aws-sdk-s3 1.76.0 → 1.80.0

data/lib/aws-sdk-s3/client.rb

@@ -119,13 +119,28 @@ module Aws::S3
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
     #
+    #     * `Aws::SharedCredentials` - Used for loading static credentials from a
+    #       shared file, such as `~/.aws/config`.
+    #
+    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #     * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+    #       assume a role after providing credentials via the web.
+    #
+    #     * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     * `Aws::ProcessCredentials` - Used for loading credentials from a
+    #       process that outputs to stdout.
+    #
     #     * `Aws::InstanceProfileCredentials` - Used for loading credentials
     #       from an EC2 IMDS on an EC2 instance.
     #
-    #     * `Aws::SharedCredentials` - Used for loading credentials from a
-    #       shared file, such as `~/.aws/config`.
+    #     * `Aws::ECSCredentials` - Used for loading credentials from
+    #       instances running in ECS.
     #
-    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+    #       from the Cognito Identity service.
     #
     #     When `:credentials` are not configured directly, the following
     #     locations will be searched for credentials:
@@ -135,10 +150,10 @@ module Aws::S3
     #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
-    #     * EC2 IMDS instance profile - When used by default, the timeouts are
-    #       very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` to enable retries and extended
-    #       timeouts.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
+    #       are very aggressive. Construct and pass an instance of
+    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -461,6 +476,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::AbortMultipartUploadOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::AbortMultipartUploadOutput#request_charged #request_charged} => String
@@ -487,6 +507,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     upload_id: "MultipartUploadId", # required
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -613,6 +634,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::CompleteMultipartUploadOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CompleteMultipartUploadOutput#location #location} => String
@@ -671,6 +697,7 @@ module Aws::S3
     #     },
     #     upload_id: "MultipartUploadId", # required
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -897,8 +924,41 @@ module Aws::S3
     #   A standard MIME type describing the format of the object data.
     #
     # @option params [required, String] :copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and the key of the source object, separated by
+    #     a slash (/). For example, to copy the object `reports/january.pdf`
+    #     from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through access
+    #     point `my-access-point` owned by account `123456789012` in Region
+    #     `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when the
+    #     source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #
     # @option params [String] :copy_source_if_match
     #   Copies the object if its entity tag (ETag) matches the specified tag.
@@ -1029,6 +1089,16 @@ module Aws::S3
     # @option params [String] :object_lock_legal_hold_status
     #   Specifies whether you want to apply a Legal Hold to the copied object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #
+    # @option params [String] :expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with an
+    #   HTTP `403 (Access Denied)` error.
+    #
     # @return [Types::CopyObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CopyObjectOutput#copy_object_result #copy_object_result} => Types::CopyObjectResult
@@ -1103,6 +1173,8 @@ module Aws::S3
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #     object_lock_retain_until_date: Time.now,
     #     object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #     expected_bucket_owner: "AccountId",
+    #     expected_source_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -1305,7 +1377,7 @@ module Aws::S3
     #     acl: "private", # accepts private, public-read, public-read-write, authenticated-read
     #     bucket: "BucketName", # required
     #     create_bucket_configuration: {
-    #       location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #       location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
     #     },
     #     grant_full_control: "GrantFullControl",
     #     grant_read: "GrantRead",
@@ -1677,6 +1749,11 @@ module Aws::S3
     #   Specifies whether you want to apply a Legal Hold to the uploaded
     #   object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::CreateMultipartUploadOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateMultipartUploadOutput#abort_date #abort_date} => Time
@@ -1740,6 +1817,7 @@ module Aws::S3
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #     object_lock_retain_until_date: Time.now,
     #     object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -1783,6 +1861,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   Specifies the bucket being deleted.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -1798,6 +1881,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucket AWS API Documentation
@@ -1847,6 +1931,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID that identifies the analytics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -1854,6 +1943,7 @@ module Aws::S3
     #   resp = client.delete_bucket_analytics_configuration({
     #     bucket: "BucketName", # required
     #     id: "AnalyticsId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfiguration AWS API Documentation
@@ -1889,6 +1979,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   Specifies the bucket whose `cors` configuration is being deleted.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -1904,6 +1999,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_cors({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCors AWS API Documentation
@@ -1946,12 +2042,18 @@ module Aws::S3
     #   The name of the bucket containing the server-side encryption
     #   configuration to delete.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_bucket_encryption({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryption AWS API Documentation
@@ -2000,6 +2102,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID used to identify the inventory configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -2007,6 +2114,7 @@ module Aws::S3
     #   resp = client.delete_bucket_inventory_configuration({
     #     bucket: "BucketName", # required
     #     id: "InventoryId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfiguration AWS API Documentation
@@ -2050,6 +2158,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name of the lifecycle to delete.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2065,6 +2178,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_lifecycle({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycle AWS API Documentation
@@ -2116,6 +2230,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID used to identify the metrics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -2123,6 +2242,7 @@ module Aws::S3
     #   resp = client.delete_bucket_metrics_configuration({
     #     bucket: "BucketName", # required
     #     id: "MetricsId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfiguration AWS API Documentation
@@ -2168,6 +2288,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2183,6 +2308,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_policy({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicy AWS API Documentation
@@ -2228,6 +2354,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2243,6 +2374,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_replication({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplication AWS API Documentation
@@ -2274,6 +2406,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket that has the tag set to be removed.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2289,6 +2426,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_tagging({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTagging AWS API Documentation
@@ -2332,6 +2470,11 @@ module Aws::S3
     #   The bucket name for which you want to remove the website
     #   configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2347,6 +2490,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_website({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsite AWS API Documentation
@@ -2438,6 +2582,11 @@ module Aws::S3
     #   Indicates whether S3 Object Lock should bypass Governance-mode
     #   restrictions to process this operation.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::DeleteObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DeleteObjectOutput#delete_marker #delete_marker} => Boolean
@@ -2476,6 +2625,7 @@ module Aws::S3
     #     version_id: "ObjectVersionId",
     #     request_payer: "requester", # accepts requester
     #     bypass_governance_retention: false,
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2537,40 +2687,45 @@ module Aws::S3
     # @option params [String] :version_id
     #   The versionId of the object that the tag-set will be removed from.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::DeleteObjectTaggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DeleteObjectTaggingOutput#version_id #version_id} => String
     #
     #
-    # @example Example: To remove tag set from an object
+    # @example Example: To remove tag set from an object version
     #
-    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
-    #   # operation removes tag set from the latest object version.
