aws-sdk-s3 1.76.0 → 1.80.0

data/lib/aws-sdk-s3/object_version.rb

@@ -234,6 +234,7 @@ module Aws::S3
     #     mfa: "MFA",
     #     request_payer: "requester", # accepts requester
     #     bypass_governance_retention: false,
+    #     expected_bucket_owner: "AccountId",
     #   })
     # @param [Hash] options ({})
     # @option options [String] :mfa
@@ -254,6 +255,10 @@ module Aws::S3
     # @option options [Boolean] :bypass_governance_retention
     #   Indicates whether S3 Object Lock should bypass Governance-mode
     #   restrictions to process this operation.
+    # @option options [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
     # @return [Types::DeleteObjectOutput]
     def delete(options = {})
       options = options.merge(
@@ -284,6 +289,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
     #     part_number: 1,
+    #     expected_bucket_owner: "AccountId",
     #   })
     # @param [Hash] options ({})
     # @option options [String] :if_match
@@ -351,6 +357,10 @@ module Aws::S3
     #   between 1 and 10,000. Effectively performs a 'ranged' GET request
     #   for the part specified. Useful for downloading just a part of an
     #   object.
+    # @option options [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
     # @return [Types::GetObjectOutput]
     def get(options = {}, &block)
       options = options.merge(
@@ -375,6 +385,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
     #     part_number: 1,
+    #     expected_bucket_owner: "AccountId",
     #   })
     # @param [Hash] options ({})
     # @option options [String] :if_match
@@ -426,6 +437,10 @@ module Aws::S3
     #   between 1 and 10,000. Effectively performs a 'ranged' HEAD request
     #   for the part specified. Useful querying about the size of the part and
     #   the number of parts in this object.
+    # @option options [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
     # @return [Types::HeadObjectOutput]
     def head(options = {})
       options = options.merge(
@@ -504,6 +519,7 @@ module Aws::S3
       #     mfa: "MFA",
       #     request_payer: "requester", # accepts requester
       #     bypass_governance_retention: false,
+      #     expected_bucket_owner: "AccountId",
       #   })
       # @param options ({})
       # @option options [String] :mfa
@@ -525,6 +541,10 @@ module Aws::S3
       #   Specifies whether you want to delete this object even if it has a
       #   Governance-type Object Lock in place. You must have sufficient
       #   permissions to perform this operation.
+      # @option options [String] :expected_bucket_owner
+      #   The account id of the expected bucket owner. If the bucket is owned by
+      #   a different account, the request will fail with an HTTP `403 (Access
+      #   Denied)` error.
       # @return [void]
       def batch_delete!(options = {})
         batch_enum.each do |batch|

data/lib/aws-sdk-s3/presigned_post.rb

@@ -237,6 +237,7 @@ module Aws
         @bucket_region = bucket_region
         @bucket_name = bucket_name
         @accelerate = !!options.delete(:use_accelerate_endpoint)
+        options.delete(:url) if @accelerate # resource methods pass url
         @url = options.delete(:url) || bucket_url
         @fields = {}
         @key_set = false

data/lib/aws-sdk-s3/resource.rb

@@ -41,7 +41,7 @@ module Aws::S3
     #     acl: "private", # accepts private, public-read, public-read-write, authenticated-read
     #     bucket: "BucketName", # required
     #     create_bucket_configuration: {
-    #       location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #       location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
     #     },
     #     grant_full_control: "GrantFullControl",
     #     grant_read: "GrantRead",

data/lib/aws-sdk-s3/types.rb

@@ -61,6 +61,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         upload_id: "MultipartUploadId", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -100,13 +101,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUploadRequest AWS API Documentation
     #
     class AbortMultipartUploadRequest < Struct.new(
       :bucket,
       :key,
       :upload_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -969,6 +977,7 @@ module Aws::S3
     #         },
     #         upload_id: "MultipartUploadId", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -999,6 +1008,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUploadRequest AWS API Documentation
     #
     class CompleteMultipartUploadRequest < Struct.new(
@@ -1006,7 +1021,8 @@ module Aws::S3
       :key,
       :multipart_upload,
       :upload_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1229,6 +1245,8 @@ module Aws::S3
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #         object_lock_retain_until_date: Time.now,
     #         object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #         expected_bucket_owner: "AccountId",
+    #         expected_source_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -1262,8 +1280,41 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and the key of the source object, separated
+    #     by a slash (/). For example, to copy the object
+    #     `reports/january.pdf` from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through
+    #     access point `my-access-point` owned by account `123456789012` in
+    #     Region `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when
+    #     the source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #   @return [String]
     #
     # @!attribute [rw] copy_source_if_match
@@ -1427,6 +1478,18 @@ module Aws::S3
