
     ServerSideEncryptionRule.struct_class = Types::ServerSideEncryptionRule
 
     ServerSideEncryptionRules.member = Shapes::ShapeRef.new(shape: ServerSideEncryptionRule)
@@ -3334,6 +3369,14 @@ module Aws::S3
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
       end)
 
+      api.add_operation(:get_bucket_abac, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetBucketAbac"
+        o.http_method = "GET"
+        o.http_request_uri = "/?abac"
+        o.input = Shapes::ShapeRef.new(shape: GetBucketAbacRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetBucketAbacOutput)
+      end)
+
       api.add_operation(:get_bucket_accelerate_configuration, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetBucketAccelerateConfiguration"
         o.http_method = "GET"
@@ -3768,6 +3811,22 @@ module Aws::S3
         )
       end)
 
+      api.add_operation(:put_bucket_abac, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutBucketAbac"
+        o.http_method = "PUT"
+        o.http_request_uri = "/?abac"
+        o.http_checksum = {
+          "requestAlgorithmMember" => "checksum_algorithm",
+          "requestChecksumRequired" => false,
+        }
+        o.http_checksum = {
+          "requestAlgorithmMember" => "checksum_algorithm",
+          "requestChecksumRequired" => false,
+        }
+        o.input = Shapes::ShapeRef.new(shape: PutBucketAbacRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+      end)
+
       api.add_operation(:put_bucket_accelerate_configuration, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutBucketAccelerateConfiguration"
         o.http_method = "PUT"

data/lib/aws-sdk-s3/customizations/object.rb

@@ -518,10 +518,9 @@ module Aws
       # @option options [Integer] :thread_count (10) Customize threads used in the multipart download.
       #
       # @option options [String] :checksum_mode ("ENABLED")
-      #   When `"ENABLED"` and the object has a stored checksum, it will be used to validate the download and will
-      #   raise an `Aws::Errors::ChecksumError` if checksum validation fails. You may provide a `on_checksum_validated`
-      #   callback if you need to verify that validation occurred and which algorithm was used.
-      #   To disable checksum validation, set `checksum_mode` to `"DISABLED"`.
+      #   This option is deprecated. Use `:response_checksum_validation` on your S3 client instead.
+      #   To disable checksum validation, set `response_checksum_validation: 'when_required'`
+      #   when creating your S3 client.
       #
       # @option options [Callable] :on_checksum_validated
       #   Called each time a request's checksum is validated with the checksum algorithm and the

data/lib/aws-sdk-s3/endpoints.rb

@@ -337,6 +337,17 @@ module Aws::S3
       end
     end
 
+    class GetBucketAbac
+      def self.build(context)
+        Aws::S3::EndpointParameters.create(
+          context.config,
+          bucket: context.params[:bucket],
+          use_dual_stack: context[:use_dualstack_endpoint],
+          accelerate: context[:use_accelerate_endpoint],
+        )
+      end
+    end
+
     class GetBucketAccelerateConfiguration
       def self.build(context)
         Aws::S3::EndpointParameters.create(
@@ -878,6 +889,17 @@ module Aws::S3
       end
     end
 
+    class PutBucketAbac
+      def self.build(context)
+        Aws::S3::EndpointParameters.create(
+          context.config,
+          bucket: context.params[:bucket],
+          use_dual_stack: context[:use_dualstack_endpoint],
+          accelerate: context[:use_accelerate_endpoint],
+        )
+      end
+    end
+
     class PutBucketAccelerateConfiguration
       def self.build(context)
         Aws::S3::EndpointParameters.create(
@@ -1348,6 +1370,8 @@ module Aws::S3
         DeleteObjects.build(context)
       when :delete_public_access_block
         DeletePublicAccessBlock.build(context)
+      when :get_bucket_abac
+        GetBucketAbac.build(context)
       when :get_bucket_accelerate_configuration
         GetBucketAccelerateConfiguration.build(context)
       when :get_bucket_acl
@@ -1440,6 +1464,8 @@ module Aws::S3
         ListObjectsV2.build(context)
       when :list_parts
         ListParts.build(context)
+      when :put_bucket_abac
+        PutBucketAbac.build(context)
       when :put_bucket_accelerate_configuration
         PutBucketAccelerateConfiguration.build(context)
       when :put_bucket_acl