+    #   # The following example removes tag set associated with the specified object version. The request specifies both the
+    #   # object key and object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "null", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   }
     #
-    # @example Example: To remove tag set from an object version
+    # @example Example: To remove tag set from an object
     #
-    #   # The following example removes tag set associated with the specified object version. The request specifies both the
-    #   # object key and object version.
+    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
+    #   # operation removes tag set from the latest object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
+    #     version_id: "null", 
     #   }
     #
     # @example Request syntax with placeholder values
@@ -2579,6 +2734,7 @@ module Aws::S3
     #     bucket: "BucketName", # required
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2687,6 +2843,11 @@ module Aws::S3
     #   Governance-type Object Lock in place. You must have sufficient
     #   permissions to perform this operation.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::DeleteObjectsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DeleteObjectsOutput#deleted #deleted} => Array&lt;Types::DeletedObject&gt;
@@ -2782,6 +2943,7 @@ module Aws::S3
     #     mfa: "MFA",
     #     request_payer: "requester", # accepts requester
     #     bypass_governance_retention: false,
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2837,12 +2999,18 @@ module Aws::S3
     #   The Amazon S3 bucket whose `PublicAccessBlock` configuration you want
     #   to delete.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_public_access_block({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlock AWS API Documentation
@@ -2896,6 +3064,11 @@ module Aws::S3
     #   Name of the bucket for which the accelerate configuration is
     #   retrieved.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketAccelerateConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketAccelerateConfigurationOutput#status #status} => String
@@ -2904,6 +3077,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_accelerate_configuration({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2939,6 +3113,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   Specifies the S3 bucket whose ACL is being requested.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketAclOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketAclOutput#owner #owner} => Types::Owner
@@ -2948,6 +3127,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_acl({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3011,6 +3191,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID that identifies the analytics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketAnalyticsConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketAnalyticsConfigurationOutput#analytics_configuration #analytics_configuration} => Types::AnalyticsConfiguration
@@ -3020,6 +3205,7 @@ module Aws::S3
     #   resp = client.get_bucket_analytics_configuration({
     #     bucket: "BucketName", # required
     #     id: "AnalyticsId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3071,6 +3257,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name for which to get the cors configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketCorsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketCorsOutput#cors_rules #cors_rules} => Array&lt;Types::CORSRule&gt;
@@ -3106,6 +3297,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_cors({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3159,6 +3351,11 @@ module Aws::S3
     #   The name of the bucket from which the server-side encryption
     #   configuration is retrieved.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketEncryptionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketEncryptionOutput#server_side_encryption_configuration #server_side_encryption_configuration} => Types::ServerSideEncryptionConfiguration
@@ -3167,6 +3364,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_encryption({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3222,6 +3420,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID used to identify the inventory configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketInventoryConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketInventoryConfigurationOutput#inventory_configuration #inventory_configuration} => Types::InventoryConfiguration
@@ -3231,6 +3434,7 @@ module Aws::S3
     #   resp = client.get_bucket_inventory_configuration({
     #     bucket: "BucketName", # required
     #     id: "InventoryId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3304,6 +3508,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the lifecycle information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketLifecycleOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketLifecycleOutput#rules #rules} => Array&lt;Types::Rule&gt;
@@ -3335,6 +3544,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_lifecycle({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3416,6 +3626,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the lifecycle information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketLifecycleConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketLifecycleConfigurationOutput#rules #rules} => Array&lt;Types::LifecycleRule&gt;
@@ -3450,6 +3665,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_lifecycle_configuration({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3508,6 +3724,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the location.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketLocationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketLocationOutput#location_constraint #location_constraint} => String
@@ -3530,11 +3751,12 @@ module Aws::S3
     #
     #   resp = client.get_bucket_location({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
     #
-    #   resp.location_constraint #=> String, one of "EU", "eu-west-1", "us-west-1", "us-west-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "sa-east-1", "cn-north-1", "eu-central-1"
+    #   resp.location_constraint #=> String, one of "af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "cn-north-1", "cn-northwest-1", "EU", "eu-central-1", "eu-north-1", "eu-south-1", "eu-west-1", "eu-west-2", "eu-west-3", "me-south-1", "sa-east-1", "us-east-2", "us-gov-east-1", "us-gov-west-1", "us-west-1", "us-west-2"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocation AWS API Documentation
     #
@@ -3563,6 +3785,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name for which to get the logging information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketLoggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketLoggingOutput#logging_enabled #logging_enabled} => Types::LoggingEnabled
