aws-sdk-s3 1.79.1 → 1.80.0

data/lib/aws-sdk-s3/client.rb

@@ -417,27 +417,32 @@ module Aws::S3
     # completely free all storage consumed by all parts.
     #
     # To verify that all parts have been removed, so you don't get charged
-    # for the part storage, you should call the ListParts operation and
+    # for the part storage, you should call the [ListParts][1] operation and
     # ensure that the parts list is empty.
     #
     # For information about permissions required to use the multipart upload
-    # API, see [Multipart Upload API and Permissions][1].
+    # API, see [Multipart Upload API and Permissions][2].
     #
     # The following operations are related to `AbortMultipartUpload`\:
     #
-    # * CreateMultipartUpload
+    # * [CreateMultipartUpload][3]
     #
-    # * UploadPart
+    # * [UploadPart][4]
     #
-    # * CompleteMultipartUpload
+    # * [CompleteMultipartUpload][5]
     #
-    # * ListParts
+    # * [ListParts][1]
     #
-    # * ListMultipartUploads
+    # * [ListMultipartUploads][6]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
     #
     # @option params [required, String] :bucket
     #   The bucket name to which the upload was taking place.
@@ -471,6 +476,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::AbortMultipartUploadOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::AbortMultipartUploadOutput#request_charged #request_charged} => String
@@ -497,6 +507,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     upload_id: "MultipartUploadId", # required
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -515,7 +526,7 @@ module Aws::S3
     # Completes a multipart upload by assembling previously uploaded parts.
     #
     # You first initiate the multipart upload and then upload all parts
-    # using the UploadPart operation. After successfully uploading all
+    # using the [UploadPart][1] operation. After successfully uploading all
     # relevant parts of an upload, you call this operation to complete the
     # upload. Upon receiving this request, Amazon S3 concatenates all the
     # parts in ascending order by part number to create a new object. In the
@@ -536,13 +547,13 @@ module Aws::S3
     #
     # Note that if `CompleteMultipartUpload` fails, applications should be
     # prepared to retry the failed requests. For more information, see
-    # [Amazon S3 Error Best Practices][1].
+    # [Amazon S3 Error Best Practices][2].
     #
     # For more information about multipart uploads, see [Uploading Objects
-    # Using Multipart Upload][2].
+    # Using Multipart Upload][3].
     #
     # For information about permissions required to use the multipart upload
-    # API, see [Multipart Upload API and Permissions][3].
+    # API, see [Multipart Upload API and Permissions][4].
     #
     # `CompleteMultipartUpload` has the following special errors:
     #
@@ -579,21 +590,26 @@ module Aws::S3
     #
     # The following operations are related to `CompleteMultipartUpload`\:
     #
-    # * CreateMultipartUpload
+    # * [CreateMultipartUpload][5]
     #
-    # * UploadPart
+    # * [UploadPart][1]
     #
-    # * AbortMultipartUpload
+    # * [AbortMultipartUpload][6]
     #
-    # * ListParts
+    # * [ListParts][7]
     #
-    # * ListMultipartUploads
+    # * [ListMultipartUploads][8]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
     #
     # @option params [required, String] :bucket
     #   Name of the bucket to which the multipart upload was initiated.
@@ -618,6 +634,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::CompleteMultipartUploadOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CompleteMultipartUploadOutput#location #location} => String
@@ -676,6 +697,7 @@ module Aws::S3
     #     },
     #     upload_id: "MultipartUploadId", # required
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -850,15 +872,15 @@ module Aws::S3
     #
     # If the source object's storage class is GLACIER, you must restore a
     # copy of this object before you can use it as a source object for the
-    # copy operation. For more information, see .
+    # copy operation. For more information, see [RestoreObject][12].
     #
     # The following operations are related to `CopyObject`\:
     #
-    # * PutObject
+    # * [PutObject][13]
     #
-    # * GetObject
+    # * [GetObject][14]
     #
-    # For more information, see [Copying Objects][12].
+    # For more information, see [Copying Objects][15].
     #
     #
     #
@@ -873,7 +895,10 @@ module Aws::S3
     # [9]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
     # [10]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
     # [11]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
-    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
+    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
+    # [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
+    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
+    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
     #
     # @option params [String] :acl
     #   The canned ACL to apply to the object.
@@ -899,8 +924,41 @@ module Aws::S3
     #   A standard MIME type describing the format of the object data.
     #
     # @option params [required, String] :copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and the key of the source object, separated by
+    #     a slash (/). For example, to copy the object `reports/january.pdf`
+    #     from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through access
+    #     point `my-access-point` owned by account `123456789012` in Region
+    #     `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when the
+    #     source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #
     # @option params [String] :copy_source_if_match
     #   Copies the object if its entity tag (ETag) matches the specified tag.
@@ -967,7 +1025,7 @@ module Aws::S3
     #   encrypting data. This value is used to store the object and then it is
     #   discarded; Amazon S3 does not store the encryption key. The key must
     #   be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #
     # @option params [String] :sse_customer_key_md5
     #   Specifies the 128-bit MD5 digest of the encryption key according to
@@ -1031,6 +1089,16 @@ module Aws::S3
     # @option params [String] :object_lock_legal_hold_status
     #   Specifies whether you want to apply a Legal Hold to the copied object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #
+    # @option params [String] :expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with an
+    #   HTTP `403 (Access Denied)` error.
+    #
     # @return [Types::CopyObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CopyObjectOutput#copy_object_result #copy_object_result} => Types::CopyObjectResult
@@ -1105,6 +1173,8 @@ module Aws::S3
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #     object_lock_retain_until_date: Time.now,
     #     object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #     expected_bucket_owner: "AccountId",
+    #     expected_source_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -1222,9 +1292,9 @@ module Aws::S3
     #
     # The following operations are related to `CreateBucket`\:
     #
-    # * PutObject
+    # * [PutObject][7]
     #
-    # * DeleteBucket
+    # * [DeleteBucket][8]
     #
     #
     #
@@ -1234,6 +1304,8 @@ module Aws::S3
     # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
     # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
     # [6]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
     #
     # @option params [String] :acl
     #   The canned ACL to apply to the bucket.
@@ -1331,29 +1403,29 @@ module Aws::S3
     # This operation initiates a multipart upload and returns an upload ID.
     # This upload ID is used to associate all of the parts in the specific
     # multipart upload. You specify this upload ID in each of your
-    # subsequent upload part requests (see UploadPart). You also include
-    # this upload ID in the final request to either complete or abort the
-    # multipart upload request.
+    # subsequent upload part requests (see [UploadPart][1]). You also
+    # include this upload ID in the final request to either complete or
+    # abort the multipart upload request.
     #
     # For more information about multipart uploads, see [Multipart Upload
-    # Overview][1].
+    # Overview][2].
     #
     # If you have configured a lifecycle rule to abort incomplete multipart
     # uploads, the upload must complete within the number of days specified
     # in the bucket lifecycle configuration. Otherwise, the incomplete
     # multipart upload becomes eligible for an abort operation and Amazon S3
     # aborts the multipart upload. For more information, see [Aborting
-    # Incomplete Multipart Uploads Using a Bucket Lifecycle Policy][2].
+    # Incomplete Multipart Uploads Using a Bucket Lifecycle Policy][3].
     #
     # For information about the permissions required to use the multipart
-    # upload API, see [Multipart Upload API and Permissions][3].
+    # upload API, see [Multipart Upload API and Permissions][4].
     #
     # For request signing, multipart upload is just a series of regular
     # requests. You initiate a multipart upload, send one or more requests
     # to upload parts, and then complete the multipart upload process. You
     # sign each request individually. There is nothing special about signing
     # multipart upload requests. For more information about signing, see
-    # [Authenticating Requests (AWS Signature Version 4)][4].
+    # [Authenticating Requests (AWS Signature Version 4)][5].
     #
     # <note markdown="1"> After you initiate a multipart upload and upload one or more parts, to
     # stop being charged for storing the uploaded parts, you must either
@@ -1369,9 +1441,9 @@ module Aws::S3
     # your own encryption key, or use AWS Key Management Service (AWS KMS)
     # customer master keys (CMKs) or Amazon S3-managed encryption keys. If
     # you choose to provide your own encryption key, the request headers you
-    # provide in UploadPart) and UploadPartCopy) requests must match the
-    # headers you used in the request to initiate the upload by using
-    # `CreateMultipartUpload`.
+    # provide in [UploadPart](AmazonS3/latest/API/API_UploadPart.html) and
+    # [UploadPartCopy][6] requests must match the headers you used in the
+    # request to initiate the upload by using `CreateMultipartUpload`.
     #
     # To perform a multipart upload with encryption using an AWS KMS CMK,
     # the requester must have permission to the `kms:Encrypt`,
@@ -1387,7 +1459,7 @@ module Aws::S3
     # both the key policy and your IAM user or role.
     #
     # For more information, see [Protecting Data Using Server-Side
-    # Encryption][5].
+    # Encryption][7].
     #
     # Access Permissions
     #
@@ -1397,13 +1469,13 @@ module Aws::S3
     #   request headers:
     #
     #   * Specify a canned ACL with the `x-amz-acl` request header. For more
-    #     information, see [Canned ACL][6].
+    #     information, see [Canned ACL][8].
     #
     #   * Specify access permissions explicitly with the `x-amz-grant-read`,
     #     `x-amz-grant-read-acp`, `x-amz-grant-write-acp`, and
     #     `x-amz-grant-full-control` headers. These parameters map to the
     #     set of permissions that Amazon S3 supports in an ACL. For more
-    #     information, see [Access Control List (ACL) Overview][7].
+    #     information, see [Access Control List (ACL) Overview][9].
     #
     #   You can use either a canned ACL or specify access permissions
     #   explicitly. You cannot do both.
@@ -1422,7 +1494,7 @@ module Aws::S3
     #     want AWS to manage the keys used to encrypt data, specify the
     #     following headers in the request.
     #
-    #     * x-amz-server-side​-encryption
+    #     * x-amz-server-side-encryption
     #
     #     * x-amz-server-side-encryption-aws-kms-key-id
     #
@@ -1439,21 +1511,21 @@ module Aws::S3
     #
     #     For more information about server-side encryption with CMKs stored
     #     in AWS KMS (SSE-KMS), see [Protecting Data Using Server-Side
-    #     Encryption with CMKs stored in AWS KMS][8].
+    #     Encryption with CMKs stored in AWS KMS][10].
     #
     #   * Use customer-provided encryption keys – If you want to manage your
     #     own encryption keys, provide all the following headers in the
     #     request.
     #
-    #     * x-amz-server-side​-encryption​-customer-algorithm
+    #     * x-amz-server-side-encryption-customer-algorithm
     #
-    #     * x-amz-server-side​-encryption​-customer-key
+    #     * x-amz-server-side-encryption-customer-key
     #
-    #     * x-amz-server-side​-encryption​-customer-key-MD5
+    #     * x-amz-server-side-encryption-customer-key-MD5
     #
     #     For more information about server-side encryption with CMKs stored
     #     in AWS KMS (SSE-KMS), see [Protecting Data Using Server-Side
-    #     Encryption with CMKs stored in AWS KMS][8].
+    #     Encryption with CMKs stored in AWS KMS][10].
     #
     # Access-Control-List (ACL)-Specific Request Headers
     #
@@ -1463,19 +1535,19 @@ module Aws::S3
     #   permissions to individual AWS accounts or to predefined groups
     #   defined by Amazon S3. These permissions are then added to the access
     #   control list (ACL) on the object. For more information, see [Using
-    #   ACLs][9]. With this operation, you can grant access permissions
+    #   ACLs][11]. With this operation, you can grant access permissions
     #   using one of the following two methods:
     #
     #   * Specify a canned ACL (`x-amz-acl`) — Amazon S3 supports a set of
     #     predefined ACLs, known as *canned ACLs*. Each canned ACL has a
     #     predefined set of grantees and permissions. For more information,
-    #     see [Canned ACL][6].
+    #     see [Canned ACL][8].
     #
     #   * Specify access permissions explicitly — To explicitly grant access
     #     permissions to specific AWS accounts or groups, use the following
     #     headers. Each header maps to specific permissions that Amazon S3
     #     supports in an ACL. For more information, see [Access Control List
-    #     (ACL) Overview][7]. In the header, you specify a list of grantees
+    #     (ACL) Overview][9]. In the header, you specify a list of grantees
     #     who get the specific permission. To grant permissions explicitly,
     #     use:
     #
@@ -1520,7 +1592,7 @@ module Aws::S3
     #       * South America (São Paulo)
     #
     #        For a list of all the Amazon S3 supported Regions and endpoints,
-    #       see [Regions and Endpoints][10] in the AWS General Reference.
+    #       see [Regions and Endpoints][12] in the AWS General Reference.