     #   object.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with
+    #   an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObjectRequest AWS API Documentation
     #
     class CopyObjectRequest < Struct.new(
@@ -1466,7 +1529,9 @@ module Aws::S3
       :tagging,
       :object_lock_mode,
       :object_lock_retain_until_date,
-      :object_lock_legal_hold_status)
+      :object_lock_legal_hold_status,
+      :expected_bucket_owner,
+      :expected_source_bucket_owner)
       SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context, :copy_source_sse_customer_key]
       include Aws::Structure
     end
@@ -1517,7 +1582,7 @@ module Aws::S3
     #   data as a hash:
     #
     #       {
-    #         location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #         location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
     #       }
     #
     # @!attribute [rw] location_constraint
@@ -1555,7 +1620,7 @@ module Aws::S3
     #         acl: "private", # accepts private, public-read, public-read-write, authenticated-read
     #         bucket: "BucketName", # required
     #         create_bucket_configuration: {
-    #           location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #           location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
     #         },
     #         grant_full_control: "GrantFullControl",
     #         grant_read: "GrantRead",
@@ -1756,6 +1821,7 @@ module Aws::S3
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #         object_lock_retain_until_date: Time.now,
     #         object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -1903,6 +1969,12 @@ module Aws::S3
     #   object.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUploadRequest AWS API Documentation
     #
     class CreateMultipartUploadRequest < Struct.new(
@@ -1932,7 +2004,8 @@ module Aws::S3
       :tagging,
       :object_lock_mode,
       :object_lock_retain_until_date,
-      :object_lock_legal_hold_status)
+      :object_lock_legal_hold_status,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
       include Aws::Structure
     end
@@ -2013,6 +2086,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "AnalyticsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2024,11 +2098,18 @@ module Aws::S3
     #   The ID that identifies the analytics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfigurationRequest AWS API Documentation
     #
     class DeleteBucketAnalyticsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2038,16 +2119,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Specifies the bucket whose `cors` configuration is being deleted.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCorsRequest AWS API Documentation
     #
     class DeleteBucketCorsRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2057,6 +2146,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2064,10 +2154,17 @@ module Aws::S3
     #   configuration to delete.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryptionRequest AWS API Documentation
     #
     class DeleteBucketEncryptionRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2078,6 +2175,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "InventoryId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2089,11 +2187,18 @@ module Aws::S3
     #   The ID used to identify the inventory configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfigurationRequest AWS API Documentation
     #
     class DeleteBucketInventoryConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2103,16 +2208,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name of the lifecycle to delete.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycleRequest AWS API Documentation
     #
     class DeleteBucketLifecycleRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2123,6 +2236,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "MetricsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2134,11 +2248,18 @@ module Aws::S3
     #   The ID used to identify the metrics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfigurationRequest AWS API Documentation
     #
     class DeleteBucketMetricsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2148,16 +2269,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicyRequest AWS API Documentation
     #
     class DeleteBucketPolicyRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2167,16 +2296,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplicationRequest AWS API Documentation
     #
     class DeleteBucketReplicationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2186,16 +2323,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Specifies the bucket being deleted.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketRequest AWS API Documentation
     #
     class DeleteBucketRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2205,16 +2350,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket that has the tag set to be removed.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTaggingRequest AWS API Documentation
     #
     class DeleteBucketTaggingRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2224,6 +2377,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2231,10 +2385,17 @@ module Aws::S3
     #   configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsiteRequest AWS API Documentation
     #
     class DeleteBucketWebsiteRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2353,6 +2514,7 @@ module Aws::S3
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
     #         bypass_governance_retention: false,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2404,6 +2566,12 @@ module Aws::S3