@@ -3571,6 +3798,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_logging({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3635,6 +3863,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID used to identify the metrics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketMetricsConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketMetricsConfigurationOutput#metrics_configuration #metrics_configuration} => Types::MetricsConfiguration
@@ -3644,6 +3877,7 @@ module Aws::S3
     #   resp = client.get_bucket_metrics_configuration({
     #     bucket: "BucketName", # required
     #     id: "MetricsId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3675,6 +3909,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   Name of the bucket for which to get the notification configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::NotificationConfigurationDeprecated] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::NotificationConfigurationDeprecated#topic_configuration #topic_configuration} => Types::TopicConfigurationDeprecated
@@ -3742,6 +3981,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_notification({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3802,6 +4042,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   Name of the bucket for which to get the notification configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::NotificationConfiguration] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::NotificationConfiguration#topic_configurations #topic_configurations} => Array&lt;Types::TopicConfiguration&gt;
@@ -3812,6 +4057,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_notification_configuration({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3882,6 +4128,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name for which to get the bucket policy.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketPolicyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketPolicyOutput#policy #policy} => IO
@@ -3904,6 +4155,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_policy({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3951,6 +4203,11 @@ module Aws::S3
     #   The name of the Amazon S3 bucket whose policy status you want to
     #   retrieve.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketPolicyStatusOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketPolicyStatusOutput#policy_status #policy_status} => Types::PolicyStatus
@@ -3959,6 +4216,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_policy_status({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4013,6 +4271,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name for which to get the replication information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketReplicationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketReplicationOutput#replication_configuration #replication_configuration} => Types::ReplicationConfiguration
@@ -4047,6 +4310,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_replication({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4105,6 +4369,11 @@ module Aws::S3
     #   The name of the bucket for which to get the payment request
     #   configuration
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketRequestPaymentOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketRequestPaymentOutput#payer #payer} => String
@@ -4127,6 +4396,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_request_payment({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4170,6 +4440,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the tagging information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketTaggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketTaggingOutput#tag_set #tag_set} => Array&lt;Types::Tag&gt;
@@ -4201,6 +4476,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_tagging({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4245,6 +4521,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the versioning information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketVersioningOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketVersioningOutput#status #status} => String
@@ -4269,6 +4550,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_versioning({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4311,6 +4593,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name for which to get the website configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketWebsiteOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketWebsiteOutput#redirect_all_requests_to #redirect_all_requests_to} => Types::RedirectAllRequestsTo
@@ -4341,6 +4628,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_website({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4626,6 +4914,11 @@ module Aws::S3
     #   for the part specified. Useful for downloading just a part of an
     #   object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectOutput#body #body} => IO
@@ -4759,6 +5052,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
     #     part_number: 1,
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4862,6 +5156,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectAclOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectAclOutput#owner #owner} => Types::Owner
@@ -4927,6 +5226,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4993,6 +5293,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectLegalHoldOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectLegalHoldOutput#legal_hold #legal_hold} => Types::ObjectLockLegalHold
@@ -5004,6 +5309,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5031,6 +5337,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket whose Object Lock configuration you want to retrieve.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectLockConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectLockConfigurationOutput#object_lock_configuration #object_lock_configuration} => Types::ObjectLockConfiguration
@@ -5039,6 +5350,7 @@ module Aws::S3
     #
     #   resp = client.get_object_lock_configuration({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5099,6 +5411,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectRetentionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectRetentionOutput#retention #retention} => Types::ObjectLockRetention
@@ -5110,6 +5427,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5175,6 +5493,11 @@ module Aws::S3
     # @option params [String] :version_id
     #   The versionId of the object for which to get the tagging information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectTaggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectTaggingOutput#version_id #version_id} => String
@@ -5232,6 +5555,7 @@ module Aws::S3
     #     bucket: "BucketName", # required