data/lib/aws-sdk-s3/file_downloader.rb

@@ -90,12 +90,29 @@ module Aws
         raise error unless error.nil?
       end
 
+      def handle_checksum_mode_option(option_key, opts)
+        return false unless option_key == :checksum_mode && opts[:checksum_mode] == 'DISABLED'
+
+        msg = ':checksum_mode option is deprecated. Checksums will be validated by default. ' \
+          'To disable checksum validation, set :response_checksum_validation to "when_required" on your S3 client.'
+        warn(msg)
+        true
+      end
+
       def get_opts(opts)
-        GET_OPTIONS.each_with_object({}) { |k, h| h[k] = opts[k] if opts.key?(k) }
+        GET_OPTIONS.each_with_object({}) do |k, h|
+          next if k == :checksum_mode
+
+          h[k] = opts[k] if opts.key?(k)
+        end
       end
 
       def head_opts(opts)
-        HEAD_OPTIONS.each_with_object({}) { |k, h| h[k] = opts[k] if opts.key?(k) }
+        HEAD_OPTIONS.each_with_object({}) do |k, h|
+          next if handle_checksum_mode_option(k, opts)
+
+          h[k] = opts[k] if opts.key?(k)
+        end
       end
 
       def compute_chunk(chunk_size, file_size)

data/lib/aws-sdk-s3/transfer_manager.rb

@@ -124,10 +124,9 @@ module Aws
       #   Only used when no custom executor is provided (creates {DefaultExecutor} with given thread count).
       #
       # @option options [String] :checksum_mode ("ENABLED")
-      #   When `"ENABLED"` and the object has a stored checksum, it will be used to validate the download and will
-      #   raise an `Aws::Errors::ChecksumError` if checksum validation fails. You may provide a `on_checksum_validated`
-      #   callback if you need to verify that validation occurred and which algorithm was used.
-      #   To disable checksum validation, set `checksum_mode` to `"DISABLED"`.
+      #   This option is deprecated. Use `:response_checksum_validation` on your S3 client instead.
+      #   To disable checksum validation, set `response_checksum_validation: 'when_required'`
+      #   when creating your S3 client.
       #
       # @option options [Callable] :on_checksum_validated
       #   Called each time a request's checksum is validated with the checksum algorithm and the

