aws-sdk-s3 1.79.0 → 1.82.0

data/lib/aws-sdk-s3/plugins/bucket_dns.rb

@@ -73,8 +73,6 @@ request URI and never moved to the host as a sub-domain.
             end
           end
 
-          # Checks for a valid RFC-3986 host name
-          # @see https://tools.ietf.org/html/rfc3986#section-3.2.2
           # @param [String] bucket_name
           # @return [Boolean]
           def valid_subdomain?(bucket_name)

data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb

@@ -13,7 +13,7 @@ module Aws
           def call(context)
             bucket_member = _bucket_member(context.operation.input.shape)
             if bucket_member && (bucket = context.params[bucket_member])
-              _resolved_bucket, _resolved_region, arn = BucketARN.resolve_arn!(
+              _resolved_region, arn = ARN.resolve_arn!(
                 bucket,
                 context.config.region,
                 context.config.s3_use_arn_region

data/lib/aws-sdk-s3/plugins/s3_signer.rb

@@ -12,12 +12,14 @@ module Aws
 
         option(:sigv4_signer) do |cfg|
           S3Signer.build_v4_signer(
+            service: 's3',
             region: cfg.sigv4_region,
             credentials: cfg.credentials
           )
         end
 
         option(:sigv4_region) do |cfg|
+          # S3 removes core's signature_v4 plugin that checks for this
           raise Aws::Errors::MissingRegionError if cfg.region.nil?
 
           Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
@@ -67,11 +69,26 @@ module Aws
             if context[:cached_sigv4_region] &&
                context[:cached_sigv4_region] != context.config.sigv4_signer.region
               S3Signer.build_v4_signer(
+                service: 's3',
                 region: context[:cached_sigv4_region],
                 credentials: context.config.credentials
               )
             else
-              context.config.sigv4_signer
+              resolved_region, arn = ARN.resolve_arn!(
+                context.params[:bucket],
+                context.config.sigv4_signer.region,
+                context.config.s3_use_arn_region
+              )
+
+              if arn
+                S3Signer.build_v4_signer(
+                  service: arn.respond_to?(:outpost_id) ? 's3-outposts' : 's3',
+                  region: resolved_region,
+                  credentials: context.config.credentials
+                )
+              else
+                context.config.sigv4_signer
+              end
             end
           end
         end
@@ -90,7 +107,9 @@ module Aws
           def check_for_cached_region(context, bucket)
             cached_region = S3::BUCKET_REGIONS[bucket]
             if cached_region && cached_region != context.config.region
-              context.http_request.endpoint.host = S3Signer.new_hostname(context, cached_region)
+              context.http_request.endpoint.host = S3Signer.new_hostname(
+                context, cached_region
+              )
               context[:cached_sigv4_region] = cached_region
             end
           end
@@ -150,11 +169,14 @@ module Aws
 
           def resign_with_new_region(context, actual_region)
             context.http_response.body.truncate(0)
-            context.http_request.endpoint.host = S3Signer.new_hostname(context, actual_region)
+            context.http_request.endpoint.host = S3Signer.new_hostname(
+              context, actual_region
+            )
             context.metadata[:redirect_region] = actual_region
             Aws::Plugins::SignatureV4.apply_signature(
               context: context,
               signer: S3Signer.build_v4_signer(
+                service: 's3',
                 region: actual_region,
                 credentials: context.config.credentials
               )
@@ -189,7 +211,7 @@ module Aws
           # @api private
           def build_v4_signer(options = {})
             Aws::Sigv4::Signer.new(
-              service: 's3',
+              service: options[:service],
               region: options[:region],
               credentials_provider: options[:credentials],
               uri_escape_path: false,
@@ -200,7 +222,7 @@ module Aws
           def new_hostname(context, region)
             # Check to see if the bucket is actually an ARN and resolve it
             # Otherwise it will retry with the ARN as the bucket name.
-            resolved_bucket, resolved_region, arn = BucketARN.resolve_arn!(
+            resolved_region, arn = ARN.resolve_arn!(
               context.params[:bucket],
               region,
               context.config.s3_use_arn_region
@@ -210,9 +232,9 @@ module Aws
             )
 
             if arn
-              BucketARN.resolve_url!(uri, arn).host
+              ARN.resolve_url!(uri, arn).host
             else
-              resolved_bucket + '.' + uri.host
+              "#{context.params[:bucket]}.#{uri.host}"
             end
           end
         end

data/lib/aws-sdk-s3/presigned_post.rb

@@ -237,6 +237,7 @@ module Aws
         @bucket_region = bucket_region
         @bucket_name = bucket_name
         @accelerate = !!options.delete(:use_accelerate_endpoint)
+        options.delete(:url) if @accelerate # resource methods pass url
         @url = options.delete(:url) || bucket_url
         @fields = {}
         @key_set = false

data/lib/aws-sdk-s3/presigner.rb

@@ -12,6 +12,7 @@ module Aws
       # @api private
       BLACKLISTED_HEADERS = [
         'accept',
+        'amz-sdk-request',
         'cache-control',
         'content-length', # due to a ELB bug
         'expect',