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5294,6 +5618,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectTorrentOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectTorrentOutput#body #body} => IO
@@ -5319,6 +5648,7 @@ module Aws::S3
     #     bucket: "BucketName", # required
     #     key: "ObjectKey", # required
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5374,6 +5704,11 @@ module Aws::S3
     #   The name of the Amazon S3 bucket whose `PublicAccessBlock`
     #   configuration you want to retrieve.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetPublicAccessBlockOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetPublicAccessBlockOutput#public_access_block_configuration #public_access_block_configuration} => Types::PublicAccessBlockConfiguration
@@ -5382,6 +5717,7 @@ module Aws::S3
     #
     #   resp = client.get_public_access_block({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5421,6 +5757,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -5436,6 +5777,7 @@ module Aws::S3
     #
     #   resp = client.head_bucket({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     #
@@ -5605,6 +5947,11 @@ module Aws::S3
     #   for the part specified. Useful querying about the size of the part and
     #   the number of parts in this object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::HeadObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::HeadObjectOutput#delete_marker #delete_marker} => Boolean
@@ -5675,6 +6022,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
     #     part_number: 1,
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5774,6 +6122,11 @@ module Aws::S3
     #   The ContinuationToken that represents a placeholder from where this
     #   request should begin.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListBucketAnalyticsConfigurationsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListBucketAnalyticsConfigurationsOutput#is_truncated #is_truncated} => Boolean
@@ -5786,6 +6139,7 @@ module Aws::S3
     #   resp = client.list_bucket_analytics_configurations({
     #     bucket: "BucketName", # required
     #     continuation_token: "Token",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5867,6 +6221,11 @@ module Aws::S3
     #   truncated list response to continue the listing. The continuation
     #   token is an opaque value that Amazon S3 understands.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListBucketInventoryConfigurationsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListBucketInventoryConfigurationsOutput#continuation_token #continuation_token} => String
@@ -5879,6 +6238,7 @@ module Aws::S3
     #   resp = client.list_bucket_inventory_configurations({
     #     bucket: "BucketName", # required
     #     continuation_token: "Token",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5961,6 +6321,11 @@ module Aws::S3
     #   previously truncated list response to continue the listing. The
     #   continuation token is an opaque value that Amazon S3 understands.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListBucketMetricsConfigurationsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListBucketMetricsConfigurationsOutput#is_truncated #is_truncated} => Boolean
@@ -5973,6 +6338,7 @@ module Aws::S3
     #   resp = client.list_bucket_metrics_configurations({
     #     bucket: "BucketName", # required
     #     continuation_token: "Token",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6170,6 +6536,11 @@ module Aws::S3
     #   list only if they have an upload ID lexicographically greater than the
     #   specified `upload-id-marker`.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListMultipartUploadsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListMultipartUploadsOutput#bucket #bucket} => String
@@ -6188,97 +6559,97 @@ module Aws::S3
     # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     #
-    # @example Example: To list in-progress multipart uploads on a bucket
+    # @example Example: List next set of multipart uploads when previous result is truncated
     #
-    #   # The following example lists in-progress multipart uploads on a specific bucket.
+    #   # The following example specifies the upload-id-marker and key-marker from previous truncated response to retrieve next
+    #   # setup of multipart uploads.
     #
     #   resp = client.list_multipart_uploads({
     #     bucket: "examplebucket", 
+    #     key_marker: "nextkeyfrompreviousresponse", 
+    #     max_uploads: 2, 
+    #     upload_id_marker: "valuefrompreviousresponse", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
+    #     bucket: "acl1", 
+    #     is_truncated: true, 
+    #     key_marker: "", 
+    #     max_uploads: 2, 
+    #     next_key_marker: "someobjectkey", 
+    #     next_upload_id_marker: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
+    #     upload_id_marker: "", 
     #     uploads: [
     #       {
     #         initiated: Time.parse("2014-05-01T05:40:58.000Z"), 
     #         initiator: {
-    #           display_name: "display-name", 
+    #           display_name: "ownder-display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         key: "JavaFile", 
     #         owner: {
-    #           display_name: "display-name", 
-    #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
+    #           display_name: "mohanataws", 
+    #           id: "852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         storage_class: "STANDARD", 
-    #         upload_id: "examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--", 
+    #         upload_id: "gZ30jIqlUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--", 
     #       }, 
     #       {
     #         initiated: Time.parse("2014-05-01T05:41:27.000Z"), 
     #         initiator: {
-    #           display_name: "display-name", 
+    #           display_name: "ownder-display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         key: "JavaFile", 
     #         owner: {
-    #           display_name: "display-name", 
+    #           display_name: "ownder-display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         storage_class: "STANDARD", 
-    #         upload_id: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
+    #         upload_id: "b7tZSqIlo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
     #       }, 
     #     ], 
     #   }
     #
-    # @example Example: List next set of multipart uploads when previous result is truncated
+    # @example Example: To list in-progress multipart uploads on a bucket
     #
-    #   # The following example specifies the upload-id-marker and key-marker from previous truncated response to retrieve next
-    #   # setup of multipart uploads.
+    #   # The following example lists in-progress multipart uploads on a specific bucket.