     #
     #        </note>
     #
@@ -1532,28 +1604,34 @@ module Aws::S3
     #
     # The following operations are related to `CreateMultipartUpload`\:
     #
-    # * UploadPart
+    # * [UploadPart][1]
     #
-    # * CompleteMultipartUpload
+    # * [CompleteMultipartUpload][13]
     #
-    # * AbortMultipartUpload
+    # * [AbortMultipartUpload][14]
     #
-    # * ListParts
+    # * [ListParts][15]
     #
-    # * ListMultipartUploads
+    # * [ListMultipartUploads][16]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
-    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
-    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
-    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
-    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
-    # [10]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
+    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
+    # [11]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
+    # [12]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
+    # [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
+    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
+    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
+    # [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
     #
     # @option params [String] :acl
     #   The canned ACL to apply to the object.
@@ -1621,7 +1699,7 @@ module Aws::S3
     #   encrypting data. This value is used to store the object and then it is
     #   discarded; Amazon S3 does not store the encryption key. The key must
     #   be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #
     # @option params [String] :sse_customer_key_md5
     #   Specifies the 128-bit MD5 digest of the encryption key according to
@@ -1671,6 +1749,11 @@ module Aws::S3
     #   Specifies whether you want to apply a Legal Hold to the uploaded
     #   object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::CreateMultipartUploadOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateMultipartUploadOutput#abort_date #abort_date} => Time
@@ -1734,6 +1817,7 @@ module Aws::S3
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #     object_lock_retain_until_date: Time.now,
     #     object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -1765,12 +1849,23 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # *
-    # *
+    # * [CreateBucket][1]
+    #
+    # * [DeleteObject][2]
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
     #
     # @option params [required, String] :bucket
     #   Specifies the bucket being deleted.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -1786,6 +1881,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucket AWS API Documentation
@@ -1813,15 +1909,20 @@ module Aws::S3
     # The following operations are related to
     # `DeleteBucketAnalyticsConfiguration`\:
     #
-    # *
-    # *
-    # *
+    # * [GetBucketAnalyticsConfiguration][4]
+    #
+    # * [ListBucketAnalyticsConfigurations][5]
+    #
+    # * [PutBucketAnalyticsConfiguration][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket from which an analytics configuration is
@@ -1830,6 +1931,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID that identifies the analytics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -1837,6 +1943,7 @@ module Aws::S3
     #   resp = client.delete_bucket_analytics_configuration({
     #     bucket: "BucketName", # required
     #     id: "AnalyticsId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfiguration AWS API Documentation
@@ -1859,16 +1966,24 @@ module Aws::S3
     #
     # **Related Resources:**
     #
-    # *
-    # * RESTOPTIONSobject
+    # * [PutBucketCors][2]
+    #
+    # * [RESTOPTIONSobject][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html
     #
     # @option params [required, String] :bucket
     #   Specifies the bucket whose `cors` configuration is being deleted.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -1884,6 +1999,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_cors({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCors AWS API Documentation
@@ -1910,26 +2026,34 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * PutBucketEncryption
+    # * [PutBucketEncryption][4]
     #
-    # * GetBucketEncryption
+    # * [GetBucketEncryption][5]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket containing the server-side encryption
     #   configuration to delete.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_bucket_encryption({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryption AWS API Documentation
@@ -1956,17 +2080,20 @@ module Aws::S3
     #
     # Operations related to `DeleteBucketInventoryConfiguration` include:
     #
-    # * GetBucketInventoryConfiguration
+    # * [GetBucketInventoryConfiguration][4]
     #
-    # * PutBucketInventoryConfiguration
+    # * [PutBucketInventoryConfiguration][5]
     #
-    # * ListBucketInventoryConfigurations
+    # * [ListBucketInventoryConfigurations][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket containing the inventory configuration to
@@ -1975,6 +2102,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID used to identify the inventory configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -1982,6 +2114,7 @@ module Aws::S3
     #   resp = client.delete_bucket_inventory_configuration({
     #     bucket: "BucketName", # required
     #     id: "InventoryId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfiguration AWS API Documentation
@@ -2012,17 +2145,24 @@ module Aws::S3
     #
     # Related actions include:
     #
-    # * PutBucketLifecycleConfiguration
+    # * [PutBucketLifecycleConfiguration][2]
     #
-    # * GetBucketLifecycleConfiguration
+    # * [GetBucketLifecycleConfiguration][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The bucket name of the lifecycle to delete.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2038,6 +2178,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_lifecycle({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycle AWS API Documentation
@@ -2066,11 +2207,11 @@ module Aws::S3
     # The following operations are related to
     # `DeleteBucketMetricsConfiguration`\:
     #
-    # * GetBucketMetricsConfiguration
+    # * [GetBucketMetricsConfiguration][4]
     #
-    # * PutBucketMetricsConfiguration
+    # * [PutBucketMetricsConfiguration][5]
     #
-    # * ListBucketMetricsConfigurations
+    # * [ListBucketMetricsConfigurations][6]
     #
     # * [Monitoring Metrics with Amazon CloudWatch][3]
     #
@@ -2079,6 +2220,9 @@ module Aws::S3
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket containing the metrics configuration to delete.
@@ -2086,6 +2230,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID used to identify the metrics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -2093,6 +2242,7 @@ module Aws::S3
     #   resp = client.delete_bucket_metrics_configuration({
     #     bucket: "BucketName", # required
     #     id: "MetricsId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfiguration AWS API Documentation
@@ -2126,13 +2276,23 @@ module Aws::S3
     #
     # The following operations are related to `DeleteBucketPolicy`
     #
-    # * CreateBucket
+    # * [CreateBucket][1]
+    #
+    # * [DeleteObject][2]
     #
-    # * DeleteObject
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
     #
     # @option params [required, String] :bucket
     #   The bucket name.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2148,6 +2308,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_policy({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicy AWS API Documentation
@@ -2179,18 +2340,25 @@ module Aws::S3
     #
     # The following operations are related to `DeleteBucketReplication`\:
     #
-    # * PutBucketReplication
+    # * [PutBucketReplication][3]
     #
-    # * GetBucketReplication
+    # * [GetBucketReplication][4]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html
     #
     # @option params [required, String] :bucket
     #   The bucket name.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2206,6 +2374,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_replication({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplication AWS API Documentation
@@ -2225,13 +2394,23 @@ module Aws::S3
     #
     # The following operations are related to `DeleteBucketTagging`\:
     #
-    # * GetBucketTagging
+    # * [GetBucketTagging][1]
+    #
+    # * [PutBucketTagging][2]
+    #
     #
-    # * PutBucketTagging
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html
     #
     # @option params [required, String] :bucket
     #   The bucket that has the tag set to be removed.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2247,6 +2426,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_tagging({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTagging AWS API Documentation
@@ -2276,18 +2456,25 @@ module Aws::S3
     #
     # The following operations are related to `DeleteBucketWebsite`\:
     #
-    # * GetBucketWebsite
+    # * [GetBucketWebsite][2]
     #
-    # * PutBucketWebsite
+    # * [PutBucketWebsite][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html
     #
     # @option params [required, String] :bucket
     #   The bucket name for which you want to remove the website
     #   configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -2303,6 +2490,7 @@ module Aws::S3
     #
     #   resp = client.delete_bucket_website({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsite AWS API Documentation
@@ -2333,15 +2521,15 @@ module Aws::S3
     # see sample requests that use versioning, see [Sample Request][2].
     #
     # You can delete objects by explicitly calling the DELETE Object API or
-    # configure its lifecycle (PutBucketLifecycle) to enable Amazon S3 to
-    # remove them for you. If you want to block users or accounts from
+    # configure its lifecycle ([PutBucketLifecycle][3]) to enable Amazon S3
+    # to remove them for you. If you want to block users or accounts from
     # removing or deleting objects from your bucket, you must deny them the
     # `s3:DeleteObject`, `s3:DeleteObjectVersion`, and
     # `s3:PutLifeCycleConfiguration` actions.
     #
     # The following operation is related to `DeleteObject`\:
     #
-    # * PutObject
+    # * [PutObject][4]
     #
     # ^
     #
@@ -2349,6 +2537,8 @@ module Aws::S3
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
     #
     # @option params [required, String] :bucket
     #   The bucket name of the bucket containing the object.
@@ -2392,6 +2582,11 @@ module Aws::S3
     #   Indicates whether S3 Object Lock should bypass Governance-mode
     #   restrictions to process this operation.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::DeleteObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DeleteObjectOutput#delete_marker #delete_marker} => Boolean
@@ -2399,15 +2594,6 @@ module Aws::S3
     #   * {Types::DeleteObjectOutput#request_charged #request_charged} => String
     #
     #
-    # @example Example: To delete an object (from a non-versioned bucket)
-    #
-    #   # The following example deletes an object from a non-versioned bucket.
-    #
-    #   resp = client.delete_object({
-    #     bucket: "ExampleBucket", 
-    #     key: "HappyFace.jpg", 
-    #   })
-    #
     # @example Example: To delete an object
     #
     #   # The following example deletes an object from an S3 bucket.
@@ -2421,6 +2607,15 @@ module Aws::S3
     #   {
     #   }
     #
+    # @example Example: To delete an object (from a non-versioned bucket)
+    #
+    #   # The following example deletes an object from a non-versioned bucket.
+    #
+    #   resp = client.delete_object({
+    #     bucket: "ExampleBucket", 
+    #     key: "HappyFace.jpg", 
+    #   })
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_object({
@@ -2430,6 +2625,7 @@ module Aws::S3
     #     version_id: "ObjectVersionId",
     #     request_payer: "requester", # accepts requester
     #     bypass_governance_retention: false,
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2460,13 +2656,15 @@ module Aws::S3
     # The following operations are related to
     # `DeleteBucketMetricsConfiguration`\:
     #
-    # * PutObjectTagging
+    # * [PutObjectTagging][2]
     #
-    # * GetObjectTagging
+    # * [GetObjectTagging][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html
     #
     # @option params [required, String] :bucket
     #   The bucket name containing the objects from which to remove the tags.
@@ -2489,40 +2687,45 @@ module Aws::S3
     # @option params [String] :version_id
     #   The versionId of the object that the tag-set will be removed from.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::DeleteObjectTaggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DeleteObjectTaggingOutput#version_id #version_id} => String
     #
     #
-    # @example Example: To remove tag set from an object
+    # @example Example: To remove tag set from an object version
     #
-    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
-    #   # operation removes tag set from the latest object version.
+    #   # The following example removes tag set associated with the specified object version. The request specifies both the
+    #   # object key and object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "null", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   }
     #
-    # @example Example: To remove tag set from an object version
+    # @example Example: To remove tag set from an object
     #
-    #   # The following example removes tag set associated with the specified object version. The request specifies both the
-    #   # object key and object version.
+    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
+    #   # operation removes tag set from the latest object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
+    #     version_id: "null", 
     #   }
     #
     # @example Request syntax with placeholder values
@@ -2531,6 +2734,7 @@ module Aws::S3
     #     bucket: "BucketName", # required
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2580,19 +2784,24 @@ module Aws::S3
     #
     # The following operations are related to `DeleteObjects`\:
     #
-    # * CreateMultipartUpload
+    # * [CreateMultipartUpload][2]
     #
-    # * UploadPart
+    # * [UploadPart][3]
     #
-    # * CompleteMultipartUpload
+    # * [CompleteMultipartUpload][4]
     #
-    # * ListParts
+    # * [ListParts][5]
     #
-    # * AbortMultipartUpload
+    # * [AbortMultipartUpload][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
     #
     # @option params [required, String] :bucket
     #   The bucket name containing the objects to delete.
@@ -2634,6 +2843,11 @@ module Aws::S3
     #   Governance-type Object Lock in place. You must have sufficient
     #   permissions to perform this operation.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::DeleteObjectsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DeleteObjectsOutput#deleted #deleted} => Array&lt;Types::DeletedObject&gt;
@@ -2641,20 +2855,22 @@ module Aws::S3
     #   * {Types::DeleteObjectsOutput#errors #errors} => Array&lt;Types::Error&gt;
     #
     #
-    # @example Example: To delete multiple objects from a versioned bucket
+    # @example Example: To delete multiple object versions from a versioned bucket
     #
-    #   # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
-    #   # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
+    #   # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
+    #   # versions and returns the key and versions of deleted objects in the response.
     #
     #   resp = client.delete_objects({
     #     bucket: "examplebucket", 
     #     delete: {
     #       objects: [
     #         {
-    #           key: "objectkey1", 
+    #           key: "HappyFace.jpg", 
+    #           version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
     #         }, 
     #         {
-    #           key: "objectkey2", 
+    #           key: "HappyFace.jpg", 
+    #           version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
     #         }, 
     #       ], 
     #       quiet: false, 
@@ -2665,34 +2881,30 @@ module Aws::S3
     #   {
     #     deleted: [
     #       {
-    #         delete_marker: true, 
-    #         delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", 
-    #         key: "objectkey1", 
+    #         key: "HappyFace.jpg", 
+    #         version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
     #       }, 
     #       {
-    #         delete_marker: true, 
-    #         delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", 
-    #         key: "objectkey2", 
+    #         key: "HappyFace.jpg", 
+    #         version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
     #       }, 
     #     ], 
     #   }
     #
-    # @example Example: To delete multiple object versions from a versioned bucket
+    # @example Example: To delete multiple objects from a versioned bucket
     #
-    #   # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
-    #   # versions and returns the key and versions of deleted objects in the response.
+    #   # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
+    #   # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
     #
     #   resp = client.delete_objects({
     #     bucket: "examplebucket", 
     #     delete: {
     #       objects: [
     #         {
-    #           key: "HappyFace.jpg", 
-    #           version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
+    #           key: "objectkey1", 
     #         }, 
     #         {
-    #           key: "HappyFace.jpg", 
-    #           version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
+    #           key: "objectkey2", 
     #         }, 
     #       ], 
     #       quiet: false, 
@@ -2703,12 +2915,14 @@ module Aws::S3
     #   {
     #     deleted: [
     #       {
-    #         key: "HappyFace.jpg", 
-    #         version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
+    #         delete_marker: true, 
+    #         delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", 
+    #         key: "objectkey1", 
     #       }, 
     #       {
-    #         key: "HappyFace.jpg", 
-    #         version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
+    #         delete_marker: true, 
+    #         delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", 
+    #         key: "objectkey2", 
     #       }, 
     #     ], 
     #   }
@@ -2729,6 +2943,7 @@ module Aws::S3
     #     mfa: "MFA",
     #     request_payer: "requester", # accepts requester
     #     bypass_governance_retention: false,
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2765,28 +2980,37 @@ module Aws::S3
     #
     # * [Using Amazon S3 Block Public Access][3]
     #
-    # * GetPublicAccessBlock
+    # * [GetPublicAccessBlock][4]
     #
-    # * PutPublicAccessBlock
+    # * [PutPublicAccessBlock][5]
     #
-    # * GetBucketPolicyStatus
+    # * [GetBucketPolicyStatus][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html
     #
     # @option params [required, String] :bucket
     #   The Amazon S3 bucket whose `PublicAccessBlock` configuration you want
     #   to delete.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_public_access_block({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlock AWS API Documentation
@@ -2813,19 +3037,19 @@ module Aws::S3
     # Storage Service Developer Guide*.
     #
     # You set the Transfer Acceleration state of an existing bucket to
-    # `Enabled` or `Suspended` by using the PutBucketAccelerateConfiguration
-    # operation.