     #   restrictions to process this operation.
     #   @return [Boolean]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectRequest AWS API Documentation
     #
     class DeleteObjectRequest < Struct.new(
@@ -2412,7 +2580,8 @@ module Aws::S3
       :mfa,
       :version_id,
       :request_payer,
-      :bypass_governance_retention)
+      :bypass_governance_retention,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2436,6 +2605,7 @@ module Aws::S3
     #         bucket: "BucketName", # required
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2464,12 +2634,19 @@ module Aws::S3
     #   The versionId of the object that the tag-set will be removed from.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTaggingRequest AWS API Documentation
     #
     class DeleteObjectTaggingRequest < Struct.new(
       :bucket,
       :key,
-      :version_id)
+      :version_id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2516,6 +2693,7 @@ module Aws::S3
     #         mfa: "MFA",
     #         request_payer: "requester", # accepts requester
     #         bypass_governance_retention: false,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2564,6 +2742,12 @@ module Aws::S3
     #   permissions to perform this operation.
     #   @return [Boolean]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectsRequest AWS API Documentation
     #
     class DeleteObjectsRequest < Struct.new(
@@ -2571,7 +2755,8 @@ module Aws::S3
       :delete,
       :mfa,
       :request_payer,
-      :bypass_governance_retention)
+      :bypass_governance_retention,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2581,6 +2766,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2588,10 +2774,17 @@ module Aws::S3
     #   want to delete.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlockRequest AWS API Documentation
     #
     class DeletePublicAccessBlockRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3750,6 +3943,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3757,10 +3951,17 @@ module Aws::S3
     #   retrieved.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfigurationRequest AWS API Documentation
     #
     class GetBucketAccelerateConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3787,16 +3988,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Specifies the S3 bucket whose ACL is being requested.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAclRequest AWS API Documentation
     #
     class GetBucketAclRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3819,6 +4028,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "AnalyticsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3830,11 +4040,18 @@ module Aws::S3
     #   The ID that identifies the analytics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfigurationRequest AWS API Documentation
     #
     class GetBucketAnalyticsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3857,16 +4074,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the cors configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCorsRequest AWS API Documentation
     #
     class GetBucketCorsRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3888,6 +4113,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3895,10 +4121,17 @@ module Aws::S3
     #   configuration is retrieved.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryptionRequest AWS API Documentation
     #
     class GetBucketEncryptionRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3921,6 +4154,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "InventoryId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3932,11 +4166,18 @@ module Aws::S3
     #   The ID used to identify the inventory configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfigurationRequest AWS API Documentation
     #
     class GetBucketInventoryConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3958,16 +4199,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the lifecycle information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfigurationRequest AWS API Documentation
     #
     class GetBucketLifecycleConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3989,16 +4238,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the lifecycle information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleRequest AWS API Documentation
     #
     class GetBucketLifecycleRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4027,16 +4284,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the location.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocationRequest AWS API Documentation
     #
     class GetBucketLocationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4065,16 +4330,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the logging information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLoggingRequest AWS API Documentation
     #
     class GetBucketLoggingRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4097,6 +4370,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "MetricsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4108,11 +4382,18 @@ module Aws::S3
     #   The ID used to identify the metrics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfigurationRequest AWS API Documentation
     #
     class GetBucketMetricsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4122,16 +4403,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Name of the bucket for which to get the notification configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfigurationRequest AWS API Documentation