     #
     #   resp = client.list_multipart_uploads({
     #     bucket: "examplebucket", 
-    #     key_marker: "nextkeyfrompreviousresponse", 
-    #     max_uploads: 2, 
-    #     upload_id_marker: "valuefrompreviousresponse", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     bucket: "acl1", 
-    #     is_truncated: true, 
-    #     key_marker: "", 
-    #     max_uploads: 2, 
-    #     next_key_marker: "someobjectkey", 
-    #     next_upload_id_marker: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
-    #     upload_id_marker: "", 
     #     uploads: [
     #       {
     #         initiated: Time.parse("2014-05-01T05:40:58.000Z"), 
     #         initiator: {
-    #           display_name: "ownder-display-name", 
+    #           display_name: "display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         key: "JavaFile", 
     #         owner: {
-    #           display_name: "mohanataws", 
-    #           id: "852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
+    #           display_name: "display-name", 
+    #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         storage_class: "STANDARD", 
-    #         upload_id: "gZ30jIqlUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--", 
+    #         upload_id: "examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--", 
     #       }, 
     #       {
     #         initiated: Time.parse("2014-05-01T05:41:27.000Z"), 
     #         initiator: {
-    #           display_name: "ownder-display-name", 
+    #           display_name: "display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         key: "JavaFile", 
     #         owner: {
-    #           display_name: "ownder-display-name", 
+    #           display_name: "display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         storage_class: "STANDARD", 
-    #         upload_id: "b7tZSqIlo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
+    #         upload_id: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
     #       }, 
     #     ], 
     #   }
@@ -6293,6 +6664,7 @@ module Aws::S3
     #     max_uploads: 1,
     #     prefix: "Prefix",
     #     upload_id_marker: "UploadIdMarker",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6410,6 +6782,11 @@ module Aws::S3
     # @option params [String] :version_id_marker
     #   Specifies the object version you want to start listing from.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListObjectVersionsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListObjectVersionsOutput#is_truncated #is_truncated} => Boolean
@@ -6482,6 +6859,7 @@ module Aws::S3
     #     max_keys: 1,
     #     prefix: "Prefix",
     #     version_id_marker: "VersionIdMarker",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6585,6 +6963,11 @@ module Aws::S3
     #   the list objects request. Bucket owners need not specify this
     #   parameter in their requests.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListObjectsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListObjectsOutput#is_truncated #is_truncated} => Boolean
@@ -6649,6 +7032,7 @@ module Aws::S3
     #     max_keys: 1,
     #     prefix: "Prefix",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6770,6 +7154,11 @@ module Aws::S3
     #   the list objects request in V2 style. Bucket owners need not specify
     #   this parameter in their requests.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListObjectsV2Output] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListObjectsV2Output#is_truncated #is_truncated} => Boolean
@@ -6836,6 +7225,7 @@ module Aws::S3
     #     fetch_owner: false,
     #     start_after: "StartAfter",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6951,6 +7341,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListPartsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListPartsOutput#abort_date #abort_date} => Time
@@ -7017,6 +7412,7 @@ module Aws::S3
     #     part_number_marker: 1,
     #     upload_id: "MultipartUploadId", # required
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -7103,6 +7499,11 @@ module Aws::S3
     # @option params [required, Types::AccelerateConfiguration] :accelerate_configuration
     #   Container for setting the transfer acceleration state.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -7112,6 +7513,7 @@ module Aws::S3
     #     accelerate_configuration: { # required
     #       status: "Enabled", # accepts Enabled, Suspended
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfiguration AWS API Documentation
@@ -7316,6 +7718,11 @@ module Aws::S3
     # @option params [String] :grant_write_acp
     #   Allows grantee to write the ACL for the applicable bucket.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -7360,6 +7767,7 @@ module Aws::S3
     #     grant_read_acp: "GrantReadACP",
     #     grant_write: "GrantWrite",
     #     grant_write_acp: "GrantWriteACP",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAcl AWS API Documentation
@@ -7448,6 +7856,11 @@ module Aws::S3
     # @option params [required, Types::AnalyticsConfiguration] :analytics_configuration
     #   The configuration and any analyses for the analytics filter.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -7487,6 +7900,7 @@ module Aws::S3
     #         },
     #       },
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfiguration AWS API Documentation
@@ -7573,6 +7987,11 @@ module Aws::S3
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -7635,6 +8054,7 @@ module Aws::S3
     #       ],
     #     },
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCors AWS API Documentation
@@ -7700,6 +8120,11 @@ module Aws::S3
     # @option params [required, Types::ServerSideEncryptionConfiguration] :server_side_encryption_configuration
     #   Specifies the default server-side-encryption configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -7717,6 +8142,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryption AWS API Documentation
@@ -7811,6 +8237,11 @@ module Aws::S3
     # @option params [required, Types::InventoryConfiguration] :inventory_configuration
     #   Specifies the inventory configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -7845,6 +8276,7 @@ module Aws::S3
     #         frequency: "Daily", # required, accepts Daily, Weekly
     #       },
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfiguration AWS API Documentation
@@ -7928,6 +8360,11 @@ module Aws::S3
     #
     # @option params [Types::LifecycleConfiguration] :lifecycle_configuration
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -7964,6 +8401,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycle AWS API Documentation
@@ -8061,6 +8499,11 @@ module Aws::S3
     # @option params [Types::BucketLifecycleConfiguration] :lifecycle_configuration
     #   Container for lifecycle rules. You can add as many as 1,000 rules.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8145,6 +8588,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfiguration AWS API Documentation