+    # `Enabled` or `Suspended` by using the
+    # [PutBucketAccelerateConfiguration][3] operation.
     #
     # A GET `accelerate` request does not return a state value for a bucket
     # that has no transfer acceleration state. A bucket has no Transfer
     # Acceleration state if a state has never been set on the bucket.
     #
     # For more information about transfer acceleration, see [Transfer
-    # Acceleration][3] in the Amazon Simple Storage Service Developer Guide.
+    # Acceleration][4] in the Amazon Simple Storage Service Developer Guide.
     #
     # **Related Resources**
     #
-    # * PutBucketAccelerateConfiguration
+    # * [PutBucketAccelerateConfiguration][3]
     #
     # ^
     #
@@ -2833,12 +3057,18 @@ module Aws::S3
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html
     #
     # @option params [required, String] :bucket
     #   Name of the bucket for which the accelerate configuration is
     #   retrieved.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketAccelerateConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketAccelerateConfigurationOutput#status #status} => String
@@ -2847,6 +3077,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_accelerate_configuration({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2871,12 +3102,22 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # *
+    # * [ListObjects][1]
+    #
     # ^
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html
+    #
     # @option params [required, String] :bucket
     #   Specifies the S3 bucket whose ACL is being requested.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketAclOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketAclOutput#owner #owner} => Types::Owner
@@ -2886,6 +3127,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_acl({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2927,15 +3169,20 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # *
-    # *
-    # *
+    # * [DeleteBucketAnalyticsConfiguration][4]
+    #
+    # * [ListBucketAnalyticsConfigurations][5]
+    #
+    # * [PutBucketAnalyticsConfiguration][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket from which an analytics configuration is
@@ -2944,6 +3191,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID that identifies the analytics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketAnalyticsConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketAnalyticsConfigurationOutput#analytics_configuration #analytics_configuration} => Types::AnalyticsConfiguration
@@ -2953,6 +3205,7 @@ module Aws::S3
     #   resp = client.get_bucket_analytics_configuration({
     #     bucket: "BucketName", # required
     #     id: "AnalyticsId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -2991,17 +3244,24 @@ module Aws::S3
     #
     # The following operations are related to `GetBucketCors`\:
     #
-    # * PutBucketCors
+    # * [PutBucketCors][2]
     #
-    # * DeleteBucketCors
+    # * [DeleteBucketCors][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html
     #
     # @option params [required, String] :bucket
     #   The bucket name for which to get the cors configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketCorsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketCorsOutput#cors_rules #cors_rules} => Array&lt;Types::CORSRule&gt;
@@ -3037,6 +3297,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_cors({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3074,20 +3335,27 @@ module Aws::S3
     #
     # The following operations are related to `GetBucketEncryption`\:
     #
-    # * PutBucketEncryption
+    # * [PutBucketEncryption][4]
     #
-    # * DeleteBucketEncryption
+    # * [DeleteBucketEncryption][5]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket from which the server-side encryption
     #   configuration is retrieved.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketEncryptionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketEncryptionOutput#server_side_encryption_configuration #server_side_encryption_configuration} => Types::ServerSideEncryptionConfiguration
@@ -3096,6 +3364,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_encryption({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3129,17 +3398,20 @@ module Aws::S3
     # The following operations are related to
     # `GetBucketInventoryConfiguration`\:
     #
-    # * DeleteBucketInventoryConfiguration
+    # * [DeleteBucketInventoryConfiguration][4]
     #
-    # * ListBucketInventoryConfigurations
+    # * [ListBucketInventoryConfigurations][5]
     #
-    # * PutBucketInventoryConfiguration
+    # * [PutBucketInventoryConfiguration][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket containing the inventory configuration to
@@ -3148,6 +3420,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID used to identify the inventory configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketInventoryConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketInventoryConfigurationOutput#inventory_configuration #inventory_configuration} => Types::InventoryConfiguration
@@ -3157,6 +3434,7 @@ module Aws::S3
     #   resp = client.get_bucket_inventory_configuration({
     #     bucket: "BucketName", # required
     #     id: "InventoryId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3184,20 +3462,21 @@ module Aws::S3
     end
 
     # For an updated version of this API, see
-    # GetBucketLifecycleConfiguration. If you configured a bucket lifecycle
-    # using the `filter` element, you should see the updated version of this
-    # topic. This topic is provided for backward compatibility.
+    # [GetBucketLifecycleConfiguration][1]. If you configured a bucket
+    # lifecycle using the `filter` element, you should see the updated
+    # version of this topic. This topic is provided for backward
+    # compatibility.
     #
     # Returns the lifecycle configuration information set on the bucket. For
     # information about lifecycle configuration, see [Object Lifecycle
-    # Management][1].
+    # Management][2].
     #
     # To use this operation, you must have permission to perform the
     # `s3:GetLifecycleConfiguration` action. The bucket owner has this
     # permission by default. The bucket owner can grant this permission to
     # others. For more information about permissions, see [Permissions
-    # Related to Bucket Subresource Operations][2] and [Managing Access
-    # Permissions to Your Amazon S3 Resources][3].
+    # Related to Bucket Subresource Operations][3] and [Managing Access
+    # Permissions to Your Amazon S3 Resources][4].
     #
     # `GetBucketLifecycle` has the following special error:
     #
@@ -3211,21 +3490,29 @@ module Aws::S3
     #
     # The following operations are related to `GetBucketLifecycle`\:
     #
-    # * GetBucketLifecycleConfiguration
+    # * [GetBucketLifecycleConfiguration][1]
     #
-    # * PutBucketLifecycle
+    # * [PutBucketLifecycle][5]
     #
-    # * DeleteBucketLifecycle
+    # * [DeleteBucketLifecycle][6]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the lifecycle information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketLifecycleOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketLifecycleOutput#rules #rules} => Array&lt;Types::Rule&gt;
@@ -3257,6 +3544,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_lifecycle({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3292,20 +3580,20 @@ module Aws::S3
     # specify a filter to select a subset of objects to which the rule
     # applies. If you are still using previous version of the lifecycle
     # configuration, it works. For the earlier API description, see
-    # GetBucketLifecycle.
+    # [GetBucketLifecycle][1].
     #
     #  </note>
     #
     # Returns the lifecycle configuration information set on the bucket. For
     # information about lifecycle configuration, see [Object Lifecycle
-    # Management][1].
+    # Management][2].
     #
     # To use this operation, you must have permission to perform the
     # `s3:GetLifecycleConfiguration` action. The bucket owner has this
     # permission, by default. The bucket owner can grant this permission to
     # others. For more information about permissions, see [Permissions
-    # Related to Bucket Subresource Operations][2] and [Managing Access
-    # Permissions to Your Amazon S3 Resources][3].
+    # Related to Bucket Subresource Operations][3] and [Managing Access
+    # Permissions to Your Amazon S3 Resources][4].
     #
     # `GetBucketLifecycleConfiguration` has the following special error:
     #
@@ -3320,21 +3608,29 @@ module Aws::S3
     # The following operations are related to
     # `GetBucketLifecycleConfiguration`\:
     #
-    # * GetBucketLifecycle
+    # * [GetBucketLifecycle][1]
     #
-    # * PutBucketLifecycle
+    # * [PutBucketLifecycle][5]
     #
-    # * DeleteBucketLifecycle
+    # * [DeleteBucketLifecycle][6]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the lifecycle information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketLifecycleConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketLifecycleConfigurationOutput#rules #rules} => Array&lt;Types::LifecycleRule&gt;
@@ -3369,6 +3665,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_lifecycle_configuration({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3408,20 +3705,30 @@ module Aws::S3
 
     # Returns the Region the bucket resides in. You set the bucket's Region
     # using the `LocationConstraint` request parameter in a `CreateBucket`
-    # request. For more information, see CreateBucket.
+    # request. For more information, see [CreateBucket][1].
     #
     # To use this implementation of the operation, you must be the bucket
     # owner.
     #
     # The following operations are related to `GetBucketLocation`\:
     #
-    # * GetObject
+    # * [GetObject][2]
+    #
+    # * [CreateBucket][1]
+    #
+    #
     #
-    # * CreateBucket
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the location.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketLocationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketLocationOutput#location_constraint #location_constraint} => String
@@ -3444,6 +3751,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_location({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3465,13 +3773,23 @@ module Aws::S3
     #
     # The following operations are related to `GetBucketLogging`\:
     #
-    # * CreateBucket
+    # * [CreateBucket][1]
+    #
+    # * [PutBucketLogging][2]
+    #
     #
-    # * PutBucketLogging
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html
     #
     # @option params [required, String] :bucket
     #   The bucket name for which to get the logging information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketLoggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketLoggingOutput#logging_enabled #logging_enabled} => Types::LoggingEnabled
@@ -3480,6 +3798,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_logging({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3520,11 +3839,11 @@ module Aws::S3
     # The following operations are related to
     # `GetBucketMetricsConfiguration`\:
     #
-    # * PutBucketMetricsConfiguration
+    # * [PutBucketMetricsConfiguration][4]
     #
-    # * DeleteBucketMetricsConfiguration
+    # * [DeleteBucketMetricsConfiguration][5]
     #
-    # * ListBucketMetricsConfigurations
+    # * [ListBucketMetricsConfigurations][6]
     #
     # * [Monitoring Metrics with Amazon CloudWatch][3]
     #
@@ -3533,6 +3852,9 @@ module Aws::S3
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket containing the metrics configuration to
@@ -3541,6 +3863,11 @@ module Aws::S3
     # @option params [required, String] :id
     #   The ID used to identify the metrics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketMetricsConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketMetricsConfigurationOutput#metrics_configuration #metrics_configuration} => Types::MetricsConfiguration
@@ -3550,6 +3877,7 @@ module Aws::S3
     #   resp = client.get_bucket_metrics_configuration({
     #     bucket: "BucketName", # required
     #     id: "MetricsId", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3572,11 +3900,20 @@ module Aws::S3
       req.send_request(options)
     end
 
-    # No longer used, see GetBucketNotificationConfiguration.
+    # No longer used, see [GetBucketNotificationConfiguration][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html
     #
     # @option params [required, String] :bucket
     #   Name of the bucket for which to get the notification configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::NotificationConfigurationDeprecated] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::NotificationConfigurationDeprecated#topic_configuration #topic_configuration} => Types::TopicConfigurationDeprecated
@@ -3644,6 +3981,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_notification({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3691,7 +4029,7 @@ module Aws::S3
     #
     # The following operation is related to `GetBucketNotification`\:
     #
-    # * PutBucketNotification
+    # * [PutBucketNotification][3]
     #
     # ^
     #
@@ -3699,10 +4037,16 @@ module Aws::S3
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html
     #
     # @option params [required, String] :bucket
     #   Name of the bucket for which to get the notification configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::NotificationConfiguration] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::NotificationConfiguration#topic_configurations #topic_configurations} => Array&lt;Types::TopicConfiguration&gt;
@@ -3713,6 +4057,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_notification_configuration({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3771,17 +4116,23 @@ module Aws::S3
     #
     # The following operation is related to `GetBucketPolicy`\:
     #
-    # * GetObject
+    # * [GetObject][2]
     #
     # ^
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
     #
     # @option params [required, String] :bucket
     #   The bucket name for which to get the bucket policy.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketPolicyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketPolicyOutput#policy #policy} => IO
@@ -3804,6 +4155,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_policy({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3832,22 +4184,30 @@ module Aws::S3
     #
     # * [Using Amazon S3 Block Public Access][3]
     #
-    # * GetPublicAccessBlock
+    # * [GetPublicAccessBlock][4]
     #
-    # * PutPublicAccessBlock
+    # * [PutPublicAccessBlock][5]
     #
-    # * DeletePublicAccessBlock
+    # * [DeletePublicAccessBlock][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html
     #
     # @option params [required, String] :bucket
     #   The name of the Amazon S3 bucket whose policy status you want to
     #   retrieve.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketPolicyStatusOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketPolicyStatusOutput#policy_status #policy_status} => Types::PolicyStatus
@@ -3856,6 +4216,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_policy_status({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3890,23 +4251,31 @@ module Aws::S3