data/lib/aws-sdk-s3/types.rb

@@ -61,6 +61,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         upload_id: "MultipartUploadId", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -75,9 +76,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -100,13 +111,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUploadRequest AWS API Documentation
     #
     class AbortMultipartUploadRequest < Struct.new(
       :bucket,
       :key,
       :upload_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -891,6 +909,29 @@ module Aws::S3
     #
     # @!attribute [rw] bucket
     #   The name of the bucket that contains the newly created object.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -969,6 +1010,7 @@ module Aws::S3
     #         },
     #         upload_id: "MultipartUploadId", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -999,6 +1041,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUploadRequest AWS API Documentation
     #
     class CompleteMultipartUploadRequest < Struct.new(
@@ -1006,7 +1054,8 @@ module Aws::S3
       :key,
       :multipart_upload,
       :upload_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1214,7 +1263,7 @@ module Aws::S3
     #         metadata_directive: "COPY", # accepts COPY, REPLACE
     #         tagging_directive: "COPY", # accepts COPY, REPLACE
     #         server_side_encryption: "AES256", # accepts AES256, aws:kms
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         website_redirect_location: "WebsiteRedirectLocation",
     #         sse_customer_algorithm: "SSECustomerAlgorithm",
     #         sse_customer_key: "SSECustomerKey",
@@ -1229,6 +1278,8 @@ module Aws::S3
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #         object_lock_retain_until_date: Time.now,
     #         object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #         expected_bucket_owner: "AccountId",
+    #         expected_source_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -1237,6 +1288,29 @@ module Aws::S3
     #
     # @!attribute [rw] bucket
     #   The name of the destination bucket.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] cache_control
@@ -1262,8 +1336,50 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and the key of the source object, separated
+    #     by a slash (/). For example, to copy the object
+    #     `reports/january.pdf` from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through
+    #     access point `my-access-point` owned by account `123456789012` in
+    #     Region `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when
+    #     the source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #     Alternatively, for objects accessed through Amazon S3 on Outposts,
+    #     specify the ARN of the object as accessed in the format
+    #     `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through
+    #     outpost `my-outpost` owned by account `123456789012` in Region
+    #     `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #   @return [String]
     #
     # @!attribute [rw] copy_source_if_match
@@ -1350,7 +1466,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -1427,6 +1543,18 @@ module Aws::S3
     #   object.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with
+    #   an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObjectRequest AWS API Documentation
     #
     class CopyObjectRequest < Struct.new(
@@ -1466,7 +1594,9 @@ module Aws::S3
       :tagging,
       :object_lock_mode,
       :object_lock_retain_until_date,
-      :object_lock_legal_hold_status)
+      :object_lock_legal_hold_status,
+      :expected_bucket_owner,
+      :expected_source_bucket_owner)
       SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context, :copy_source_sse_customer_key]
       include Aws::Structure
     end
@@ -1645,7 +1775,7 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
@@ -1656,9 +1786,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -1744,7 +1884,7 @@ module Aws::S3
     #           "MetadataKey" => "MetadataValue",
     #         },
     #         server_side_encryption: "AES256", # accepts AES256, aws:kms
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         website_redirect_location: "WebsiteRedirectLocation",
     #         sse_customer_algorithm: "SSECustomerAlgorithm",
     #         sse_customer_key: "SSECustomerKey",
@@ -1756,6 +1896,7 @@ module Aws::S3
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #         object_lock_retain_until_date: Time.now,
     #         object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -1764,6 +1905,29 @@ module Aws::S3
     #
     # @!attribute [rw] bucket
     #   The name of the bucket to which to initiate the upload
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] cache_control
@@ -1843,7 +2007,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -1903,6 +2067,12 @@ module Aws::S3
     #   object.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUploadRequest AWS API Documentation
     #
     class CreateMultipartUploadRequest < Struct.new(
@@ -1932,7 +2102,8 @@ module Aws::S3
       :tagging,
       :object_lock_mode,
       :object_lock_retain_until_date,
-      :object_lock_legal_hold_status)
+      :object_lock_legal_hold_status,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
       include Aws::Structure
     end
@@ -2013,6 +2184,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "AnalyticsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2024,11 +2196,18 @@ module Aws::S3
     #   The ID that identifies the analytics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfigurationRequest AWS API Documentation
     #
     class DeleteBucketAnalyticsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2038,16 +2217,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Specifies the bucket whose `cors` configuration is being deleted.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCorsRequest AWS API Documentation
     #
     class DeleteBucketCorsRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2057,6 +2244,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2064,10 +2252,17 @@ module Aws::S3
     #   configuration to delete.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryptionRequest AWS API Documentation
     #
     class DeleteBucketEncryptionRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2078,6 +2273,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "InventoryId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2089,11 +2285,18 @@ module Aws::S3
     #   The ID used to identify the inventory configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfigurationRequest AWS API Documentation
     #
     class DeleteBucketInventoryConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2103,16 +2306,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name of the lifecycle to delete.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycleRequest AWS API Documentation
     #
     class DeleteBucketLifecycleRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2123,6 +2334,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "MetricsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2134,11 +2346,18 @@ module Aws::S3
     #   The ID used to identify the metrics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfigurationRequest AWS API Documentation
     #
     class DeleteBucketMetricsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2148,16 +2367,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicyRequest AWS API Documentation
     #
     class DeleteBucketPolicyRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2167,16 +2394,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplicationRequest AWS API Documentation
     #
     class DeleteBucketReplicationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2186,16 +2421,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Specifies the bucket being deleted.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketRequest AWS API Documentation
     #