@@ -8233,6 +8677,11 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `PutBucketLogging` request body.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8283,6 +8732,7 @@ module Aws::S3
     #       },
     #     },
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLogging AWS API Documentation
@@ -8347,6 +8797,11 @@ module Aws::S3
     # @option params [required, Types::MetricsConfiguration] :metrics_configuration
     #   Specifies the metrics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -8373,6 +8828,7 @@ module Aws::S3
     #         },
     #       },
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfiguration AWS API Documentation
@@ -8400,6 +8856,11 @@ module Aws::S3
     # @option params [required, Types::NotificationConfigurationDeprecated] :notification_configuration
     #   The container for the configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -8428,6 +8889,7 @@ module Aws::S3
     #         invocation_role: "CloudFunctionInvocationRole",
     #       },
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotification AWS API Documentation
@@ -8514,6 +8976,11 @@ module Aws::S3
     #   bucket. If this element is empty, notifications are turned off for the
     #   bucket.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8592,6 +9059,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfiguration AWS API Documentation
@@ -8646,6 +9114,11 @@ module Aws::S3
     # @option params [required, String] :policy
     #   The bucket policy as a JSON document.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8665,6 +9138,7 @@ module Aws::S3
     #     content_md5: "ContentMD5",
     #     confirm_remove_self_bucket_access: false,
     #     policy: "Policy", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicy AWS API Documentation
@@ -8774,6 +9248,11 @@ module Aws::S3
     #
     # @option params [String] :token
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8865,6 +9344,7 @@ module Aws::S3
     #       ],
     #     },
     #     token: "ObjectLockToken",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplication AWS API Documentation
@@ -8910,6 +9390,11 @@ module Aws::S3
     # @option params [required, Types::RequestPaymentConfiguration] :request_payment_configuration
     #   Container for Payer.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8932,6 +9417,7 @@ module Aws::S3
     #     request_payment_configuration: { # required
     #       payer: "Requester", # required, accepts Requester, BucketOwner
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPayment AWS API Documentation
@@ -9030,6 +9516,11 @@ module Aws::S3
     # @option params [required, Types::Tagging] :tagging
     #   Container for the `TagSet` and `Tag` elements.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -9066,6 +9557,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTagging AWS API Documentation
@@ -9141,6 +9633,11 @@ module Aws::S3
     # @option params [required, Types::VersioningConfiguration] :versioning_configuration
     #   Container for setting the versioning state.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -9166,6 +9663,7 @@ module Aws::S3
     #       mfa_delete: "Enabled", # accepts Enabled, Disabled
     #       status: "Enabled", # accepts Enabled, Suspended
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioning AWS API Documentation
@@ -9265,6 +9763,11 @@ module Aws::S3
     # @option params [required, Types::WebsiteConfiguration] :website_configuration
     #   Container for the request.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -9317,6 +9820,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsite AWS API Documentation
@@ -9625,6 +10129,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectOutput#expiration #expiration} => String
@@ -9638,134 +10147,134 @@ module Aws::S3
     #   * {Types::PutObjectOutput#request_charged #request_charged} => String
     #
     #
-    # @example Example: To upload object and specify user-defined metadata
+    # @example Example: To upload an object and specify server-side encryption and object tags
     #
-    #   # The following example creates an object. The request also specifies optional metadata. If the bucket is versioning
-    #   # enabled, S3 returns version ID in response.
+    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
+    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
     #     key: "exampleobject", 
-    #     metadata: {
-    #       "metadata1" => "value1", 
-    #       "metadata2" => "value2", 
-    #     }, 
+    #     server_side_encryption: "AES256", 
+    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0", 
+    #     server_side_encryption: "AES256", 
+    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
     #   }
     #
-    # @example Example: To upload an object and specify canned ACL.
+    # @example Example: To create an object.
     #
-    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
-    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
-    #     acl: "authenticated-read", 
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
-    #     key: "exampleobject", 
+    #     key: "objectkey", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
+    #     version_id: "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ", 
     #   }
     #
-    # @example Example: To create an object.
+    # @example Example: To upload an object and specify optional tags
     #
-    #   # The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore
+    #   # S3 returns version ID of the newly created object.
     #
     #   resp = client.put_object({
-    #     body: "filetoupload", 
+    #     body: "c:\\HappyFace.jpg", 
     #     bucket: "examplebucket", 
-    #     key: "objectkey", 
+    #     key: "HappyFace.jpg", 
+    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ", 
+    #     version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a", 
     #   }
     #
-    # @example Example: To upload an object
+    # @example Example: To upload an object (specify optional headers)
     #
-    #   # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
-    #   # syntax. S3 returns VersionId of the newly created object.
+    #   # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
+    #   # storage class and use server-side encryption.
     #
     #   resp = client.put_object({
     #     body: "HappyFace.jpg", 
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
+    #     server_side_encryption: "AES256", 
+    #     storage_class: "STANDARD_IA", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk", 
+    #     server_side_encryption: "AES256", 
+    #     version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp", 
     #   }
     #
-    # @example Example: To upload an object and specify optional tags
+    # @example Example: To upload object and specify user-defined metadata
     #
-    #   # The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore
-    #   # S3 returns version ID of the newly created object.