data/lib/aws-sdk-s3/types.rb

@@ -10,6 +10,29 @@
 module Aws::S3
   module Types
 
+    # The ABAC status of the general purpose bucket. When ABAC is enabled
+    # for the general purpose bucket, you can use tags to manage access to
+    # the general purpose buckets as well as for cost tracking purposes.
+    # When ABAC is disabled for the general purpose buckets, you can only
+    # use tags for cost tracking purposes. For more information, see [Using
+    # tags with S3 general purpose buckets][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging.html
+    #
+    # @!attribute [rw] status
+    #   The ABAC status of the general purpose bucket.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbacStatus AWS API Documentation
+    #
+    class AbacStatus < Struct.new(
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the days since the initiation of an incomplete multipart
     # upload that Amazon S3 will wait before permanently removing all parts
     # of the upload. For more information, see [ Aborting Incomplete
@@ -355,6 +378,63 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # A bucket-level setting for Amazon S3 general purpose buckets used to
+    # prevent the upload of new objects encrypted with the specified
+    # server-side encryption type. For example, blocking an encryption type
+    # will block `PutObject`, `CopyObject`, `PostObject`, multipart upload,
+    # and replication requests to the bucket for objects with the specified
+    # encryption type. However, you can continue to read and list any
+    # pre-existing objects already encrypted with the specified encryption
+    # type. For more information, see [Blocking an encryption type for a
+    # general purpose bucket][1].
+    #
+    # This data type is used with the following actions:
+    #
+    # * [PutBucketEncryption][2]
+    #
+    # * [GetBucketEncryption][3]
+    #
+    # * [DeleteBucketEncryption][4]
+    #
+    # Permissions
+    #
+    # : You must have the `s3:PutEncryptionConfiguration` permission to
+    #   block or unblock an encryption type for a bucket.
+    #
+    #   You must have the `s3:GetEncryptionConfiguration` permission to view
+    #   a bucket's encryption type.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/userguide/block-encryption-type.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
+    #
+    # @!attribute [rw] encryption_type
+    #   The object encryption type that you want to block or unblock for an
+    #   Amazon S3 general purpose bucket.
+    #
+    #   <note markdown="1"> Currently, this parameter only supports blocking or unblocking
+    #   server side encryption with customer-provided keys (SSE-C). For more
+    #   information about SSE-C, see [Using server-side encryption with
+    #   customer-provided keys (SSE-C)][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/BlockedEncryptionTypes AWS API Documentation
+    #
+    class BlockedEncryptionTypes < Struct.new(
+      :encryption_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # In terms of implementation, a Bucket is a resource.
     #
     # @!attribute [rw] name
@@ -2740,11 +2820,11 @@ module Aws::S3
     #   creating. Tags are key-value pairs of metadata used to categorize
     #   and organize your buckets, track costs, and control access.
     #
-    #   <note markdown="1"> * This parameter is only supported for S3 directory buckets. For
-    #     more information, see [Using tags with directory buckets][1].
+    #   <note markdown="1"> This parameter is only supported for S3 directory buckets. For more
+    #   information, see [Using tags with directory buckets][1].
     #
-    #   * You must have the `s3express:TagResource` permission to create a
-    #     directory bucket with tags.
+    #    You must have the `s3express:TagResource` permission to create a
+    #   directory bucket with tags.
     #
     #    </note>
     #
@@ -6365,6 +6445,36 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] abac_status
+    #   The ABAC status of the general purpose bucket.
+    #   @return [Types::AbacStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAbacOutput AWS API Documentation
+    #
+    class GetBucketAbacOutput < Struct.new(
+      :abac_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] bucket
+    #   The name of the general purpose bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The Amazon Web Services account ID of the general purpose bucket's
+    #   owner.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAbacRequest AWS API Documentation
+    #
+    class GetBucketAbacRequest < Struct.new(
+      :bucket,
+      :expected_bucket_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] status
     #   The accelerate configuration of the bucket.
     #   @return [String]
@@ -14239,6 +14349,58 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] bucket
+    #   The name of the general purpose bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] content_md5
+    #   The MD5 hash of the `PutBucketAbac` request body.
+    #
+    #   For requests made using the Amazon Web Services Command Line
+    #   Interface (CLI) or Amazon Web Services SDKs, this field is
+    #   calculated automatically.
+    #   @return [String]
+    #
+    # @!attribute [rw] checksum_algorithm
+    #   Indicates the algorithm that you want Amazon S3 to use to create the
+    #   checksum. For more information, see [ Checking object integrity][1]
+    #   in the *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The Amazon Web Services account ID of the general purpose bucket's
+    #   owner.
+    #   @return [String]
+    #
+    # @!attribute [rw] abac_status
+    #   The ABAC status of the general purpose bucket. When ABAC is enabled
+    #   for the general purpose bucket, you can use tags to manage access to
+    #   the general purpose buckets as well as for cost tracking purposes.
+    #   When ABAC is disabled for the general purpose buckets, you can only
+    #   use tags for cost tracking purposes. For more information, see
+    #   [Using tags with S3 general purpose buckets][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging.html
+    #   @return [Types::AbacStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAbacRequest AWS API Documentation
+    #
+    class PutBucketAbacRequest < Struct.new(
+      :bucket,
+      :content_md5,
+      :checksum_algorithm,
+      :expected_bucket_owner,
+      :abac_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] bucket
     #   The name of the bucket for which the accelerate configuration is
     #   set.
@@ -17253,7 +17415,7 @@ module Aws::S3
     #   record frame. To ensure continuous streaming of data, S3 Select
     #   might split the same record across multiple record frames instead of
     #   aggregating the results in memory. Some S3 clients (for example, the
-    #   SDKforJava) handle this behavior by creating a `ByteStream` out of
+    #   SDK for Java) handle this behavior by creating a `ByteStream` out of
     #   the response by default. Other clients might not handle this
     #   behavior by default. In those cases, you must aggregate the results
     #   on the client side and parse the response.
@@ -18745,11 +18907,36 @@ module Aws::S3
     #   [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
     #   @return [Boolean]
     #
+    # @!attribute [rw] blocked_encryption_types
+    #   A bucket-level setting for Amazon S3 general purpose buckets used to
+    #   prevent the upload of new objects encrypted with the specified
+    #   server-side encryption type. For example, blocking an encryption
+    #   type will block `PutObject`, `CopyObject`, `PostObject`, multipart
+    #   upload, and replication requests to the bucket for objects with the
+    #   specified encryption type. However, you can continue to read and
+    #   list any pre-existing objects already encrypted with the specified
+    #   encryption type. For more information, see [Blocking an encryption
+    #   type for a general purpose bucket][1].
+    #
+    #   <note markdown="1"> Currently, this parameter only supports blocking or unblocking
+    #   Server Side Encryption with Customer Provided Keys (SSE-C). For more
+    #   information about SSE-C, see [Using server-side encryption with
+    #   customer-provided keys (SSE-C)][2].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/userguide/block-encryption-type.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
+    #   @return [Types::BlockedEncryptionTypes]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionRule AWS API Documentation
     #
     class ServerSideEncryptionRule < Struct.new(
       :apply_server_side_encryption_by_default,
-      :bucket_key_enabled)
+      :bucket_key_enabled,
+      :blocked_encryption_types)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-s3.rb