     class DeleteBucketRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2205,16 +2448,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket that has the tag set to be removed.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTaggingRequest AWS API Documentation
     #
     class DeleteBucketTaggingRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2224,6 +2475,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2231,10 +2483,17 @@ module Aws::S3
     #   configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsiteRequest AWS API Documentation
     #
     class DeleteBucketWebsiteRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2353,6 +2612,7 @@ module Aws::S3
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
     #         bypass_governance_retention: false,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2367,9 +2627,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -2404,6 +2674,12 @@ module Aws::S3
     #   restrictions to process this operation.
     #   @return [Boolean]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectRequest AWS API Documentation
     #
     class DeleteObjectRequest < Struct.new(
@@ -2412,7 +2688,8 @@ module Aws::S3
       :mfa,
       :version_id,
       :request_payer,
-      :bypass_governance_retention)
+      :bypass_governance_retention,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2436,6 +2713,7 @@ module Aws::S3
     #         bucket: "BucketName", # required
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2451,9 +2729,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -2464,12 +2752,19 @@ module Aws::S3
     #   The versionId of the object that the tag-set will be removed from.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTaggingRequest AWS API Documentation
     #
     class DeleteObjectTaggingRequest < Struct.new(
       :bucket,
       :key,
-      :version_id)
+      :version_id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2516,6 +2811,7 @@ module Aws::S3
     #         mfa: "MFA",
     #         request_payer: "requester", # accepts requester
     #         bypass_governance_retention: false,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2530,9 +2826,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] delete
@@ -2564,6 +2870,12 @@ module Aws::S3
     #   permissions to perform this operation.
     #   @return [Boolean]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectsRequest AWS API Documentation
     #
     class DeleteObjectsRequest < Struct.new(
@@ -2571,7 +2883,8 @@ module Aws::S3
       :delete,
       :mfa,
       :request_payer,
-      :bypass_governance_retention)
+      :bypass_governance_retention,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2581,6 +2894,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -2588,10 +2902,17 @@ module Aws::S3
     #   want to delete.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlockRequest AWS API Documentation
     #
     class DeletePublicAccessBlockRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2641,7 +2962,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         account: "AccountId",
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         access_control_translation: {
     #           owner: "Destination", # required, accepts Destination
     #         },
@@ -3750,17 +4071,25 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket for which the accelerate configuration is
+    #   The name of the bucket for which the accelerate configuration is
     #   retrieved.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfigurationRequest AWS API Documentation
     #
     class GetBucketAccelerateConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3787,16 +4116,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   Specifies the S3 bucket whose ACL is being requested.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAclRequest AWS API Documentation
     #
     class GetBucketAclRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3819,6 +4156,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "AnalyticsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3830,11 +4168,18 @@ module Aws::S3
     #   The ID that identifies the analytics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfigurationRequest AWS API Documentation
     #
     class GetBucketAnalyticsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3857,16 +4202,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the cors configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCorsRequest AWS API Documentation
     #
     class GetBucketCorsRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3888,6 +4241,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3895,10 +4249,17 @@ module Aws::S3
     #   configuration is retrieved.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryptionRequest AWS API Documentation
     #
     class GetBucketEncryptionRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3921,6 +4282,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "InventoryId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -3932,11 +4294,18 @@ module Aws::S3
     #   The ID used to identify the inventory configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfigurationRequest AWS API Documentation
     #
     class GetBucketInventoryConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3958,16 +4327,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the lifecycle information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfigurationRequest AWS API Documentation
     #
     class GetBucketLifecycleConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3989,16 +4366,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the lifecycle information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleRequest AWS API Documentation
     #
     class GetBucketLifecycleRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4027,16 +4412,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the location.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocationRequest AWS API Documentation
     #
     class GetBucketLocationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4065,16 +4458,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the logging information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLoggingRequest AWS API Documentation
     #
     class GetBucketLoggingRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4097,6 +4498,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         id: "MetricsId", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4108,11 +4510,18 @@ module Aws::S3
     #   The ID used to identify the metrics configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfigurationRequest AWS API Documentation
     #
     class GetBucketMetricsConfigurationRequest < Struct.new(
       :bucket,
-      :id)
+      :id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4122,16 +4531,25 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket for which to get the notification configuration.
+    #   The name of the bucket for which to get the notification
+    #   configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfigurationRequest AWS API Documentation
     #
     class GetBucketNotificationConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4153,16 +4571,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the bucket policy.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyRequest AWS API Documentation
     #
     class GetBucketPolicyRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4184,6 +4610,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4191,10 +4618,17 @@ module Aws::S3
     #   retrieve.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatusRequest AWS API Documentation
     #
     class GetBucketPolicyStatusRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4217,16 +4651,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the replication information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplicationRequest AWS API Documentation
     #