+    #   # The following example creates an object. The request also specifies optional metadata. If the bucket is versioning
+    #   # enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
-    #     body: "c:\\HappyFace.jpg", 
+    #     body: "filetoupload", 
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
-    #     tagging: "key1=value1&key2=value2", 
+    #     key: "exampleobject", 
+    #     metadata: {
+    #       "metadata1" => "value1", 
+    #       "metadata2" => "value2", 
+    #     }, 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a", 
+    #     version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0", 
     #   }
     #
-    # @example Example: To upload an object and specify server-side encryption and object tags
+    # @example Example: To upload an object and specify canned ACL.
     #
-    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
-    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
+    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
+    #     acl: "authenticated-read", 
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
     #     key: "exampleobject", 
-    #     server_side_encryption: "AES256", 
-    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     server_side_encryption: "AES256", 
-    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
+    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
     #   }
     #
-    # @example Example: To upload an object (specify optional headers)
+    # @example Example: To upload an object
     #
-    #   # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
-    #   # storage class and use server-side encryption.
+    #   # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
+    #   # syntax. S3 returns VersionId of the newly created object.
     #
     #   resp = client.put_object({
     #     body: "HappyFace.jpg", 
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
-    #     server_side_encryption: "AES256", 
-    #     storage_class: "STANDARD_IA", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     server_side_encryption: "AES256", 
-    #     version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp", 
+    #     version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk", 
     #   }
     #
     # @example Streaming a file from disk
@@ -9809,6 +10318,7 @@ module Aws::S3
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #     object_lock_retain_until_date: Time.now,
     #     object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -9833,14 +10343,16 @@ module Aws::S3
     end
 
     # Uses the `acl` subresource to set the access control list (ACL)
-    # permissions for an object that already exists in a bucket. You must
-    # have `WRITE_ACP` permission to set the ACL of an object.
+    # permissions for an object that already exists in an S3 bucket. You
+    # must have `WRITE_ACP` permission to set the ACL of an object. For more
+    # information, see [What permissions can I grant?][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
     #
     # Depending on your application needs, you can choose to set the ACL on
     # an object using either the request body or the headers. For example,
     # if you have an existing application that updates a bucket ACL using
     # the request body, you can continue to use that approach. For more
-    # information, see [Access Control List (ACL) Overview][1] in the
+    # information, see [Access Control List (ACL) Overview][2] in the
     # *Amazon S3 Developer Guide*.
     #
     # **Access Permissions**
@@ -9852,7 +10364,7 @@ module Aws::S3
     #   ACL has a predefined set of grantees and permissions. Specify the
     #   canned ACL name as the value of `x-amz-ac`l. If you use this header,
     #   you cannot use other access control-specific headers in your
-    #   request. For more information, see [Canned ACL][2].
+    #   request. For more information, see [Canned ACL][3].
     #
     # * Specify access permissions explicitly with the `x-amz-grant-read`,
     #   `x-amz-grant-read-acp`, `x-amz-grant-write-acp`, and
@@ -9862,7 +10374,7 @@ module Aws::S3
     #   ACL-specific headers, you cannot use `x-amz-acl` header to set a
     #   canned ACL. These parameters map to the set of permissions that
     #   Amazon S3 supports in an ACL. For more information, see [Access
-    #   Control List (ACL) Overview][1].
+    #   Control List (ACL) Overview][2].
     #
     #   You specify each grantee as a type=value pair, where the type is one
     #   of the following:
@@ -9895,7 +10407,7 @@ module Aws::S3
     #     * South America (São Paulo)
     #
     #      For a list of all the Amazon S3 supported Regions and endpoints,
-    #     see [Regions and Endpoints][3] in the AWS General Reference.
+    #     see [Regions and Endpoints][4] in the AWS General Reference.
     #
     #      </note>
     #
@@ -9955,7 +10467,7 @@ module Aws::S3
     #   * South America (São Paulo)
     #
     #    For a list of all the Amazon S3 supported Regions and endpoints, see
-    #   [Regions and Endpoints][3] in the AWS General Reference.
+    #   [Regions and Endpoints][4] in the AWS General Reference.