@@ -75,7 +75,7 @@ module Aws::S3
   autoload :ObjectVersion, 'aws-sdk-s3/object_version'
   autoload :EventStreams, 'aws-sdk-s3/event_streams'
 
-  GEM_VERSION = '1.203.0'
+  GEM_VERSION = '1.205.0'
 
 end
 

data/sig/client.rbs

@@ -554,6 +554,17 @@ module Aws
                                       ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      interface _GetBucketAbacResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetBucketAbacOutput]
+        def abac_status: () -> Types::AbacStatus
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#get_bucket_abac-instance_method
+      def get_bucket_abac: (
+                             bucket: ::String,
+                             ?expected_bucket_owner: ::String
+                           ) -> _GetBucketAbacResponseSuccess
+                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetBucketAbacResponseSuccess
+
       interface _GetBucketAccelerateConfigurationResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetBucketAccelerateConfigurationOutput]
         def status: () -> ("Enabled" | "Suspended")
@@ -1353,6 +1364,18 @@ module Aws
                       ) -> _ListPartsResponseSuccess
                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListPartsResponseSuccess
 
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_bucket_abac-instance_method
+      def put_bucket_abac: (
+                             bucket: ::String,
+                             ?content_md5: ::String,
+                             ?checksum_algorithm: ("CRC32" | "CRC32C" | "SHA1" | "SHA256" | "CRC64NVME"),
+                             ?expected_bucket_owner: ::String,
+                             abac_status: {
+                               status: ("Enabled" | "Disabled")?
+                             }
+                           ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_bucket_accelerate_configuration-instance_method
       def put_bucket_accelerate_configuration: (
                                                  bucket: ::String,
@@ -1470,7 +1493,10 @@ module Aws
                                            sse_algorithm: ("AES256" | "aws:fsx" | "aws:kms" | "aws:kms:dsse"),
                                            kms_master_key_id: ::String?
                                          }?,
-                                         bucket_key_enabled: bool?
+                                         bucket_key_enabled: bool?,
+                                         blocked_encryption_types: {
+                                           encryption_type: Array[("NONE" | "SSE-C")]?
+                                         }?
                                        },
                                      ]
                                    },

data/sig/types.rbs

@@ -8,6 +8,11 @@
 module Aws::S3
   module Types
 
+    class AbacStatus
+      attr_accessor status: ("Enabled" | "Disabled")
+      SENSITIVE: []
+    end
+
     class AbortIncompleteMultipartUpload
       attr_accessor days_after_initiation: ::Integer
       SENSITIVE: []
@@ -77,6 +82,11 @@ module Aws::S3
       SENSITIVE: []
     end
 
+    class BlockedEncryptionTypes
+      attr_accessor encryption_type: ::Array[("NONE" | "SSE-C")]
+      SENSITIVE: []
+    end
+
     class Bucket
       attr_accessor name: ::String
       attr_accessor creation_date: ::Time
@@ -696,6 +706,17 @@ module Aws::S3
       SENSITIVE: []
     end
 
+    class GetBucketAbacOutput
+      attr_accessor abac_status: Types::AbacStatus
+      SENSITIVE: []
+    end
+
+    class GetBucketAbacRequest
+      attr_accessor bucket: ::String
+      attr_accessor expected_bucket_owner: ::String
+      SENSITIVE: []
+    end
+
     class GetBucketAccelerateConfigurationOutput
       attr_accessor status: ("Enabled" | "Suspended")
       attr_accessor request_charged: ("requester")
@@ -1993,6 +2014,15 @@ module Aws::S3
       SENSITIVE: []
     end
 
+    class PutBucketAbacRequest
+      attr_accessor bucket: ::String
+      attr_accessor content_md5: ::String
+      attr_accessor checksum_algorithm: ("CRC32" | "CRC32C" | "SHA1" | "SHA256" | "CRC64NVME")
+      attr_accessor expected_bucket_owner: ::String
+      attr_accessor abac_status: Types::AbacStatus
+      SENSITIVE: []
+    end
+
     class PutBucketAccelerateConfigurationRequest
       attr_accessor bucket: ::String
       attr_accessor accelerate_configuration: Types::AccelerateConfiguration
@@ -2607,6 +2637,7 @@ module Aws::S3
     class ServerSideEncryptionRule
       attr_accessor apply_server_side_encryption_by_default: Types::ServerSideEncryptionByDefault
       attr_accessor bucket_key_enabled: bool
+      attr_accessor blocked_encryption_types: Types::BlockedEncryptionTypes
       SENSITIVE: []
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-s3
 version: !ruby/object:Gem::Version
-  version: 1.203.0
+  version: 1.205.0
 platform: ruby
 authors:
 - Amazon Web Services