     # you must also include the `DeleteMarkerReplication` and `Priority`
     # elements. The response also returns those elements.
     #
-    # For information about `GetBucketReplication` errors, see
-    # ReplicationErrorCodeList
+    # For information about `GetBucketReplication` errors, see [List of
+    # replication-related error codes][3]
     #
     # The following operations are related to `GetBucketReplication`\:
     #
-    # * PutBucketReplication
+    # * [PutBucketReplication][4]
     #
-    # * DeleteBucketReplication
+    # * [DeleteBucketReplication][5]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html
     #
     # @option params [required, String] :bucket
     #   The bucket name for which to get the replication information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketReplicationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketReplicationOutput#replication_configuration #replication_configuration} => Types::ReplicationConfiguration
@@ -3941,6 +4310,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_replication({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -3986,18 +4356,24 @@ module Aws::S3
     #
     # The following operations are related to `GetBucketRequestPayment`\:
     #
-    # * ListObjects
+    # * [ListObjects][2]
     #
     # ^
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the payment request
     #   configuration
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketRequestPaymentOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketRequestPaymentOutput#payer #payer} => String
@@ -4020,6 +4396,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_request_payment({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4051,13 +4428,23 @@ module Aws::S3
     #
     # The following operations are related to `GetBucketTagging`\:
     #
-    # * PutBucketTagging
+    # * [PutBucketTagging][1]
+    #
+    # * [DeleteBucketTagging][2]
     #
-    # * DeleteBucketTagging
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the tagging information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketTaggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketTaggingOutput#tag_set #tag_set} => Array&lt;Types::Tag&gt;
@@ -4089,6 +4476,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_tagging({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4118,15 +4506,26 @@ module Aws::S3
     #
     # The following operations are related to `GetBucketVersioning`\:
     #
-    # * GetObject
+    # * [GetObject][1]
     #
-    # * PutObject
+    # * [PutObject][2]
     #
-    # * DeleteObject
+    # * [DeleteObject][3]
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the versioning information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketVersioningOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketVersioningOutput#status #status} => String
@@ -4151,6 +4550,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_versioning({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4180,17 +4580,24 @@ module Aws::S3
     #
     # The following operations are related to `DeleteBucketWebsite`\:
     #
-    # * DeleteBucketWebsite
+    # * [DeleteBucketWebsite][2]
     #
-    # * PutBucketWebsite
+    # * [PutBucketWebsite][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html
     #
     # @option params [required, String] :bucket
     #   The bucket name for which to get the website configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetBucketWebsiteOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetBucketWebsiteOutput#redirect_all_requests_to #redirect_all_requests_to} => Types::RedirectAllRequestsTo
@@ -4221,6 +4628,7 @@ module Aws::S3
     #
     #   resp = client.get_bucket_website({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4270,13 +4678,13 @@ module Aws::S3
     # To distribute large files to many people, you can save bandwidth costs
     # by using BitTorrent. For more information, see [Amazon S3 Torrent][2].
     # For more information about returning the ACL of an object, see
-    # GetObjectAcl.
+    # [GetObjectAcl][3].
     #
     # If the object you are retrieving is stored in the GLACIER or
     # DEEP\_ARCHIVE storage classes, before you can retrieve the object you
-    # must first restore a copy using . Otherwise, this operation returns an
-    # `InvalidObjectStateError` error. For information about restoring
-    # archived objects, see [Restoring Archived Objects][3].
+    # must first restore a copy using [RestoreObject][4]. Otherwise, this
+    # operation returns an `InvalidObjectStateError` error. For information
+    # about restoring archived objects, see [Restoring Archived Objects][5].
     #
     # Encryption request headers, like `x-amz-server-side-encryption`,
     # should not be sent for GET requests if your object uses server-side
@@ -4290,25 +4698,25 @@ module Aws::S3
     # Amazon S3, then when you GET the object, you must use the following
     # headers:
     #
-    # * x-amz-server-side​-encryption​-customer-algorithm
+    # * x-amz-server-side-encryption-customer-algorithm
     #
-    # * x-amz-server-side​-encryption​-customer-key
+    # * x-amz-server-side-encryption-customer-key
     #
-    # * x-amz-server-side​-encryption​-customer-key-MD5
+    # * x-amz-server-side-encryption-customer-key-MD5
     #
     # For more information about SSE-C, see [Server-Side Encryption (Using
-    # Customer-Provided Encryption Keys)][4].
+    # Customer-Provided Encryption Keys)][6].
     #
     # Assuming you have permission to read object tags (permission for the
     # `s3:GetObjectVersionTagging` action), the response also returns the
     # `x-amz-tagging-count` header that provides the count of number of tags
-    # associated with the object. You can use GetObjectTagging to retrieve
-    # the tag set associated with an object.
+    # associated with the object. You can use [GetObjectTagging][7] to
+    # retrieve the tag set associated with an object.
     #
     # **Permissions**
     #
     # You need the `s3:GetObject` permission for this operation. For more
-    # information, see [Specifying Permissions in a Policy][5]. If the
+    # information, see [Specifying Permissions in a Policy][8]. If the
     # object you request does not exist, the error Amazon S3 returns depends
     # on whether you also have the `s3:ListBucket` permission.
     #
@@ -4330,7 +4738,7 @@ module Aws::S3
     #
     #  </note>
     #
-    # For more information about versioning, see PutBucketVersioning.
+    # For more information about versioning, see [PutBucketVersioning][9].
     #
     # **Overriding Response Header Values**
     #
@@ -4379,22 +4787,27 @@ module Aws::S3
     # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
     # then, S3 returns 304 Not Modified response code.
     #
-    # For more information about conditional requests, see [RFC 7232][6].
+    # For more information about conditional requests, see [RFC 7232][10].
     #
     # The following operations are related to `GetObject`\:
     #
-    # * ListBuckets
+    # * [ListBuckets][11]
     #
-    # * GetObjectAcl
+    # * [GetObjectAcl][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
-    # [6]: https://tools.ietf.org/html/rfc7232
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html
+    # [10]: https://tools.ietf.org/html/rfc7232
+    # [11]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html
     #
     # @option params [String, IO] :response_target
     #   Where to write response data, file path, or IO object.
@@ -4477,7 +4890,7 @@ module Aws::S3
     #   encrypting data. This value is used to store the object and then it is
     #   discarded; Amazon S3 does not store the encryption key. The key must
     #   be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #
     # @option params [String] :sse_customer_key_md5
     #   Specifies the 128-bit MD5 digest of the encryption key according to
@@ -4501,6 +4914,11 @@ module Aws::S3
     #   for the part specified. Useful for downloading just a part of an
     #   object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectOutput#body #body} => IO
@@ -4537,49 +4955,49 @@ module Aws::S3
     #   * {Types::GetObjectOutput#object_lock_legal_hold_status #object_lock_legal_hold_status} => String
     #
     #
-    # @example Example: To retrieve an object
+    # @example Example: To retrieve a byte range of an object 
     #
-    #   # The following example retrieves an object for an S3 bucket.
+    #   # The following example retrieves an object for an S3 bucket. The request specifies the range header to retrieve a
+    #   # specific byte range.
     #
     #   resp = client.get_object({
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
+    #     key: "SampleFile.txt", 
+    #     range: "bytes=0-9", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     accept_ranges: "bytes", 
-    #     content_length: 3191, 
-    #     content_type: "image/jpeg", 
-    #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     last_modified: Time.parse("Thu, 15 Dec 2016 01:19:41 GMT"), 
+    #     content_length: 10, 
+    #     content_range: "bytes 0-9/43", 
+    #     content_type: "text/plain", 
+    #     etag: "\"0d94420ffd0bc68cd3d152506b97a9cc\"", 
+    #     last_modified: Time.parse("Thu, 09 Oct 2014 22:57:28 GMT"), 
     #     metadata: {
     #     }, 
-    #     tag_count: 2, 
     #     version_id: "null", 
     #   }
     #
-    # @example Example: To retrieve a byte range of an object 
+    # @example Example: To retrieve an object
     #
-    #   # The following example retrieves an object for an S3 bucket. The request specifies the range header to retrieve a
-    #   # specific byte range.
+    #   # The following example retrieves an object for an S3 bucket.
     #
     #   resp = client.get_object({
     #     bucket: "examplebucket", 
-    #     key: "SampleFile.txt", 
-    #     range: "bytes=0-9", 
+    #     key: "HappyFace.jpg", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     accept_ranges: "bytes", 
-    #     content_length: 10, 
-    #     content_range: "bytes 0-9/43", 
-    #     content_type: "text/plain", 
-    #     etag: "\"0d94420ffd0bc68cd3d152506b97a9cc\"", 
-    #     last_modified: Time.parse("Thu, 09 Oct 2014 22:57:28 GMT"), 
+    #     content_length: 3191, 
+    #     content_type: "image/jpeg", 
+    #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
+    #     last_modified: Time.parse("Thu, 15 Dec 2016 01:19:41 GMT"), 
     #     metadata: {
     #     }, 
+    #     tag_count: 2, 
     #     version_id: "null", 
     #   }
     #
@@ -4634,6 +5052,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
     #     part_number: 1,
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4692,11 +5111,17 @@ module Aws::S3
     #
     # The following operations are related to `GetObjectAcl`\:
     #
-    # * GetObject
+    # * [GetObject][1]
+    #
+    # * [DeleteObject][2]
+    #
+    # * [PutObject][3]
     #
-    # * DeleteObject
     #
-    # * PutObject
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
     #
     # @option params [required, String] :bucket
     #   The bucket name that contains the object for which to get the ACL
@@ -4731,6 +5156,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectAclOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectAclOutput#owner #owner} => Types::Owner
@@ -4796,6 +5226,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4862,6 +5293,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectLegalHoldOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectLegalHoldOutput#legal_hold #legal_hold} => Types::ObjectLockLegalHold
@@ -4873,6 +5309,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4900,6 +5337,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket whose Object Lock configuration you want to retrieve.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectLockConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectLockConfigurationOutput#object_lock_configuration #object_lock_configuration} => Types::ObjectLockConfiguration
@@ -4908,6 +5350,7 @@ module Aws::S3
     #
     #   resp = client.get_object_lock_configuration({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -4968,6 +5411,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectRetentionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectRetentionOutput#retention #retention} => Types::ObjectLockRetention
@@ -4979,6 +5427,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5013,13 +5462,14 @@ module Aws::S3
     #
     # The following operation is related to `GetObjectTagging`\:
     #
-    # * PutObjectTagging
+    # * [PutObjectTagging][2]
     #
     # ^
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html
     #
     # @option params [required, String] :bucket
     #   The bucket name containing the object for which to get the tagging
@@ -5043,55 +5493,60 @@ module Aws::S3
     # @option params [String] :version_id
     #   The versionId of the object for which to get the tagging information.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectTaggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectTaggingOutput#version_id #version_id} => String
     #   * {Types::GetObjectTaggingOutput#tag_set #tag_set} => Array&lt;Types::Tag&gt;
     #
     #
-    # @example Example: To retrieve tag set of a specific object version
+    # @example Example: To retrieve tag set of an object
     #
-    #   # The following example retrieves tag set of an object. The request specifies object version.
+    #   # The following example retrieves tag set of an object.
     #
     #   resp = client.get_object_tagging({
     #     bucket: "examplebucket", 
-    #     key: "exampleobject", 
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
+    #     key: "HappyFace.jpg", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     tag_set: [
     #       {
-    #         key: "Key1", 
-    #         value: "Value1", 
+    #         key: "Key4", 
+    #         value: "Value4", 
+    #       }, 
+    #       {
+    #         key: "Key3", 
+    #         value: "Value3", 
     #       }, 
     #     ], 
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
+    #     version_id: "null", 
     #   }
     #
-    # @example Example: To retrieve tag set of an object
+    # @example Example: To retrieve tag set of a specific object version
     #
-    #   # The following example retrieves tag set of an object.
+    #   # The following example retrieves tag set of an object. The request specifies object version.
     #
     #   resp = client.get_object_tagging({
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
+    #     key: "exampleobject", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     tag_set: [
     #       {
-    #         key: "Key4", 
-    #         value: "Value4", 
-    #       }, 
-    #       {
-    #         key: "Key3", 
-    #         value: "Value3", 
+    #         key: "Key1", 
+    #         value: "Value1", 
     #       }, 
     #     ], 
-    #     version_id: "null", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   }
     #
     # @example Request syntax with placeholder values
@@ -5100,6 +5555,7 @@ module Aws::S3
     #     bucket: "BucketName", # required
     #     key: "ObjectKey", # required
     #     version_id: "ObjectVersionId",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5132,13 +5588,14 @@ module Aws::S3
     #
     # The following operation is related to `GetObjectTorrent`\:
     #
-    # * GetObject
+    # * [GetObject][2]
     #
     # ^
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
     #
     # @option params [String, IO] :response_target
     #   Where to write response data, file path, or IO object.
@@ -5161,6 +5618,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetObjectTorrentOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetObjectTorrentOutput#body #body} => IO
@@ -5186,6 +5648,7 @@ module Aws::S3
     #     bucket: "BucketName", # required
     #     key: "ObjectKey", # required
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5222,22 +5685,30 @@ module Aws::S3
     #
     # * [Using Amazon S3 Block Public Access][3]
     #
-    # * PutPublicAccessBlock
+    # * [PutPublicAccessBlock][4]
     #
-    # * GetPublicAccessBlock
+    # * [GetPublicAccessBlock][5]
     #
-    # * DeletePublicAccessBlock
+    # * [DeletePublicAccessBlock][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html
     #
     # @option params [required, String] :bucket
     #   The name of the Amazon S3 bucket whose `PublicAccessBlock`
     #   configuration you want to retrieve.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::GetPublicAccessBlockOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetPublicAccessBlockOutput#public_access_block_configuration #public_access_block_configuration} => Types::PublicAccessBlockConfiguration
@@ -5246,6 +5717,7 @@ module Aws::S3
     #
     #   resp = client.get_public_access_block({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5285,6 +5757,11 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   The bucket name.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -5300,6 +5777,7 @@ module Aws::S3
     #
     #   resp = client.head_bucket({
     #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     #
@@ -5331,11 +5809,11 @@ module Aws::S3
     # Amazon S3, then when you retrieve the metadata from the object, you
     # must use the following headers:
     #
-    # * x-amz-server-side​-encryption​-customer-algorithm
+    # * x-amz-server-side-encryption-customer-algorithm
     #
-    # * x-amz-server-side​-encryption​-customer-key
+    # * x-amz-server-side-encryption-customer-key
     #
-    # * x-amz-server-side​-encryption​-customer-key-MD5
+    # * x-amz-server-side-encryption-customer-key-MD5
     #
     # For more information about SSE-C, see [Server-Side Encryption (Using
     # Customer-Provided Encryption Keys)][1].
@@ -5389,7 +5867,7 @@ module Aws::S3
     #
     # The following operation is related to `HeadObject`\:
     #
-    # * GetObject
+    # * [GetObject][5]
     #
     # ^
     #
@@ -5399,6 +5877,7 @@ module Aws::S3
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html
     # [3]: https://tools.ietf.org/html/rfc7232
     # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket containing the object.