     #
     #    </note>
     #
@@ -9967,17 +10479,18 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * [CopyObject][4]
+    # * [CopyObject][5]
     #
-    # * [GetObject][5]
+    # * [GetObject][6]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
-    # [3]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
+    # [4]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
     #
     # @option params [String] :acl
     #   The canned ACL to apply to the object. For more information, see
@@ -10051,6 +10564,11 @@ module Aws::S3
     # @option params [String] :version_id
     #   VersionId used to reference a specific version of the object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectAclOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectAclOutput#request_charged #request_charged} => String
@@ -10106,6 +10624,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     request_payer: "requester", # accepts requester
     #     version_id: "ObjectVersionId",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10173,6 +10692,11 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectLegalHoldOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectLegalHoldOutput#request_charged #request_charged} => String
@@ -10188,6 +10712,7 @@ module Aws::S3
     #     request_payer: "requester", # accepts requester
     #     version_id: "ObjectVersionId",
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10247,6 +10772,11 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectLockConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectLockConfigurationOutput#request_charged #request_charged} => String
@@ -10268,6 +10798,7 @@ module Aws::S3
     #     request_payer: "requester", # accepts requester
     #     token: "ObjectLockToken",
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10340,6 +10871,11 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectRetentionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectRetentionOutput#request_charged #request_charged} => String
@@ -10357,6 +10893,7 @@ module Aws::S3
     #     version_id: "ObjectVersionId",
     #     bypass_governance_retention: false,
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10459,6 +10996,11 @@ module Aws::S3
     # @option params [required, Types::Tagging] :tagging
     #   Container for the `TagSet` and `Tag` elements
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectTaggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectTaggingOutput#version_id #version_id} => String
@@ -10505,6 +11047,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10573,6 +11116,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -10586,6 +11134,7 @@ module Aws::S3
     #       block_public_policy: false,
     #       restrict_public_buckets: false,
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlock AWS API Documentation
@@ -10876,6 +11425,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::RestoreObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::RestoreObjectOutput#request_charged #request_charged} => String
@@ -10989,6 +11543,7 @@ module Aws::S3
     #       },
     #     },
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -11188,6 +11743,11 @@ module Aws::S3
     #   * `<scanrange><end>50</end></scanrange>` - process only the records
     #     within the last 50 bytes of the file.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::SelectObjectContentOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::SelectObjectContentOutput#payload #payload} => Types::SelectObjectContentEventStream
@@ -11358,6 +11918,7 @@ module Aws::S3
     #       start: 1,
     #       end: 1,
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -11574,6 +12135,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::UploadPartOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UploadPartOutput#server_side_encryption #server_side_encryption} => String
@@ -11616,6 +12182,7 @@ module Aws::S3
     #     sse_customer_key: "SSECustomerKey",
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -11775,8 +12342,41 @@ module Aws::S3
     #   The bucket name.
     #
     # @option params [required, String] :copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and key of the source object, separated by a
+    #     slash (/). For example, to copy the object `reports/january.pdf`
+    #     from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through the
+    #     access point `my-access-point` owned by account `123456789012` in
+    #     Region `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when the
+    #     source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #
     # @option params [String] :copy_source_if_match
     #   Copies the object if its entity tag (ETag) matches the specified tag.
@@ -11852,6 +12452,16 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #
+    # @option params [String] :expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with an
+    #   HTTP `403 (Access Denied)` error.
+    #
     # @return [Types::UploadPartCopyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UploadPartCopyOutput#copy_source_version_id #copy_source_version_id} => String
@@ -11863,45 +12473,45 @@ module Aws::S3
     #   * {Types::UploadPartCopyOutput#request_charged #request_charged} => String
     #
     #
-    # @example Example: To upload a part by copying byte range from an existing object as data source
+    # @example Example: To upload a part by copying data from an existing object as data source
     #
-    #   # The following example uploads a part of a multipart upload by copying a specified byte range from an existing object as
-    #   # data source.
+    #   # The following example uploads a part of a multipart upload by copying data from an existing object as data source.
     #
     #   resp = client.upload_part_copy({
     #     bucket: "examplebucket", 
     #     copy_source: "/bucketname/sourceobjectkey", 
-    #     copy_source_range: "bytes=1-100000", 
     #     key: "examplelargeobject", 
-    #     part_number: 2, 
+    #     part_number: 1, 
     #     upload_id: "exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     copy_part_result: {
-    #       etag: "\"65d16d19e65a7508a51f043180edcc36\"", 
-    #       last_modified: Time.parse("2016-12-29T21:44:28.000Z"), 
+    #       etag: "\"b0c6f0e7e054ab8fa2536a2677f8734d\"", 
+    #       last_modified: Time.parse("2016-12-29T21:24:43.000Z"), 
     #     }, 
     #   }
     #
-    # @example Example: To upload a part by copying data from an existing object as data source
+    # @example Example: To upload a part by copying byte range from an existing object as data source
     #
-    #   # The following example uploads a part of a multipart upload by copying data from an existing object as data source.
+    #   # The following example uploads a part of a multipart upload by copying a specified byte range from an existing object as
+    #   # data source.
     #
     #   resp = client.upload_part_copy({
     #     bucket: "examplebucket", 
     #     copy_source: "/bucketname/sourceobjectkey", 
+    #     copy_source_range: "bytes=1-100000", 
     #     key: "examplelargeobject", 
-    #     part_number: 1, 
+    #     part_number: 2, 
     #     upload_id: "exampleuoh_10OhKhT7YukE9bjzTPRiuaCotmZM_pFngJFir9OZNrSr5cWa3cq3LZSUsfjI4FI7PkP91We7Nrw--", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     copy_part_result: {
-    #       etag: "\"b0c6f0e7e054ab8fa2536a2677f8734d\"", 
-    #       last_modified: Time.parse("2016-12-29T21:24:43.000Z"), 
+    #       etag: "\"65d16d19e65a7508a51f043180edcc36\"", 
+    #       last_modified: Time.parse("2016-12-29T21:44:28.000Z"), 
     #     }, 
     #   }
     #
@@ -11925,6 +12535,8 @@ module Aws::S3
     #     copy_source_sse_customer_key: "CopySourceSSECustomerKey",
     #     copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
+    #     expected_source_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -11960,7 +12572,7 @@ module Aws::S3
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-s3'
-      context[:gem_version] = '1.76.0'
+      context[:gem_version] = '1.80.0'
       Seahorse::Client::Request.new(handlers, context)
     end