     class GetBucketReplicationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4248,6 +4690,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4255,10 +4698,17 @@ module Aws::S3
     #   configuration
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPaymentRequest AWS API Documentation
     #
     class GetBucketRequestPaymentRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4280,16 +4730,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the tagging information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTaggingRequest AWS API Documentation
     #
     class GetBucketTaggingRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4319,16 +4777,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket for which to get the versioning information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioningRequest AWS API Documentation
     #
     class GetBucketVersioningRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4369,16 +4835,24 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name for which to get the website configuration.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsiteRequest AWS API Documentation
     #
     class GetBucketWebsiteRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4414,6 +4888,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4454,13 +4929,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAclRequest AWS API Documentation
     #
     class GetObjectAclRequest < Struct.new(
       :bucket,
       :key,
       :version_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4485,6 +4967,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4527,13 +5010,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHoldRequest AWS API Documentation
     #
     class GetObjectLegalHoldRequest < Struct.new(
       :bucket,
       :key,
       :version_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4555,16 +5045,37 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket whose Object Lock configuration you want to retrieve.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfigurationRequest AWS API Documentation
     #
     class GetObjectLockConfigurationRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4788,6 +5299,7 @@ module Aws::S3
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
     #         part_number: 1,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -4802,9 +5314,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] if_match
@@ -4884,7 +5406,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -4912,6 +5434,12 @@ module Aws::S3
     #   object.
     #   @return [Integer]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRequest AWS API Documentation
     #
     class GetObjectRequest < Struct.new(
@@ -4933,7 +5461,8 @@ module Aws::S3
       :sse_customer_key,
       :sse_customer_key_md5,
       :request_payer,
-      :part_number)
+      :part_number,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end
@@ -4958,6 +5487,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5000,13 +5530,20 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetentionRequest AWS API Documentation
     #
     class GetObjectRetentionRequest < Struct.new(
       :bucket,
       :key,
       :version_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5036,6 +5573,7 @@ module Aws::S3
     #         bucket: "BucketName", # required
     #         key: "ObjectKey", # required
     #         version_id: "ObjectVersionId",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5051,9 +5589,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -5065,12 +5613,19 @@ module Aws::S3
     #   information.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTaggingRequest AWS API Documentation
     #
     class GetObjectTaggingRequest < Struct.new(
       :bucket,
       :key,
-      :version_id)
+      :version_id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5100,6 +5655,7 @@ module Aws::S3
     #         bucket: "BucketName", # required
     #         key: "ObjectKey", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5123,12 +5679,19 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrentRequest AWS API Documentation
     #
     class GetObjectTorrentRequest < Struct.new(
       :bucket,
       :key,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5151,6 +5714,7 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -5158,10 +5722,17 @@ module Aws::S3
     #   configuration you want to retrieve.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlockRequest AWS API Documentation
     #
     class GetPublicAccessBlockRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5298,16 +5869,47 @@ module Aws::S3
     #
     #       {
     #         bucket: "BucketName", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucketRequest AWS API Documentation
     #
     class HeadBucketRequest < Struct.new(
-      :bucket)
+      :bucket,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5332,8 +5934,8 @@ module Aws::S3
     # @!attribute [rw] restore
     #   If the object is an archived object (an object whose storage class
     #   is GLACIER), the response includes this header if either the archive
-    #   restoration is in progress (see RestoreObject or an archive copy is
-    #   already restored.
+    #   restoration is in progress (see [RestoreObject][1] or an archive
+    #   copy is already restored.
     #
     #   If an archive copy is already restored, the header value indicates
     #   when Amazon S3 is scheduled to delete the object copy. For example:
@@ -5345,11 +5947,12 @@ module Aws::S3
     #   value `ongoing-request="true"`.
     #
     #   For more information about archiving objects, see [Transitioning
-    #   Objects: General Considerations][1].
+    #   Objects: General Considerations][2].
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations
     #   @return [String]
     #
     # @!attribute [rw] last_modified
@@ -5583,10 +6186,34 @@ module Aws::S3
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
     #         part_number: 1,
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket containing the object.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] if_match
@@ -5638,7 +6265,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -5666,6 +6293,12 @@ module Aws::S3
     #   and the number of parts in this object.
     #   @return [Integer]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObjectRequest AWS API Documentation
     #
     class HeadObjectRequest < Struct.new(
@@ -5681,7 +6314,8 @@ module Aws::S3
       :sse_customer_key,
       :sse_customer_key_md5,
       :request_payer,
-      :part_number)
+      :part_number,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end
@@ -6486,6 +7120,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         continuation_token: "Token",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6498,11 +7133,18 @@ module Aws::S3
     #   request should begin.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurationsRequest AWS API Documentation
     #
     class ListBucketAnalyticsConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6546,6 +7188,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         continuation_token: "Token",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6560,11 +7203,18 @@ module Aws::S3
     #   token is an opaque value that Amazon S3 understands.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurationsRequest AWS API Documentation
     #
     class ListBucketInventoryConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6610,6 +7260,7 @@ module Aws::S3
     #       {
     #         bucket: "BucketName", # required
     #         continuation_token: "Token",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -6624,11 +7275,18 @@ module Aws::S3
     #   continuation token is an opaque value that Amazon S3 understands.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurationsRequest AWS API Documentation
     #
     class ListBucketMetricsConfigurationsRequest < Struct.new(
       :bucket,
-      :continuation_token)
+      :continuation_token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6651,7 +7309,7 @@ module Aws::S3
     end
 