@@ -5444,7 +5923,7 @@ module Aws::S3
     #   encrypting data. This value is used to store the object and then it is
     #   discarded; Amazon S3 does not store the encryption key. The key must
     #   be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #
     # @option params [String] :sse_customer_key_md5
     #   Specifies the 128-bit MD5 digest of the encryption key according to
@@ -5468,6 +5947,11 @@ module Aws::S3
     #   for the part specified. Useful querying about the size of the part and
     #   the number of parts in this object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::HeadObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::HeadObjectOutput#delete_marker #delete_marker} => Boolean
@@ -5538,6 +6022,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
     #     part_number: 1,
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5614,17 +6099,20 @@ module Aws::S3
     # The following operations are related to
     # `ListBucketAnalyticsConfigurations`\:
     #
-    # * GetBucketAnalyticsConfiguration
+    # * [GetBucketAnalyticsConfiguration][4]
     #
-    # * DeleteBucketAnalyticsConfiguration
+    # * [DeleteBucketAnalyticsConfiguration][5]
     #
-    # * PutBucketAnalyticsConfiguration
+    # * [PutBucketAnalyticsConfiguration][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket from which analytics configurations are
@@ -5634,6 +6122,11 @@ module Aws::S3
     #   The ContinuationToken that represents a placeholder from where this
     #   request should begin.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListBucketAnalyticsConfigurationsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListBucketAnalyticsConfigurationsOutput#is_truncated #is_truncated} => Boolean
@@ -5646,6 +6139,7 @@ module Aws::S3
     #   resp = client.list_bucket_analytics_configurations({
     #     bucket: "BucketName", # required
     #     continuation_token: "Token",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5702,17 +6196,20 @@ module Aws::S3
     # The following operations are related to
     # `ListBucketInventoryConfigurations`\:
     #
-    # * GetBucketInventoryConfiguration
+    # * [GetBucketInventoryConfiguration][4]
     #
-    # * DeleteBucketInventoryConfiguration
+    # * [DeleteBucketInventoryConfiguration][5]
     #
-    # * PutBucketInventoryConfiguration
+    # * [PutBucketInventoryConfiguration][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket containing the inventory configurations to
@@ -5724,6 +6221,11 @@ module Aws::S3
     #   truncated list response to continue the listing. The continuation
     #   token is an opaque value that Amazon S3 understands.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListBucketInventoryConfigurationsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListBucketInventoryConfigurationsOutput#continuation_token #continuation_token} => String
@@ -5736,6 +6238,7 @@ module Aws::S3
     #   resp = client.list_bucket_inventory_configurations({
     #     bucket: "BucketName", # required
     #     continuation_token: "Token",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5793,17 +6296,20 @@ module Aws::S3
     # The following operations are related to
     # `ListBucketMetricsConfigurations`\:
     #
-    # * PutBucketMetricsConfiguration
+    # * [PutBucketMetricsConfiguration][4]
     #
-    # * GetBucketMetricsConfiguration
+    # * [GetBucketMetricsConfiguration][5]
     #
-    # * DeleteBucketMetricsConfiguration
+    # * [DeleteBucketMetricsConfiguration][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket containing the metrics configurations to
@@ -5815,6 +6321,11 @@ module Aws::S3
     #   previously truncated list response to continue the listing. The
     #   continuation token is an opaque value that Amazon S3 understands.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListBucketMetricsConfigurationsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListBucketMetricsConfigurationsOutput#is_truncated #is_truncated} => Boolean
@@ -5827,6 +6338,7 @@ module Aws::S3
     #   resp = client.list_bucket_metrics_configurations({
     #     bucket: "BucketName", # required
     #     continuation_token: "Token",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -5939,20 +6451,25 @@ module Aws::S3
     #
     # The following operations are related to `ListMultipartUploads`\:
     #
-    # * CreateMultipartUpload
+    # * [CreateMultipartUpload][3]
     #
-    # * UploadPart
+    # * [UploadPart][4]
     #
-    # * CompleteMultipartUpload
+    # * [CompleteMultipartUpload][5]
     #
-    # * ListParts
+    # * [ListParts][6]
     #
-    # * AbortMultipartUpload
+    # * [AbortMultipartUpload][7]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
     #
     # @option params [required, String] :bucket
     #   Name of the bucket to which the multipart upload was initiated.
@@ -6019,6 +6536,11 @@ module Aws::S3
     #   list only if they have an upload ID lexicographically greater than the
     #   specified `upload-id-marker`.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListMultipartUploadsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListMultipartUploadsOutput#bucket #bucket} => String
@@ -6142,6 +6664,7 @@ module Aws::S3
     #     max_uploads: 1,
     #     prefix: "Prefix",
     #     upload_id_marker: "UploadIdMarker",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6191,13 +6714,20 @@ module Aws::S3
     #
     # The following operations are related to `ListObjectVersions`\:
     #
-    # * ListObjectsV2
+    # * [ListObjectsV2][1]
     #
-    # * GetObject
+    # * [GetObject][2]
     #
-    # * PutObject
+    # * [PutObject][3]
     #
-    # * DeleteObject
+    # * [DeleteObject][4]
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
     #
     # @option params [required, String] :bucket
     #   The bucket name that contains the objects.
@@ -6252,6 +6782,11 @@ module Aws::S3
     # @option params [String] :version_id_marker
     #   Specifies the object version you want to start listing from.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListObjectVersionsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListObjectVersionsOutput#is_truncated #is_truncated} => Boolean
@@ -6324,6 +6859,7 @@ module Aws::S3
     #     max_keys: 1,
     #     prefix: "Prefix",
     #     version_id_marker: "VersionIdMarker",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6374,20 +6910,28 @@ module Aws::S3
     # of the response and handle it appropriately.
     #
     # This API has been revised. We recommend that you use the newer
-    # version, ListObjectsV2, when developing applications. For backward
-    # compatibility, Amazon S3 continues to support `ListObjects`.
+    # version, [ListObjectsV2][1], when developing applications. For
+    # backward compatibility, Amazon S3 continues to support `ListObjects`.
     #
     # The following operations are related to `ListObjects`\:
     #
-    # * ListObjectsV2
+    # * [ListObjectsV2][1]
+    #
+    # * [GetObject][2]
+    #
+    # * [PutObject][3]
+    #
+    # * [CreateBucket][4]
     #
-    # * GetObject
+    # * [ListBuckets][5]
     #
-    # * PutObject
     #
-    # * CreateBucket
     #
-    # * ListBuckets
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket containing the objects.
@@ -6419,6 +6963,11 @@ module Aws::S3
     #   the list objects request. Bucket owners need not specify this
     #   parameter in their requests.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListObjectsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListObjectsOutput#is_truncated #is_truncated} => Boolean
@@ -6483,6 +7032,7 @@ module Aws::S3
     #     max_keys: 1,
     #     prefix: "Prefix",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6533,22 +7083,27 @@ module Aws::S3
     # This section describes the latest revision of the API. We recommend
     # that you use this revised API for application development. For
     # backward compatibility, Amazon S3 continues to support the prior
-    # version of this API, ListObjects.
+    # version of this API, [ListObjects][3].
     #
-    # To get a list of your buckets, see ListBuckets.
+    # To get a list of your buckets, see [ListBuckets][4].
     #
     # The following operations are related to `ListObjectsV2`\:
     #
-    # * GetObject
+    # * [GetObject][5]
     #
-    # * PutObject
+    # * [PutObject][6]
     #
-    # * CreateBucket
+    # * [CreateBucket][7]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
     #
     # @option params [required, String] :bucket
     #   Bucket name to list.
@@ -6599,6 +7154,11 @@ module Aws::S3
     #   the list objects request in V2 style. Bucket owners need not specify
     #   this parameter in their requests.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListObjectsV2Output] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListObjectsV2Output#is_truncated #is_truncated} => Boolean
@@ -6665,6 +7225,7 @@ module Aws::S3
     #     fetch_owner: false,
     #     start_after: "StartAfter",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6702,7 +7263,7 @@ module Aws::S3
     # Lists the parts that have been uploaded for a specific multipart
     # upload. This operation must include the upload ID, which you obtain by
     # sending the initiate multipart upload request (see
-    # CreateMultipartUpload). This request returns a maximum of 1,000
+    # [CreateMultipartUpload][1]). This request returns a maximum of 1,000
     # uploaded parts. The default number of parts returned is 1,000 parts.
     # You can restrict the number of parts returned by specifying the
     # `max-parts` request parameter. If your multipart upload consists of
@@ -6713,27 +7274,32 @@ module Aws::S3
     # field value from the previous response.
     #
     # For more information on multipart uploads, see [Uploading Objects
-    # Using Multipart Upload][1].
+    # Using Multipart Upload][2].
     #
     # For information on permissions required to use the multipart upload
-    # API, see [Multipart Upload API and Permissions][2].
+    # API, see [Multipart Upload API and Permissions][3].
     #
     # The following operations are related to `ListParts`\:
     #
-    # * CreateMultipartUpload
+    # * [CreateMultipartUpload][1]
     #
-    # * UploadPart
+    # * [UploadPart][4]
     #
-    # * CompleteMultipartUpload
+    # * [CompleteMultipartUpload][5]
     #
-    # * AbortMultipartUpload
+    # * [AbortMultipartUpload][6]
     #
-    # * ListMultipartUploads
+    # * [ListMultipartUploads][7]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
     #
     # @option params [required, String] :bucket
     #   Name of the bucket to which the parts are being uploaded.
@@ -6775,6 +7341,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::ListPartsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListPartsOutput#abort_date #abort_date} => Time
@@ -6841,6 +7412,7 @@ module Aws::S3
     #     part_number_marker: 1,
     #     upload_id: "MultipartUploadId", # required
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -6893,8 +7465,8 @@ module Aws::S3
     #
     # * Suspended – Disables accelerated data transfers to the bucket.
     #
-    # The GetBucketAccelerateConfiguration operation returns the transfer
-    # acceleration state of a bucket.
+    # The [GetBucketAccelerateConfiguration][3] operation returns the
+    # transfer acceleration state of a bucket.
     #
     # After setting the Transfer Acceleration state of a bucket to Enabled,
     # it might take up to thirty minutes before the data transfer rates to
@@ -6904,20 +7476,22 @@ module Aws::S3
     # DNS-compliant and must not contain periods (".").
     #
     # For more information about transfer acceleration, see [Transfer
-    # Acceleration][3].
+    # Acceleration][4].
     #
     # The following operations are related to
     # `PutBucketAccelerateConfiguration`\:
     #
-    # * GetBucketAccelerateConfiguration
+    # * [GetBucketAccelerateConfiguration][3]
     #
-    # * CreateBucket
+    # * [CreateBucket][5]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
     #
     # @option params [required, String] :bucket
     #   Name of the bucket for which the accelerate configuration is set.
@@ -6925,6 +7499,11 @@ module Aws::S3
     # @option params [required, Types::AccelerateConfiguration] :accelerate_configuration
     #   Container for setting the transfer acceleration state.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -6934,6 +7513,7 @@ module Aws::S3
     #     accelerate_configuration: { # required
     #       status: "Enabled", # accepts Enabled, Suspended
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfiguration AWS API Documentation
@@ -7086,11 +7666,11 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * CreateBucket
+    # * [CreateBucket][5]
     #
-    # * DeleteBucket
+    # * [DeleteBucket][6]
     #
-    # * GetObjectAcl
+    # * [GetObjectAcl][7]
     #
     #
     #
@@ -7098,6 +7678,9 @@ module Aws::S3
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
     # [4]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html
     #
     # @option params [String] :acl
     #   The canned ACL to apply to the bucket.
@@ -7135,6 +7718,11 @@ module Aws::S3
     # @option params [String] :grant_write_acp
     #   Allows grantee to write the ACL for the applicable bucket.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -7179,6 +7767,7 @@ module Aws::S3
     #     grant_read_acp: "GrantReadACP",
     #     grant_write: "GrantWrite",
     #     grant_write_acp: "GrantWriteACP",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAcl AWS API Documentation
@@ -7242,9 +7831,11 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # *
-    # *
-    # *
+    # * [GetBucketAnalyticsConfiguration][5]
+    #
+    # * [DeleteBucketAnalyticsConfiguration][6]
+    #
+    # * [ListBucketAnalyticsConfigurations][7]
     #
     #
     #
@@ -7252,6 +7843,9 @@ module Aws::S3
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket to which an analytics configuration is stored.