     #
     class GetBucketNotificationConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4153,16 +4442,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the bucket policy.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyRequest AWS API Documentation
     #
     class GetBucketPolicyRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4184,6 +4481,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4191,10 +4489,17 @@ module Aws::S3
     #   retrieve.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatusRequest AWS API Documentation
     #
     class GetBucketPolicyStatusRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4217,16 +4522,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the replication information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplicationRequest AWS API Documentation
     #
     class GetBucketReplicationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4248,6 +4561,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4255,10 +4569,17 @@ module Aws::S3
     #   configuration
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPaymentRequest AWS API Documentation
     #
     class GetBucketRequestPaymentRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4280,16 +4601,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the tagging information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTaggingRequest AWS API Documentation
     #
     class GetBucketTaggingRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4319,16 +4648,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the versioning information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioningRequest AWS API Documentation
     #
     class GetBucketVersioningRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4369,16 +4706,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the website configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsiteRequest AWS API Documentation
     #
     class GetBucketWebsiteRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4414,6 +4759,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4454,13 +4800,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAclRequest AWS API Documentation
     #
     class GetObjectAclRequest < Struct.new(
       :bucket,
       :key,
       :version_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4485,6 +4838,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4527,13 +4881,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHoldRequest AWS API Documentation
     #
     class GetObjectLegalHoldRequest < Struct.new(
       :bucket,
       :key,
       :version_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4555,16 +4916,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket whose Object Lock configuration you want to retrieve.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfigurationRequest AWS API Documentation
     #
     class GetObjectLockConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4788,6 +5157,7 @@ module Aws::S3
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
     #         part_number: 1,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4912,6 +5282,12 @@ module Aws::S3
     #   object.
     #   @return [Integer]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRequest AWS API Documentation
     #
     class GetObjectRequest < Struct.new(
@@ -4933,7 +5309,8 @@ module Aws::S3
       :sse_customer_key,
       :sse_customer_key_md5,
       :request_payer,
-      :part_number)
+      :part_number,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end
@@ -4958,6 +5335,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5000,13 +5378,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetentionRequest AWS API Documentation
     #
     class GetObjectRetentionRequest < Struct.new(
       :bucket,
       :key,
       :version_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5036,6 +5421,7 @@ module Aws::S3
     #         bucket: "BucketName", # required
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5065,12 +5451,19 @@ module Aws::S3
     #   information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTaggingRequest AWS API Documentation
     #
     class GetObjectTaggingRequest < Struct.new(
       :bucket,
       :key,
-      :version_id)
+      :version_id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5100,6 +5493,7 @@ module Aws::S3
     #         bucket: "BucketName", # required
     #         key: "ObjectKey", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5123,12 +5517,19 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrentRequest AWS API Documentation
     #
     class GetObjectTorrentRequest < Struct.new(
       :bucket,
       :key,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5151,6 +5552,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5158,10 +5560,17 @@ module Aws::S3
     #   configuration you want to retrieve.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlockRequest AWS API Documentation
     #
     class GetPublicAccessBlockRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5298,16 +5707,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucketRequest AWS API Documentation
     #
     class HeadBucketRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5584,6 +6001,7 @@ module Aws::S3