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
     #   @return [String]
     #
     # @!attribute [rw] key_marker
@@ -6751,10 +7409,11 @@ module Aws::S3
     #         max_uploads: 1,
     #         prefix: "Prefix",
     #         upload_id_marker: "UploadIdMarker",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
@@ -6765,9 +7424,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] delimiter
@@ -6827,6 +7496,12 @@ module Aws::S3
     #   the specified `upload-id-marker`.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploadsRequest AWS API Documentation
     #
     class ListMultipartUploadsRequest < Struct.new(
@@ -6836,7 +7511,8 @@ module Aws::S3
       :key_marker,
       :max_uploads,
       :prefix,
-      :upload_id_marker)
+      :upload_id_marker,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6880,7 +7556,7 @@ module Aws::S3
     #   @return [Array<Types::DeleteMarkerEntry>]
     #
     # @!attribute [rw] name
-    #   Bucket name.
+    #   The bucket name.
     #   @return [String]
     #
     # @!attribute [rw] prefix
@@ -6948,23 +7624,11 @@ module Aws::S3
     #         max_keys: 1,
     #         prefix: "Prefix",
     #         version_id_marker: "VersionIdMarker",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name that contains the objects.
-    #
-    #   When using this API with an access point, you must direct requests
-    #   to the access point hostname. The access point hostname takes the
-    #   form
-    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this operation using an access point through the AWS
-    #   SDKs, you provide the access point ARN in place of the bucket name.
-    #   For more information about access point ARNs, see [Using Access
-    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
     #   @return [String]
     #
     # @!attribute [rw] delimiter
@@ -7012,6 +7676,12 @@ module Aws::S3
     #   Specifies the object version you want to start listing from.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersionsRequest AWS API Documentation
     #
     class ListObjectVersionsRequest < Struct.new(
@@ -7021,7 +7691,8 @@ module Aws::S3
       :key_marker,
       :max_keys,
       :prefix,
-      :version_id_marker)
+      :version_id_marker,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7052,7 +7723,7 @@ module Aws::S3
     #   @return [Array<Types::Object>]
     #
     # @!attribute [rw] name
-    #   Bucket name.
+    #   The bucket name.
     #   @return [String]
     #
     # @!attribute [rw] prefix
@@ -7123,10 +7794,34 @@ module Aws::S3
     #         max_keys: 1,
     #         prefix: "Prefix",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The name of the bucket containing the objects.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] delimiter
@@ -7162,6 +7857,12 @@ module Aws::S3
     #   parameter in their requests.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsRequest AWS API Documentation
     #
     class ListObjectsRequest < Struct.new(
@@ -7171,7 +7872,8 @@ module Aws::S3
       :marker,
       :max_keys,
       :prefix,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7187,7 +7889,7 @@ module Aws::S3
     #   @return [Array<Types::Object>]
     #
     # @!attribute [rw] name
-    #   Bucket name.
+    #   The bucket name.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
@@ -7198,9 +7900,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] prefix
@@ -7308,6 +8020,7 @@ module Aws::S3
     #         fetch_owner: false,
     #         start_after: "StartAfter",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -7322,9 +8035,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] delimiter
@@ -7370,6 +8093,12 @@ module Aws::S3
     #   this parameter in their requests.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2Request AWS API Documentation
     #
     class ListObjectsV2Request < Struct.new(
@@ -7381,7 +8110,8 @@ module Aws::S3
       :continuation_token,
       :fetch_owner,
       :start_after,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7411,7 +8141,7 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -7505,10 +8235,11 @@ module Aws::S3
     #         part_number_marker: 1,
     #         upload_id: "MultipartUploadId", # required
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the parts are being uploaded.
+    #   The name of the bucket to which the parts are being uploaded.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
@@ -7519,9 +8250,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -7554,6 +8295,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListPartsRequest AWS API Documentation
     #
     class ListPartsRequest < Struct.new(
@@ -7562,7 +8309,8 @@ module Aws::S3
       :max_parts,
       :part_number_marker,
       :upload_id,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8425,7 +9173,7 @@ module Aws::S3
     #               value: "MetadataValue",
     #             },
     #           ],
-    #           storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #           storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         },
     #       }
     #
@@ -8682,21 +9430,30 @@ module Aws::S3
     #         accelerate_configuration: { # required
     #           status: "Enabled", # accepts Enabled, Suspended
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket for which the accelerate configuration is set.
+    #   The name of the bucket for which the accelerate configuration is
+    #   set.
     #   @return [String]
     #
     # @!attribute [rw] accelerate_configuration
     #   Container for setting the transfer acceleration state.
     #   @return [Types::AccelerateConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfigurationRequest AWS API Documentation
     #
     class PutBucketAccelerateConfigurationRequest < Struct.new(
       :bucket,
-      :accelerate_configuration)
+      :accelerate_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8731,6 +9488,7 @@ module Aws::S3
     #         grant_read_acp: "GrantReadACP",
     #         grant_write: "GrantWrite",
     #         grant_write_acp: "GrantWriteACP",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -8779,6 +9537,12 @@ module Aws::S3
     #   Allows grantee to write the ACL for the applicable bucket.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAclRequest AWS API Documentation
     #
     class PutBucketAclRequest < Struct.new(
@@ -8790,7 +9554,8 @@ module Aws::S3
       :grant_read,
       :grant_read_acp,
       :grant_write,
-      :grant_write_acp)
+      :grant_write_acp,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8833,6 +9598,7 @@ module Aws::S3
     #             },
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8848,12 +9614,19 @@ module Aws::S3
     #   The configuration and any analyses for the analytics filter.
     #   @return [Types::AnalyticsConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfigurationRequest AWS API Documentation
     #
     class PutBucketAnalyticsConfigurationRequest < Struct.new(
       :bucket,
       :id,
-      :analytics_configuration)
+      :analytics_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8875,6 +9648,7 @@ module Aws::S3
     #           ],
     #         },
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8903,12 +9677,19 @@ module Aws::S3
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCorsRequest AWS API Documentation
     #
     class PutBucketCorsRequest < Struct.new(
       :bucket,
       :cors_configuration,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8929,6 +9710,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -8954,12 +9736,19 @@ module Aws::S3
     #   Specifies the default server-side-encryption configuration.
     #   @return [Types::ServerSideEncryptionConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryptionRequest AWS API Documentation
     #