@@ -7262,6 +7856,11 @@ module Aws::S3
     # @option params [required, Types::AnalyticsConfiguration] :analytics_configuration
     #   The configuration and any analyses for the analytics filter.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -7301,6 +7900,7 @@ module Aws::S3
     #         },
     #       },
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfiguration AWS API Documentation
@@ -7352,15 +7952,18 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * GetBucketCors
+    # * [GetBucketCors][2]
     #
-    # * DeleteBucketCors
+    # * [DeleteBucketCors][3]
     #
-    # * RESTOPTIONSobject
+    # * [RESTOPTIONSobject][4]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html
     #
     # @option params [required, String] :bucket
     #   Specifies the bucket impacted by the `cors`configuration.
@@ -7384,6 +7987,11 @@ module Aws::S3
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -7446,6 +8054,7 @@ module Aws::S3
     #       ],
     #     },
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCors AWS API Documentation
@@ -7480,15 +8089,17 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * GetBucketEncryption
+    # * [GetBucketEncryption][4]
     #
-    # * DeleteBucketEncryption
+    # * [DeleteBucketEncryption][5]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
     #
     # @option params [required, String] :bucket
     #   Specifies default encryption for a bucket using server-side encryption
@@ -7509,6 +8120,11 @@ module Aws::S3
     # @option params [required, Types::ServerSideEncryptionConfiguration] :server_side_encryption_configuration
     #   Specifies the default server-side-encryption configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -7526,6 +8142,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryption AWS API Documentation
@@ -7594,11 +8211,11 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * GetBucketInventoryConfiguration
+    # * [GetBucketInventoryConfiguration][5]
     #
-    # * DeleteBucketInventoryConfiguration
+    # * [DeleteBucketInventoryConfiguration][6]
     #
-    # * ListBucketInventoryConfigurations
+    # * [ListBucketInventoryConfigurations][7]
     #
     #
     #
@@ -7606,6 +8223,9 @@ module Aws::S3
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket where the inventory configuration will be
@@ -7617,6 +8237,11 @@ module Aws::S3
     # @option params [required, Types::InventoryConfiguration] :inventory_configuration
     #   Specifies the inventory configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -7651,6 +8276,7 @@ module Aws::S3
     #         frequency: "Daily", # required, accepts Daily, Weekly
     #       },
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfiguration AWS API Documentation
@@ -7663,13 +8289,13 @@ module Aws::S3
     end
 
     # For an updated version of this API, see
-    # PutBucketLifecycleConfiguration. This version has been deprecated.
-    # Existing lifecycle configurations will work. For new lifecycle
-    # configurations, use the updated API.
+    # [PutBucketLifecycleConfiguration][1]. This version has been
+    # deprecated. Existing lifecycle configurations will work. For new
+    # lifecycle configurations, use the updated API.
     #
     # Creates a new lifecycle configuration for the bucket or replaces an
     # existing lifecycle configuration. For information about lifecycle
-    # configuration, see [Object Lifecycle Management][1] in the *Amazon
+    # configuration, see [Object Lifecycle Management][2] in the *Amazon
     # Simple Storage Service Developer Guide*.
     #
     # By default, all Amazon S3 resources, including buckets, objects, and
@@ -7692,36 +8318,41 @@ module Aws::S3
     # * `s3:PutLifecycleConfiguration`
     #
     # For more information about permissions, see [Managing Access
-    # Permissions to your Amazon S3 Resources][2] in the *Amazon Simple
+    # Permissions to your Amazon S3 Resources][3] in the *Amazon Simple
     # Storage Service Developer Guide*.
     #
     # For more examples of transitioning objects to storage classes such as
     # STANDARD\_IA or ONEZONE\_IA, see [Examples of Lifecycle
-    # Configuration][3].
+    # Configuration][4].
     #
     # **Related Resources**
     #
-    # * GetBucketLifecycle(Deprecated)
+    # * [GetBucketLifecycle][5](Deprecated)
+    #
+    # * [GetBucketLifecycleConfiguration][6]
     #
-    # * GetBucketLifecycleConfiguration
+    # * [RestoreObject][7]
     #
-    # *
     # * By default, a resource owner—in this case, a bucket owner, which is
     #   the AWS account that created the bucket—can perform any of the
     #   operations. A resource owner can also grant others permission to
     #   perform the operation. For more information, see the following
     #   topics in the Amazon Simple Storage Service Developer Guide:
     #
-    #   * [Specifying Permissions in a Policy][4]
+    #   * [Specifying Permissions in a Policy][8]
     #
-    #   * [Managing Access Permissions to your Amazon S3 Resources][2]
+    #   * [Managing Access Permissions to your Amazon S3 Resources][3]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#lifecycle-configuration-examples
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#lifecycle-configuration-examples
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
     #
     # @option params [required, String] :bucket
     #
@@ -7729,6 +8360,11 @@ module Aws::S3
     #
     # @option params [Types::LifecycleConfiguration] :lifecycle_configuration
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -7765,6 +8401,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycle AWS API Documentation
@@ -7787,7 +8424,7 @@ module Aws::S3
     # API. The previous version of the API supported filtering based only on
     # an object key name prefix, which is supported for backward
     # compatibility. For the related API description, see
-    # PutBucketLifecycle.
+    # [PutBucketLifecycle][2].
     #
     #  </note>
     #
@@ -7811,8 +8448,8 @@ module Aws::S3
     #   S3 provides predefined actions that you can specify for current and
     #   noncurrent object versions.
     #
-    # For more information, see [Object Lifecycle Management][2] and
-    # [Lifecycle Configuration Elements][3].
+    # For more information, see [Object Lifecycle Management][3] and
+    # [Lifecycle Configuration Elements][4].
     #
     # **Permissions**
     #
@@ -7840,18 +8477,21 @@ module Aws::S3
     #
     # The following are related to `PutBucketLifecycleConfiguration`\:
     #
-    # * [Examples of Lifecycle Configuration][4]
+    # * [Examples of Lifecycle Configuration][5]
     #
-    # * GetBucketLifecycleConfiguration
+    # * [GetBucketLifecycleConfiguration][6]
     #
-    # * DeleteBucketLifecycle
+    # * [DeleteBucketLifecycle][7]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which to set the configuration.
@@ -7859,6 +8499,11 @@ module Aws::S3
     # @option params [Types::BucketLifecycleConfiguration] :lifecycle_configuration
     #   Container for lifecycle rules. You can add as many as 1,000 rules.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -7943,6 +8588,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfiguration AWS API Documentation
@@ -8000,23 +8646,27 @@ module Aws::S3
     # For more information about server access logging, see [Server Access
     # Logging][1].
     #
-    # For more information about creating a bucket, see CreateBucket. For
-    # more information about returning the logging status of a bucket, see
-    # GetBucketLogging.
+    # For more information about creating a bucket, see [CreateBucket][2].
+    # For more information about returning the logging status of a bucket,
+    # see [GetBucketLogging][3].
     #
     # The following operations are related to `PutBucketLogging`\:
     #
-    # * PutObject
+    # * [PutObject][4]
     #
-    # * DeleteBucket
+    # * [DeleteBucket][5]
     #
-    # * CreateBucket
+    # * [CreateBucket][2]
     #
-    # * GetBucketLogging
+    # * [GetBucketLogging][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which to set the logging parameters.
@@ -8027,6 +8677,11 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `PutBucketLogging` request body.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8077,6 +8732,7 @@ module Aws::S3
     #       },
     #     },
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLogging AWS API Documentation
@@ -8108,11 +8764,11 @@ module Aws::S3
     # The following operations are related to
     # `PutBucketMetricsConfiguration`\:
     #
-    # * DeleteBucketMetricsConfiguration
+    # * [DeleteBucketMetricsConfiguration][4]
     #
-    # * PutBucketMetricsConfiguration
+    # * [PutBucketMetricsConfiguration][5]
     #
-    # * ListBucketMetricsConfigurations
+    # * [ListBucketMetricsConfigurations][6]
     #
     # `GetBucketLifecycle` has the following special error:
     #
@@ -8128,6 +8784,9 @@ module Aws::S3
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which the metrics configuration is set.
@@ -8138,6 +8797,11 @@ module Aws::S3
     # @option params [required, Types::MetricsConfiguration] :metrics_configuration
     #   Specifies the metrics configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -8164,6 +8828,7 @@ module Aws::S3
     #         },
     #       },
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfiguration AWS API Documentation
@@ -8175,7 +8840,12 @@ module Aws::S3
       req.send_request(options)
     end
 
-    # No longer used, see the PutBucketNotificationConfiguration operation.
+    # No longer used, see the [PutBucketNotificationConfiguration][1]
+    # operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket.
@@ -8186,6 +8856,11 @@ module Aws::S3
     # @option params [required, Types::NotificationConfigurationDeprecated] :notification_configuration
     #   The container for the configuration.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -8214,6 +8889,7 @@ module Aws::S3
     #         invocation_role: "CloudFunctionInvocationRole",
     #       },
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotification AWS API Documentation
@@ -8283,13 +8959,14 @@ module Aws::S3
     # The following operation is related to
     # `PutBucketNotificationConfiguration`\:
     #
-    # * GetBucketNotificationConfiguration
+    # * [GetBucketNotificationConfiguration][2]
     #
     # ^
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket.
@@ -8299,6 +8976,11 @@ module Aws::S3
     #   bucket. If this element is empty, notifications are turned off for the
     #   bucket.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8377,6 +9059,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfiguration AWS API Documentation
@@ -8408,13 +9091,15 @@ module Aws::S3
     #
     # The following operations are related to `PutBucketPolicy`\:
     #
-    # * CreateBucket
+    # * [CreateBucket][2]
     #
-    # * DeleteBucket
+    # * [DeleteBucket][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket.
@@ -8429,6 +9114,11 @@ module Aws::S3
     # @option params [required, String] :policy
     #   The bucket policy as a JSON document.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8448,6 +9138,7 @@ module Aws::S3
     #     content_md5: "ContentMD5",
     #     confirm_remove_self_bucket_access: false,
     #     policy: "Policy", # required
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicy AWS API Documentation
@@ -8518,14 +9209,14 @@ module Aws::S3
     # about replication configuration, see [Replicating Objects Created with
     # SSE Using CMKs stored in AWS KMS][6].
     #
-    # For information on `PutBucketReplication` errors, see
-    # ReplicationErrorCodeList
+    # For information on `PutBucketReplication` errors, see [List of
+    # replication-related error codes][7]
     #
     # The following operations are related to `PutBucketReplication`\:
     #
-    # * GetBucketReplication
+    # * [GetBucketReplication][8]
     #
-    # * DeleteBucketReplication
+    # * [DeleteBucketReplication][9]
     #
     #
     #
@@ -8535,6 +9226,9 @@ module Aws::S3
     # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
     # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket
@@ -8554,6 +9248,11 @@ module Aws::S3
     #
     # @option params [String] :token
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8645,6 +9344,7 @@ module Aws::S3
     #       ],
     #     },
     #     token: "ObjectLockToken",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplication AWS API Documentation
@@ -8664,13 +9364,15 @@ module Aws::S3
     #
     # The following operations are related to `PutBucketRequestPayment`\:
     #
-    # * CreateBucket
+    # * [CreateBucket][2]
     #
-    # * GetBucketRequestPayment
+    # * [GetBucketRequestPayment][3]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html
     #
     # @option params [required, String] :bucket
     #   The bucket name.
@@ -8688,6 +9390,11 @@ module Aws::S3
     # @option params [required, Types::RequestPaymentConfiguration] :request_payment_configuration
     #   Container for Payer.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8710,6 +9417,7 @@ module Aws::S3
     #     request_payment_configuration: { # required
     #       payer: "Requester", # required, accepts Requester, BucketOwner
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPayment AWS API Documentation
@@ -8778,9 +9486,9 @@ module Aws::S3
     #
     # The following operations are related to `PutBucketTagging`\:
     #
-    # * GetBucketTagging
+    # * [GetBucketTagging][7]
     #
-    # * DeleteBucketTagging
+    # * [DeleteBucketTagging][8]
     #
     #
     #
@@ -8790,6 +9498,8 @@ module Aws::S3
     # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [5]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html
     # [6]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html
     #
     # @option params [required, String] :bucket
     #   The bucket name.
@@ -8806,6 +9516,11 @@ module Aws::S3
     # @option params [required, Types::Tagging] :tagging
     #   Container for the `TagSet` and `Tag` elements.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8842,6 +9557,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTagging AWS API Documentation
@@ -8865,7 +9581,7 @@ module Aws::S3
     # objects added to the bucket receive the version ID null.
     #
     # If the versioning state has never been set on a bucket, it has no
-    # versioning state; a GetBucketVersioning request does not return a
+    # versioning state; a [GetBucketVersioning][1] request does not return a
     # versioning state value.
     #
     # If the bucket owner enables MFA Delete in the bucket versioning
@@ -8880,19 +9596,22 @@ module Aws::S3
     # manage the deletes of the noncurrent object versions in the
     # version-enabled bucket. (A version-enabled bucket maintains one
     # current and zero or more noncurrent object versions.) For more
-    # information, see [Lifecycle and Versioning][1].
+    # information, see [Lifecycle and Versioning][2].
     #
     # **Related Resources**
     #
-    # * CreateBucket
+    # * [CreateBucket][3]
     #
-    # * DeleteBucket
+    # * [DeleteBucket][4]
     #
-    # * GetBucketVersioning
+    # * [GetBucketVersioning][1]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
     #
     # @option params [required, String] :bucket
     #   The bucket name.
@@ -8914,6 +9633,11 @@ module Aws::S3
     # @option params [required, Types::VersioningConfiguration] :versioning_configuration
     #   Container for setting the versioning state.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -8939,6 +9663,7 @@ module Aws::S3
     #       mfa_delete: "Enabled", # accepts Enabled, Disabled
     #       status: "Enabled", # accepts Enabled, Suspended
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioning AWS API Documentation
@@ -9038,6 +9763,11 @@ module Aws::S3
     # @option params [required, Types::WebsiteConfiguration] :website_configuration
     #   Container for the request.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -9090,6 +9820,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsite AWS API Documentation
@@ -9165,13 +9896,13 @@ module Aws::S3
     #
     # For more information about versioning, see [Adding Objects to
     # Versioning Enabled Buckets][6]. For information about returning the
-    # versioning state of a bucket, see GetBucketVersioning.