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
     #         part_number: 1,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5667,6 +6085,12 @@ module Aws::S3
     #   and the number of parts in this object.
     #   @return [Integer]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObjectRequest AWS API Documentation
     #
     class HeadObjectRequest < Struct.new(
@@ -5682,7 +6106,8 @@ module Aws::S3
       :sse_customer_key,
       :sse_customer_key_md5,
       :request_payer,
-      :part_number)
+      :part_number,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end
@@ -6487,6 +6912,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         continuation_token: "Token",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6499,11 +6925,18 @@ module Aws::S3
     #   request should begin.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurationsRequest AWS API Documentation
     #
     class ListBucketAnalyticsConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6547,6 +6980,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         continuation_token: "Token",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6561,11 +6995,18 @@ module Aws::S3
     #   token is an opaque value that Amazon S3 understands.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurationsRequest AWS API Documentation
     #
     class ListBucketInventoryConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6611,6 +7052,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         continuation_token: "Token",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6625,11 +7067,18 @@ module Aws::S3
     #   continuation token is an opaque value that Amazon S3 understands.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurationsRequest AWS API Documentation
     #
     class ListBucketMetricsConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6752,6 +7201,7 @@ module Aws::S3
     #         max_uploads: 1,
     #         prefix: "Prefix",
     #         upload_id_marker: "UploadIdMarker",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6828,6 +7278,12 @@ module Aws::S3
     #   the specified `upload-id-marker`.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploadsRequest AWS API Documentation
     #
     class ListMultipartUploadsRequest < Struct.new(
@@ -6837,7 +7293,8 @@ module Aws::S3
       :key_marker,
       :max_uploads,
       :prefix,
-      :upload_id_marker)
+      :upload_id_marker,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6949,6 +7406,7 @@ module Aws::S3
     #         max_keys: 1,
     #         prefix: "Prefix",
     #         version_id_marker: "VersionIdMarker",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -7013,6 +7471,12 @@ module Aws::S3
     #   Specifies the object version you want to start listing from.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersionsRequest AWS API Documentation
     #
     class ListObjectVersionsRequest < Struct.new(
@@ -7022,7 +7486,8 @@ module Aws::S3
       :key_marker,
       :max_keys,
       :prefix,
-      :version_id_marker)
+      :version_id_marker,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7124,6 +7589,7 @@ module Aws::S3
     #         max_keys: 1,
     #         prefix: "Prefix",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -7163,6 +7629,12 @@ module Aws::S3
     #   parameter in their requests.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsRequest AWS API Documentation
     #
     class ListObjectsRequest < Struct.new(
@@ -7172,7 +7644,8 @@ module Aws::S3
       :marker,
       :max_keys,
       :prefix,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7309,6 +7782,7 @@ module Aws::S3
     #         fetch_owner: false,
     #         start_after: "StartAfter",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -7371,6 +7845,12 @@ module Aws::S3
     #   this parameter in their requests.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2Request AWS API Documentation
     #
     class ListObjectsV2Request < Struct.new(
@@ -7382,7 +7862,8 @@ module Aws::S3
       :continuation_token,
       :fetch_owner,
       :start_after,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7506,6 +7987,7 @@ module Aws::S3
     #         part_number_marker: 1,
     #         upload_id: "MultipartUploadId", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -7555,6 +8037,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListPartsRequest AWS API Documentation
     #
     class ListPartsRequest < Struct.new(
@@ -7563,7 +8051,8 @@ module Aws::S3
       :max_parts,
       :part_number_marker,
       :upload_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8683,6 +9172,7 @@ module Aws::S3
     #         accelerate_configuration: { # required
     #           status: "Enabled", # accepts Enabled, Suspended
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8693,11 +9183,18 @@ module Aws::S3
     #   Container for setting the transfer acceleration state.
     #   @return [Types::AccelerateConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfigurationRequest AWS API Documentation
     #
     class PutBucketAccelerateConfigurationRequest < Struct.new(
       :bucket,
-      :accelerate_configuration)
+      :accelerate_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8732,6 +9229,7 @@ module Aws::S3
     #         grant_read_acp: "GrantReadACP",
     #         grant_write: "GrantWrite",
     #         grant_write_acp: "GrantWriteACP",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -8780,6 +9278,12 @@ module Aws::S3
     #   Allows grantee to write the ACL for the applicable bucket.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAclRequest AWS API Documentation
     #
     class PutBucketAclRequest < Struct.new(
@@ -8791,7 +9295,8 @@ module Aws::S3
       :grant_read,
       :grant_read_acp,
       :grant_write,
-      :grant_write_acp)
+      :grant_write_acp,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8834,6 +9339,7 @@ module Aws::S3
     #             },
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8849,12 +9355,19 @@ module Aws::S3