     class PutBucketEncryptionRequest < Struct.new(
       :bucket,
       :content_md5,
-      :server_side_encryption_configuration)
+      :server_side_encryption_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8997,6 +9786,7 @@ module Aws::S3
     #             frequency: "Daily", # required, accepts Daily, Weekly
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9012,12 +9802,19 @@ module Aws::S3
     #   Specifies the inventory configuration.
     #   @return [Types::InventoryConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfigurationRequest AWS API Documentation
     #
     class PutBucketInventoryConfigurationRequest < Struct.new(
       :bucket,
       :id,
-      :inventory_configuration)
+      :inventory_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9076,6 +9873,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9086,11 +9884,18 @@ module Aws::S3
     #   Container for lifecycle rules. You can add as many as 1,000 rules.
     #   @return [Types::BucketLifecycleConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationRequest AWS API Documentation
     #
     class PutBucketLifecycleConfigurationRequest < Struct.new(
       :bucket,
-      :lifecycle_configuration)
+      :lifecycle_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9130,6 +9935,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9141,12 +9947,19 @@ module Aws::S3
     # @!attribute [rw] lifecycle_configuration
     #   @return [Types::LifecycleConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleRequest AWS API Documentation
     #
     class PutBucketLifecycleRequest < Struct.new(
       :bucket,
       :content_md5,
-      :lifecycle_configuration)
+      :lifecycle_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9175,6 +9988,7 @@ module Aws::S3
     #           },
     #         },
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9189,12 +10003,19 @@ module Aws::S3
     #   The MD5 hash of the `PutBucketLogging` request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLoggingRequest AWS API Documentation
     #
     class PutBucketLoggingRequest < Struct.new(
       :bucket,
       :bucket_logging_status,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9224,6 +10045,7 @@ module Aws::S3
     #             },
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9238,12 +10060,19 @@ module Aws::S3
     #   Specifies the metrics configuration.
     #   @return [Types::MetricsConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfigurationRequest AWS API Documentation
     #
     class PutBucketMetricsConfigurationRequest < Struct.new(
       :bucket,
       :id,
-      :metrics_configuration)
+      :metrics_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9306,6 +10135,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9318,11 +10148,18 @@ module Aws::S3
     #   the bucket.
     #   @return [Types::NotificationConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfigurationRequest AWS API Documentation
     #
     class PutBucketNotificationConfigurationRequest < Struct.new(
       :bucket,
-      :notification_configuration)
+      :notification_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9354,6 +10191,7 @@ module Aws::S3
     #             invocation_role: "CloudFunctionInvocationRole",
     #           },
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9368,12 +10206,19 @@ module Aws::S3
     #   The container for the configuration.
     #   @return [Types::NotificationConfigurationDeprecated]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationRequest AWS API Documentation
     #
     class PutBucketNotificationRequest < Struct.new(
       :bucket,
       :content_md5,
-      :notification_configuration)
+      :notification_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9386,6 +10231,7 @@ module Aws::S3
     #         content_md5: "ContentMD5",
     #         confirm_remove_self_bucket_access: false,
     #         policy: "Policy", # required
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9405,13 +10251,20 @@ module Aws::S3
     #   The bucket policy as a JSON document.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicyRequest AWS API Documentation
     #
     class PutBucketPolicyRequest < Struct.new(
       :bucket,
       :content_md5,
       :confirm_remove_self_bucket_access,
-      :policy)
+      :policy,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9457,7 +10310,7 @@ module Aws::S3
     #               destination: { # required
     #                 bucket: "BucketName", # required
     #                 account: "AccountId",
-    #                 storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #                 storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #                 access_control_translation: {
     #                   owner: "Destination", # required, accepts Destination
     #                 },
@@ -9484,6 +10337,7 @@ module Aws::S3
     #           ],
     #         },
     #         token: "ObjectLockToken",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9509,13 +10363,20 @@ module Aws::S3
     # @!attribute [rw] token
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplicationRequest AWS API Documentation
     #
     class PutBucketReplicationRequest < Struct.new(
       :bucket,
       :content_md5,
       :replication_configuration,
-      :token)
+      :token,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9529,6 +10390,7 @@ module Aws::S3
     #         request_payment_configuration: { # required
     #           payer: "Requester", # required, accepts Requester, BucketOwner
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9550,12 +10412,19 @@ module Aws::S3
     #   Container for Payer.
     #   @return [Types::RequestPaymentConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPaymentRequest AWS API Documentation
     #
     class PutBucketRequestPaymentRequest < Struct.new(
       :bucket,
       :content_md5,
-      :request_payment_configuration)
+      :request_payment_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9574,6 +10443,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9595,12 +10465,19 @@ module Aws::S3
     #   Container for the `TagSet` and `Tag` elements.
     #   @return [Types::Tagging]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTaggingRequest AWS API Documentation
     #
     class PutBucketTaggingRequest < Struct.new(
       :bucket,
       :content_md5,
-      :tagging)
+      :tagging,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9616,6 +10493,7 @@ module Aws::S3
     #           mfa_delete: "Enabled", # accepts Enabled, Disabled
     #           status: "Enabled", # accepts Enabled, Suspended
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9643,13 +10521,20 @@ module Aws::S3
     #   Container for setting the versioning state.
     #   @return [Types::VersioningConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioningRequest AWS API Documentation
     #
     class PutBucketVersioningRequest < Struct.new(
       :bucket,
       :content_md5,
       :mfa,
-      :versioning_configuration)
+      :versioning_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9687,6 +10572,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9708,12 +10594,19 @@ module Aws::S3
     #   Container for the request.
     #   @return [Types::WebsiteConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsiteRequest AWS API Documentation
     #
     class PutBucketWebsiteRequest < Struct.new(
       :bucket,
       :content_md5,
-      :website_configuration)
+      :website_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9764,6 +10657,7 @@ module Aws::S3
     #         key: "ObjectKey", # required
     #         request_payer: "requester", # accepts requester
     #         version_id: "ObjectVersionId",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -9833,6 +10727,29 @@ module Aws::S3