+    # versioning state of a bucket, see [GetBucketVersioning][7].
     #
     # **Related Resources**
     #
-    # * CopyObject
+    # * [CopyObject][8]
     #
-    # * DeleteObject
+    # * [DeleteObject][9]
     #
     #
     #
@@ -9181,6 +9912,9 @@ module Aws::S3
     # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
     # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
     # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
     #
     # @option params [String] :acl
     #   The canned ACL to apply to the object. For more information, see
@@ -9341,7 +10075,7 @@ module Aws::S3
     #   encrypting data. This value is used to store the object and then it is
     #   discarded; Amazon S3 does not store the encryption key. The key must
     #   be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header.
+    #   `x-amz-server-side-encryption-customer-algorithm` header.
     #
     # @option params [String] :sse_customer_key_md5
     #   Specifies the 128-bit MD5 digest of the encryption key according to
@@ -9395,6 +10129,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectOutput#expiration #expiration} => String
@@ -9408,39 +10147,24 @@ module Aws::S3
     #   * {Types::PutObjectOutput#request_charged #request_charged} => String
     #
     #
-    # @example Example: To upload an object and specify canned ACL.
+    # @example Example: To upload an object and specify server-side encryption and object tags
     #
-    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
-    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
+    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
-    #     acl: "authenticated-read", 
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
     #     key: "exampleobject", 
+    #     server_side_encryption: "AES256", 
+    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
-    #   }
-    #
-    # @example Example: To upload an object
-    #
-    #   # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
-    #   # syntax. S3 returns VersionId of the newly created object.
-    #
-    #   resp = client.put_object({
-    #     body: "HappyFace.jpg", 
-    #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
-    #   })
-    #
-    #   resp.to_h outputs the following:
-    #   {
-    #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk", 
+    #     server_side_encryption: "AES256", 
+    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
     #   }
     #
     # @example Example: To create an object.
@@ -9518,24 +10242,39 @@ module Aws::S3
     #     version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0", 
     #   }
     #
-    # @example Example: To upload an object and specify server-side encryption and object tags
+    # @example Example: To upload an object and specify canned ACL.
     #
-    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
-    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
+    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
+    #     acl: "authenticated-read", 
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
     #     key: "exampleobject", 
-    #     server_side_encryption: "AES256", 
-    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     server_side_encryption: "AES256", 
-    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
+    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
+    #   }
+    #
+    # @example Example: To upload an object
+    #
+    #   # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
+    #   # syntax. S3 returns VersionId of the newly created object.
+    #
+    #   resp = client.put_object({
+    #     body: "HappyFace.jpg", 
+    #     bucket: "examplebucket", 
+    #     key: "HappyFace.jpg", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
+    #     version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk", 
     #   }
     #
     # @example Streaming a file from disk
@@ -9579,6 +10318,7 @@ module Aws::S3
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
     #     object_lock_retain_until_date: Time.now,
     #     object_lock_legal_hold_status: "ON", # accepts ON, OFF
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -9603,14 +10343,16 @@ module Aws::S3
     end
 
     # Uses the `acl` subresource to set the access control list (ACL)
-    # permissions for an object that already exists in a bucket. You must
-    # have `WRITE_ACP` permission to set the ACL of an object.
+    # permissions for an object that already exists in an S3 bucket. You
+    # must have `WRITE_ACP` permission to set the ACL of an object. For more
+    # information, see [What permissions can I grant?][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
     #
     # Depending on your application needs, you can choose to set the ACL on
     # an object using either the request body or the headers. For example,
     # if you have an existing application that updates a bucket ACL using
     # the request body, you can continue to use that approach. For more
-    # information, see [Access Control List (ACL) Overview][1] in the
+    # information, see [Access Control List (ACL) Overview][2] in the
     # *Amazon S3 Developer Guide*.
     #
     # **Access Permissions**
@@ -9622,7 +10364,7 @@ module Aws::S3
     #   ACL has a predefined set of grantees and permissions. Specify the
     #   canned ACL name as the value of `x-amz-ac`l. If you use this header,
     #   you cannot use other access control-specific headers in your
-    #   request. For more information, see [Canned ACL][2].
+    #   request. For more information, see [Canned ACL][3].
     #
     # * Specify access permissions explicitly with the `x-amz-grant-read`,
     #   `x-amz-grant-read-acp`, `x-amz-grant-write-acp`, and
@@ -9632,7 +10374,7 @@ module Aws::S3
     #   ACL-specific headers, you cannot use `x-amz-acl` header to set a
     #   canned ACL. These parameters map to the set of permissions that
     #   Amazon S3 supports in an ACL. For more information, see [Access
-    #   Control List (ACL) Overview][1].
+    #   Control List (ACL) Overview][2].
     #
     #   You specify each grantee as a type=value pair, where the type is one
     #   of the following:
@@ -9665,7 +10407,7 @@ module Aws::S3
     #     * South America (São Paulo)
     #
     #      For a list of all the Amazon S3 supported Regions and endpoints,
-    #     see [Regions and Endpoints][3] in the AWS General Reference.
+    #     see [Regions and Endpoints][4] in the AWS General Reference.
     #
     #      </note>
     #
@@ -9725,7 +10467,7 @@ module Aws::S3
     #   * South America (São Paulo)
     #
     #    For a list of all the Amazon S3 supported Regions and endpoints, see
-    #   [Regions and Endpoints][3] in the AWS General Reference.
+    #   [Regions and Endpoints][4] in the AWS General Reference.
     #
     #    </note>
     #
@@ -9737,15 +10479,18 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * CopyObject
+    # * [CopyObject][5]
     #
-    # * GetObject
+    # * [GetObject][6]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
-    # [3]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
+    # [4]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
     #
     # @option params [String] :acl
     #   The canned ACL to apply to the object. For more information, see
@@ -9819,6 +10564,11 @@ module Aws::S3
     # @option params [String] :version_id
     #   VersionId used to reference a specific version of the object.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectAclOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectAclOutput#request_charged #request_charged} => String
@@ -9874,6 +10624,7 @@ module Aws::S3
     #     key: "ObjectKey", # required
     #     request_payer: "requester", # accepts requester
     #     version_id: "ObjectVersionId",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -9941,6 +10692,11 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectLegalHoldOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectLegalHoldOutput#request_charged #request_charged} => String
@@ -9956,6 +10712,7 @@ module Aws::S3
     #     request_payer: "requester", # accepts requester
     #     version_id: "ObjectVersionId",
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10015,6 +10772,11 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectLockConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectLockConfigurationOutput#request_charged #request_charged} => String
@@ -10036,6 +10798,7 @@ module Aws::S3
     #     request_payer: "requester", # accepts requester
     #     token: "ObjectLockToken",
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10108,6 +10871,11 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectRetentionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectRetentionOutput#request_charged #request_charged} => String
@@ -10125,6 +10893,7 @@ module Aws::S3
     #     version_id: "ObjectVersionId",
     #     bypass_governance_retention: false,
     #     content_md5: "ContentMD5",
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10146,10 +10915,10 @@ module Aws::S3
     # A tag is a key-value pair. You can associate tags with an object by
     # sending a PUT request against the tagging subresource that is
     # associated with the object. You can retrieve tags by sending a GET
-    # request. For more information, see GetObjectTagging.
+    # request. For more information, see [GetObjectTagging][1].
     #
     # For tagging-related restrictions related to characters and encodings,
-    # see [Tag Restrictions][1]. Note that Amazon S3 limits the maximum
+    # see [Tag Restrictions][2]. Note that Amazon S3 limits the maximum
     # number of tags to 10 tags per object.
     #
     # To use this operation, you must have permission to perform the
@@ -10160,7 +10929,7 @@ module Aws::S3
     # You also need permission for the `s3:PutObjectVersionTagging` action.
     #
     # For information about the Amazon S3 object tagging feature, see
-    # [Object Tagging][2].
+    # [Object Tagging][3].
     #
     # **Special Errors**
     #
@@ -10170,7 +10939,7 @@ module Aws::S3
     #
     #   * *Cause: The tag provided was not a valid tag. This error can occur
     #     if the tag did not pass input validation. For more information,
-    #     see [Object Tagging][2].*
+    #     see [Object Tagging][3].*
     #
     # * ****
     #
@@ -10190,14 +10959,15 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * GetObjectTagging
+    # * [GetObjectTagging][1]
     #
     # ^
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html
+    # [2]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html
     #
     # @option params [required, String] :bucket
     #   The bucket name containing the object.
@@ -10226,6 +10996,11 @@ module Aws::S3
     # @option params [required, Types::Tagging] :tagging
     #   Container for the `TagSet` and `Tag` elements
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::PutObjectTaggingOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutObjectTaggingOutput#version_id #version_id} => String
@@ -10272,6 +11047,7 @@ module Aws::S3
     #         },
     #       ],
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10305,19 +11081,22 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * GetPublicAccessBlock
+    # * [GetPublicAccessBlock][3]
     #
-    # * DeletePublicAccessBlock
+    # * [DeletePublicAccessBlock][4]
     #
-    # * GetBucketPolicyStatus
+    # * [GetBucketPolicyStatus][5]
     #
-    # * [Using Amazon S3 Block Public Access][3]
+    # * [Using Amazon S3 Block Public Access][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
     #
     # @option params [required, String] :bucket
     #   The name of the Amazon S3 bucket whose `PublicAccessBlock`
@@ -10337,6 +11116,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -10350,6 +11134,7 @@ module Aws::S3
     #       block_public_policy: false,
     #       restrict_public_buckets: false,
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlock AWS API Documentation
@@ -10400,12 +11185,12 @@ module Aws::S3
     #   For more information about the `S3` structure in the request body,
     #   see the following:
     #
-    #   * PutObject
+    #   * [PutObject][4]
     #
-    #   * [Managing Access with ACLs][4] in the *Amazon Simple Storage
+    #   * [Managing Access with ACLs][5] in the *Amazon Simple Storage
     #     Service Developer Guide*
     #
-    #   * [Protecting Data Using Server-Side Encryption][5] in the *Amazon
+    #   * [Protecting Data Using Server-Side Encryption][6] in the *Amazon
     #     Simple Storage Service Developer Guide*
     #
     # * Define the SQL expression for the `SELECT` type of restoration for
@@ -10431,7 +11216,7 @@ module Aws::S3
     #     `SELECT s.Id, s.FirstName, s.SSN FROM S3Object s`
     #
     # For more information about using SQL with S3 Glacier Select restore,
-    # see [SQL Reference for Amazon S3 Select and S3 Glacier Select][6] in
+    # see [SQL Reference for Amazon S3 Select and S3 Glacier Select][7] in
     # the *Amazon Simple Storage Service Developer Guide*.
     #
     # When making a select request, you can also do the following:
@@ -10506,7 +11291,7 @@ module Aws::S3
     #
     # For more information about archive retrieval options and provisioned
     # capacity for `Expedited` data access, see [Restoring Archived
-    # Objects][7] in the *Amazon Simple Storage Service Developer Guide*.
+    # Objects][8] in the *Amazon Simple Storage Service Developer Guide*.
     #
     # You can use Amazon S3 restore speed upgrade to change the restore
     # speed to a faster speed while it is in progress. You upgrade the speed
@@ -10516,14 +11301,14 @@ module Aws::S3
     # faster than the tier that the in-progress restore is using. You must
     # not change any other parameters, such as the `Days` request element.
     # For more information, see [ Upgrading the Speed of an In-Progress
-    # Restore][8] in the *Amazon Simple Storage Service Developer Guide*.
+    # Restore][9] in the *Amazon Simple Storage Service Developer Guide*.
     #
     # To get the status of object restoration, you can send a `HEAD`
     # request. Operations return the `x-amz-restore` header, which provides
     # information about the restoration status, in the response. You can use
     # Amazon S3 event notifications to notify you when a restore is
     # initiated or completed. For more information, see [Configuring Amazon
-    # S3 Event Notifications][9] in the *Amazon Simple Storage Service
+    # S3 Event Notifications][10] in the *Amazon Simple Storage Service
     # Developer Guide*.
     #
     # After restoring an archived object, you can update the restoration
@@ -10538,9 +11323,9 @@ module Aws::S3
     # that you specify in a restore request. For example, if you restore an
     # object copy for 10 days, but the object is scheduled to expire in 3
     # days, Amazon S3 deletes the object in 3 days. For more information
-    # about lifecycle configuration, see PutBucketLifecycleConfiguration and
-    # [Object Lifecycle Management][10] in *Amazon Simple Storage Service
-    # Developer Guide*.
+    # about lifecycle configuration, see
+    # [PutBucketLifecycleConfiguration][11] and [Object Lifecycle
+    # Management][12] in *Amazon Simple Storage Service Developer Guide*.
     #
     # **Responses**
     #
@@ -10582,11 +11367,11 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * PutBucketLifecycleConfiguration
+    # * [PutBucketLifecycleConfiguration][11]
     #
-    # * GetBucketNotificationConfiguration
+    # * [GetBucketNotificationConfiguration][13]
     #
-    # * [SQL Reference for Amazon S3 Select and S3 Glacier Select ][6] in
+    # * [SQL Reference for Amazon S3 Select and S3 Glacier Select ][7] in
     #   the *Amazon Simple Storage Service Developer Guide*
     #
     #
@@ -10594,13 +11379,16 @@ module Aws::S3
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
-    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html
-    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html
-    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html
-    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
-    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html
+    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
+    # [11]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
+    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
+    # [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The bucket name or containing the object to restore.