     #   The configuration and any analyses for the analytics filter.
     #   @return [Types::AnalyticsConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfigurationRequest AWS API Documentation
     #
     class PutBucketAnalyticsConfigurationRequest < Struct.new(
       :bucket,
       :id,
-      :analytics_configuration)
+      :analytics_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8876,6 +9389,7 @@ module Aws::S3
     #           ],
     #         },
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8904,12 +9418,19 @@ module Aws::S3
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCorsRequest AWS API Documentation
     #
     class PutBucketCorsRequest < Struct.new(
       :bucket,
       :cors_configuration,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8930,6 +9451,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8955,12 +9477,19 @@ module Aws::S3
     #   Specifies the default server-side-encryption configuration.
     #   @return [Types::ServerSideEncryptionConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryptionRequest AWS API Documentation
     #
     class PutBucketEncryptionRequest < Struct.new(
       :bucket,
       :content_md5,
-      :server_side_encryption_configuration)
+      :server_side_encryption_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8998,6 +9527,7 @@ module Aws::S3
     #             frequency: "Daily", # required, accepts Daily, Weekly
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9013,12 +9543,19 @@ module Aws::S3
     #   Specifies the inventory configuration.
     #   @return [Types::InventoryConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfigurationRequest AWS API Documentation
     #
     class PutBucketInventoryConfigurationRequest < Struct.new(
       :bucket,
       :id,
-      :inventory_configuration)
+      :inventory_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9077,6 +9614,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9087,11 +9625,18 @@ module Aws::S3
     #   Container for lifecycle rules. You can add as many as 1,000 rules.
     #   @return [Types::BucketLifecycleConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationRequest AWS API Documentation
     #
     class PutBucketLifecycleConfigurationRequest < Struct.new(
       :bucket,
-      :lifecycle_configuration)
+      :lifecycle_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9131,6 +9676,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9142,12 +9688,19 @@ module Aws::S3
     # @!attribute [rw] lifecycle_configuration
     #   @return [Types::LifecycleConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleRequest AWS API Documentation
     #
     class PutBucketLifecycleRequest < Struct.new(
       :bucket,
       :content_md5,
-      :lifecycle_configuration)
+      :lifecycle_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9176,6 +9729,7 @@ module Aws::S3
     #           },
     #         },
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9190,12 +9744,19 @@ module Aws::S3
     #   The MD5 hash of the `PutBucketLogging` request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLoggingRequest AWS API Documentation
     #
     class PutBucketLoggingRequest < Struct.new(
       :bucket,
       :bucket_logging_status,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9225,6 +9786,7 @@ module Aws::S3
     #             },
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9239,12 +9801,19 @@ module Aws::S3
     #   Specifies the metrics configuration.
     #   @return [Types::MetricsConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfigurationRequest AWS API Documentation
     #
     class PutBucketMetricsConfigurationRequest < Struct.new(
       :bucket,
       :id,
-      :metrics_configuration)
+      :metrics_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9307,6 +9876,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9319,11 +9889,18 @@ module Aws::S3
     #   the bucket.
     #   @return [Types::NotificationConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfigurationRequest AWS API Documentation
     #
     class PutBucketNotificationConfigurationRequest < Struct.new(
       :bucket,
-      :notification_configuration)
+      :notification_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9355,6 +9932,7 @@ module Aws::S3
     #             invocation_role: "CloudFunctionInvocationRole",
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9369,12 +9947,19 @@ module Aws::S3