     #
     # @!attribute [rw] key
     #   Key for which the PUT operation was initiated.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] request_payer
@@ -9851,6 +10768,12 @@ module Aws::S3
     #   VersionId used to reference a specific version of the object.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAclRequest AWS API Documentation
     #
     class PutObjectAclRequest < Struct.new(
@@ -9865,7 +10788,8 @@ module Aws::S3
       :grant_write_acp,
       :key,
       :request_payer,
-      :version_id)
+      :version_id,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9895,6 +10819,7 @@ module Aws::S3
     #         request_payer: "requester", # accepts requester
     #         version_id: "ObjectVersionId",
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -9944,6 +10869,12 @@ module Aws::S3
     #   The MD5 hash for the request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHoldRequest AWS API Documentation
     #
     class PutObjectLegalHoldRequest < Struct.new(
@@ -9952,7 +10883,8 @@ module Aws::S3
       :legal_hold,
       :request_payer,
       :version_id,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9988,6 +10920,7 @@ module Aws::S3
     #         request_payer: "requester", # accepts requester
     #         token: "ObjectLockToken",
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10020,6 +10953,12 @@ module Aws::S3
     #   The MD5 hash for the request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfigurationRequest AWS API Documentation
     #
     class PutObjectLockConfigurationRequest < Struct.new(
@@ -10027,17 +10966,22 @@ module Aws::S3
       :object_lock_configuration,
       :request_payer,
       :token,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] expiration
     #   If the expiration is configured for the object (see
-    #   PutBucketLifecycleConfiguration), the response includes this header.
-    #   It includes the expiry-date and rule-id key-value pairs that provide
-    #   information about object expiration. The value of the rule-id is URL
-    #   encoded.
+    #   [PutBucketLifecycleConfiguration][1]), the response includes this
+    #   header. It includes the expiry-date and rule-id key-value pairs that
+    #   provide information about object expiration. The value of the
+    #   rule-id is URL encoded.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
     #   @return [String]
     #
     # @!attribute [rw] etag
@@ -10127,7 +11071,7 @@ module Aws::S3
     #           "MetadataKey" => "MetadataValue",
     #         },
     #         server_side_encryption: "AES256", # accepts AES256, aws:kms
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #         website_redirect_location: "WebsiteRedirectLocation",
     #         sse_customer_algorithm: "SSECustomerAlgorithm",
     #         sse_customer_key: "SSECustomerKey",
@@ -10139,6 +11083,7 @@ module Aws::S3
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #         object_lock_retain_until_date: Time.now,
     #         object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] acl
@@ -10155,7 +11100,7 @@ module Aws::S3
     #   @return [IO]
     #
     # @!attribute [rw] bucket
-    #   Bucket name to which the PUT operation was initiated.
+    #   The bucket name to which the PUT operation was initiated.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
@@ -10166,9 +11111,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] cache_control
@@ -10325,7 +11280,7 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #   @return [String]
     #
     # @!attribute [rw] sse_customer_key_md5
@@ -10389,6 +11344,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRequest AWS API Documentation
     #
     class PutObjectRequest < Struct.new(
@@ -10421,7 +11382,8 @@ module Aws::S3
       :tagging,
       :object_lock_mode,
       :object_lock_retain_until_date,
-      :object_lock_legal_hold_status)
+      :object_lock_legal_hold_status,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
       include Aws::Structure
     end
@@ -10453,6 +11415,7 @@ module Aws::S3
     #         version_id: "ObjectVersionId",
     #         bypass_governance_retention: false,
     #         content_md5: "ContentMD5",
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10508,6 +11471,12 @@ module Aws::S3
     #   The MD5 hash for the request body.
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetentionRequest AWS API Documentation
     #
     class PutObjectRetentionRequest < Struct.new(
@@ -10517,7 +11486,8 @@ module Aws::S3
       :request_payer,
       :version_id,
       :bypass_governance_retention,
-      :content_md5)
+      :content_md5,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10550,6 +11520,7 @@ module Aws::S3
     #             },
     #           ],
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10564,9 +11535,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -10585,6 +11566,12 @@ module Aws::S3
     #   Container for the `TagSet` and `Tag` elements
     #   @return [Types::Tagging]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTaggingRequest AWS API Documentation
     #
     class PutObjectTaggingRequest < Struct.new(
@@ -10592,7 +11579,8 @@ module Aws::S3
       :key,
       :version_id,
       :content_md5,
-      :tagging)
+      :tagging,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10609,6 +11597,7 @@ module Aws::S3
     #           block_public_policy: false,
     #           restrict_public_buckets: false,
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -10632,12 +11621,19 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
     #   @return [Types::PublicAccessBlockConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlockRequest AWS API Documentation
     #
     class PutPublicAccessBlockRequest < Struct.new(
       :bucket,
       :content_md5,
-      :public_access_block_configuration)
+      :public_access_block_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10702,11 +11698,15 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # This data type is deprecated. Use QueueConfiguration for the same
+    # This data type is deprecated. Use [QueueConfiguration][1] for the same
     # purposes. This data type specifies the configuration for publishing
     # messages to an Amazon Simple Queue Service (Amazon SQS) queue when
     # Amazon S3 detects specified events.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_QueueConfiguration.html
+    #
     # @note When making an API call, you may pass QueueConfigurationDeprecated
     #   data as a hash:
     #
@@ -10890,7 +11890,7 @@ module Aws::S3
     #             destination: { # required
     #               bucket: "BucketName", # required
     #               account: "AccountId",
-    #               storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #               storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #               access_control_translation: {
     #                 owner: "Destination", # required, accepts Destination
     #               },
@@ -10981,7 +11981,7 @@ module Aws::S3
     #         destination: { # required
     #           bucket: "BucketName", # required
     #           account: "AccountId",
-    #           storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #           storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #           access_control_translation: {
     #             owner: "Destination", # required, accepts Destination
     #           },
@@ -11406,11 +12406,12 @@ module Aws::S3
     #                   value: "MetadataValue",
     #                 },
     #               ],
-    #               storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #               storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #             },
     #           },
     #         },