@@ -10637,6 +11425,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::RestoreObjectOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::RestoreObjectOutput#request_charged #request_charged} => String
@@ -10750,6 +11543,7 @@ module Aws::S3
     #       },
     #     },
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -10815,16 +11609,17 @@ module Aws::S3
     #
     #   For objects that are encrypted with customer-provided encryption
     #   keys (SSE-C), you must use HTTPS, and you must use the headers that
-    #   are documented in the GetObject. For more information about SSE-C,
-    #   see [Server-Side Encryption (Using Customer-Provided Encryption
-    #   Keys)][4] in the *Amazon Simple Storage Service Developer Guide*.
+    #   are documented in the [GetObject][4]. For more information about
+    #   SSE-C, see [Server-Side Encryption (Using Customer-Provided
+    #   Encryption Keys)][5] in the *Amazon Simple Storage Service Developer
+    #   Guide*.
     #
     #   For objects that are encrypted with Amazon S3 managed encryption
     #   keys (SSE-S3) and customer master keys (CMKs) stored in AWS Key
     #   Management Service (SSE-KMS), server-side encryption is handled
     #   transparently, so you don't need to specify anything. For more
     #   information about server-side encryption, including SSE-S3 and
-    #   SSE-KMS, see [Protecting Data Using Server-Side Encryption][5] in
+    #   SSE-KMS, see [Protecting Data Using Server-Side Encryption][6] in
     #   the *Amazon Simple Storage Service Developer Guide*.
     #
     # **Working with the Response Body**
@@ -10832,49 +11627,55 @@ module Aws::S3
     # Given the response size is unknown, Amazon S3 Select streams the
     # response as a series of messages and includes a `Transfer-Encoding`
     # header with `chunked` as its value in the response. For more
-    # information, see RESTSelectObjectAppendix .
+    # information, see [Appendix: SelectObjectContent Response][7] .
     #
     #
     #
     # **GetObject Support**
     #
     # The `SelectObjectContent` operation does not support the following
-    # `GetObject` functionality. For more information, see GetObject.
+    # `GetObject` functionality. For more information, see [GetObject][4].
     #
     # * `Range`\: Although you can specify a scan range for an Amazon S3
-    #   Select request (see SelectObjectContentRequest$ScanRange in the
-    #   request parameters), you cannot specify the range of bytes of an
+    #   Select request (see [SelectObjectContentRequest - ScanRange][8] in
+    #   the request parameters), you cannot specify the range of bytes of an
     #   object to return.
     #
     # * GLACIER, DEEP\_ARCHIVE and REDUCED\_REDUNDANCY storage classes: You
     #   cannot specify the GLACIER, DEEP\_ARCHIVE, or `REDUCED_REDUNDANCY`
     #   storage classes. For more information, about storage classes see
-    #   [Storage Classes][6] in the *Amazon Simple Storage Service Developer
+    #   [Storage Classes][9] in the *Amazon Simple Storage Service Developer
     #   Guide*.
     #
     #
     #
     # **Special Errors**
     #
-    # For a list of special errors for this operation, see
-    # SelectObjectContentErrorCodeList
+    # For a list of special errors for this operation, see [List of SELECT
+    # Object Content Error Codes][10]
     #
     # **Related Resources**
     #
-    # * GetObject
+    # * [GetObject][4]
     #
-    # * GetBucketLifecycleConfiguration
+    # * [GetBucketLifecycleConfiguration][11]
     #
-    # * PutBucketLifecycleConfiguration
+    # * [PutBucketLifecycleConfiguration][12]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
-    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro
+    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList
+    # [11]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
+    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
     #
     # @option params [required, String] :bucket
     #   The S3 bucket.
@@ -10942,6 +11743,11 @@ module Aws::S3
     #   * `<scanrange><end>50</end></scanrange>` - process only the records
     #     within the last 50 bytes of the file.
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::SelectObjectContentOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::SelectObjectContentOutput#payload #payload} => Types::SelectObjectContentEventStream
@@ -11112,6 +11918,7 @@ module Aws::S3
     #       start: 1,
     #       end: 1,
     #     },
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -11170,11 +11977,11 @@ module Aws::S3
     # <note markdown="1"> In this operation, you provide part data in your request. However, you
     # have an option to specify your existing Amazon S3 object as a data
     # source for the part you are uploading. To upload a part from an
-    # existing object, you use the UploadPartCopy operation.
+    # existing object, you use the [UploadPartCopy][1] operation.
     #
     #  </note>
     #
-    # You must initiate a multipart upload (see CreateMultipartUpload)
+    # You must initiate a multipart upload (see [CreateMultipartUpload][2])
     # before you can upload any part. In response to your initiate request,
     # Amazon S3 returns an upload ID, a unique identifier, that you must
     # include in your upload part request.
@@ -11199,11 +12006,11 @@ module Aws::S3
     # parts storage and stops charging you for the parts storage.
     #
     # For more information on multipart uploads, go to [Multipart Upload
-    # Overview][1] in the <i>Amazon Simple Storage Service Developer Guide
+    # Overview][3] in the <i>Amazon Simple Storage Service Developer Guide
     # </i>.
     #
     # For information on the permissions required to use the multipart
-    # upload API, go to [Multipart Upload API and Permissions][2] in the
+    # upload API, go to [Multipart Upload API and Permissions][4] in the
     # *Amazon Simple Storage Service Developer Guide*.
     #
     # You can optionally request server-side encryption where Amazon S3
@@ -11213,26 +12020,27 @@ module Aws::S3
     # encryption keys. If you choose to provide your own encryption key, the
     # request headers you provide in the request must match the headers you
     # used in the request to initiate the upload by using
-    # CreateMultipartUpload. For more information, go to [Using Server-Side
-    # Encryption][3] in the *Amazon Simple Storage Service Developer Guide*.
+    # [CreateMultipartUpload][2]. For more information, go to [Using
+    # Server-Side Encryption][5] in the *Amazon Simple Storage Service
+    # Developer Guide*.
     #
     # Server-side encryption is supported by the S3 Multipart Upload
     # actions. Unless you are using a customer-provided encryption key, you
     # don't need to specify the encryption parameters in each UploadPart
     # request. Instead, you only need to specify the server-side encryption
     # parameters in the initial Initiate Multipart request. For more
-    # information, see CreateMultipartUpload.
+    # information, see [CreateMultipartUpload][2].
     #
     # If you requested server-side encryption using a customer-provided
     # encryption key in your initiate multipart upload request, you must
     # provide identical encryption information in each part upload using the
     # following headers.
     #
-    # * x-amz-server-side​-encryption​-customer-algorithm
+    # * x-amz-server-side-encryption-customer-algorithm
     #
-    # * x-amz-server-side​-encryption​-customer-key
+    # * x-amz-server-side-encryption-customer-key
     #
-    # * x-amz-server-side​-encryption​-customer-key-MD5
+    # * x-amz-server-side-encryption-customer-key-MD5
     #
     # **Special Errors**
     #
@@ -11250,21 +12058,27 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * CreateMultipartUpload
+    # * [CreateMultipartUpload][2]
     #
-    # * CompleteMultipartUpload
+    # * [CompleteMultipartUpload][6]
     #
-    # * AbortMultipartUpload
+    # * [AbortMultipartUpload][7]
     #
-    # * ListParts
+    # * [ListParts][8]
     #
-    # * ListMultipartUploads
+    # * [ListMultipartUploads][9]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
     #
     # @option params [String, StringIO, File] :body
     #   Object data.
@@ -11301,8 +12115,8 @@ module Aws::S3
     #   encrypting data. This value is used to store the object and then it is
     #   discarded; Amazon S3 does not store the encryption key. The key must
     #   be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm header`. This must
-    #   be the same encryption key specified in the initiate multipart upload
+    #   `x-amz-server-side-encryption-customer-algorithm header`. This must be
+    #   the same encryption key specified in the initiate multipart upload
     #   request.
     #
     # @option params [String] :sse_customer_key_md5
@@ -11321,6 +12135,11 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned by
+    #   a different account, the request will fail with an HTTP `403 (Access
+    #   Denied)` error.
+    #
     # @return [Types::UploadPartOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UploadPartOutput#server_side_encryption #server_side_encryption} => String
@@ -11363,6 +12182,7 @@ module Aws::S3
     #     sse_customer_key: "SSECustomerKey",
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -11393,7 +12213,7 @@ module Aws::S3
     # in the *Amazon Simple Storage Service Developer Guide*.
     #
     # <note markdown="1"> Instead of using an existing object as part data, you might use the
-    # UploadPart operation and provide data in your request.
+    # [UploadPart][2] operation and provide data in your request.
     #
     #  </note>
     #
@@ -11406,20 +12226,20 @@ module Aws::S3
     # the following:
     #
     # * For conceptual information about multipart uploads, see [Uploading
-    #   Objects Using Multipart Upload][2] in the *Amazon Simple Storage
+    #   Objects Using Multipart Upload][3] in the *Amazon Simple Storage
     #   Service Developer Guide*.
     #
     # * For information about permissions required to use the multipart
-    #   upload API, see [Multipart Upload API and Permissions][3] in the
+    #   upload API, see [Multipart Upload API and Permissions][4] in the
     #   *Amazon Simple Storage Service Developer Guide*.
     #
     # * For information about copying objects using a single atomic
-    #   operation vs. the multipart upload, see [Operations on Objects][4]
+    #   operation vs. the multipart upload, see [Operations on Objects][5]
     #   in the *Amazon Simple Storage Service Developer Guide*.
     #
     # * For information about using server-side encryption with
     #   customer-provided encryption keys with the UploadPartCopy operation,
-    #   see CopyObject and UploadPart.
+    #   see [CopyObject][6] and [UploadPart][2].
     #
     # Note the following additional considerations about the request headers
     # `x-amz-copy-source-if-match`, `x-amz-copy-source-if-none-match`,
@@ -11492,31 +12312,71 @@ module Aws::S3
     #
     # **Related Resources**
     #
-    # * CreateMultipartUpload
+    # * [CreateMultipartUpload][7]
     #
-    # * UploadPart
+    # * [UploadPart][2]
     #
-    # * CompleteMultipartUpload
+    # * [CompleteMultipartUpload][8]
     #
-    # * AbortMultipartUpload
+    # * [AbortMultipartUpload][9]
     #
-    # * ListParts
+    # * [ListParts][10]
     #
-    # * ListMultipartUploads
+    # * [ListMultipartUploads][11]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/qfacts.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
+    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
+    # [11]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
     #
     # @option params [required, String] :bucket
     #   The bucket name.
     #
     # @option params [required, String] :copy_source
-    #   The name of the source bucket and key name of the source object,
-    #   separated by a slash (/). Must be URL-encoded.
+    #   Specifies the source object for the copy operation. You specify the
+    #   value in one of two formats, depending on whether you want to access
+    #   the source object through an [access point][1]\:
+    #
+    #   * For objects not accessed through an access point, specify the name
+    #     of the source bucket and key of the source object, separated by a
+    #     slash (/). For example, to copy the object `reports/january.pdf`
+    #     from the bucket `awsexamplebucket`, use
+    #     `awsexamplebucket/reports/january.pdf`. The value must be URL
+    #     encoded.
+    #
+    #   * For objects accessed through access points, specify the Amazon
+    #     Resource Name (ARN) of the object as accessed through the access
+    #     point, in the format
+    #     `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
+    #     For example, to copy the object `reports/january.pdf` through the
+    #     access point `my-access-point` owned by account `123456789012` in
+    #     Region `us-west-2`, use the URL encoding of
+    #     `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
+    #     The value must be URL encoded.
+    #
+    #     <note markdown="1"> Amazon S3 supports copy operations using access points only when the
+    #     source and destination buckets are in the same AWS Region.
+    #
+    #      </note>
+    #
+    #   To copy a specific version of an object, append
+    #   `?versionId=<version-id>` to the value (for example,
+    #   `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
+    #   If you don't specify a version ID, Amazon S3 copies the latest
+    #   version of the source object.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #
     # @option params [String] :copy_source_if_match
     #   Copies the object if its entity tag (ETag) matches the specified tag.
@@ -11558,8 +12418,8 @@ module Aws::S3
     #   encrypting data. This value is used to store the object and then it is
     #   discarded; Amazon S3 does not store the encryption key. The key must
     #   be appropriate for use with the algorithm specified in the
-    #   `x-amz-server-side​-encryption​-customer-algorithm` header. This must
-    #   be the same encryption key specified in the initiate multipart upload
+    #   `x-amz-server-side-encryption-customer-algorithm` header. This must be
+    #   the same encryption key specified in the initiate multipart upload
     #   request.
     #
     # @option params [String] :sse_customer_key_md5
@@ -11592,6 +12452,16 @@ module Aws::S3
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     #
+    # @option params [String] :expected_bucket_owner
+    #   The account id of the expected destination bucket owner. If the
+    #   destination bucket is owned by a different account, the request will
+    #   fail with an HTTP `403 (Access Denied)` error.
+    #
+    # @option params [String] :expected_source_bucket_owner
+    #   The account id of the expected source bucket owner. If the source
+    #   bucket is owned by a different account, the request will fail with an
+    #   HTTP `403 (Access Denied)` error.
+    #
     # @return [Types::UploadPartCopyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UploadPartCopyOutput#copy_source_version_id #copy_source_version_id} => String
@@ -11665,6 +12535,8 @@ module Aws::S3
     #     copy_source_sse_customer_key: "CopySourceSSECustomerKey",
     #     copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
     #     request_payer: "requester", # accepts requester
+    #     expected_bucket_owner: "AccountId",
+    #     expected_source_bucket_owner: "AccountId",
     #   })
     #
     # @example Response structure
@@ -11700,7 +12572,7 @@ module Aws::S3
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-s3'
-      context[:gem_version] = '1.79.1'
+      context[:gem_version] = '1.80.0'
       Seahorse::Client::Request.new(handlers, context)
     end