     #   The container for the configuration.
     #   @return [Types::NotificationConfigurationDeprecated]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationRequest AWS API Documentation
     #
     class PutBucketNotificationRequest < Struct.new(
       :bucket,
       :content_md5,
-      :notification_configuration)
+      :notification_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9387,6 +9972,7 @@ module Aws::S3
     #         content_md5: "ContentMD5",
     #         confirm_remove_self_bucket_access: false,
     #         policy: "Policy", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9406,13 +9992,20 @@ module Aws::S3
     #   The bucket policy as a JSON document.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicyRequest AWS API Documentation
     #
     class PutBucketPolicyRequest < Struct.new(
       :bucket,
       :content_md5,
       :confirm_remove_self_bucket_access,
-      :policy)
+      :policy,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9485,6 +10078,7 @@ module Aws::S3
     #           ],
     #         },
     #         token: "ObjectLockToken",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9510,13 +10104,20 @@ module Aws::S3
     # @!attribute [rw] token
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplicationRequest AWS API Documentation
     #
     class PutBucketReplicationRequest < Struct.new(
       :bucket,
       :content_md5,
       :replication_configuration,
-      :token)
+      :token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9530,6 +10131,7 @@ module Aws::S3
     #         request_payment_configuration: { # required
     #           payer: "Requester", # required, accepts Requester, BucketOwner
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9551,12 +10153,19 @@ module Aws::S3
     #   Container for Payer.
     #   @return [Types::RequestPaymentConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPaymentRequest AWS API Documentation
     #
     class PutBucketRequestPaymentRequest < Struct.new(
       :bucket,
       :content_md5,
-      :request_payment_configuration)
+      :request_payment_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9575,6 +10184,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9596,12 +10206,19 @@ module Aws::S3
     #   Container for the `TagSet` and `Tag` elements.
     #   @return [Types::Tagging]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTaggingRequest AWS API Documentation
     #
     class PutBucketTaggingRequest < Struct.new(
       :bucket,
       :content_md5,
-      :tagging)
+      :tagging,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9617,6 +10234,7 @@ module Aws::S3
     #           mfa_delete: "Enabled", # accepts Enabled, Disabled
     #           status: "Enabled", # accepts Enabled, Suspended
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9644,13 +10262,20 @@ module Aws::S3
     #   Container for setting the versioning state.
     #   @return [Types::VersioningConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioningRequest AWS API Documentation
     #
     class PutBucketVersioningRequest < Struct.new(
       :bucket,
       :content_md5,
       :mfa,
-      :versioning_configuration)
+      :versioning_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9688,6 +10313,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9709,12 +10335,19 @@ module Aws::S3
     #   Container for the request.
     #   @return [Types::WebsiteConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsiteRequest AWS API Documentation
     #
     class PutBucketWebsiteRequest < Struct.new(
       :bucket,
       :content_md5,
-      :website_configuration)
+      :website_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9765,6 +10398,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         request_payer: "requester", # accepts requester
     #         version_id: "ObjectVersionId",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -9852,6 +10486,12 @@ module Aws::S3
     #   VersionId used to reference a specific version of the object.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAclRequest AWS API Documentation
     #
     class PutObjectAclRequest < Struct.new(
@@ -9866,7 +10506,8 @@ module Aws::S3
       :grant_write_acp,
       :key,
       :request_payer,
-      :version_id)
+      :version_id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9896,6 +10537,7 @@ module Aws::S3
     #         request_payer: "requester", # accepts requester
     #         version_id: "ObjectVersionId",
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9945,6 +10587,12 @@ module Aws::S3
     #   The MD5 hash for the request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHoldRequest AWS API Documentation
     #
     class PutObjectLegalHoldRequest < Struct.new(
@@ -9953,7 +10601,8 @@ module Aws::S3
       :legal_hold,
       :request_payer,
       :version_id,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9989,6 +10638,7 @@ module Aws::S3
     #         request_payer: "requester", # accepts requester
     #         token: "ObjectLockToken",
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10021,6 +10671,12 @@ module Aws::S3
     #   The MD5 hash for the request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfigurationRequest AWS API Documentation
     #
     class PutObjectLockConfigurationRequest < Struct.new(
@@ -10028,7 +10684,8 @@ module Aws::S3
       :object_lock_configuration,