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -11425,9 +12426,19 @@ module Aws::S3
     #   For more information about access point ARNs, see [Using Access
     #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -11454,6 +12465,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObjectRequest AWS API Documentation
     #
     class RestoreObjectRequest < Struct.new(
@@ -11461,7 +12478,8 @@ module Aws::S3
       :key,
       :version_id,
       :restore_request,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -11548,7 +12566,7 @@ module Aws::S3
     #                 value: "MetadataValue",
     #               },
     #             ],
-    #             storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #             storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #           },
     #         },
     #       }
@@ -11597,7 +12615,14 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # Specifies the redirect behavior and when a redirect is applied.
+    # Specifies the redirect behavior and when a redirect is applied. For
+    # more information about routing rules, see [Configuring advanced
+    # conditional redirects][1] in the *Amazon Simple Storage Service
+    # Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects
     #
     # @note When making an API call, you may pass RoutingRule
     #   data as a hash:
@@ -11823,7 +12848,7 @@ module Aws::S3
     #             value: "MetadataValue",
     #           },
     #         ],
-    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
+    #         storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
     #       }
     #
     # @!attribute [rw] bucket_name
@@ -12017,6 +13042,7 @@ module Aws::S3
     #           start: 1,
     #           end: 1,
     #         },
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
@@ -12098,6 +13124,12 @@ module Aws::S3
     #     within the last 50 bytes of the file.
     #   @return [Types::ScanRange]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContentRequest AWS API Documentation
     #
     class SelectObjectContentRequest < Struct.new(
@@ -12111,7 +13143,8 @@ module Aws::S3
       :request_progress,
       :input_serialization,
       :output_serialization,
-      :scan_range)
+      :scan_range,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end
@@ -12533,7 +13566,7 @@ module Aws::S3
     #   @return [Types::Grantee]
     #
     # @!attribute [rw] permission
-    #   Logging permissions assigned to the Grantee for the bucket.
+    #   Logging permissions assigned to the grantee for the bucket.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/TargetGrant AWS API Documentation
@@ -12614,7 +13647,11 @@ module Aws::S3
     # A container for specifying the configuration for publication of
     # messages to an Amazon Simple Notification Service (Amazon SNS) topic
     # when Amazon S3 detects specified events. This data type is deprecated.
-    # Use TopicConfiguration instead.
+    # Use [TopicConfiguration][1] instead.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_TopicConfiguration.html
     #
     # @note When making an API call, you may pass TopicConfigurationDeprecated
     #   data as a hash:
@@ -12773,15 +13810,82 @@ module Aws::S3
     #         copy_source_sse_customer_key: "CopySourceSSECustomerKey",
     #         copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
+    #         expected_source_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] bucket
     #   The bucket name.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and key of the source object, separated by a
+    #     slash (/). For example, to copy the object `reports/january.pdf`
+    #     from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through
+    #     access point `my-access-point` owned by account `123456789012` in
+    #     Region `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when
+    #     the source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #     Alternatively, for objects accessed through Amazon S3 on Outposts,
+    #     specify the ARN of the object as accessed in the format
+    #     `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through
+    #     outpost `my-outpost` owned by account `123456789012` in Region
+    #     `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #   @return [String]
     #
     # @!attribute [rw] copy_source_if_match
@@ -12835,8 +13939,8 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header. This
-    #   must be the same encryption key specified in the initiate multipart
+    #   `x-amz-server-side-encryption-customer-algorithm` header. This must
+    #   be the same encryption key specified in the initiate multipart
     #   upload request.
     #   @return [String]
     #
@@ -12875,6 +13979,18 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with
+    #   an HTTP `403 (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopyRequest AWS API Documentation
     #
     class UploadPartCopyRequest < Struct.new(
@@ -12894,7 +14010,9 @@ module Aws::S3
       :copy_source_sse_customer_algorithm,
       :copy_source_sse_customer_key,
       :copy_source_sse_customer_key_md5,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner,
+      :expected_source_bucket_owner)
       SENSITIVE = [:sse_customer_key, :copy_source_sse_customer_key]
       include Aws::Structure
     end
@@ -12960,6 +14078,7 @@ module Aws::S3
     #         sse_customer_key: "SSECustomerKey",
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         request_payer: "requester", # accepts requester
+    #         expected_bucket_owner: "AccountId",
     #       }
     #
     # @!attribute [rw] body
@@ -12967,7 +14086,30 @@ module Aws::S3
     #   @return [IO]
     #
     # @!attribute [rw] bucket
-    #   Name of the bucket to which the multipart upload was initiated.
+    #   The name of the bucket to which the multipart upload was initiated.
+    #
+    #   When using this API with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the
+    #   form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this operation using an access point through the AWS
+    #   SDKs, you provide the access point ARN in place of the bucket name.
+    #   For more information about access point ARNs, see [Using Access
+    #   Points][1] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   When using this API with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this operation using S3 on Outposts through the AWS SDKs,
+    #   you provide the Outposts bucket ARN in place of the bucket name. For
+    #   more information about S3 on Outposts ARNs, see [Using S3 on
+    #   Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/
     #   @return [String]
     #
     # @!attribute [rw] content_length
@@ -13005,8 +14147,8 @@ module Aws::S3
     #   in encrypting data. This value is used to store the object and then
     #   it is discarded; Amazon S3 does not store the encryption key. The
     #   key must be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm header`. This
-    #   must be the same encryption key specified in the initiate multipart
+    #   `x-amz-server-side-encryption-customer-algorithm header`. This must
+    #   be the same encryption key specified in the initiate multipart
     #   upload request.
     #   @return [String]
     #
@@ -13028,6 +14170,12 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #   @return [String]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartRequest AWS API Documentation
     #
     class UploadPartRequest < Struct.new(
@@ -13041,7 +14189,8 @@ module Aws::S3
       :sse_customer_algorithm,
       :sse_customer_key,
       :sse_customer_key_md5,
-      :request_payer)
+      :request_payer,
+      :expected_bucket_owner)
       SENSITIVE = [:sse_customer_key]
       include Aws::Structure
     end