       :request_payer,
       :token,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10144,6 +10801,7 @@ module Aws::S3
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #         object_lock_retain_until_date: Time.now,
     #         object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -10394,6 +11052,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRequest AWS API Documentation
     #
     class PutObjectRequest < Struct.new(
@@ -10426,7 +11090,8 @@ module Aws::S3
       :tagging,
       :object_lock_mode,
       :object_lock_retain_until_date,
-      :object_lock_legal_hold_status)
+      :object_lock_legal_hold_status,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
       include Aws::Structure
     end
@@ -10458,6 +11123,7 @@ module Aws::S3
     #         version_id: "ObjectVersionId",
     #         bypass_governance_retention: false,
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10513,6 +11179,12 @@ module Aws::S3
     #   The MD5 hash for the request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetentionRequest AWS API Documentation
     #
     class PutObjectRetentionRequest < Struct.new(
@@ -10522,7 +11194,8 @@ module Aws::S3
       :request_payer,
       :version_id,
       :bypass_governance_retention,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10555,6 +11228,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10590,6 +11264,12 @@ module Aws::S3
     #   Container for the `TagSet` and `Tag` elements
     #   @return [Types::Tagging]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTaggingRequest AWS API Documentation
     #
     class PutObjectTaggingRequest < Struct.new(
@@ -10597,7 +11277,8 @@ module Aws::S3
       :key,
       :version_id,
       :content_md5,
-      :tagging)
+      :tagging,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10614,6 +11295,7 @@ module Aws::S3
     #           block_public_policy: false,
     #           restrict_public_buckets: false,
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10637,12 +11319,19 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
     #   @return [Types::PublicAccessBlockConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlockRequest AWS API Documentation
     #
     class PutPublicAccessBlockRequest < Struct.new(
       :bucket,
       :content_md5,
-      :public_access_block_configuration)
+      :public_access_block_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -11420,6 +12109,7 @@ module Aws::S3
     #           },
     #         },
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -11463,6 +12153,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObjectRequest AWS API Documentation
     #
     class RestoreObjectRequest < Struct.new(
@@ -11470,7 +12166,8 @@ module Aws::S3
       :key,
       :version_id,
       :restore_request,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -12033,6 +12730,7 @@ module Aws::S3
     #           start: 1,
     #           end: 1,
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -12114,6 +12812,12 @@ module Aws::S3
     #     within the last 50 bytes of the file.
     #   @return [Types::ScanRange]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContentRequest AWS API Documentation
     #
     class SelectObjectContentRequest < Struct.new(
@@ -12127,7 +12831,8 @@ module Aws::S3
       :request_progress,
       :input_serialization,
       :output_serialization,
-      :scan_range)
+      :scan_range,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end
@@ -12793,6 +13498,8 @@ module Aws::S3
     #         copy_source_sse_customer_key: "CopySourceSSECustomerKey",
     #         copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
+    #         expected_source_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -12800,8 +13507,41 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and key of the source object, separated by a
+    #     slash (/). For example, to copy the object `reports/january.pdf`
+    #     from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through the
+    #     access point `my-access-point` owned by account `123456789012` in
+    #     Region `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when
+    #     the source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #   @return [String]
     #
     # @!attribute [rw] copy_source_if_match
@@ -12895,6 +13635,18 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with
+    #   an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopyRequest AWS API Documentation
     #
     class UploadPartCopyRequest < Struct.new(
@@ -12914,7 +13666,9 @@ module Aws::S3
       :copy_source_sse_customer_algorithm,
       :copy_source_sse_customer_key,
       :copy_source_sse_customer_key_md5,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner,
+      :expected_source_bucket_owner)
       SENSITIVE = [:sse_customer_key, :copy_source_sse_customer_key]
       include Aws::Structure
     end
@@ -12980,6 +13734,7 @@ module Aws::S3
     #         sse_customer_key: "SSECustomerKey",
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] body
@@ -13048,6 +13803,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartRequest AWS API Documentation
     #
     class UploadPartRequest < Struct.new(
@@ -13061,7 +13822,8 @@ module Aws::S3
       :sse_customer_algorithm,
       :sse_customer_key,
       :sse_customer_key_md5,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end